You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

November 7, 2023

Deadline Looms for Digital Platform Notification Requirement in Thailand

Subscribe to Updates

Under Thailand’s Royal Decree on Digital Platform Services, domestic and in-scope overseas digital platform operators that are required to notify the Electronic Transactions Development Agency (ETDA) of their operations must do so by November 18, 2023 (or by August 20, 2024, for small or low-impact platforms).

This step is one of the essential requirements of the royal decree. Other key information on complying with the royal decree is as follows:

  • The royal decree aims to regulate the operation of “digital platform services,” which refers to the provision of electronic intermediary services that create a connection between consumers, merchants or businesses, or other types of users in order to create an electronic transaction in whole or in part, regardless of whether a service fee is charged.
  • The regulated digital platform services do not include digital platform services intended for offering the goods or services of a single digital platform service operator or an affiliated company that is an agent of the operator, irrespective of whether the goods or services are offered to third persons or to affiliated companies.
  • The royal decree has extraterritorial effect, whereby overseas operators targeting the Thailand market are subject to the royal decree if their services are accessible in Thailand.
  • Overseas operators are required to appoint a local coordinator in Thailand to coordinate with the ETDA.

Compliance and Enforcement

The ETDA released nine subordinate regulations under the royal decree; these took effect on August 21, 2023 (except for rules on platforms’ terms and conditions, which will take effect on January 3, 2024). Some important points on compliance and enforcement in the subordinate regulations, along with procedural guidance, are listed below.

  • The ETDA has been emphasizing that both domestic and overseas digital platform operators need to notify the ETDA of their operations within the specified timeline (i.e., by November 18, 2023).
  • Notifications must use the provided forms and must be accompanied by the required documents specified by the ETDA.
  • Notifications can be submitted through a notification portal developed by the ETDA for this purpose or directly at the ETDA office.
  • The ETDA maintains a list of the digital platforms that have already notified the ETDA on its website; the list currently exceeds 100 digital platforms from various industries and represents different types of businesses, such as AI services, marketplaces, advertising services, cloud services, gaming, and more.
  • So far, the ETDA has shown flexibility regarding compliance, but has also emphasized that it has the power to impose penalties and order business operators to comply with the law.
  • Noncompliance with the ETDA is subject to criminal fines and imprisonment.

Next Steps

Domestic and overseas operators of digital platforms need to assess their operations to determine the extent to which their digital platform service is subject to the royal decree. Once the assessment is completed, each operator should prepare the notification form and supporting documents and submit them to the ETDA before the applicable deadline. In addition, operators should complete a compliance checklist to ensure that the business is ready to comply with all other requirements of the royal decree and its subordinate laws.

For more information on compliance with the royal decree, or on any aspect of the requirements for digital platform services in Thailand, please contact Tilleke & Gibbins’ digital platform specialists Athistha (Nop) Chitranukroh at [email protected], Thammapas Chanpanich at [email protected], or Rada Lamsam at [email protected].

Related Professionals

Industries

Fintech

Technology

Location

RELATED INSIGHTS​

July 2, 2025
On June 27, 2025, Vietnam’s National Assembly adopted a Resolution on International Financial Centers in Vietnam (“IFC Resolution”), which is set to take effect September 1, 2025, putting forward major policy breakthroughs on multiple fronts. The IFC Resolution has the goal of turning Ho Chi Minh City and Da Nang into leading international financial centers with autonomy and tools to compete, thereby raising Vietnam’s position in the global financial network, in association with economic growth drivers. Below are some of the key points of the IFC Resolution, which has notable changes from previous drafts (see our articles on Vietnam’s Draft Resolution on Financial Centers: Implications for Fintech and Banking and Vietnam’s Emerging Regulatory Landscape for Blockchain and Cryptocurrency), including: The removal of the Central Supervisory Agency. The addition of a definition of international financial centers, which are specific geographic areas in Ho Chi Minh City and Da Nang with members entitled to special policies. The addition of a list of entities eligible for membership, and entitlement to the special policies. Major Policy Breakthroughs The IFC Resolution introduces specific policies in the following areas: Liberalization of foreign exchange control for members, including policies such as open foreign exchange use between members and exemption from foreign exchange control procedures for 100% foreign-owned members. Specialized licensing for members to establish and operate single-member limited liability banks and foreign bank branches with the ability to apply accounting standards, debt classification, risk provisions, and prudential ratios according to the owner’s policies. Creation of a capital market for innovative startups, including a crowdfunding mechanism or private placement mechanism through a licensed platform, and development of a green finance market with green certification. Creation of a regulatory sandbox for fintech technologies, products, services, and business models not yet prescribed by law, offering exemption from compliance with
Read More
July 1, 2025
Now halfway through 2025, Thailand continues to advance in the realm of data privacy, with the ambitious goal of achieving zero data breaches. The Personal Data Protection Committee (PDPC), an independent government body established by the Personal Data Protection Act (PDPA), is taking a more proactive approach, having published several rulings and orders to enhance data protection measures and clarify compliance expectations for businesses. Here is a look back at Thailand’s data privacy developments in the first half of the year. Strengthening Law Enforcement and New Guidance for Compliance Enforcement of existing data protection laws and regulations has taken a step forward this year. Some of the specific initiatives include: Increased enforcement by the PDPC. A key trend to watch from the first half of 2025 is the PDPC’s active enforcement of the PDPA as it intensifies oversight through compliance orders and public warnings against noncompliant organizations while ramping up efforts to prevent and halt the illegal trading of personal data by actively monitoring emerging societal issues. Call center scams and cyber fraud control. Thailand published an amendment to the Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes to strengthen measures against technological crimes, particularly targeting call center scams and cyber fraud. Orders from the Expert Committee. Several orders issued by the Expert Committee under the PDPA were announced in the first half of this year. These include directives for data controllers to take corrective actions to comply with the PDPA, as well as initiatives to raise awareness of data privacy within organizations, reflecting the regulator’s focus on promoting organizational awareness and compliance. A guideline report summarizing the Expert Committee’s decisions and orders was also published to serve as a reference for compliance. Public issue monitoring. The PDPC has been taking a more proactive approach
Read More
June 27, 2025
Three American giants are actively protecting their intellectual property rights against generative AI, as two legal battles commence on both sides of the Atlantic. In the UK, Seattle-based media company Getty Images accuses UK-based Stability AI of multiple IP infringements. In the US, The Walt Disney Company and Universal Studios are teaming up against Midjourney, an AI startup, with their main ground being copyright infringement. Both cases are centered around questions legal minds have been posing since the introduction of generative AI: Is the output of generative AI an infringement? And who is ultimately responsible for the output, the platform or the user? Getty Images v. Stability AI Getty initially filed a claim in the High Court in 2023, which resulted in Stability applying for reverse summary judgment on the grounds that Getty had no real prospect of success, arguing that their operations took place outside the UK. However, the High Court judge hearing the case decided that the claims brought by Getty did have a real prospect of succeeding in court. Despite this, Stability saw a small victory when the court ruled that the representative action brought by Getty would not succeed due to the difficulties in identifying who qualified for the class. The proposed class was comprised of 50,000 rightsholders who alleged their rights were also infringed. Stability was successful in arguing that identifying these individuals would be challenging due to the unclear definition of the class. This current trial is centered around four main grounds: Copyright infringement. Getty accuses Stability of using content that Getty owns or has an exclusive license for when training their model, Stable Diffusion, resulting in the generated output containing substantial parts of that content. Getty is also alleging secondary copyright infringement, arguing that Stability is importing an article into the UK
Read More
June 26, 2025
Vietnam’s new Personal Data Protection Law (PDPL) was passed by the National Assembly on June 26, 2025, and will enter into force on January 1, 2026. The PDPL introduces several new concepts, exemptions, and obligations in comparison with the current Decree No. 13/2023/ND-CP on personal data protection (PDPD), while other contents remain essentially the same. The relationship between the PDPD and the PDPL has not been clearly addressed; however, it is expected that the government will issue a new decree providing necessary guidance on certain requirements under the PDPL, and the PDPD will remain in effect until it is replaced by this new decree. Some key points of the new PDPL include the following: Personal data will be further defined by lists of basic personal data and sensitive personal data to be issued by the government. The consent-centric approach of the PDPD remains in place, along with additional exemptions for certain data processing activities. The requirements for the data processing impact assessment (DPIA) and transfer impact assessment (TIA) remain unchanged. However, there are new exemptions for the TIA, including for the processing and storing in the cloud of employee data, and when the data subject is the person sending its own data outside of Vietnam. Consent obtained under the PDPD remains valid under the PDPL. DPIAs and TIAs submitted under the PDPD are valid under the PDPL but may need to be updated to be in line with the requirements of the PDPL. Administrative fines depend on the type of violation. The fine for sale and purchase of personal data will be 10 times the revenue from the sale or VND 3 billion (about USD 115,000), whichever is higher. The fine for cross-border transfer violations is 5% of the violator’s revenue of the preceding year or VND 3 billion,
Read More