On May 1, 2024, Thailand’s National Cyber Security Committee (NCSC) published the draft NCSC Notification Re: Cloud Cybersecurity Standards for a public hearing period, which was open until May 14, 2024. These standards have been drafted to drive the country’s cloud-first policy with the aim of minimizing risks from cyber threats to cloud services utilized by government agencies, supervising or regulating organizations, and critical information infrastructure (CII) organizations. The key points of the draft Cloud Cybersecurity Standards are below. Scope The standards apply to government agencies, supervising or regulating organizations, and CII organizations under the Cybersecurity Act B.E. 2562 (2019), as well as cloud service providers (defined below). The standards prescribe cloud system cybersecurity measures for cloud service customers (defined below) and providers only to the extent that the service is provided to the in-scope organizations outlined above. Definitions Cloud service customers (CSCs): In-scope organizations that have a formal contractual agreement to use cloud services provided by a cloud service provider. Cloud service providers (CSPs): Persons who enable cloud services to be used by a cloud service customer, responsible for maintaining infrastructure, platforms, and software that enable provision of the cloud services and for managing these resources to ensure their accessibility, security, and scalability for their cloud service customers. Application In-scope organizations that will use or have been using cloud services must comply with the Cloud Cybersecurity Standards by taking into account their data or technology information systems’ level of impact, as specified in the previously issued Notification of the NCSC Re: Standards for Defining the Security Category for Data and Information Systems B.E. 2566 (2023). The impact level related to personal data is to be rated as being at least at the medium level, and the minimum standards for that level specified in the draft Cloud Cybersecurity Standards