Thailand: Bank of Thailand opened consultation on draft Policy on Risk Management of the Use of Artificial Intelligence Systems including cybersecurity regulations

On 12 June 2025, the Bank of Thailand opened a consultation on its draft Policy on Risk Management of the Use of Artificial Intelligence Systems until 30 June 2025. The policy provides financial service providers with appropriate risk management guidelines, aligning with internationally accepted principles. Its objective is to establish a framework for managing AI-related risks based on usage scenarios, supplementing existing guidelines on its risk management, third-party risk management, data governance, and fair market conduct. The policy applies to financial institutions under the Financial Institutions Business Act and Payment service providers under the Payment Systems Act. It addresses cybersecurity risks, such as AI-specific attacks (e.g., prompt injection, data poisoning, adversarial attacks), which arise across the data, development, and deployment lifecycle. Financial service providers should implement robust risk controls across the AI lifecycle and defend against AI-specific cyber threats.