Thailand: Implemented CSSC Criteria and Procedures for Reporting Cyber Threats B.E. 2566

On 19 May 2023, the Cyber Security Supervisory Committee’s (CSSC) criteria and procedures for reporting cyber threats B.E. 2566, which is aimed at government agency systems and critical information infrastructure, entered into force. The order, mandated under the Cybersecurity Act B.E. 2562, aims to enhance the nation's cybersecurity by establishing clear guidelines for the identification, response, and reporting of cyber threats. Government agencies and entities overseeing critical information infrastructure are now required to investigate potential cyber threats, take appropriate mitigation actions, and report incidents to the National Cybersecurity Committee within specified timeframes. Additionally, annual summary reports of cyber threats are to be submitted by January 31 of the following year, ensuring a comprehensive overview of the cybersecurity landscape and facilitating better-informed policy decisions.