On September 10, 2025, Vietnam’s National Credit Information Center (CIC) reported to the Vietnam Cybersecurity Emergency Response Team (VNCERT) a suspected significant cybersecurity incident involving unauthorized access to the CIC’s credit information database. A hacker group has claimed responsibility and allegedly posted over 160 million records for sale, including sensitive personal and financial data. Implications for Banks and Financial Institutions Companies that share customers’ or potential customers’ personal data with the CIC for credit scoring or other purposes—and continue to act as a data controller for such data—may be obligated under Vietnam’s Personal Data Protection Decree (PDPD) and related regulations to: Notify A05 (Department of Cybersecurity and High-Tech Crime Prevention) and the State Bank of Vietnam without delay. Inform affected individuals if their personal data is at risk. Recommended Actions Companies that could be impacted by this data breach should take the following actions: Conduct an internal review of CIC-related data in their systems, and identify whether and how the systems have been affected by this incident. Assess whether to notify regulators and customers/potential customers. Enhance cybersecurity controls, monitor for suspicious activity, and implement additional safeguards to prevent secondary breaches.

Thailand’s Securities and Exchange Commission (SEC) has amended its digital asset regulations to permit the offering, trading, and provision of services related to tokenized environmental commodities by licensed digital asset exchanges, brokers, and dealers. This regulatory development is aimed at facilitating Thailand’s green economy and net-zero goals while diversifying the products available in the regulated digital assets market. The environmental commodities currently being traded on certain market platforms and via over-the-counter channels include: Carbon credits: Tradable certificates representing a reduction of CO₂ emitted into the atmosphere. Renewable energy certificates (RECs): Tradable proof of electricity generated from renewable energy sources. Carbon allowances: Tradable permits to emit a capped amount of greenhouse gases. The tokenization of these instruments is essentially the process of converting them into digital tokens, making it possible to list them on blockchain exchanges for trading purposes. Background Tokenized carbon credits, RECs, and carbon allowances fall under the category of utility tokens for consumption purposes or tokens representing entitlement certificates—that is, group 1 utility tokens, which are not considered financial products. The offering, trading, and provision of secondary-market services of this type of token are exempted from licensing requirements for regulated digital asset businesses under the Emergency Decree on Digital Asset Businesses B.E. 2561 (2018). Under the previous regulatory framework, licensed digital asset business operators were not allowed to provide services involving such unregulated tokens, as it was deemed to be engaging in “other businesses,” which digital asset operators generally cannot engage in without prior SEC approval. Regulatory Amendment Under the amended digital asset regulations, licensed digital asset exchanges, brokers, and dealers may now apply for SEC approval to offer services related to these tokenized assets as “other businesses,” including listing them for trading on digital asset exchanges. Apart from requiring operators to comply with the general conditions

With advancements in health technology, telemedicine has taken on a wider online presence in Thailand. Under the Medical Facility Act, licensed clinics and hospitals may now diagnose, prescribe, and issue electronic prescriptions during a video call, provided they maintain patient confidentiality and proper recordkeeping. As a complementary concept, a telepharmacy allows a pharmacist to verify prescriptions, counsel patients, and dispense medication from a remote site. Hospitals, clinic chains, and some retail pharmacy groups have adopted “drive-thru” or “locker” pick-up points where drugs are bagged only after a real-time video consultation with a registered pharmacist. The clear benefits of telehealth include shorter waiting times and broader access to specialists, which is in the public interest. Drug Distribution and Advertising in Thailand The online pharmacy ecosystem creates a legal bridge in that once a teleconsulting doctor issues an e-prescription, a licensed pharmacy can lawfully dispense and deliver the medicine prescribed to the patient’s door. Nonetheless, the critical compliance component remains the advertising of medicinal drugs. It is still not allowed to advertise prescription/pharmacy-dispensed drugs to the public in Thailand. Although Thailand’s Drug Act of 1967 was written more than half a century ago, it still governs the trading of every medicinal drug that makes its way to consumers in Thailand—whether bought at a pharmacy or delivered with a few taps on a smartphone. First and foremost, the pharmacy must hold a license to sell medicinal drugs as a retailer. It is also mandatory that arrangements be made for a pharmacist to be on duty during opening hours. Drugs are classified into three main categories: prescription drugs, pharmacy-dispensed drugs, and over-the-counter (OTC) drugs. The listing of OTC drugs with their prices via an online platform is allowed, as only OTC drugs may be advertised directly to the public. However, naming or showing

Thailand’s National Space Policy Committee (NSPC) has proposed new regulations that would permit foreign satellite operators to provide services within the country. The draft announcement responds to rapid advancements in digital and space technologies that have led to new global satellite operators expanding their services worldwide, including into Thailand. These include low-Earth-orbit (LEO) satellite constellations offering high-speed internet, nonterrestrial network (NTN) technologies that integrate terrestrial and satellite communications, and direct-to-device (D2D) technologies that transmit signals directly from satellites to mobile devices without relying on terrestrial networks. The draft aims to replace the existing announcement, which was issued in 2021, to better align with current national policies on foreign satellite usage. The draft announcement was published for public consultation on August 20, 2025, with the comment period concluding on September 3, 2025. Applying for Authorization Two types of operators may apply for authorization: Thai operators who intend to use foreign satellites owned by World Trade Organization (WTO) member countries to provide satellite communication services to third parties; and Foreign operators of satellites owned by WTO member countries who intend to operate a business providing satellite communication services within Thailand. Applications for approval must be submitted to the National Broadcasting and Telecommunications Commission (NBTC) according to the NBTC’s established procedures. In considering whether to permit foreign satellites to provide services within Thailand, the relevant authority will take into account technical justifications, economic benefits, social benefits, and national security considerations. Determining Satellite Ownership The determination of which country qualifies as the owner of a satellite is based primarily on the country that holds the satellite network filing rights registered with the International Telecommunication Union (ITU). The satellite network filing includes details regarding frequency usage, orbital positions, and technical specifications of the satellite operations. It serves as a regulatory tool used by the