The National Cybersecurity Committee has issued a notification which prescribes a list of Critical Information Infrastructure Organizations (CII Organizations) in charge of supervising and regulating the cybersecurity for each type of organization that is considered a CII Organization. These organizations must strictly adhere to the Cybersecurity Act (2019) to help reduce the impact of possible cyber threats or face stiff penalties for non-compliance. It is also possible that we may see further guidelines issued by each of the regulators stipulated under the CII notification. Additionally, another notification was issued by the NCSC to get the ball rolling on establishing a coordination center to help CII Organizations combat cyber threats and to support the competent authorities.


Dhiraphol Suwanprateep, Siranya Rhuvattana, and Khunawut Tongkak provide further details in this legal update.