Detailed overview
Thailand does not currently have a single horizontal AI Act. AI governance is based on national AI strategy, official AI governance guidelines, personal-data protection, sectoral regulation and public-sector policy.
National AI Strategy and Action Plan 2022–2027
Thailand's National AI Strategy and Action Plan 2022–2027 was approved by the Cabinet in 2022. It focuses on government readiness, AI infrastructure, ethical standards, awareness, education, research, innovation and AI adoption.
AI Governance Guidelines
Thailand has also developed official AI Governance Guidelines. These guidelines address AI governance structures, roles and responsibilities, AI strategy, AI operations, risk controls and responsible AI management. They are designed to help organisations develop and use AI in a safer and more accountable way.
Generative AI guideline
For generative AI, Thailand's Electronic Transactions Development Agency has issued a Generative AI Governance Guideline for Organisations. The guideline is intended for executives and responsible teams using generative AI in organisations. It explains generative AI capabilities and limitations, risks and governance measures.
Personal Data Protection Act
AI systems involving personal data must comply with Thailand's Personal Data Protection Act. This is especially relevant for AI used in profiling, automated recommendations, customer analytics, recruitment, fraud detection, biometric systems, healthcare, financial services and generative AI.
Penalties
Thailand does not currently have one AI-specific penalty table. Penalties depend on the relevant legal framework, including personal-data protection, electronic transactions, cybersecurity, consumer protection, financial regulation, healthcare regulation, employment law or criminal law.
Practical requirements & details
Sourced from the National AI Strategy and Action Plan 2022–2027, ETDA's AI Governance Guidelines for Organizations and Generative AI Governance Guideline, the Personal Data Protection Act (PDPA, B.E. 2562), and sectoral rules (BOT, OIC, SEC, FDA).
AI Governance Guidelines (ETDA)
- AI governance structures; roles and responsibilities.
- AI strategy and operations: lifecycle stages, data quality, model validation, monitoring.
- Risk controls; responsible AI management.
Generative AI Governance Guideline
- Pre-deployment risk classification; governance for high-risk generative-AI use cases.
- Data quality and IP considerations.
- User communication, content labelling, monitoring and feedback.
PDPA overlay
- Lawful basis (consent or other legal grounds); transparency; data subject rights.
- Cross-border transfers require adequacy or safeguards.
- PDPA fines: administrative up to THB 5M, criminal penalties up to THB 1M + 1 year imprisonment for severe breaches; civil claims plus possible punitive damages.
Sector overlays
- BOT digital banking and AI risk-management policies.
- OIC AI in insurance.
- SEC AI in algo trading and robo-advice.
- FDA on AI medical devices.