Thailand: Adopted Assessment Guidelines for Digital Identity Proofing and Authentication Systems that require licensing

On 21 June 2023, the Electronic Transactions Development Agency (ETDA) published the Assessment Guidelines for Digital Identity Proofing and Authentication Systems that require licensing. The document stipulates that business operators must implement a risk management policy that encompasses a range of risks, including those pertaining to strategy, operations, information technology, reputation, and compliance. This entails the systematic identification, evaluation, and management of risks, including the undertaking of an annual review of risk policies. Furthermore, the document stipulates the implementation of security measures, including encryption, access control, data protection, and incident response plans. It is obligatory that service providers implement robust anti-fraud measures and monitoring systems in order to ensure the integrity of digital identity systems, including the implementation of rigorous access controls for sensitive information. It is required that service providers implement measures to mitigate damage. In the event of an incident, businesses are held accountable for providing compensation or remediation to affected users. In addition, when outsourcing services, businesses must ensure that third-party operators adhere to the same security, risk management, and service standards as in-house operations. Furthermore, the monitoring and assessment of third-party services must also be conducted.