You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

November 27, 2023

Thailand: ETDA Stipulates Digital Platform Risk Assessment and Identity Verification

Subscribe to Updates

Thailand’s Electronic Transaction Development Agency (ETDA) has released two new subordinate regulations under the Royal Decree on Digital Platform Services: one detailing the assessment of digital platform services (DPSs) that will be deemed “high-risk” and subject to additional obligations, and another setting guidelines on user verification and authentication for all DPSs.

The two subordinate regulations are summarized below.

Impact Assessment of DPS Operations

Under the Royal Decree on Digital Platform Services, DPS operations that have the risk of seriously impacting financial and commercial security, reliability and credibility of data message systems, or the general public are subject to additional obligations. The first subordinate regulation mentioned above (officially titled Notification of the Electronic Transactions Commission Re: Criteria for Impact Assessment on Operation of Digital Platform Services) outlines the criteria for the ETDA to determine which DPSs are “high-risk.” DPSs falling under this designation include:

  • DPSs whose total value of transactions conducted through the platform in Thailand exceeds THB 100 million (approx. USD 2.8 million) per year;
  • DPSs whose operators have not registered their entities with the Department of Business Development (DBD)—notably overseas operators—and that have 100 or more merchants or business users in Thailand or total users in Thailand between 5 and 10 percent of the country’s population (i.e., approx. 3.3–6.1 million users, calculated using official 2022 figures);
  • DPSs that allow their users to freely post certain messages, or do certain acts, that may affect the public in certain cases, such as: (1) unlawful messages or acts; (2) messages or acts that may affect a child’s rights or people’s fundamental rights; and (3) messages or acts that may negatively affect political opinions of Thai citizens (whether before or after an election) or statements or actions likely to negatively affect other individuals due to gender differences or sexual violence.

After considering these criteria and the details provided by DPS operators when notifying the ETDA, the ETDA will announce a list of the types or names of “high-risk DPSs.”

According to the Royal Decree on Digital Platform Services, the high-risk DPSs must:

  • Conduct risk assessments;
  • Implement risk management measures;
  • Conduct hearings for changes to terms and conditions for providing the DPS;
  • Report on their compliance with the above obligations on an annual basis; and
  • Comply with other obligations to be prescribed by the ETDA.

Identification and Verification

The second subordinate regulation (Notification Re: Manual for Identification and Verification Process) prescribes the manual and standards for the identification and verification of DPS users. The manual serves as a guideline for DPS operators on verifying and authenticating the identity of high-risk or potentially impactful users. This may include users who have greater access rights or the ability to access more features than regular users, users with numbers of followers exceeding a defined threshold (e.g., more than 5,000 followers), and users with transaction volumes or frequencies exceeding specified limits (e.g., a total transaction value of more than THB 50,000 per month).

DPS operators should comply with the identity verification and authentication requirements for user registration on digital platforms by at least undertaking the following:

  • Verifying the identity of applicants for DPS user registration. Information for verifying the identity of service applicants should be from the results of identity verification by identity providers (IDPs) that have previously verified the individual’s identity (such as verifying the Thai ID card information issued by the Ministry of Interior). IDPs should support at least identity assurance level 2 (IAL2).
  • Collecting user data. For the purpose of verification and authentication, DPS operators should collect data such as name and surname, ID card number or passport number, and contact details of individual users (or for corporate entities, name of the company, corporate registration number, and name of any authorized persons). DPS operators should collect additional user data as appropriate to the nature of their DPS. For example, digital platforms categorized as online marketplaces may collect electronic commerce registration numbers.
  • Determining the access rights and features accessible on the platform. DPS operators should specify the access rights and accessible features for users based on the level of identity verification and authentication or based on the user data collected. Users who have undergone identity verification and authentication at a higher level may be granted greater access rights and more accessible features.
  • Displaying symbols or statements confirming identity verification and authentication. DPS operators should have a “verified” badge indicating that a user has completed identity verification using the methods defined by the DPS operator. The badge should be a clear and easily accessible and understandable symbol or statement. The display format should be adaptive to different screen sizes.
  • Confirming the identity of users accessing the DPS. DPS operators should ensure that the identity verification of users logging in to the DPS achieves a reliability level of at least authentication assurance level 2 (AAL2) or rely on the results of identity verification obtained from another IDP that has previously verified the individual’s identity.

For more information on compliance with the requirements for digital platform services in Thailand, please contact Tilleke & Gibbins’ digital platform specialists Athistha (Nop) Chitranukroh at [email protected], Thammapas Chanpanich at [email protected], Rada Lamsam at [email protected], or Karnravee Jitvilai at [email protected].

Related Professionals

Industries

Fintech

Technology

Location

RELATED INSIGHTS​

July 24, 2024

Practical Law: Intellectual Property Transactions in Vietnam 2024

Experts from Tilleke & Gibbins’ intellectual property team have contributed an updated Intellectual Property Transactions in Vietnam to Thomson Reuters Practical Law, a high-level comparative overview of  laws and regulations across multiple jurisdictions. Intellectual Property Transactions focuses on business-related aspects of intellectual property, such as the value of intellectual assets in M&A transactions, and the licensing of IP portfolios. Key topics covered in the chapter include: IP assignment: Basis and formalities for assignments of patents, utility models, trademarks, copyright, design rights, trade secrets, confidential information, and domain names. IP licensing: Scope and formalities for licensing patents, utility models, trademarks, copyright, design rights, and trade secrets. Research and development collaborations. IP audits. IP aspects of M&A: Due diligence, warranties/indemnities, and transfer of IPRs. Employee and consultant agreements. Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The Intellectual Property Transactions Global Guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the Intellectual Property Transactions in Vietnam overview, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.
Read More
July 24, 2024

Practical Law: Intellectual Property Transactions in Thailand 2024

Intellectual property specialists from Tilleke & Gibbins in Thailand have contributed an updated Intellectual Property Transactions in Thailand overview for Thomson Reuters Practical Law, an online publication that provides comprehensive legal guides for jurisdictions worldwide. The Thailand overview was authored by Darani Vachanavuttivong, managing partner of Tilleke & Gibbins and managing director of the firm’s regional IP practice; Titikaan Ungbhakorn, senior associate and patent agent; and San Chaithiraphant, senior associate. The chapter delivers a high-level examination of critical aspects of IP law, including IP assignment and licensing, research and development collaborations, IP in mergers and acquisitions (M&A), securing loans with intellectual property rights, settlement agreements, employee-related IP issues, competition law, taxation, and non-tariff trade barriers. Key topics covered in the chapter include: IP assignment: Basis and formalities for assignments of patents, utility models, trademarks, copyright, design rights, trade secrets, confidential information, and domain names. IP licensing: Scope and formalities for licensing patents, utility models, trademarks, copyright, design rights, and trade secrets. Research and development collaborations: Management of improvements, derivatives, and joint ownership of IP. IP aspects of M&A: Due diligence and critical considerations during mergers and acquisitions. Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The Intellectual Property Transactions Global Guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the Intellectual Property Transactions in Thailand overview, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.
Read More
July 24, 2024

Acted for Nordic Transport Group in its Acquisition of Freightzen Logistics

Acted as lead counsel for Nordic Transport Group A/S (NTG), an international freight forwarding company based in Denmark, in its acquisition of a stake in Asia-based Freightzen Logistics Ltd., Inc. through a newly established subsidiary, NTG APAC Holding Pte. Ltd.
Read More
July 23, 2024

Tilleke & Gibbins Lawyers Recognized in Who’s Who Legal Southeast Asia Guide 2024

In the Who’s Who Legal (WWL) Southeast Asia guide for 2024, a total of 12 Tilleke & Gibbins lawyers have been distinguished as market leaders in various legal practice areas. The firm’s 12 recognized lawyers, singled out for their commitment to delivering exceptional legal services to Tilleke & Gibbins’ clients, are grouped into seven practice areas: Asset Recovery: Thawat Damsa-ard Data: Alan Adcock, Athistha (Nop) Chitranukroh Franchise: Alan Adcock, Jay Cohen Intellectual Property: Alan Adcock (Patents, Trademarks), Darani Vachanavuttivong (Patents, Trademarks), Kasama Sriwatanakul (Trademarks), Linh Thi Mai Nguyen (Trademarks), Somboon Earterasarun (Trademarks), Wongrat Ratanaprayul (Patents) Investigations: John Frangos and Thawat Damsa-ard Labor, Employment, and Benefits: Pimvimol (June) Vipamaneerut Life Sciences: Alan Adcock, Loc Xuan Le The annual WWL Southeast Asia rankings guide, published by the London-based group Law Business Research, aims to identify the foremost legal practitioners across a range of business law practice areas. The rankings are largely based on feedback and nominations received from other WWL-ranked and nominated attorneys around the world. These peer-driven recognitions highlight Tilleke & Gibbins’ dedication to maintaining the highest standards of legal service and helping clients achieve success. To read more about the WWL Southeast Asia guide, or to browse the full results, please visit the WWL website.
Read More
Load More

Contact

We have seven offices in six countries
across Southeast Asia.

Contact Us

Careers

We are always seeking great people to grow
our amazing team.

Join Us

Networks

© 2023 Tilleke & Gibbins International Ltd. All rights reserved.

© 2020 Tilleke & Gibbins International Ltd. All rights reserved.

Privacy Policy

| Legal Notice