🪴 Quartz 4.0

Thai Computer-related Crime Act

Mar 12, 20254 min read

Summary

Thai Computer-related Crime Act

Section 3: Definitions

  • Computer System: Any device or network of devices that automatically processes data following a program, instruction, or similar directive.
  • Computer Data: Information, messages, instructions, programs, or any content suitable for processing in a computer system, including electronic data as defined by electronic transaction laws.
  • Traffic Data: Data related to communication within a computer system, detailing origin, destination, route, time, date, size, duration, service type, or other communication details.
  • Service Provider:
    1. A person providing internet access or other computer-based communication to others, either for personal benefit or on behalf of others.
    • such as telecommunication service providers, internet service providers, or web hosting providers.
    1. A person storing data on behalf of others.
    • such as web board, blog, or social media platform operators.
  • User: Anyone using a service provider’s services, paid or unpaid.
  • Competent Official: An individual appointed by the minister to enforce this Act.
  • Minister: The government official responsible for enforcing this Act.

Section 5:

  • Whoever illegally accesses to a computer system that has security measures and is not intended or his use, shall be liable to an imprisonment for a term not exceeding six months, or a fine not exceeding 10,000 Baht or both.

Security Measures:

  • username
  • password
  • firewall
  • other measures for a security purpose

Coverage:

  • access (both physical or distance(internet, hacking))
  • without right = illegal access
  • computer system
  • that has security measures not intended for that offender’s use
  • Intention

Section 6:

  • wrongfully discloses of security measures to access to a computer system without right shall be liable to an imprisonment for a term not exceeding one year, a fine not exceeding 20,000 Baht or both.

Section 7:

  • illegally accesses to a computer data (like section 5 but data) that likely to causes damage to another person shall be liable to an imprisonment for a term not exceeding two years, a fine not exceeding 40,000 Baht or both.

Section 8:

  • Whoever illegally, by any electronic means, an interception of computer data communication and not for the benefit of the public or is not available publicly
  • shall be liable to an imprisonment for a term not exceeding three years, a fine not exceeding 60,000 Baht or both.

Section 9:

  • illegally acts in a manner that cause damage, impairment, deletion, alteration, or addition of computer data
  • shall be liable to an imprisonment for a term not exceeding five years, a fine not exceeding 100,000 Baht or both.

Coverage:

  • changing data
  • deleting data
  • altering websites
  • a creation of “salami techniques”: a computer program that automatically rounds down the interest of the account holder to the nearest Baht and transfers the difference to the offender’s account.
  • logic bombs: a computer program that is designed to execute when a specific event occurs.

Section 14: Putting Certain Types of Information into a Computer System

Paragraph 1

A person committing any of the following acts can face up to five years in prison, a fine of up to 100,000 Baht, or both:

  1. Dishonestly or deceptively entering distorted or false data into a computer system in a way that may harm the public, excluding defamation.
  2. Inputting false data likely to harm national security, public safety, Thailand’s economy, critical infrastructure, or cause public panic.
  3. Entering data related to national security or terrorism.
  4. Uploading obscene data that the public can access.
  5. Sharing or forwarding data from (1), (2), (3), or (4) above, knowing its nature.

Paragraph 2

In case the offence under Paragraph 1 is not committed against the general public but rather against a certain person, the offender, the disseminator or the forwarder of such computer data shall be liable to an imprisonment for a term not exceeding three years, a fine not exceeding 60,000 Baht or both; and such offence shall be deemed a compoundable offence.

Section 15

A service provider who cooperates, consents, or assists in committing an offense under Section 14 using their computer system will face the same penalties as the offender.

The Minister will issue guidelines on how service providers should handle such cases, including warnings, blocking, and removing illegal computer data.

A service provider who follows the Ministry’s guidelines in good faith will not face penalties.

Section 26:

  • A service provider must keep traffic data for at least 90 days from the date it was recorded in the computer system. If needed, a competent official can require the service provider to keep this data for up to two years in specific cases or situations.

Graph View

Backlinks