Thailand: Implemented NCSC Standards for the Maintenance of Cybersecurity in Cloud Computing Systems B.E. 2566 (2023) including data localisation requirements
Description
Implemented NCSC Standards for the Maintenance of Cybersecurity in Cloud Computing Systems B.E. 2566 (2023) including data localisation requirements
On 10 September 2026, the National Cyber Security Committee’s (NCSC) standards for the maintenance of cybersecurity in cloud computing systems B.E. 2566 (2023) enter into force. The standards mandate “high” impact information systems, which can have “very severe” consequences, to use a primary data centre located in Thailand, along with a backup data centre in Thailand or the ASEAN region. Specifically, the cloud service users must operate from a primary data centre in Thailand, and cloud service providers are mandated to establish both a primary data centre and either a backup data centre within Thailand or in the nearest Southeast Asian location to serve their cloud service users effectively.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Data localisation requirement
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
data protection authority