Following the amendment to the Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes in mid-April 2025, new measures were introduced by the Electronic Transactions Development Agency (ETDA) in a hearing session held on May 13, 2025, to establish shared liability between online social media platform operators and other in-scope operators for damages arising from technological crimes. Stakeholders are being invited to submit their comments on the proposed new provisions directly to the ETDA by May 20, 2025. The concept of the new measures for social media platform operators is that to be released from liability for damages arising from technological crimes, social media platform operators must demonstrate compliance with the relevant technological crime prevention standards and measures prescribed by their respective regulators (“safe harbor rules”). Safe Harbor Rules Under the principles of the proposed safe harbor rules, social media platform operators and the relevant service providers would be required to comply with the following obligations: Immediate takedown and suspension of dissemination: Disable access, remove the content from the system, or suspend the relevant service within 24 hours of receiving an official notification from the Cyber Crime Investigation Bureau’s Anti-Online Scam Operation Center (AOC) that a service or social media platform is disseminating content that is or may be used to commit or support technological crimes. Establishment of notification channels: Establish a system or channel to receive notifications from the AOC. User registration and identity verification: Require user registration (including identity verification and authentication) before allowing content to be posted, with sufficient information to identify the user. Suspending dissemination of suspect advertisements: Disable access to advertisements reasonably suspected of involving or potentially involving the commission of technology-related crimes. Reporting: Report on actions taken, including details like account owner information, IP address, email, or phone number used for account

Attorneys from Tilleke & Gibbins have updated the latest edition of Doing Business in Thailand, a Q&A-style guide from Thomson Reuters Practical Law that offers an overview of key legal considerations for companies operating in jurisdictions worldwide. The contribution outlines the country’s legal and regulatory framework for foreign investment and business operations and reflects the latest legislative developments. The chapter addresses the following core topics: Legal system: Structure of the courts and the codified nature of Thai law. Foreign investment: Business restrictions under the Foreign Business Act, sector-specific regulations, exchange control rules, and investment incentives. Business vehicles: Overview of partnerships, private and public limited companies, and other legal entities. Employment: Labor protections, employment contracts, foreign worker requirements, and termination procedures. Tax: Corporate and personal income tax, indirect taxes, and tax obligations for residents and non-residents. Intellectual property: Registration and enforcement of patents, trademarks, designs, and copyrights. Data protection: Key provisions of the Personal Data Protection Act and related compliance obligations. Competition law: Regulatory framework under the Trade Competition Act. Anti-bribery and corruption: Relevant legislation and enforcement mechanisms. E-commerce and digital business: Legal regime for online transactions and digital platforms. Marketing and advertising: Consumer protection laws and regulations affecting advertising and marketing practices. Product regulation and liability: Safety standards, liability regimes, and roles of enforcement authorities. Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The insurance and reinsurance guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the guide, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.

After making revisions to the initial draft notification released in November 2024, Thailand’s Electronic Transactions Development Agency (ETDA) has released an updated draft Notification on Additional Obligations for Digital Platform Service Operators of Online Marketplaces for Goods with Specific Characteristics under Section 18(2) of the Royal Decree on the Operation of Digital Platform Service Businesses Subject to Prior Notification B.E. 2565 (2022) B.E. … . A focus group session was also held to gather feedback from business operators. Below is a summary of key provisions in the new draft. Unchanged Items Some key concerns that remain unchanged from the previous version of the draft notification include the following: Offshore business operators running online marketplaces that act as intermediaries for the sale or exchange of goods and provide facility services for the sale of goods (referred to as “specific marketplace operators” in the draft) are required to establish a local entity in Thailand. However, the criteria for determining which operators are specific marketplace operators are still under discussion due to feedback from business operators. Specific marketplace operators must submit a compliance report to the ETDA along with their annual report each year. Specific marketplace operators must verify that “business users” (e.g., merchants) provide complete details about goods in accordance with product standardization requirements. Removed Obligations The updated draft notification has removed specific marketplace operators’ obligations to: Conduct Identity Assurance Level 2 (IAL2) verification of business users before onboarding them on their platforms. Submit a registry of business users’ information to the ETDA. Retain business users’ information for a specified retention period. Implement measures to filter reviews of products subject to specific standards. Revisions Key revisions made to the draft notification include the following: The effective date has been extended to 120 days after the notification’s publication in the Government Gazette,

The Bank of Thailand (BOT) has published the Draft Guidelines for Digital Fraud Management, which aim to help financial service providers tackle digital fraud and ensure safety and trust in the Thai financial system. These draft guidelines, which are available for public comment until March 18, 2025, provide a comprehensive framework for financial service providers, covering prevention, detection, management, and resolution of digital fraud, as well as support for customers affected by fraud. The BOT tentatively plans to implement these draft guidelines on April 1, 2025, along with circular letters on the minimum required measures for tackling “mule accounts” (deposit or e-money accounts used as tools to receive and transfer funds obtained through the commission of any offense) and measures to strengthen Thailand’s customer due diligence and enhanced due diligence procedures. Under the draft guidelines, “financial service providers” include financial institutions and special financial institutions under the Financial Institution Business Act and payment providers under the Payment Systems Act. Commercial banks, special financial institutions, and operators of transferable e-money services must adhere to every requirement in the draft guidelines. Other financial service providers (e.g., payment providers other than operators of transferable e-money services) can implement the draft guidelines as deemed appropriate to their services, products, and service channels. Digital Fraud Management Requirements The draft guidelines establish the following key requirements: Policy and oversight. Directors and senior executives of financial service providers must set and adopt appropriate “end-to-end” fraud management policies and KPIs to manage digital fraud, covering prevention, monitoring, detection, management, resolution, and support for affected customers. Fraud management processes. Financial service providers must establish a clear framework for managing digital fraud throughout the customer lifecycle, from customer onboarding to service termination, according to industry standards at a minimum and covering at least the following processes: Know your customer