You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

Search
Close this search box.

Go Back

Nopparat Lalitkomon

Partner

Biography

Nopparat Lalitkomon is a partner in Tilleke & Gibbins’ corporate and commercial group, leading the firm’s data privacy and cybersecurity practice in Thailand and Vietnam. His expertise in technology, media, and telecommunications has earned him recognition as an “Associate to Watch” by Chambers Asia-Pacific and a “Rising Star” by The Legal 500 Asia-Pacific.

Nopparat is a trusted advisor to domestic and multinational companies alike, advising clients across industries on a wide range of tech-focused matters in Southeast Asia, including cybersecurity, data protection, digital assets, e-commerce, e-payments, e-transactions, fintech, gaming, and insurtech. Nopparat also advises clients on general corporate and commercial matters, including banking, direct marketing, foreign direct investment, investment incentives, labor and employment, M&A, and joint ventures.

Nopparat graduated with an LLB from Thammasat University and an LLM in International Competition Law and Policy from the University of Glasgow. He is a member of the Thai Bar Association and holds a notarial services certificate.

Experience

  • Engaged by numerous leading local, regional, and global companies to provide data mapping, gap analyses, and training sessions; prepare data-related documentation (e.g., privacy policies, consent forms, data transfer agreements, and data breach guidelines and notifications, among others); and advise on regulations and liabilities under Thailand’s PDPA.
  • Selected by Delivery Hero to provide regulatory advice on the operation of the foodpanda platform in compliance with employment law, personal data protection law, and others. We also advised on corporate structuring and licensing requirements in relation to the launching of new business schemes that the client would propose to Thai restaurant operators.
  • Advised Healy World GmbH, an affiliate of the internationally operating multinational group under Healy International AG, to provide an in-depth legal analysis addressing the legislative framework regulating direct-selling business operations for their proposed entry into the Thai market.
  • Advised a world-leading technology company on the regulatory framework applicable to the proposed launch of various innovative tech-space offerings in the Thai market, including extensive advice on OTT licensing and regulatory requirements, data protection, media and content restrictions, sensitive content and information, and restrictions for foreign businesses.
  • Engaged to advise one of the world’s largest e-commerce and technology companies on the local requirements for direct marketing in Thailand and the planned launch of a comprehensive demand-side platform for Thai vendors interested in advertising their products.
  • Advised a Chinese multinational technology company on the proposed operation of a data center and provision of cloud and artificial intelligence products/services in Thailand.
  • Advised an American international software company listed on Thai telecommunications regulations, licensing requirements, foreign business restrictions, data privacy regulations, and commercial realities of their proposed operation of a data center for the provision of their widely popular cloud-based communication platform, which has over 12 million daily users worldwide.
  • Advising numerous insurance providers, financial institutions, technology companies, telecommunication companies, and fintech companies on planning and adjusting their data protection policies and business strategies to ensure conformity and compliance with Thailand’s Personal Data Protection Act.
  • Advised a global fashion retail brand on the regulatory requirements related to a proposed e-commerce business that the client planned to launch in Thailand.
  • Assisted a leading e-payment service provider by advising on a new e-payment business model, which the client aimed to roll out in Thailand. Our advice on this matter gave the client a deep understanding of the local regulatory framework surrounding e-payment services and allowed them to make appropriate business decisions moving forward.
ABOUT Nopparat

Industries

Automotive

Fintech

Technology

Practices

Banking and Finance

Competition and Trade

Corporate/M&A

Employment

Locations

Languages

    Thai

    English

Education

    LLM, University of Glasgow

    LLB, Thammasat University

Insights

September 24, 2025
On September 12, 2025, the Bank of Thailand (BOT) officially released its AI Risk Management Guidelines for Financial Service Providers, building upon the draft guidelines issued in June 2025. The guidelines reflect a balanced approach, encouraging innovation while safeguarding financial stability and consumer protection. The guidelines are targeted at all financial service providers, including financial institutions and special financial institutions under the Financial Institution Business Act, as well as payment providers under the Payment Systems Act. The guidelines apply to both AI systems developed in-house and those developed by third parties that are adopted for use by financial service providers. AI Risk Management Guidelines The two main pillars in managing AI risk are (1) governance of AI system implementation and (2) AI system development and security controls, consisting of the following key elements: 1. Governance Stakeholder roles and responsibilities. Boards and senior management assume accountability for decisions and operations involving AI systems, and are responsible for defining roles and responsibilities for AI oversight. This includes establishing an AI system usage policy, designating personnel responsible for AI risk management, and building awareness of AI-related risk within the organization. Organizations are expected to foster internal capabilities to use AI securely and avoid overreliance that could compromise business continuity or customer service. AI system usage policy. Policies governing AI usage should align with organizational goals, regulatory obligations, and recognized responsible AI frameworks—such as the FEAT principles (fairness, ethics, accountability, and transparency). These policies should be reviewed regularly to respond to technological advancements and evolving risk profiles. Risk management throughout the AI lifecycle. Risk management should encompass the entire AI lifecycle, from establishing risk appetite to implementing continuous risk assessment and control measures tailored to specific use cases. Financial service providers should assess risks and impacts of AI usage on operations and customer services.
Read More
September 2, 2025
Thailand’s Office of the Consumer Protection Board (OCPB) has initiated a sweeping regulatory review of licensed direct sale and direct marketing businesses in Thailand and is in the process of notifying business operators to submit their annual business report and financial statement to the OCPB as part of their postlicensing obligations. This move marks a significant escalation in the government’s efforts to enforce compliance and transparency in the sector, which has faced growing scrutiny in recent years. Key Regulatory Considerations All businesses holding a direct sales or direct marketing license are required to submit their audited financial statement along with their business operation report to the OCPB within 60 days from the end of their fiscal year (extendable for up to 30 days by request, if necessary). The OCPB is currently conducting license audits as part of its enforcement duties. The office aims to complete audits for at least 90% of the 2,983 registered businesses that have obtained their license since 2022. This includes a review of the business conduct of the license holder. New license applications are also under scrutiny. Applicants are currently being subjected to background checks, and the OCPB has signaled a more rigorous vetting process moving forward. Impact of Noncompliance Failure to comply with these reporting obligations may result in escalating enforcement actions, including: Official notice to rectify noncompliance within a specified timeframe. Revocation of business registration, if the operator fails to respond. Revocation of business registration could result in a five-year prohibition on reapplying for a direct sales or direct marketing license following the revocation. The OCPB has already initiated outreach efforts, including SMS and email notifications, and has hosted seminars to raise awareness of these obligations. These measures are part of a broader initiative to enhance transparency and consumer trust in the sector. Businesses operating in the direct selling and
Read More
August 21, 2025
Tilleke & Gibbins is pleased to announce that the firm has adopted Harvey, a leading enterprise-grade AI platform for the global legal industry. The firm is proceeding with a rollout of Harvey’s legal AI solutions, which are supported by robust security and confidentiality protections, across the firm’s full-service regional practice in Southeast Asia. This initiative builds on the firm’s recent deployment of Microsoft Copilot and represents another advancement in Tilleke & Gibbins’ commitment to leveraging technology for enhanced legal service delivery. Under the program, legal professionals across the firm’s offices in Cambodia, Indonesia, Laos, Myanmar, Thailand, and Vietnam will have access to the full Harvey platform, equipping them to deliver practical, impactful, and results-driven legal services for clients throughout the region. The firm will also develop bespoke agentic workflows within Harvey tailored to the firm’s core practices and the unique requirements of Southeast Asian legal markets. Commenting on the initiative, Managing Partner Tiziana Sucharitkul stated, “At Tilleke & Gibbins, we have consistently invested in developing and adopting technology to improve the speed, precision, and overall excellence of our legal services. The firm’s decision to invest in Harvey exemplifies our commitment to innovation, further differentiating Tilleke & Gibbins within Southeast Asia’s legal landscape.” Managing Partner Darani Vachanavuttivong remarked, “By combining the deep regional expertise of our lawyers with Harvey’s market-leading domain-specific AI, we are empowering our regional team to streamline drafting, research, and review processes for complex legal matters, all while maintaining the high standards of quality and security our clients expect from us.” Harvey’s Chief Business Officer John Haddock added, “It’s clear Tilleke & Gibbins is investing heavily in innovation, and it’s clear their global clients will benefit significantly from their focus and investment. The Harvey team is thrilled to support the firm’s journey with our platform.”
Read More
August 1, 2025
Thailand’s Personal Data Protection Committee (PDPC) announced to the press on August 1, 2025, that it had issued eight new administrative fines under Thailand’s Personal Data Protection Act B.E. 2562 (2019) (PDPA) in five cases of noncompliance by public and private entities. The enforcement actions reflect a growing commitment by the PDPC to penalize noncompliance across all sectors, regardless of organizational type or size. The total amount imposed to date was approximately THB 21.5 million (approx. USD 654,690), underscoring the financial risks tied to PDPA violations. The five cases—one involving a state agency and the remainder in the private sector—are summarized below. Case 1: State Agency Providing Online Services to the Public The order in this case stemmed from a cyberattack on a state agency’s web app, resulting in personal data of 200,000 data subjects being leaked to and sold on the dark web. The software developer was also found to have implemented no privacy by design, lacked an access control system, had no data breach prevention measures, and failed to conduct risk assessments or review existing security measures. Key noncompliance identified: Lack of appropriate security measures Weak password protection No risk assessment or ongoing review of security measures No data processing agreement with software developer that acted as data processor The state agency and the developer were each fined THB 153,120 (approx. USD 4,670). Case 2: Private Hospital This case involved a hospital that engaged an individual contractor to destroy patient medical record documents. However, the contractor stored the documents at their own premises, failed to follow the required destruction protocols, and ultimately used the medical records to wrap sweets, resulting in the leak of over 1,000 records during the destruction process. The contractor also failed to notify the hospital of the data breach. Although there was a
Read More

Awards & Rankings

September 12, 2025
The 2025/2026 edition of the IFLR1000 Asia-Pacific rankings, released by International Financial Law Review (IFLR), highlights Tilleke & Gibbins’ continued excellence in financial and corporate transactional work. The firm has maintained its strong rankings across multiple jurisdictions and practice areas while achieving notable upgrades and new recognitions, reaffirming its position as a leading firm in the Asia-Pacific region. This year, Tilleke & Gibbins received firmwide rankings in key jurisdictions, including: Thailand Banking & Finance—Tier 3 Capital Markets: Debt—Tier 3 Capital Markets: Equity—Tier 3 M&A—Tier 2 Project Development—Tier 2 Restructuring & Insolvency—Tier 3 Vietnam Banking & Finance—Tier 4 M&A—Tier 3 Project Development—Tier 3 Cambodia Financial & Corporate—Tier 2 Project Development—Tier 2 Laos Financial & Corporate—Tier 2 In addition to these firmwide rankings, Tilleke & Gibbins had several standout individual recognitions, with 12 lawyers honored in the 2025/2026 individual rankings—an increase from last year’s 10. This year’s results include upgraded rankings for John Frangos and new rankings for Charupat Boon-Long, Derrick Khoo, Prisna Sungwanna, and Saravut Krailadsiri. The full list is as follows: Charunun Sathitsuksomboon—Highly Regarded, M&A, Thailand; Women Leader Charupat Boon-Long—Rising Star, M&A, Thailand (new ranking) David Mol—Rising Star, Corporate and M&A, Cambodia Derrick Khoo—Rising Star (Partner), Financial and Corporate, Thailand (new ranking) Jay Cohen—Highly Regarded, Banking, Cambodia John Frangos—Highly Regarded, Restructuring & Insolvency, Thailand (upgraded ranking) Niti Muangkote—Rising Star, Financial & Corporate and Project Development, Laos; Highly Regarded, Banking & Finance, Thailand Prisna Sungwanna—Highly Regarded, Financial & Corporate, Laos (new ranking) Saithong Rattana—Notable Practitioner, Project Development and M&A, Laos Santhapat Periera—Highly Regarded, Banking & Finance and M&A, Laos; Highly Regarded, Banking & Finance, Thailand Saravut Krailadsiri—Notable Practitioner, Thailand (new ranking) Tram Ngoc Bich Nguyen—Highly Regarded, M&A, Vietnam To see the full set of IFLR1000 rankings for Tilleke & Gibbins’ jurisdictions, please see the Cambodia, Laos, Thailand, and Vietnam pages
Read More
May 13, 2025
Tilleke & Gibbins has been recognized in the In-House Community (IHC) Firms of the Year 2024, earning accolades across 19 categories in Thailand and Vietnam. The results, based on surveys of in-house counsel across Asia, reflect client perspectives on the quality and responsiveness of legal services in key practice areas. The firm received 11 Firm of the Year awards and two honorable mentions in Thailand, along with six Firm of the Year awards in Vietnam. Notably, Tilleke & Gibbins was named “Most Responsive International Law Firm” in both jurisdictions—an acknowledgment that underscores the firm’s longstanding commitment to client service. Firm of the Year – Thailand Most Responsive International Law Firm Antitrust/Competition Banking and Finance Employment Energy and Projects Intellectual Property International Arbitration Litigation and Dispute Resolution Real Estate and Construction Taxation Technology, Media, and Telecommunications Honorable Mention: Capital Markets Honorable Mention: Corporate and M&A Firm of the Year – Vietnam Most Responsive International Law Firm Employment Intellectual Property International Arbitration Litigation and Dispute Resolution Technology, Media, and Telecommunications The IHC Firms of the Year rankings are determined through responses from thousands of in-house counsel and corporate decision-makers in Asia and the Middle East. Tilleke & Gibbins is honored to receive this recognition from the clients and peers it serves across the region.
Read More
May 9, 2025
Tilleke & Gibbins has been recognized by Asia Business Law Journal (ABLJ) in its Vietnam Law Firm Awards 2025, which honor the best corporate law firms in Vietnam across a wide range of practice areas, based on votes, feedback, and qualitative information from in-house counsel and other legal professionals who participated in ABLJ‘s research. Tilleke & Gibbins was named a top-tier firm in four competitive categories: Data Compliance & Cybersecurity IP Litigation Employment Technology, Media & Telecoms (TMT) A publication of Law.asia featuring widely read editions in English, Chinese, Japanese, and Korean, ABLJ is a multilingual resource for general counsel at companies with operations in Asia. For more information on the Vietnam Law Firm Awards 2025 and browse the full list of recognized firms, please see the ABLJ website.
Read More
April 18, 2025
Asian Legal Business has released its 2025 “Employer of Choice” rankings, and Tilleke & Gibbins has once again secured top honors as a premier employer in the legal sector in both Thailand and Vietnam. This marks the 13th consecutive year that the firm has been recognized as Employer of Choice in Thailand and the 11th time in Vietnam.
Read More

Other Professionals

See All Professionals

Contact

We have seven offices in six countries
across Southeast Asia.

Contact Us

Careers

We are always seeking great people to grow
our amazing team.

Join Us

Networks

© 2024 Tilleke & Gibbins International Ltd. All rights reserved.

© 2020 Tilleke & Gibbins International Ltd. All rights reserved.

Privacy Policy

| Fraudulent Communications

| Legal Notice