Thailand’s Ministry of Digital Economy and Society (“MDES”) recently published the latest draft of the Cyber Security Bill (the “Bill”) for public hearing and public consultation up to 25^th March 2018 before the MDES revises the Bill and submits it to the National Legislative Assembly (“NLA”) for approval. The bill aims to ensure both public and private organizations take greater responsibility for cyber security which will support the digital ecosystem.  It is one of the pending bills related to digital economy laws that need to be approved by the NLA to accomplish the implementation of the country’s digital economy roadmap.

The latest Bill as published by the MDES will establish the National Cybersecurity Committee (“NCSC”) with the Prime Minister as the Chairman of the NCSC, Minister of Defense as the first Vice Chairman and Minister of MDES as the second Vice Chairman.  The ex officio members of the NCSC will include the Finance Minister, the Foreign Affairs Minister, the Transport Minister, the Energy Minister, the Commerce Minister, the Interior Affairs Minister, the Justice Minister, the Educational Minister, the Public Health Minister, the Industry Minister, the Commander of the Royal Thai Police, the Secretary-General of the National Security Council, the Director of National Intelligence Agency, the Governor of the Bank of Thailand, the Secretary-General of the Office of the National Broadcasting and Telecommunications Commission; the Secretary-General of Office of Insurance Commission, the Secretary-General of Securities and Exchange Commission.

Under the Bill, the NCSC is to set standards for cyber security which means that companies operating in Thailand can be forced to implement surveillance standards set by the NCSC. The Bill also grants powers to the NCSC to order the private sector to do anything or refrain from doing anything if they deem that something is a threat to cyber security.

Importantly, under the Bill, the NCSC will also have power to authorize an official to access private communication information in the form of post, telex, telephone, fax, computer, electronic communication devices and media, or any other information technology media for the purpose of securing the cyber security and avoiding or at least mitigating the damages that may be caused by such cyber security threat, upon obtaining a court order.  In case of emergency, the NCSC is allowed to access the private communication information without the court order and report such access to the court afterwards without delay.

The published Bill is not its final version to be submitted to the NLA for their approval.  Once the Bill is submitted to the NLA, we will update readers on its development in future issues of our newsletters.