AI Regulation in Thailand: What Foreign and Domestic Providers Should Know

Posted by , , on | Featured

Thailand is establishing a regulatory framework for artificial intelligence, adopting a rights-based and risk-focused approach that will soon influence both domestic and international AI service providers.

Introduction

Thailand is developing formal regulations for artificial intelligence (AI) through a novel legal framework that will establish standards for accountability, risk mitigation, and adherence to international regulations. Although the AI legislation remains in its draft stage, the Thai government has published the Draft Principles of the Artificial Intelligence Law, offering guidance on anticipated expectations for businesses.

Current Legal Framework: The PDPA

Until the AI law is enacted, AI deployments in Thailand must comply with existing laws, particularly the PDPA where personal data is involved (see https://fosrlaw.com/2025/gdpr-vs-pdpa/).

This law applies to both Thai and foreign entities processing the personal data of individuals in Thailand.

Key PDPA obligations include:

  • A lawful basis for data processing (e.g., consent, contractual necessity);
  • Transparency through privacy notices;
  • Safeguards for data security and confidentiality;
  • Restrictions on international data transfers;
  • Appointment of a Data Protection Officer (DPO), if applicable.

Thailand’s Draft AI Principles: A Preview of What’s Coming

The Draft Principles issued by the Ministry of Digital Economy and Society (MDES) and the Electronic Transactions Development Agency (ETDA) outline Thailand’s cautious approach to regulating artificial intelligence. These non-binding guidelines are expected to influence the development of subsequent binding legislation.

Highlights include:

  • Legal recognition of AI-generated outputs (e.g., decisions or contracts);
  • Mandatory human accountability for AI outcomes;
  • Risk-based classification of AI systems, with stricter obligations for high-risk categories;
  • Adoption of international risk management standards (ISO/IEC 42001:2023, NIST AI RMF);
  • Logging and transparency obligations for system auditability;
  • Notification duties to individuals affected by harmful or adverse AI behavior;
  • A local legal representation requirement for foreign AI providers.

Local Legal Representation for Foreign AI Providers

One of the most significant provisions in the draft framework is the requirement for foreign AI service providers to designate a local legal representative in Thailand.

Who must comply?

Any foreign AI service providers offering AI systems in Thailand must:

  • Register with Thai regulators.
  • Designate a local legal representative authorized to communicate with authorities.

This requirement aligns with international trends, similar to the EU’s AI Act frameworks, emphasizing Thailand’s goal to enforce compliance through local accountability.

Global Comparison: Where Thailand Stands on AI Privacy

JurisdictionApproachKey Characteristics
European UnionRights-based and risk-classified (AI Act, GDPR)High-risk systems face formal assessments and conformity checks.
United StatesDecentralized, sector-ledNo federal AI law; guidance provided via voluntary frameworks (e.g., NIST).
ThailandRisk-sensitive, rights-focusedDraft model emphasizes transparency, local representation, and gradual enforcement.

Thailand’s approach is closest to that of the EU, but with more flexibility in the early stages of rollout. Compared to the U.S., Thailand’s proposed obligations are more formalized and binding, particularly for foreign firms.

What This Means for AI Providers

Foreign and local companies developing or deploying AI systems in Thailand should begin preparing now.

Recommendations include:

  • Identify and classify AI systems under anticipated Thai definitions of “high-risk”.
  • Ensure current PDPA compliance, particularly for personal data used in AI models.
  • Develop internal governance aligned with ISO/IEC and NIST frameworks.
  • Establish local legal representation if providing AI services cross-border into Thailand.
  • Engage in regulatory monitoring and plan for sandbox participation or pre-approval steps.

Our Experience: Supporting Clients at the Frontier of AI Regulation

Formichella & Sritawat Attorneys at Law have extensive experience advising technology companies, platform operators, and data-driven businesses in Thailand on legal matters related to AI, privacy, and regulatory compliance.

Our services include:

  • Complete PDPA implementation and conduct compliance audits.
  • Drafting and negotiating data transfer and AI processing agreements.
  • Liaising with the PDPC, MDES, and ETDA on behalf of clients.
  • Risk classification and readiness assessments for high-risk AI systems.

Stay Ahead of the Curve

With Thailand anticipated to implement binding AI legislation soon, enterprises have a window of opportunity to prepare. Entities that adopt proactive measures towards compliance will be strategically positioned to enter the Thai market and efficiently manage regulatory challenges.

Authors

  • Naytiwut Jamallsawat is a partner at Formichella & Sritawat and a recognized legal advisor in Thailand’s telecommunications, media, and energy sectors. He represents leading multinational and Thai companies in complex legal and regulatory matters, with a focus on high-compliance industries, including telecommunications licensing, satellite operations, media platforms, and data privacy.

    In the energy sector, Naytiwut has advised on numerous greenfield and brownfield generation projects—both conventional and renewable—providing legal guidance on project development, transactional structuring, and compliance with Thai regulatory frameworks.

    He leads the firm’s specialized group of lawyers focused on telecommunications, media, technology (TMT), and data privacy. In this role, he ensures the delivery of practical, business-focused legal solutions across regulated and fast-evolving sectors. Naytiwut also works closely with founding partner John Formichella on TMT and energy mandates, providing integrated legal support on transactions and compliance matters involving international and domestic stakeholders.

  • Onnicha Khongthon (Ging) is a Senior Associate with over seven years of experience in corporate law, the technology, media, and telecoms sector (TMT), data privacy, cyber-security, and space law, including corporate and commercial matters. Onnicha began practicing after receiving an LL.B. at Chulalongkorn University.

  • Supitchaya Akeyati is an associate attorney at Formichella & Sritawat Attorneys at Law (FOSR Law) in Bangkok, Thailand. She specializes in corporate law, commercial law, personal data protection law, and litigation. Her current practice primarily focuses on corporate matters and personal data protection. Additionally, she assists senior lawyers and partners in providing legal advice related to technology, media, and telecommunications (TMT).

Together, Naytiwut, Supitchaya, and Onnicha advise on the full spectrum of regulatory, data, and AI compliance issues crucial for conducting business in Thailand.

The information provided here is for discussion and informational purposes only. It is crucial to note that nothing in this article should be or can be relied on as legal advice. Given the potential legal complexities, it is always advisable to seek professional legal counsel.

For any questions, you may contact Formichella & Sritawat at [email protected]

© Formichella & Sritawat Attorneys at Law

Tags: , , , ,