Background
For a decade, numerous bills and guidelines have been introduced globally to regulate artificial intelligence (AI). In Thailand, the significance of AI has been increasingly recognized through various government initiatives, including the National Economic and Social Development Plan, the National Artificial Intelligence Operational Plan for Advancing the Development of the Kingdom of Thailand, and the Generative AI Governance Guideline issued by the AI Governance Center (AIGC), a unit under the Electronic Transactions Development Agency (ETDA). These efforts collectively reflect the Thai government’s commitment to establishing a regulatory framework for the use of AI within the country.
The most recent and notable development is ETDA’s proposal of a draft regulatory framework on AI (the “Draft Framework”). Set out below is a summary of the Draft Framework along with its key takeaways.
Core Principles of the Draft Framework
The foundations of the Draft Framework are anchored in the following core principles:
-
- De-regulation of AI-related business activities;
- Promotion of innovation; and
- Establishment of AI governance.
We have observed these principles being reflected in the Draft Framework, the details of which are outlined below.
1.De-regulation: Risk Based Approach
The Draft Framework adopts an approach influenced by the EU’s risk-based model. Specifically, the Draft Framework classifies AI-related activities
based on the level of risk they may pose, with two principal categories identified: High Risk and Unacceptable Risk activities.
Under the Draft Framework, the competent regulator—or, where applicable, specific sectoral regulators—is delegated with the authority to establish the criteria for classifying AI systems as either High Risk or Unacceptable Risk.
For businesses regulated by specific sectoral regulators, those authorities will determine the applicable risk classifications and compliance frameworks. On the other hand, for businesses that do not fall under a sectoral regulator’s supervision, the central regulator designated under the Draft Framework may assume this role, including the authority to issue subordinate regulations.
Although the specific classification criteria have not yet been disclosed, parallels can be drawn with the EU AI Act—formally known as Regulation (EU) 2024/1689 that provides a comprehensive legal framework for artificial intelligence (AI) within the European Union. Under the EU AI Act, High Risk activities include those that may impact critical infrastructure, legal enforcement, creditworthiness evaluation, etc., while Unacceptable Risk encompasses activities such as manipulative AI or real-time biometric identification.
A foreseeable challenge under this risk-based approach lies in the classification of activities according to their risk level. This challenge, however, could be mitigated by clear and consistent guidelines from the relevant authorities.
2.Foster Innovation: A Balanced Approach
The Draft Framework outlines several measures to foster the growth of Thailand’s AI-based industry. Specifically, it includes provisions on text and data mining, the establishment of a regulatory sandbox, and other supporting mechanisms such as policy instruments and budgetary management tools. These initiatives reflect the authorities’ intent to strike a balance between regulating AI and promoting innovation.
3.AI Governance
General Principles
The Draft Framework outlines the obligations of parties involved in AI-related activities. Notably, it specifically designates responsibilities for AI providers and deployers. Moreover, the extent of these obligations for each party corresponds to the degree of risk associated with the AI system, as determined under the law. Notwithstanding the current provisions under the Draft Framework, it is worth noting that the EU’s AI Act also imposes obligations on importers and distributors of AI-related services and products.
Under the current draft, the High Risk AI Providers—individuals or entities that develop AI systems—are required to adopt internationally recognized risk management frameworks, appoint a local legal representative, and implement governance mechanisms, including human oversight, record-keeping, and incident notification.
Likewise, the Draft Framework also sets out the responsibilities of High Risk AI Deployers, parties using AI systems under its authority. These obligations include maintaining internal controls to ensure transparency, accuracy, and fairness, providing users with information regarding the use of AI, retaining the ability to explain and review automated decisions, and cooperating with investigations conducted by regulators and sector-specific authorities.
Non-Compliance and Legal Enforcement
With respect to violations of the obligations mandated under the Draft Framework, the draft sets out liability provisions for both High Risk and Unacceptable Risk AI providers and deployers. In the event of non-compliance, these parties may be subject to oversight and enforcement actions, which may include:
-
- Regulatory orders to suspend or cease the relevant AI activities;
- Blocking of services by Internet Service Providers (ISPs); and
- Platform takedowns of non-compliant AI services.
Nonetheless, the draft has not yet clarified which punitive mechanisms—such as criminal liability, tort claims, or loss of subsidies—may apply in the event of a breach of duties.
Cross Border AI Deployment
An important feature of the Draft Framework—particularly relevant to foreign investors and multinational AI providers—is its extraterritorial application. The Draft explicitly applies to High Risk AI systems that are developed, hosted, or operated outside of Thailand but used or deployed within the country. This approach mirrors elements of the EU’s GDPR-style extraterritorial enforcement, reflecting Thailand’s intent to ensure that offshore High Risk AI providers are subject to the same regulatory treatment as domestic providers.
A foreseeable challenge to this approach lies in enforcement, particularly in scenarios involving cross-border access through Virtual Private Networks (VPNs), which may raise potential concerns around jurisdictional clarity and regulatory reach.
Looking Ahead: Strategic Implications for Investors
Thailand’s Draft Framework is not just about setting regulatory boundaries—it reflects a broader national intent to position Thailand as a credible, ethical, and competitive player in the AI economy. The Draft Framework presents the country’s strategic opening: a jurisdiction with a solid regulatory anchor, yet enough flexibility to encourage innovation and growth. As AI becomes a cornerstone of digital competitiveness, jurisdictions that strike this balance will likely attract both capital and talent. Thailand, it appears, is preparing to be one of them.
For investors and founders, the Draft Framework offers a glimpse into the future direction of Thailand’s regulatory approach to AI-related businesses. We believe that these principles not only provide greater clarity on how to engage with the AI sector but also highlight promising opportunities—particularly in relation to incentive and subsidy mechanisms aimed at supporting innovation. Moreover, preparing internal compliance frameworks in advance is strongly encouraged for the stakeholders as the proactive alignment with these regulatory expectations will help position businesses for smoother market entry and long-term growth in Thailand’s evolving AI landscape.
For more information, please get in touch with our author at chai.l@kap.co.th or visit www.kap.co.th
