Computer-Related Offenses

  • Whoever illegally accesses a computer system that has specific security measures and such security measures are not intended for his/her use, shall be liable to an imprisonment for a term not exceeding six months, or a fine not exceeding Ten Thousand Baht or both.
  • Whoever having knowledge of the security measures to access to a computer system created specifically by another person, wrongfully discloses, without right, such security measures in a manner that is likely to cause damage to another person, shall be liable to an imprisonment for a term not exceeding one year, or a fine not exceeding Twenty Thousand Baht or both.
  • Whoever illegally accesses a computer data that has specific security measures which are not intended for his/her use, shall be liable to an imprisonment for a term not exceeding two years, or a fine not exceeding Forty Thousand Baht or both.
  • Whoever illegally makes, by any electronic means, an interception of computer data of another person that is being transmitted in a computer system and such computer data is not for the benefit of the public or is not available for any other persons to generally utilize, shall be liable to an imprisonment for a term not exceeding three years, or a fine not exceeding Sixty Thousand Baht or both.
  • Whoever illegally acts in a manner that causes damage, impairment, deletion, alteration or addition either in whole or in part of computer data of another person, shall be liable to an imprisonment for a term not exceeding five years, or a fine not exceeding One Hundred Thousand Baht or both.
  • Whoever illegally acts in a manner that causes suspension, deceleration, obstruction or interference of a computer system of another person so that it cannot function normally, shall be liable to an imprisonment for a term not exceeding five years, or a fine not exceeding One Hundred Thousand Baht or both.
  • Whoever sends computer data or an electronic mail to another person while hiding or faking its sources, in a manner that interferes with such another person’s normal utilization of the computer system, shall be liable to a fine not exceeding One Hundred Thousand Baht.
  • Whoever distributes or disseminates a computer program created specifically for the purpose of committing an offense shall be liable to an imprisonment for a term not exceeding one year, or a fine not exceeding Twenty Thousand Baht or both.
  • Whoever commits an offense pursuant to this Act outside the Kingdom of Thailand, and
    • (1) the offender is a Thai person and there is a request for punishment by the Government of the country where the offense has occurred or by the injured person; or
    • (2) the offender is an alien, and the Royal Thai Government or a Thai person is the injured person, and there is a request for punishment by the injured person,

shall be punished in the Kingdom of Thailand.

Amendments to CCA

Thailand has passed the Computer Crimes Act (No. 2) B.E. 2560 (A.D. 2017), which amends the Computer Crimes Act (No. 1) B.E. 2550 (A.D. 20107) ("Amended CCA").  It was published in the Royal Gazette on January 24, 2017 and became effective on May 24, 2017.

 

The Amended CCA includes the following significant revisions and additions:

 

NEW MINISTRY IN CHARGE

The Amended CCA shifts responsibility from the Ministry of Information and Communications Technology to the new Ministry of Digital Economy and Society.

 

NEW OFFENSES

Any person who sends computer data or electronic mail to another person without giving the recipient an easy way to opt out, allowing the recipient to deny receipt or express their intent not to receive the data or electronic mail, and such data or electronic mail is found to disturb the recipient, must pay a fine of not more than two hundred thousand baht.

 

A person who enters false data into a computer system that may cause public harm, panic, or harm to public infrastructure, national security, public security, or economic security faces a maximum five-year prison sentence and a maximum one-hundred thousand baht fine, or both.

 

Anyone who sends the above-mentioned data with knowledge of its potential harm will face the same sanctions.

 

Crimes involving the importation of counterfeit data into a computer system now involve dishonesty and deception, and distinct punishments have been established for acts against individuals.

 

ISP LIABILITY AND SAFE HARBOR

Anyone who "cooperates, consents, or acquiesces" in a computer crime faces the same penalties as the culprit.  However, if service providers can demonstrate compliance with the Minister's procedural rule regarding notification and request for suppression of such data dissemination and removal of such data from a computer system, they will be excused from penalty.

 

MORE POWER OF OFFICIALS

Under the modified CCA, competent officials may conduct investigations or confiscations if the CCA crime or other criminal violation was committed utilizing computer systems, computer data, or equipment for storing computer data.

 

For example, competent officials may request computer traffic data related to communications from a service user via a computer system or from other relevant persons; copy computer data, computer traffic data from a computer system in which there is a reasonable cause to believe that offenses under the Amended CCA have been committed if that computer is not yet in the competent official's possession; and seize or attach the suspect computer system for the purpose of seizing or attaching the suspect computer system.

 

If there is an action to disseminate computer data that is actionable under the Amended CCA, the competent official may file a petition with supporting evidence to the Court of jurisdiction, requesting that the Court issue a writ to suppress the dissemination or to remove such computer data from a computer system.

 

The competent official, with approval from the Minister, may submit a petition to the court of jurisdiction for the court to issue a writ to suppress the dissemination or to remove such computer data from a computer system as well if doing so would violate intellectual property laws or other laws. This is provided that a request has been made by the official in charge of the laws or inquiry offices.

 

COMPUTER DATA SCREENING COMMITTEE

The establishment of a computer data screening committee gives officials the authority to ask a judge for a court order to block or destroy any data that is incompatible with the stability or morality of the Thai people.

 

EXTENSION OF DATA RETENTION PERIOD

According to the Amended CCA, a service provider must keep traffic data for at least 90 days. If required, however, the competent official may, on a case-by-case basis, order a service provider to keep traffic data for up to two years.

Welcome to the Thai Research Archives. We use cookies to improve the efficiency of our website and analyse visits to our web-pages. By continuing to access our website you are consenting to our Privacy Policy, Terms and Conditions, and to receive our cookies. You can change your cookie settings at any time. Find out more in our Cookie Policy.