Thailand: Balancing Opportunity and Oversight

Thailand is advancing toward its first dedicated AI legislation through the Draft Principles of AI Law, which underwent public consultation in June 2025. The bill merges two earlier draft instruments — the ONDE Draft Royal Decree on AI Systems (2022) and the ETDA Draft Act on AI Operations (2023) — into a single comprehensive framework. Influenced by the EU AI Act, Thailand's approach adopts a risk-based classification system covering prohibited and high-risk AI applications, while introducing novel individual rights including a Right to Notification and a Right to Explanation when AI systems affect decision-making. The Electronic Transactions Development Agency (ETDA) continues to serve as the primary regulatory steward, with the proposed AI Governance Center positioned to oversee compliance and implementation.

Thailand's AI governance landscape is undergoing a major consolidation. The two parallel regulatory tracks — ONDE's Royal Decree approach and ETDA's standalone Act — have been unified into the Draft Principles of AI Law, which completed public hearings in June 2025 and targets finalization in 2026. The draft introduces a tiered risk classification system that categorizes AI applications as prohibited, high-risk, or general-use, mirroring the EU AI Act's structure. Prohibited AI would include social scoring systems and real-time biometric surveillance in public spaces. High-risk categories cover AI used in healthcare, judicial proceedings, employment decisions, and critical infrastructure. Thailand is also pioneering transparency rights in the ASEAN context: the draft mandates that individuals be notified when AI systems are involved in decisions affecting them, and grants a Right to Explanation requiring operators to provide intelligible reasoning behind automated outcomes. An international delegation from 22 countries studied Thailand's regulatory approach in December 2025, signaling growing recognition of its model within the region.

The draft legislation will apply broadly across both commercial and public sector AI deployments. AI developers and operators deploying high-risk systems will face mandatory conformity assessments, registration requirements, and ongoing monitoring obligations. Financial institutions using AI for credit scoring or fraud detection will need to comply with both the new AI law and existing Bank of Thailand digital lending guidelines. Healthcare providers integrating AI diagnostic or treatment recommendation tools will be classified as high-risk operators. Government agencies using AI for public service delivery, welfare eligibility, or law enforcement will face heightened transparency and accountability requirements. International technology companies offering AI services in Thailand will need to appoint local representatives and ensure compliance with Thai data residency preferences under the Personal Data Protection Act (PDPA), which has been fully enforced since June 2022. SMEs and startups developing AI products may benefit from planned regulatory sandboxes, though details remain under development.

Thailand's draft AI framework is built on several foundational pillars. Risk-based classification sits at the core, sorting AI applications into prohibited, high-risk, and general-use tiers with proportionate compliance requirements for each. Transparency and explainability are emphasized through the Right to Notification and Right to Explanation, ensuring individuals understand when and how AI affects them. Human oversight requirements mandate meaningful human involvement in high-risk AI decision-making processes, preventing fully automated consequential decisions without human review. The framework promotes responsible innovation by coupling regulatory requirements with planned sandbox mechanisms and industry guidance. Data governance aligns with the PDPA's requirements around consent, purpose limitation, and cross-border transfer safeguards. Accountability structures require AI operators to maintain documentation, conduct impact assessments for high-risk systems, and establish clear liability chains. Thailand's approach also reflects ASEAN harmonization principles, aligning where possible with the ASEAN Guide on AI Governance and Ethics to facilitate regional interoperability.

Businesses operating in or entering the Thai market should begin preparing for a more structured AI compliance environment. Companies deploying high-risk AI systems will likely need to conduct conformity assessments and register their systems before deployment. The Right to Explanation requirement means organizations must be able to articulate how their AI systems reach decisions in plain language — a significant technical and operational challenge for those using opaque models. Firms should audit their current AI applications against the emerging risk classification framework to identify which systems may fall into high-risk categories. Cross-border data flows will remain subject to PDPA requirements, and businesses should ensure their AI training data and model operations comply with Thai data protection standards. The planned regulatory sandboxes present opportunities for innovative companies to test new AI applications under supervised conditions. Companies already compliant with the EU AI Act will find significant overlap with Thailand's framework, potentially easing multi-jurisdictional compliance. Industry associations including the Thai AI Association and Digital Council of Thailand are actively engaging with ETDA during the consultation period, providing channels for business input on implementation details.

The immediate focus is on the finalization of the Draft Principles of AI Law, expected to move through the legislative process in 2026. Key milestones include the formal establishment of the AI Governance Center under ETDA, which will serve as the primary supervisory body for AI regulation. Watch for secondary regulations and implementation guidelines that will define specific compliance requirements for each risk tier. Thailand's participation in ASEAN-level AI governance harmonization efforts could shape how the final legislation addresses cross-border AI services and mutual recognition frameworks. The government's plan for regulatory sandboxes will be particularly important for the startup ecosystem and international companies seeking market entry. Sector-specific AI guidance from regulators including the Bank of Thailand, the Securities and Exchange Commission, and the National Health Commission is likely to emerge alongside the primary legislation. Thailand's approach to enforcement — including penalty structures and grace periods — will be critical for businesses planning their compliance timelines. The December 2025 international study delegation suggests Thailand aims to position itself as a regional thought leader on AI governance, which could influence how neighboring ASEAN nations develop their own frameworks.