Global Law Experts Logo

Find a Global Law Expert

Specialism
Country
Practice Area

Awards

Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.

Thailand Prepares New Draft Cybersecurity Standards for Cloud Computing

posted 3 days ago

Thailand is poised to enhance its cybersecurity framework with new draft standards for cloud computing security. The National Cybersecurity Committee has prepared these standards, which have already been approved by the committee and are now awaiting publication in the Royal Gazette.

This draft regulation, titled “Announcement of the National Cybersecurity Committee on Cloud Cybersecurity Standards B.E. ….”, marks a significant step in Thailand’s efforts to safeguard its digital infrastructure while promoting the adoption of cloud technologies across various sectors.

The proposed regulations, set to be implemented one year after their official publication, are primarily aimed at government agencies, regulatory bodies, and organizations managing critical information infrastructure. These standards are designed to mitigate cybersecurity risks associated with the use of public cloud services, a growing concern as more entities shift their operations to cloud-based systems.

The decision to establish these standards stems from alarming cybersecurity statistics revealed by the National Cybersecurity Agency of Thailand (NCSA) for the year 2023. Educational institutions were the most targeted, facing 632 attacks, followed by other government agencies with 145 attacks. The private sector, particularly Thai-owned commercial enterprises, also saw a significant number of incidents, with 148 recorded attacks.

Under the proposed standards, organizations using public cloud services must adhere to guidelines that take into account the impact level of the data or information systems they handle. These impact levels are defined in a separate announcement by the National Cybersecurity Committee regarding the standardization of cybersecurity characteristics for data and information systems.

Notably, the draft standards mandate that personal data stored in cloud systems must be classified at minimum as having a “medium” level of confidentiality. This requirement underscores the government’s commitment to protecting individual privacy in the digital sphere.

The drafting of these standards aligns with Thailand’s “Cloud First Policy,” which was approved in a meeting of the National Digital Economy and Society Committee in December 2023. This policy sets out a five-year roadmap for cloud service implementation across various sectors, demonstrating Thailand’s commitment to digital transformation.

Once the standards come into effect, organizations affected by these new regulations will be required to submit summary reports of their compliance to the NCSA within 30 days of completing the implementation. This reporting mechanism aims to ensure accountability and allow the government to monitor the effectiveness of the new measures.

The introduction of these draft standards reflects Thailand’s proactive approach to addressing the evolving landscape of cybersecurity threats. As cloud computing continues to play an increasingly crucial role in both public and private sectors, these measures aim to create a more secure digital environment, fostering trust and enabling the country to fully leverage the benefits of cloud technologies while mitigating associated risks.

As Thailand moves forward with its digital transformation agenda, these pending cybersecurity standards for cloud computing will play a pivotal role in shaping a resilient and secure digital infrastructure for the nation. The cybersecurity community and affected organizations are now eagerly awaiting the official publication of these standards in the Royal Gazette, which will set in motion the one-year countdown to their implementation.

Key Takeaways:

  1. Thailand’s National Cybersecurity Committee has drafted new standards for cloud cybersecurity.
  2. The draft standards aim to reduce cybersecurity risks for government agencies and critical information infrastructure organizations using public cloud services.
  3. The regulations will come into effect one year after their publication in the Royal Gazette, which is pending.
  4. Personal data in cloud systems must be classified at least at the “medium” level of confidentiality.
  5. The draft standards are part of Thailand’s broader “Cloud First Policy” initiative.

Author

Find the right Legal Expert for your business

The premier guide to leading legal professionals throughout the world

Specialism
Country
Practice Area
LAWYERS RECOGNIZED
0
EVALUATIONS OF LAWYERS BY THEIR PEERS
0 m+
PRACTICE AREAS
0
COUNTRIES AROUND THE WORLD
0

Join

who are already getting the benefits
0

Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.

Naturally you can unsubscribe at any time.

Newsletter Sign Up

About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Contact Us

Stay Informed

Join Mailing List

GLE