Legal Updates for April 2024

New Cybersecurity Subordinate Laws

On 18 January 2024, the National Cyber Security Committee of Thailand pubished these two important subordinate laws on cybersecurity under the Cybersecurity Act 2019 ("Notifications"). The Notifications, which will take effect on 18 January 2025,are as follows:

(a)        The Notification on Standards for Determination of the Security Category for Data or Information Systems ; and

(b)        The Notification on Minimum Standards for Data or Information Systems.

The Notifications require critical information infrastructure operators ("CIIOs") to classify their data and information systems, as well as implement cybersecurity protection measures. CIIOs are organisations (public or private) which assume missions or provide services in relation to a critical information infrastructure, i.e. a computer system which is used in connection with the maintenance of national security, public safety, national economic security or infrastructure of public interests.

This Update provides a summary of the obligations imposed on the CIIOs.