Internet & Online Safety · Thailand
Online safety & content laws in Thailand (2026)
Thailand shaded by its internet & online safety status
Thailand regulates online content through a layered, fragmented set of laws rather than a single omnibus framework. The Computer Crimes Act and Emergency Decree on Technology Crime form the core content-restriction regime, supplemented by the 2022 Royal Decree on Digital Platform Services that imposes registration and transparency duties on platforms. A July 2025 ETDA notification introduced a 24-hour takedown obligation for social media platforms, marking a significant shift toward active platform governance, though civil-society groups warn it enables overbroad censorship.
Key points
The Computer Crimes Act B.E. 2550 (2007), amended in 2017, is the foundational online-content law. It criminalises uploading false or distorted information that damages national security or public order, and authorises MDES to seek court orders blocking or removing websites. 'False information' has historically been interpreted broadly, covering fraud, politically sensitive speech, and lèse-majesté content.
Published in the Royal Gazette on 4 July 2025 and effective 5 July 2025, the ETDA Notification on Measures for Preventing Technology Crimes requires social media platforms to remove content flagged by MDES as false or misleading within 24 hours of notice. Non-compliance risks loss of safe-harbour protection and criminal liability. Access Now and other civil-society groups criticised the rule as undermining due process and freedom of expression.
The Royal Decree B.E. 2565 (2022), enforced by ETDA, requires digital platform operators meeting size thresholds to register, maintain transparency reports, and comply with ETDA directives. A December 2025 notification designated 21 marketplace platforms subject to enhanced duties. ETDA announced stepped-up enforcement in 2026, with penalties including up to one year imprisonment and fines up to THB 100,000 for unregistered operation.
On 8 April 2025 the Cabinet approved Amendment No. 2 to the Emergency Decree on Technology Crime (in force 13 April 2025), targeting online scam infrastructure — mule bank accounts, SIM-swap fraud, and money-laundering networks — with significantly increased fines and prison terms. Platforms must maintain traceable compliance records to remain covered by safe-harbour provisions.
Section 112 of the Criminal Code (lèse-majesté) carries 3–15 years imprisonment per count for content deemed insulting to the monarchy. Platforms receive MDES blocking orders for such content and face intermediary liability if they fail to act. Freedom House rated Thailand 'Not Free' in its 2025 Freedom on the Net report, citing politically motivated censorship and arrests of social-media users.
Thailand has proposed barring children under 14 from social media platforms, with a mechanism requiring parental e-citizen ID verification via QR code to approve accounts. As of mid-2026 this remains at the proposal/consultation stage; no standalone age-verification law has been enacted. Separately, the ETDA's 2025 social media notification requires platforms to verify advertiser identity and link user accounts to telephone numbers.
Timeline - major decisions & events
The Electronic Transactions Commission notification published in the Royal Gazette on 4 July 2025 mandates social media platforms to remove content flagged by the MDES as false, misleading, or facilitating a technology crime within 24 hours of official notice — including weekends and holidays. Platforms that fail to comply lose safe-harbour protections and face criminal liability for offences such as fraud and lèse-majesté.
Tilleke & Gibbins ↗Published in the Government Gazette on 12 April 2025 and effective the next day, the amendment to the 2023 Emergency Decree narrows the categories of business operators subject to its obligations, reduces some compliance burdens, and formalises coordination mechanisms among banks, telecom providers, and law enforcement to combat online scams.
Tilleke & Gibbins ↗Thailand's Personal Data Protection Committee imposed the maximum 7 million Baht administrative fine on an undisclosed major e-commerce platform for failing to appoint a Data Protection Officer, maintaining inadequate security measures that caused data leaks to call-centre scammers, and failing to report breaches — the first enforcement action since the PDPA's full entry into force in 2022.
IAPP ↗The Royal Decree on Digital Platform Service Businesses B.E. 2565 (published in the Government Gazette on 23 December 2022) took effect, requiring all platforms serving Thai users — including overseas providers — to notify the Electronic Transactions Development Agency before commencing operations and to file annual compliance reports; non-compliance carries fines up to THB 100,000 and up to one year imprisonment.
DataGuidance ↗Published in the Government Gazette on 16 March 2023, this emergency decree — prompted by an explosion in call-centre fraud and online financial scams — imposed legally binding obligations on banks, telecom operators, and social media platforms to cooperate with authorities in rapidly freezing suspect accounts, cancelling SIM cards, and removing fraudulent content, creating Thailand's first integrated cross-sector cybercrime response framework.
Nishimura & Asahi ↗Following two postponements since the 2019 enactment, the Personal Data Protection Act fully entered into force on 1 June 2022, after the Personal Data Protection Committee was formally constituted on 11 January 2022 and subordinate regulations were issued; all data controllers and processors became immediately subject to consent, purpose-limitation, data-subject-rights, and breach-notification obligations.
Ministry of Digital Economy and Society (MDES) ↗At the height of Thailand's 2020 pro-democracy protests, authorities ordered the blocking of Change.org after it hosted a petition to have the king declared persona non grata, and courts ordered Facebook to restrict 1,765 posts — nearly all alleging Section 112 (lèse-majesté) violations — representing the largest single wave of politically motivated online content suppression under the Computer Crime Act framework.
Freedom House — Freedom on the Net 2021 ↗Thailand's first dedicated Cybersecurity Act established the National Cyber Security Committee (chaired by the Prime Minister) and the National Cybersecurity Agency (NCSA), designated Critical Information Infrastructure sectors requiring mandatory security standards, and granted authorities sweeping investigative powers — including access to private systems — during declared cyber threats.
Ministry of Digital Economy and Society (MDES) ↗Adopted unanimously by the junta-appointed National Legislative Assembly in December 2016 and published in the Royal Gazette on 24 January 2017 (in force 24 May 2017), the amendment criminalised dissemination of 'false or distorted' information damaging national security or public order, empowered MDES to order content removal, introduced some court-supervised takedown procedures, and imposed tougher penalties — significantly expanding the state's online censorship authority.
LawPlus Ltd. ↗The National Legislative Assembly approved legislation on 3 June 2016 dissolving the Ministry of Information and Communication Technology and replacing it with the MDES in September 2016, consolidating the ETDA, oversight of telecom and broadcasting entities, and internet content enforcement under one ministry as the centrepiece of the 'Thailand 4.0' digital economy strategy.
Library of Congress Global Legal Monitor ↗King Bhumibol Adulyadej granted royal assent to the Computer Crime Act on 10 June 2007 (in force 18 July 2007), establishing criminal offences for unauthorised computer access, data interference, and the distribution of 'inappropriate' or harmful online content; the Act became the primary legal instrument for internet censorship — including lèse-majesté enforcement online — and remains the backbone of Thailand's online content regulation after amendment in 2017.
Wikipedia — Computer Crime Act (Thailand) ↗Thailand - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →