On September 26, 2025, the Contract Committee under Thailand’s Consumer Protection Board issued a regulation that aims to standardize contracts and enhance consumer protection within the beauty and wellness industry. The Notification on Prescribing the Beauty Service Business as a Contract-Controlled Business B.E. 2568 (2025), which takes effect on January 24, 2026, requires business operators to use a prescribed standard contract in Thai and adhere to strict mandatory provisions and prohibitions. These regulations apply to operators across all in-person and online service channels, including via digital platforms. “Beauty services business” is defined as the provision of services under an agreement allowing consumers to receive a series of treatments, either over a set number of sessions or within a set period. This includes massage, spa, other methods for cleanliness, beauty, or care of facial or body skin, and weight control and body shaping—including services offered electronically. The law excludes surgery, liposuction, and medical treatments performed by licensed practitioners. The notification establishes the following key requirements: Mandatory contract and formatting. All contracts with consumers must use the standard contract form, in Thai, with clear, readable text (minimum font size of 2 millimeters, no more than 11 characters per inch), and include all essential terms from the annexed form. Contract execution. Contracts must be made in duplicate, with one copy given to the consumer at signing. For agreements concluded through electronic channels, the process must comply with the Electronic Transactions Act and use the same required terms. Digital platforms. Business operators who provide services facilitated through a digital platform as an intermediary are ultimately responsible for ensuring the consumer receives a compliant contract. Prohibited clauses. The law prohibits clauses that limit or exclude liability for damages to life, body, health, mind, or property resulting from breach of contract or a wrongful act;

As Vietnam accelerates its digital transformation, data centers have emerged as critical infrastructure supporting the shift toward a digital government, digital economy, and digital society. For businesses targeting Vietnam’s rapidly growing data center market, a clear understanding of the evolving regulatory landscape, compliance obligations, and government incentives is key to successful market entry and operation. This article provides a strategic overview of investment opportunities and key compliance requirements in Vietnam’s dynamic data center sector. Investment Incentives to Boost Data Center Growth Since July 1, 2024, organizations and individuals across all economic sectors have been encouraged to invest in and contribute to the development of data centers. By law, there are no restrictions on shareholding ratios, capital contributions, or foreign investor participation in data center and cloud computing services under business cooperation contracts. Currently, investment in AI data centers is classified as a specially incentivized industry, qualifying for preferential treatments and incentives in terms of investment, taxation, land use, and other related areas. Large-scale data centers, together with AI and cloud computing, are currently considered as strategic technologies and products for which Vietnam offers significant fiscal, tax, and land incentives to promote investment. Additionally, these large-scale projects may receive direct financial support from local development budgets for facility construction, technical infrastructure, and equipment procurement, subject to state budget provisions and applicable laws. AI data center construction projects also enjoy preferential treatment under customs regulations. Regulatory Approvals for Providing Data Center Services The 2023 Telecom Law and its guiding documents marked a significant milestone by classifying data center services as value-added telecom services. Under the law, a data center service is defined as a telecom service that enables users to process, store, and retrieve information via a telecom network through the leasing of part or all of a data center. A

Tilleke & Gibbins’ labor and employment team in Hanoi and Ho Chi Minh City has contributed the Vietnam chapter to Labor and Employment Disputes 2025. Drawing on the expertise of three of the firm’s employment specialists, the chapter provides practical guidance for navigating employment disputes in Vietnam and covers: Pre-action considerations: key requirements, third-party funding, contingency fee arrangements Issuing a claim: forum, territorial jurisdiction, standing, commencing claims, fees, service, defendants and legal personality, types of claims, time limits, counterclaims Case management: procedure, rules, amendments to claims, adding parties, consolidating proceedings, class and collective actions, evidence, witnesses, tactical considerations Interim relief: availability, requirements Trial: hearings conduct and time frames, confidentiality and public access, media reporting, elements of successful claims and burden of proof Alternative dispute resolution: available types, requirements and expectations, enforcement Collective employment and labor rights: enforcement and standing Remedies and enforcement: available remedies, assessing compensation, enforcement mechanisms Appeals: procedure, time frames, other means of challenge Updates and trends: recent cases and developments, technology developments, other issues The Vietnam chapter is available in full at the link below. Tilleke & Gibbins also contributed the Cambodia and Thailand chapters to Labor and Employment Disputes 2025. Readers can also gain 30 days of complementary access to the full Labor and Employment Disputes 2025 guide and the rest of Lexology Panoramic’s varied offerings through this link.

On September 12, 2025, the Bank of Thailand (BOT) officially released its AI Risk Management Guidelines for Financial Service Providers, building upon the draft guidelines issued in June 2025. The guidelines reflect a balanced approach, encouraging innovation while safeguarding financial stability and consumer protection. The guidelines are targeted at all financial service providers, including financial institutions and special financial institutions under the Financial Institution Business Act, as well as payment providers under the Payment Systems Act. The guidelines apply to both AI systems developed in-house and those developed by third parties that are adopted for use by financial service providers. AI Risk Management Guidelines The two main pillars in managing AI risk are (1) governance of AI system implementation and (2) AI system development and security controls, consisting of the following key elements: 1. Governance Stakeholder roles and responsibilities. Boards and senior management assume accountability for decisions and operations involving AI systems, and are responsible for defining roles and responsibilities for AI oversight. This includes establishing an AI system usage policy, designating personnel responsible for AI risk management, and building awareness of AI-related risk within the organization. Organizations are expected to foster internal capabilities to use AI securely and avoid overreliance that could compromise business continuity or customer service. AI system usage policy. Policies governing AI usage should align with organizational goals, regulatory obligations, and recognized responsible AI frameworks—such as the FEAT principles (fairness, ethics, accountability, and transparency). These policies should be reviewed regularly to respond to technological advancements and evolving risk profiles. Risk management throughout the AI lifecycle. Risk management should encompass the entire AI lifecycle, from establishing risk appetite to implementing continuous risk assessment and control measures tailored to specific use cases. Financial service providers should assess risks and impacts of AI usage on operations and customer services.