UPDATED: March 2017 | SOURCE: Telenor Group with support from Hogan Lovells

Provision of Real-time Lawful Interception Assistance

NOTE: Some of the pertinent legal frameworks may have changed since the last update, including the passing of the National Cybersecurity Act in February 2019.

CONSTITUTION OF THE KINGDOM OF THAILAND (INTERIM) B.E. 2557 (2014) (the “Interim Constitution”)

Following the coup d’état, the National Council for Peace and Order issued the Interim Constitution and repealed the Constitution of the Kingdom of Thailand 2007 (the “2007 Constitution”). The 2007 Constitution protected communications from access, interception and disclosure, but provided certain exceptions for government authorities, for example, in relation to national security or public order. As the 2007 Constitution has now been repealed, these protections are no longer guaranteed.

Section 4 of the Interim Constitution recognises that any human rights and freedoms customarily recognised in Thailand and any rights recognised under international obligations are protected under the Interim Constitution. The Interim Constitution does not explain what those rights “customarily recognised in Thailand” include.

On 7 August 2016, the referendum of the new constitution was held and the result was in support of the draft constitution. The new constitution is tentatively expected to come into effect within 2017. The new draft constitution (Section 36) still protects communications from access, interception and disclosure except in accordance with a court order or writ, or where the government has legal grounds provided by law.

COMPUTER CRIMES ACT B.E. 2550 (2007) (the “CCA”)

The scope of the CCA deals with offences committed against computer systems or computer data, and content offences which include the pure computer crimes and some crimes specified under the Thailand Penal Code (the “Penal Code”) and committed via a computer. The CCA applies to service providers and is overseen by the Ministry of Digital Economy and Society and Computer Data Screening Committee (“MDE”).

The scope of the CCA extends to those committing an offence under the CCA outside of Thailand, including both Thai and foreign citizens (Section 17 CCA). Such offenders may be penalised within Thailand.

Under section 18(4)-(8) CCA, a competent official upon obtaining the court order (one appointed by the MDE), is empowered to:

  • copy computer data or traffic data from a computer system which is reasonably suspected of being used for an offence;
  • inspect or access a computer system, computer data, computer traffic data or computer data storage equipment;
  • order the person in possession or control of such data equipment to deliver it to him; and
  • seize or attach any computer system for the purposes of gathering evidence in an investigation.

Section 18(7) CCA also authorises competent officers, upon obtaining a court order, to decrypt encrypted computer data, order concerned persons to decrypt encrypted computer data and/or to order concerned persons to cooperate with competent officers in decrypting computer data.

“Computer data” means data, statements, or sets of instructions contained in a computer system, the output of which may be processed by a computer system, including electronic data.

“Computer traffic data” means data related to computer system-based communications showing sources of origin, starting points, destinations, routes, time, dates, volumes, time periods, types of services or other information related to that computer system’s communications.

Although section 18 CCA does not refer expressly to “interception”, there is no judicial or statutory guidance on the MDE’s powers under this section. It may be interpreted widely to include, for example, the ability to conduct direct interception, to require interception assistance or to gain direct access to a network operator or service provider’s system.

Under section 19 CCA, the powers under section 18(4)-(8) may only be applied if the competent official first makes an application to the competent court.

The application must identify the grounds on which it is believed that an offender is committing or is going to commit an offence under the CCA, the reason for requesting the authority, the characteristics of the alleged offence, a description of the equipment used to commit the alleged offence and details of the offender, to the extent that this is possible.

If the court approves the application, and before taking any further action, the official must send a memorandum explaining the grounds on which the application has been granted to the owner or person in possession of the computer system. Within 48 hours of starting the operation in question, the official must also submit a copy of the memorandum and an explanation of the rationale of the operation to a court with jurisdiction.

The use of section 18(4) (copying of computer data) must not excessively interfere with or obstruct the business operation of the owner or person in possession of the computer data.

Furthermore, in relation to seizure or attachment under section 18(8), the official must issue a letter of seizure or attachment to the person who owns or possesses that computer system as evidence. The seizure or attachment must not last longer than thirty days. If a longer time period is required, a petition must be filed at a court with jurisdiction for permission to extend the time period. The court may allow several extensions, but together they must not exceed sixty days.

When that seizure or attachment is no longer necessary, or upon its expiry date, the competent official must immediately return the computer system that was seized or withdraw the attachment.

Although intercept powers may be inferred from other pieces of legislation (outlined below), the relatively simple process provided for under the CCA means that it is likely to be the legislation under which an interception is most often conducted.


Under the NBTCA, on the grounds of public order or public security, the National Broadcasting and Telecommunications Commission is empowered to issue a provisional order to the competent authority to seize, put to use, prohibit the use of, or prohibit the removal of, radio communication equipment, or part thereof, within the period and under the conditions specified in the order.


Under section 21, powers under the SCIA may be invoked in relation to criminal cases which involve the violation of specified laws and which have particular characteristics, including those which are particularly complex, those with relevance to national interests, those involving influential people, or cases otherwise selected by the Special Case Board (the “SCB”). Such cases are referred to as Special Case Offences. The relevant laws set out in the Annex to the SCIA include violation of the Law on Loans Amounting to Public Cheating and Fraud, the Competition Act, the Public Company Act, and the Copyright Act.

The SCB is constituted under section 5 SCIA and consists of a number of government ministers and Cabinet-appointed experts chaired by the Prime Minister. Its duties are found under section 10 SCIA and include: the duty to advise the Cabinet regarding the determination of special cases, determining the details of a special offence, and the monitoring and assessment of results of compliance with the SCIA.

Under section 25 SCIA, Special Case Inquiry Officials (“SCIO”) (officials working directly for the Department of Special Investigation under the Ministry of Justice) may access and acquire any documents or information sent by a means of communication or any IT media which has been or may be used to commit a Special Case Offence.

The SCIA may therefore apply to network operators and service providers if there is cause to believe that an individual being investigated for a crime under the SCIA has used their services to commit a Special Case Offence.

The SCIO must obtain a court order from the Chief Justice of the Criminal Court (the “Chief Justice”) prior to the use of the powers under SCIA.

When granting a court order, the Chief Justice will consider the effect on the rights of the different parties involved and the application overall in light of the following conditions:

(a) there are reasonable grounds to believe that a Special Case Offence is or will be committed;

(b) there are reasonable grounds to believe that access to the information will result in gathering relevant information in relation to a Special Case Offence; and

(c) there are no more appropriate or efficient methods.

(d) The Chief Justice may grant permission for use of the powers for a period of up to 90 days. The network operator or service provider can be required to assist with any decryption of acquired encrypted data under the terms of the court order.


The Bill is currently pending the review by the Office of the Council of State. It proposes to establish a National Cybersecurity Committee charged with detecting and countering online threats to national security, stability, the military and economy.

Under section 35 of the Bill, the Committee would be authorised to access information one personal and other electronic devices, for the purpose of fulfilling its cybersecurity duties, in accordance with the rules and conditions specified by the cabinet. This means the access of information under section 35 does not require a court order, unless the rules and conditions specified by the cabinet provide otherwise. Please note that the details of the rules and conditions specified by the cabinet as mentioned in section 35 are not publicly known.

Disclosure of Communications Data

COMPUTER CRIMES ACT B.E. 2550 (2007) (the “CCA”)

Under section 18(1)-(3), for the purpose of an investigation and the gathering of evidence in relation to an offence under the CCA, a competent official (one appointed by the Minister of Digital Economy and Society) is given a range of powers including the powers to summon any person related to the offence to give a statement, to procure computer traffic data relating to the relevant communications from a service provider or from other relevant persons, and to request documents and other evidence from the person(s) concerned.

There is no requirement for a court order for use of these powers.

Under section 26 CCA, a service provider must store computer traffic data (described in section 1 above) for at least 90 days from the date on which the data is input into a computer system. However, if necessary, a relevant competent official may, on a case by case basis, instruct a service provider to store data for a period longer than 90 days but not exceeding two years.

Section 17 CCA makes it clear that the provisions of the CCA apply to offences committed outside Thailand.

Under section 22 of CCA, disclosure of personal data without prior consent from the person to which the personal data relates can be made if the disclosure is made for the purpose of prosecuting a person committing an offence under CCA or other laws (which use computer data as part of or relating to committing of criminal offences), for the benefit of prosecuting a public official on the ground of abuse of power or in relation to the unlawful exercise of their power under section 18 paragraph 2 of CCA, or disclosure under the court’s order or permission.


The TBA is applicable to telecommunications operators. Under section 50 TBA, telecommunications licensees must keep the personal data of their service users for three months and, in the event that the service is terminated, to retain this data for three months following the date of termination of the service.


Disclosure of data, including disclosure of metadata relating to customer communications, may be provided in accordance with section 25 SCIA (as described in section 1.5 above), provided that a court order is obtained first.

National Security and Emergency Powers

The legislation provided above describes Thai law in ordinary times. Thailand is currently under the de facto control of a military junta. As a result, NCPO Order No. 3/2558 (3/2015) re: Maintaining Public Order and National Security issued by the Head of the National Council for Peace and Order (the “NCPO”) under Section 44 of the Interim Constitution and the Interim Constitution 2014 (both described below) currently supersedes the legislation described above.

CONSTITUTION OF THE KINGDOM OF THAILAND (INTERIM) B.E. 2557 (2014) (the “Interim Constitution”)

Section 44 of the Interim Constitution provides the NCPO with wide powers to take any extrajudicial action it deems necessary against any act which undermines public peace and order or national security. Under section 44, it may suspend or take action, regardless of its effect on the legislative or executive arms of the government or the judiciary, in situations where it is necessary for benefit or reform in any field and to strengthen public unity and harmony, or for the prevention, disruption or suppression of any act which undermines public peace and order, national security, the monarchy, national economics or the administration of state affairs.


Following the termination of martial law on 1 April 2015, the NCPO issued NCPO Order No. 3/2558 under Section 44 of the Interim Constitution. This implements measures to deal with actions intended to undermine or destroy peace and national security, violate notifications or orders issued by the NCPO.

NCPO Order No. 3/2558 deals primarily with the maintenance of public order and national security. In particular it gives extensive legal powers to certain categories of military officers that it refers to as “Peacekeeping Officers”. The breadth of its provisions and the exact manner in which such provisions may be exercised remains unclear.

NCPO Order No.3/2558 provides Peacekeeping Officers with broad legal authority to prevent and suppress offences related to (i) lèse majesté; (ii) internal security of the Kingdom; (iii) the laws on firearms; and (iv) any violation of any other orders issued by the NCPO. The order also empowers Peacekeeping Officers to issue orders prohibiting the propagation of any item of news or the sale or distribution of any book or publication or any material likely to cause public alarm to the detriment of national security or public order.
Any actions done by Peacekeeping Officers in good faith, without discrimination, in a proportionate manner, and without undue severity, shall not be subject to judicial review, either by an administrative court, civil court, or criminal court.

On April 16, 2015, NCPO Order No. 5/2558 (2015) was issued to amend Order No. 3/2558. Its provisions can be summarised as enabling additional categories and ranks of military officer to become Peacekeeping Officers.

MARTIAL LAW ACT B.E. 2457 (1914) (the “MLA”)

Following the imposition of martial law on Thailand in 20 May 2014, the NCPO were vested with extensive powers of government. While martial law has been revoked under Order 3/2558, it remains in force in Thailand’s southern border provinces of Pattani, Yala, Narathiwat and Songkhla. In relation to surveillance and censorship of communications data specifically, the following provisions may provide the NCPO with wide powers. However, the exact manner in which such provisions may be exercised remains unclear.
Under section 10, the military authority may require from any person or company any conveyance, beast of burden, provisions, arms, instruments and tools for use in military service at that time.

Section 12 states that the military authority may, if it deems appropriate, cause provisional seizure of all things so as to prevent the enemy from using them or for the benefit of military service.

The below legislation also provides for special powers in times of national security or emergencies.

INTERNAL SECURITY ACT B.E. 2551 (2008) (the “Internal Security Act”)

Under the Internal Security Act, arrests and prosecutions must follow legal procedures. However, the definition of “threat” under the Internal Security Act is vague, and the NCPO therefore have wide discretion to determine what is and is not a “threat” and what activities to monitor. It gives officials of the Internal Security Operations Command (a unit of the Thai military dedicated to national security issues) a wide range of police powers normally exercised by civilian authorities, including powers to use both lethal and non-lethal force, to arrest and detain individuals, to conduct searches, to enter premises overtly and covertly, and to bring criminal charges.


Under section 63 TBA, the National Broadcasting and Telecommunications Commission is given wide powers in the event of an emergency, or where necessary to maintain public order, national security or economic stability or to protect public interests. It may take possession of and use the devices and equipment of the licensed telecommunications provider, or authorise a state agency to temporarily take charge of a telecommunications provider’s services, or order the telecommunications business or his/her employees to take a specific action until the end of such emergency or necessity.


Under section 14 RCA, for the purpose of maintaining the public order or defending the realm, the Minister of MDE is empowered to issue a provisional order to the competent authority to seize, put to use, prohibit the use of, or prohibit the removal of radio communication equipment, or part thereof, within the period and under the conditions specified in the order.


NCPO Notification No. 26/2557 was issued on 24 May 2557 (2014). Under this notification, the permanent secretary of the ICT ministry shall establish an online social media committee which has the power to examine, inspect, and access “online information”. It has broad powers to suspend or close online publications, websites and social media platforms on a number of grounds, including for engaging in incitement of hostility or agitation, for undermining the credibility or integrity of the law, or resisting or opposing the performance of the NCPO’s duties. The notification does not provide any guidance as to how such powers shall be exercised by the committee.

Please note that since the abolition of martial law, the Peacekeeping Officers under Section 4(4) of Order No. 3/2558 are empowered to police any violations of this Notification.

Oversight of the Use of Powers

At the time of this report, Thailand is under an indefinite state of emergency and thus the applicable oversight functions set out below may not be followed.

The expansive powers given to the authorities by the Internal Security Act, the Martial Law Act, and the NCPO Order No. 3/2558 (2015) are subject to almost no independent oversight mechanisms (save for the fact that actions which are not in good faith, discriminatory or disproportionate could be subject to judicial review). The Prime Minister is required, under the Internal Security Act, to report to the parliament when the ‘threat to internal security’ has subsided or can be addressed within the normal powers of the government agencies.


Decisions of the National Broadcasting and Telecommunications Commission can be appealed within the organisation itself, but may also be appealed to the ACP.

An administrative case is generally initiated in the Administrative Court of First Instance, unless provisions of a specific act specifically state the dispute be filed directly at the Supreme Administrative Court.

When a dispute is to be filed at the Administrative Court, the procedure follows an inquisitorial system and any decision made by the Administrative Courts of First Instance may be appealed to the Supreme Administrative Court.

Censorship-related Powers


The Ministry of Digital Economy and Society (formerly the Ministry of Information and Communication Technology) (the “MDE”) was created in Thailand in 2002. One of the MDE’s main priorities has been internet regulation, implemented through an MDE unit originally known as CIG. This unit monitors websites for harmful content, facilitates the enactment of legislation governing electronic transactions and conducts training for personnel to combat cyberterrorism.

COMPUTER CRIMES ACT B.E. 2550 (2007) (the “CCA”)

Under section 20, where information is deemed to negatively affect national security (including lèse majesté, explained below) or may violate public order or good morals (such as pornography), the authorised officials may, with the approval of the Minister of the MDE, petition the relevant court with jurisdiction to halt the dissemination of information directly or to order a service provider to do so.

Lèse majesté is an offence against the dignity of the reigning sovereign of Thailand, as well as the regent, and the crown prince/ princess. Lèse majesté provisions under Thai law are included in section 2 of the Interim Constitution which stipulates that “the King shall be enthroned in a position of revered worship and shall not be violated. No person shall expose the King to any sort of accusation or action”.

Lèse majesté is also classified under section 112 of the Penal Code, (Offences Relating to the Security of the Kingdom).

Section 14 CCA, also provides for a variety of offences which may be relevant to censorship, including: (i) inputting into a computer system, with fraudulent intent, forged or false data in a manner likely to cause injury to the public which does not include the defamation; (ii) inputting false data into a computer system in a manner likely to damage maintenance of national security, public security, national economic security or public infrastructure serving public interest in order to cause public panic; (iii) inputting data into a computer system constituting an offence against national security under the Penal Code;(iv) inputting any data of pornographic or obscene nature into a computer system which is publicly accessible; or (v) disseminating or forwarding any of the above types of data in the knowledge that the inputting of such data constitutes an offence.

If the offence under paragraph one (1) has not been committed against the public, but against an individual, the person who committed such offence, the distributor or the sender of such computer data shall be subject to imprisonment not exceeding three years and a fine not exceeding sixty thousand baht, or both, and it is a compoundable offence.

Under section 15 CCA, any service provider which intentionally supports or consents to the commission of an offence under section 14 shall be sentenced to a jail term not exceeding five years and/or a fine not exceeding 100,000 Thai baht, unless the service provider can prove that it acted in accordance with the Minister’s notification regarding notice procedure, suspension of dissemination of compute data and removal of such computer data.

Under Section 16/2, once the service provider is aware that electronic data in its possession is the data ordered for destruction by the court order, it must destroy the data. If it fails to do so, the service provider shall be subject to half of the penalty as provided for the relevant offence.