Thailand: Implemented Cybersecurity Act (B.E. 2562) including cybersecurity regulations

On 27 May 2019, the Cybersecurity Act (B.E. 2562) entered into force. The Act mandates critical information infrastructure agencies to adhere to specific cybersecurity standards and practices, such as establishing and implementing cybersecurity codes of practice, conducting regular risk assessments and audits, and reporting cybersecurity incidents to the relevant authorities. In cases of cyber threats, firms are required to inspect their systems, provide information to authorities, and may be subject to inspections and data access by government officials, often under court orders. Firms are also required to participate in readiness tests for handling cyber threats and must comply with directives from the Cyber Security Supervisory Committee (CSSC) to prevent or mitigate cyber threats. Penalties are outlined for non-compliance, and there are provisions allowing firms to appeal against certain orders related to cybersecurity measures.