A. Pre-Songkran Approval

Following the approval of the Thai Cabinet on the Draft Royal Decree on Measures to Prevent and Suppress Technology Crimes and the Draft Royal Decree on Digital Assets, the Thai Cabinet released the Royal Decree on Measures to Prevent and Suppress Technology Crimes (No. 2) B.E. 2568 (2025) and the Royal Decree on Digital Assets (No. 2) B.E. 2568 (2025) (collectively, “New Royal Decrees”) on 11 April 2025, which are effective from 12 April 2025.

The provisions of the New Royal Decrees were established in addition to the Royal Decree on Measures to Prevent and Suppress Technology Crimes B.E. 2566 (2023) and the Royal Decree on Digital Assets B.E. 2561 (2018) respectively. These New Royal Decrees will enhance the prevention and suppression of technology crimes effectively by equipping enforcement agencies with additional authorities and by increasing the safety standard for mobile phone or telecommunications services and financial transactions, including faster assistance on financial trails in case of reported damages by victims.

Furthermore, the revisions will also mean that competent government agencies will require service providers to be potentially liable for damages by setting relevant standards and measures to ensure that the private operators have a standard of care when offering services or products and provide a remedy for their customers who may have suffered damages from technological crimes and digital assets transactions related to their services or platform.

B. Key Provisions of the Royal Decree on Measures to Prevent and Suppress Technology Crimes (No. 2) B.E. 2568 (2025)

1. Amendments to the definitions related to digital assets, including the term “business operator” to include digital asset business operators under the Digital Asset Business Act, and the terms “digital asset wallet” and “electronic money account”.
2. The Securities and Exchange Commission (SEC) will coordinate with other government agencies overseeing financial institutions and business operators through a central system or process for which the disclosure or sharing of information, for example of digital asset wallet numbers, and reporting account information or digital asset wallet numbers involved in technological crimes and revoking such information, including informing the newly established Technology Crime Suppression Center (“TCSD”) to ensure that the TCSD receives sufficient information relating to the technological crimes in order to conduct investigations and legal proceedings.
3. Various regulatory agencies, including those that are responsible for governing financial institutions, business operators, and other related service providers such as social media, mobile phone network, and other telecommunications service providers, must require service providers to review and screen the content of its mass messaging or SMS services that may be related to technology crimes according to the standards or measures set by the National Broadcasting and Telecommunication Commission (“NBTC”).
4. The regulatory agencies must notify the NBTC when potential offences are found by ordering the service providers to immediately suspend such telecommunications services. The suspension must be in accordance with the criteria, methods, and conditions set by the relevant regulatory agencies.
5. The authorities can immediately take action to block or prevent any online information published by such unauthorised digital asset operators if the unauthorised digital asset operators are found.
6. The relevant authority may hold the financial institution or service provider to be jointly liable for damages if their standard falls below regulatory requirements. However, the business operator bears the burden of proof to demonstrate that all standards and practices were duly implemented to comply with applicable requirements and to absolve itself from any liability arising from technology-related crimes.
7. The New Royal Decrees introduced penalties including fines, imprisonment, or both applicable to the financial institutions, business operators, government officers, and any persons who fail to perform their duties.

C. Key Provisions of the Royal Decree on Digital Assets (No. 2) B.E. 2568 (2025)

1. A significant change under the new regulations is the requirement for all digital asset business operators operating outside the Kingdom of Thailand to obtain permission under the Digital Asset Business Act if they provide services to persons within the Kingdom.
2. Even though a digital asset business operator conducts digital asset business outside the Kingdom of Thailand, the business shall be considered as providing services to persons in the Kingdom of Thailand, which is subject to licensing, if the digital asset business has the specified characteristics.
3. The following are sample activities that are regarded as doing digital asset business in Thailand:

a. The digital asset business operator’s content is displayed in Thai, either fully or partially.

b. The digital asset business operator’s domain name ends with any name that references Thailand, the Kingdom, or the Kingdom of Thailand, or uses a Thai domain name.

c. The digital asset business operator allows users to pay in Thai baht or to receive payments via a bank account or electronic wallet in Thailand.

d. There is a clause stating that Thai law shall govern the digital asset transactions, or that legal proceedings shall be conducted in a Thai court.

e. A service fee is paid to a web indexing service specifically to help users in Thailand access the digital asset business operator’s services.

f. The digital asset business operator has an office, agency or personnel providing support or assistance to users in Thailand.

g. Any other characteristic as announced by the SEC.

D. Practical Implications and Next Steps

Given the rise in technology related crimes, with the use of digital assets as tools in aiding such crimes and the transfer of such illicit funds outside the Kingdom of Thailand, the recent developments is a positive one seen by the Thai government in arming themselves and providing law enforcement agencies with the tools and authority to tackle these crimes. Business operators and the general public alike view it as an appropriate move in order to increase the intensity of control measures to prevent and suppress related crimes in order to maintain national security, public security, and national economic wellbeing of people in Thailand.

Implementation of the New Royal Decrees marks a pivotal step in Thailand’s efforts to combat cybercrime by cutting off the channels that criminals use to commit crimes, integrating measures to prevent and suppress technological crimes, increasing penalty for the offenders and requiring the relevant agencies to implement measures effectively, and providing relief to victims affected by technological crimes. In order to comply with the New Royal Decrees, digital asset business operators should be aware of internal compliance and risk assessments, update fraud prevention protocols and international service strategies, monitor announcements and regulatory updates from Thai authorities, and engage local legal and compliance professionals to support timely alignment.

© PDLegal Thailand   

This article is intended to provide general information only and does not constitute legal advice. It should not be used as a substitute for professional legal consultation. We recommend seeking legal advice before making any decisions based on the information available in this article. PDLegal fully disclaims responsibility for any loss or damage which may result from relying on this article.

Download

Further information 

Should you have any questions on how this article may affect you or your business, please get in touch with the following people: