On 12 April 2025, two Royal Decrees were published in the Royal Gazette and came into effect the following day. These legislative developments—targeting technological crimes and digital asset business operations—demonstrate Thailand’s continued efforts to strengthen its regulatory framework in support of national security, public safety, and economic resilience.
1. Royal Decree on Measures for the Prevention and Suppression of Technological Crime (No. 2) B.E. 2568 (2025)
This Royal Decree introduces significant amendments to the original 2023 legislation addressing technology-related crimes, particularly in response to the rising number of phone and electronic scams that have caused widespread financial losses.
Key Amendments:
✓ Section 3 – Definitions:
⦾ Updated definitions include:
⦿ Business Operator: Now encompasses entities regulated under payment system and digital asset legislation.
⦿ Digital Asset Wallet: A platform for storing digital assets.
⦿ E-Wallet Account: Expanded to include digital asset accounts.
✓ Section 4 – Information Exchange:
⦾ Mandatory Reporting: Financial institutions and business operators must share account details and wallet addresses with designated government agencies upon suspicion of technological crime.
⦾ Relevant Authorities: Ministry of Digital Economy and Society, Royal Thai Police, DSI, AMLO, Bank of Thailand, and the SEC.
⦾ Preventive Measures: Regulatory agencies will set crime prevention standards.
⦾ Telecom Providers: Must block SMS content associated with scams.
⦾ Enforcement: Institutions must suspend or close accounts linked to technological crimes as per CCPSC directives.
✓ Section 5 – Control of Telecommunications Data:
⦾ Government officers may suspend dissemination of data or access to digital asset platforms operating without a license.
⦾ Suspensions must follow procedures set by the Prime Minister in the interest of economic and social stability.
✓ Section 8 – Investigative Authority:
⦾ Expanded Role for AMLO: Empowered to request information, inspect, and freeze or seize assets suspected to be linked to technological crimes or money laundering.
⦾ Asset Freezing: Initially up to 90 days, extendable to 180 days.
⦾ Compliance and Enforcement: AMLO can issue binding rules and publish lists of suspected individuals or wallets.
⦾ Oversight Committee (DCTOC): A new committee chaired by a designated representative will supervise enforcement.
⦾ Institutional Liability and Penalties:
⦿ Joint liability may apply to non-compliant institutions.
⦿ Penalties include fines up to THB 500,000 and potential imprisonment for individuals involved in non-compliance or facilitation.
✓ Section 11 – Criminal Offenses and Penalties:
⦾ Misuse of Phone Numbers: Up to one year imprisonment or a THB 100,000 fine.
⦾ Unauthorized Use of Personal Data:
⦿ Up to one year imprisonment or fines for use of personal or deceased individuals’ data in tech crimes.
⦿ If used for profit, penalties increase to up to five years imprisonment or a THB 500,000 fine.
2. Royal Decree on Digital Asset Business (No. 2) B.E. 2568 (2025)
This decree updates the Royal Decree on Digital Asset Business B.E. 2561 (2018) to reflect developments in the global digital economy. The key change introduces extra-territorial reach, allowing the law to govern digital asset businesses operating outside Thailand that offer services to Thai residents.
Key Provisions:
✓ Amendment to Section 26:
⦾ Foreign Operators: Digital asset businesses outside Thailand that serve Thai users must now obtain a license from the SEC, subject to exemptions announced by the Commission.
✓ New Section 26/1 – Definition of Services “in Thailand”: A foreign digital asset service provider is deemed to be operating in Thailand if any of the following apply:
1. Website or content is presented in the Thai language.
2. Uses a “.th” or “.ไทย” domain name.
3. Accepts or promotes payment in Thai Baht or through Thai financial accounts.
4. Incorporates Thai law in terms of service or dispute resolution clauses.
5. Engages third parties to facilitate access for Thai users.
6. Maintains offices or staff supporting Thai clients.
7. Other qualifying factors as may be announced by the SEC.
How Will Businesses Be Affected?
The regulatory landscape has shifted significantly for both domestic and international businesses. Key impacts include:
✓ Mandatory Data Sharing and Enforcement Powers: Institutions must comply with data sharing requests, account suspensions, and potential asset freezes.
✓ Corporate Liability: Businesses may face penalties unless they can demonstrate compliance with applicable standards.
✓ Increased Oversight for Digital Asset Operators: Platforms serving Thai users from abroad must comply with local licensing and regulatory requirements.
These developments necessitate enhanced internal compliance frameworks, particularly around fraud prevention, anti-money laundering (AML), and digital asset controls. Fintech firms, telecommunications companies, and digital asset platforms must urgently assess their risk exposure and ensure adherence to Thai law.
Next Steps for Businesses:
✓ Conduct internal compliance and risk assessments.
✓ Update fraud prevention protocols and international service strategies.
✓ Monitor announcements and regulatory updates from Thai authorities.
✓ Engage local legal and compliance professionals to support timely alignment.
If your company may be affected by these new measures or requires tailored legal guidance, Mahanakorn Partners Group is ready to assist. Reach out to our regulatory and digital law experts at: [email protected]