Project finance specialists from Tilleke & Gibbins’ Bangkok office have once again contributed the Thailand chapter to the latest edition of The Legal 500’s Project Finance guide. Part of The Legal 500’s Country Comparative Guides series, the publication serves as a valuable resource for investors and businesses seeking detailed insights into project finance in key jurisdictions worldwide. Each Q&A-style chapter offers comprehensive guidance on the legal frameworks impacting various aspects of project finance, including: Ownership structures and corporate governance; Security interests, regimes, and enforcement; Regulatory requirements and consents; Foreign exchange considerations; Environmental, social, and governance (ESG) issues; Public-private partnerships; Foreign judgments; Tax considerations; Common funding structures; and Insurance law principles. In addition to the Thailand chapter, Tilleke & Gibbins has contributed the Vietnam chapter to the guide. The Thailand chapter is available as a PDF through the link below. The full guide can also be accessed for free on The Legal 500 website.

Tilleke & Gibbins’ project finance team in Vietnam has contributed the Vietnam chapter to the 2025 edition of The Legal 500’s Project Finance guide. As part of The Legal 500’s Country Comparative Guides series, this publication provides businesses and investors with crucial information about the legal and regulatory aspects of project finance across jurisdictions worldwide. The Q&A-format chapters deliver detailed insights into the legal regimes governing an array of project finance topics, including: Ownership structures and corporate governance; Security interests, regimes, and enforcement; Regulatory requirements and consents; Foreign exchange considerations; Environmental, social, and governance (ESG) issues; Public-private partnerships; Foreign judgments; Tax considerations; Common funding structures; and Insurance law principles. Tilleke & Gibbins also prepared the Thailand chapter for this edition. The Vietnam chapter is available as a PDF via the button below, with the full guide freely accessible on The Legal 500 website.

On January 8, 2025, Thailand’s Office of the Personal Data Protection Committee published two notifications in the Government Gazette—one for data controllers and the other for data processors—concerning exemptions for data controllers and data processors from the requirement to create and maintain records of processing activities (ROPAs) under the Personal Data Protection Act B.E. 2562 (2019). The notification for data processors took effect on January 9, 2025, the day after its publication. The notification for data controllers will take effect on April 8, 2025. The content of these notifications is identical to that in the draft versions of the notifications previously released for public consultation in October 2024. For more information on the ROPA exemptions for data controllers and data processors, or on any aspect of personal data protection in Thailand, please contact Nopparat Lalitkomon at [email protected] or Wilin Somya at [email protected].

On January 1, 2025, Myanmar’s State Administration Council enacted Cybersecurity Law No. 1/2025, which aims to regulate various aspects of digital security and online activities. The law has not yet been implemented and will come into force on a date specified by the Myanmar president, who will also provide an official adoption and compliance timeline for individuals and organizations impacted by the new regulations. Below are some of the key provisions, implications, and penalties under the Cybersecurity Law. Extraterritorial penalties. The law contains an important provision that authorizes penalties against Myanmar citizens who are found guilty of violations, even if these occur outside the country’s borders. VPN definition and regulation. Virtual private networks (VPNs) are defined by this law as specific systems that function as backup networks by using technological means in order to ensure the safety of linking networks to each other. This definition sets the framework for subsequent regulations and penalties associated with VPN usage. The law does not restrict individuals or entities from using VPNs; it regulates VPN service providers. Penalties for unapproved VPN services. Establishing a VPN or providing VPN services without approval from the designated ministry (to be appointed later by the government) can result in significant penalties. For individuals, the punishment may be imprisonment for 1–6 months, a fine of MMK 1–10 million (approx. USD 476–4,760), or both, with the proceeds of the violation being confiscated. If the violator is a company or organization, the minimum fine will be MMK 10 million, and the proceeds will be confiscated. Government oversight. The ministry designated by the government is authorized to investigate and take control of cybersecurity services and digital platform services for national defense and security purposes, or upon request from a government department or organization in accordance with respective laws. Licensing requirements. The