Cybersecurity act in Thailand - What We Understand or Do We?

The Thai Parliament had on 28 Feb 2019 passed an act titled 'The Cybersecurity Act'.


This act apparently allows the government of Thailand to assert control over the usage and application of the Internet in Thailand.


Few interesting observations were noted based on the reports commenting on the passing of this Act:-

  1. The Act encompasses all procedures from everyday encounters of slow internet connection to nationwide attacks on critical infrastructure

  2. If a cybersecurity situation reached a critical level it allows the National Security Council (NSC) to override all procedures within its own laws

  3. There is a National Cybersecurity Committee (NCSC) who under the Act can summon individuals for questioning and enter private property without a court order in case of actual or anticipated serious cyber threats

  4. There is a Cybersecurity Regulating Committee (CSRC) who have powers to access computers data and networks, make copies of information and seize computers or any devices. The CSRC does not need a court order in cases if it is an emergency and a penalty will be imposed for non compliance to the actions/instructions by the CSRC

  5. A Personal Data Protection Act (PDPA) was also approved. The PDPA apparently was modelled after the GDPR in EU

Back in February 2019, we wrote an article titled 'Cybersecurity Law - what do we understand’ in 2 parts.


The above interpretation (as in understanding the English language version of news report) of the Cybersecurity Act in Thailand is a clear example of what we said in our 2 articles posted.