Thailand’s Electronic Transactions Development Agency (ETDA) has released a revised draft Electronic Transactions Act (ETA) for public hearing from May 12, 2026, to June 15, 2026. This is not merely an amendment to certain provisions of the current ETA, but a comprehensive redrafting of the entire act.

The revised draft ETA introduces several significant changes from the current framework, with practical implications for businesses operating in Thailand.

Unified Coverage of Public and Private Sectors

The current law segregates government transactions into a separate chapter with distinct rules. The draft ETA eliminates this division, defining “transaction” to encompass civil and commercial juristic acts as well as administrative procedures, administrative contracts, and other acts of government agencies.

Enhanced E-Signature Definition

The definition of “electronic signature” is broadened to expressly include biometric data and refocused on identifying the signatory and demonstrating intent regarding the content of the electronic data.

Shift in Burden of Proof

When a party challenges the reliability of electronic data created using a “trusted electronic method” or a method prescribed by the ETDA, the burden of proof and the cost of proving unreliability shifts to the challenger.

Introduction of New Digital Method Concepts

The draft ETA introduces several new digital method concepts that are not currently recognized under the existing ETA framework. These include:

• Electronic timestamping (e-timestamp)
• Electronic registered delivery
• Electronic company seals
• Electronic stamp duty compliance
• Electronic identity authentication and verification
• Electronic transferable records (electronic bills of lading, promissory notes, and similar negotiable instruments)

Recognition of Automated Systems and Electronic Contracting

The draft ETA expressly recognizes the legal validity and enforceability of contracts formed through automated systems, including contracts concluded entirely between automated systems or between an automated system and a person. A party may not deny the binding effect of such contracts solely because no human review or intervention was involved in the transaction process.

The draft, however, also introduces safeguards for unexpected automated actions. Where an automated system acts in a manner that could not reasonably have been anticipated by the party using the system, the action may not be legally binding if the counterparty knew or should reasonably have known that such action was unintended or unforeseeable.

In addition, the draft ETA provides protection for input errors made by individuals interacting with another party’s automated system. If the system does not provide a means to correct the error, the individual may withdraw the erroneous electronic communication, provided that notice of the error is given promptly after discovery; and the individual has not received or benefited from the relevant goods or services.

These new requirements would impact the use of AI, especially agentic AI, in business operations.

New Obligations for E-Transaction Service Providers

The draft ETA proposes to replace the current mandatory licensing regime applicable to certain electronic transaction businesses with a voluntary certification framework.

The draft ETA identifies seven categories of electronic transaction services: (1) identity verification, (2) electronic signature services, (3) timestamping, (4) electronic data transmission and storage, (5) website or domain name registration/certification, (6) electronic transferable record systems, and (7) other services prescribed by ministerial regulation. Service providers in these categories must comply with detailed operational duties, including maintaining reliable systems, processes, and personnel; implementing risk management frameworks; publishing electronic channels for complaints; and enforcing cybersecurity measures together with protocols for notifying, remedying, and mitigating damage from incidents.

Providers that clearly disclose the purpose and limitations of their services are shielded from liability where users act outside or beyond those disclosed boundaries.

Shifting Criminal Penalties to Civil Liability

The draft ETA removes the existing criminal penalties imposed on service providers operating without the required license, registration, or notification. These violations currently carry penalties of imprisonment for up to three years and/or fines of up to THB 300,000. This change aligns with the draft ETA’s shift from a mandatory licensing regime to a voluntary certification framework. Under the proposed framework, enforcement would instead focus on civil liability. In particular, service providers that fail to comply with their duties prescribed in the Draft ETA may be held liable for damages suffered by users or other relevant parties.

Implications for Businesses

The draft ETA carries several key implications for businesses operating in Thailand:

• Digital-first policy. Organizations should evaluate whether internal workflows—especially government filings, notices, and contract execution—can migrate to fully electronic processes.
• E-signatures and biometrics. Organizations using biometric authentication (fingerprints, facial recognition) for contract execution will have clearer statutory backing but must ensure compliance with Thailand’s Personal Data Protection Act.
• Burden of proof. Businesses should proactively align their systems with ETDA-prescribed standards.
• New digital methods. Businesses may rely on e-signatures, e-stamping, e-delivery, and digital identity verification with greater legal certainty, reducing operational friction and supporting digital transformation.
• Automated systems. Businesses should review their internal procedures and legal limitations for automated systems, AI tools, and digital contracting.
• Licensing regime. The draft ETA shifts from regulatory approval to a standards-based framework. While licensing burdens may decrease, greater emphasis will be placed on ETDA-prescribed standards, operational reliability, and civil liability.
• Civil liability shift. Despite reduced criminal exposure, service providers must maintain compliance and operational standards, as failures may result in civil liability for damages.

Next Steps

After the public hearing, the draft ETA will be revisited and further proposed to the parliament for consideration and approval before enactment. This process may take up to a year.