The Cyber Security Act B.E. 2562 (A.D. 2019) (“CSA”) was published in the Government Gazette on 27^th May 2019.  It comes into force on and from 28^th May 2019.  It is the first ever cyber security law of Thailand.  We summarized some of its major provisions below.

1.   The objective of the CSA is to secure national security in the cyberspace. It governs information infrastructures and database of the public and private sectors.

2.   The CSA has established:-

(1)   the National Cyber Security Committee (“NCSC”);

(2)   the Cyber Security Governance Committee (“CSGC”);

(3)   the Executive Committee of the Office of the Cyber Security Committee (“ECOCSC”); and

(4)   the Office of the National Cyber Security Committee (“ONCSC”).

3.   The CSA empowers the committees and offices mentioned above to collect information and analyze situations and assess their impacts and to prevent, handle and mitigate cyber security threats.

4.   Information Infrastructure Authorities (“IIA”) who provide services in relation to the banking, information technology and telecommunication, transportation and logistics, energy, public utility and public health are required to provide assistance to the ONCSC in preventing, handling and reducing the risk of cyber security threats. IIA must provide to the ONCSC thes names and contact details of owners, possessors and administrators of computers and computer systems within a period of time specified by the ONCSC.

5.   IIA must conduct an assessment of cyber security risks at least once a year and send an executive operation report to the ONCSC within 30 days after the assessment completion.

6.   IIA must create and implement mechanisms and procedures to monitor cyber security threats relating to their information infrastructures and measures to solve cyber security problems.

7.  IIA must send a report to the ONCSC if and when a cyber security threat occurs, otherwise it can be subject to a fine of not more than THB200,000.