This chapter provides an overview of the legal system and key laws for foreign companies doing business in Thailand. Presented in a question-and-answer format, the chapter examines the rules governing foreign investment, business vehicles, employment, tax, competition, intellectual property, marketing agreements, e-commerce, data protection, and product liability.
February 10, 2023
On January 16, 2023, Thailand’s Securities and Exchange Commission (SEC) prescribed a set of security measures that digital asset business operators must implement if they provide custody of digital assets for their customers. The new security measures are prescribed in two notifications from the SEC and its office on digital asset wallet management systems and cryptographic key management systems, with the aim of safeguarding digital assets in custody against loss, fraud, and cybertheft. The notifications took immediate effect. The new security measures and the management systems are summarized below. Policy and guidelines for managing systems related to digital asset custody Digital asset business operators must have a written risk management policy for all systems relating to digital asset custody, approved by their board of directors and made accessible to all employees. The policy must be reviewed or revised at least once annually, or promptly if any potential risks are identified. Specific procedures must be implemented, such as establishment of a compliance team and internal controls. Management of systems for digital asset wallets and cryptographic keys Digital asset business operators must have policies and procedures for managing all systems relating to digital asset custody. This includes properly designing, developing, and managing digital asset wallets in a safe and secure manner. The same requirement on policies and procedures applies to cryptographic key management as well. Management of incidents that may affect systems related to digital asset custody Digital asset business operators must have measures in place to manage incidents that may impact systems related to digital asset custody. The measures include designating a person responsible for incident management, testing and reviewing the incident management policy annually, reporting any incidents affecting digital asset custody to the designated responsible person and the SEC immediately, and conducting a digital forensic investigation with an independent