Thailand: Adopted Risk Management Guidelines for the Digital Identification System (Digital ID Risk Management Framework)

On 21 June 2023, the Electronic Transactions Development Agency (ETDA) published the Risk Management Guidelines for the Digital Identification System (Digital ID Risk Management Framework). It provides a comprehensive framework for the management of risks associated with digital identity proofing and authentication services. The document delineates risk management processes to guarantee security, compliance, and efficiency in accordance with regulatory standards. It is obligatory for businesses to identify risks pertaining to their operations, including strategic, operational, IT, reputational, and compliance risks. The framework delineates a two-part risk assessment: the initial risk without controls, otherwise known as the inherent risk, and the risk management capability of the organisation. The aforementioned assessments assist in determining the overall net risk. Subsequently, organisations must evaluate the risks identified and compare them to the predefined risk criteria. Based on this comparison, decisions must be made regarding the implementation of measures to reduce the risks to an acceptable level. Strategies may include the mitigation, avoidance, transfer, or acceptance of risks. In addition, the guide furnishes information on risk monitoring and reporting, including a mandatory report on the risk assessment.