Thailand: Implemented CSSC Code of Conduct and Framework Standards for Cybersecurity for Government Agencies and Critical Information Infrastructure Organizations, B.E. 2564 (2021)

On 6 September 2022, the Cyber Security Supervisory Committee's (CSSC) Code of Conduct and Framework Standards for Cybersecurity for Government Agencies and Critical Information Infrastructure Organizations, B.E. 2564 (2021), entered into force. The code sets minimum cybersecurity measures for government agencies and critical information infrastructure organisations. It mandates the establishment of a cybersecurity framework, including risk assessment, incident response, and data protection measures. Organisations must implement access controls, continuous monitoring, and periodic audits to ensure compliance. The regulation also requires the appointment of a cybersecurity officer, regular staff training, and the reporting of cybersecurity incidents to the relevant authorities within a specified timeframe.