Three Services Between Related Companies No Longer Require a Foreign Business License

A newly issued Ministerial Regulation has lifted the constraint on foreign companies providing services to other members of their group, such as "back-office services", without first obtaining a Foreign Business License ("FBL").

The conduct of business in Thailand by a foreign person or juristic person ("Foreigner") is regulated by the provisions of the Foreign Business Act B.E. 2542 (1999) ("FBA").  Schedule Three includes "the provision of services other than those specified by the Ministerial Regulations (Clause 21)", which operates as a catch-all provision which encompasses most service-oriented businesses.  Certain service businesses are excluded from the FBA by way of Ministerial Regulations, and a new Ministerial Regulation was published in the Royal Gazette on 25 June 2019 prescribing three types of service businesses which do not require an FBL.

The three service businesses mentioned in the Ministerial Regulation are as follows:

1. the service business of domestic lending between relataed juristic persons;
2. the service business of office space rental with utilities between related juristic persons; and
3. the service business of providing consultation between related juristic persons, only in the areas of administration, marketing, human resource and information technology.

---

New Personal Data Protection Act

Thailand's first data protection law, the Personal Data Protection Act B.E. 2562 (2019) ("PDPA"), was published in the Royal Gazette on 27 May 2019 and certain key provisions became effective the next day.  These provisions, set out in Chapters 1 and 4 of the PDPA, provide for the establishment of the following regulatory bodies:

• the Personal Data Protection Commission ("PDPC"), whose duties and powers include preparing a master plan for the promotion and protection of personal data, and interpreting and determining issues arising from the enforcement of the PDPA; and

• the Office of Personal Data Protection Commission ("PDPC's Office"), which will be a government agency with the status of a juristic person.  Its role will be to promote and support the development of personal data protection.

In terms of the operating provisions set out in the remainder of the PDPA, such as the Data Controller's requirement to seek consent prior to or during the collection, use and disclosure of Personal Data (unless the provisions under the PDPA or other laws prescribe otherwise), these provisions of the PDPA will become effective one year after the date of publication, i.e. on 27 May 2020.

This means that companies have less than ten months in which to implement processes for the handling of Personal Data in a manner which complies with the PDPA.

---

Thailand's First Cyber Security Law

Thailand's first cyber-security law, i.e. the Cyber Security Act B.E. 2562 (2019) ("CSA"), came into effect on 28 May 2019.  The Prime Minister shall be in charge of execution of the CSA.

The main reason for the promulgation of the CSA is to safeguard Critical Information Infrastructure ("CII") against Cyber Attack.  CII is defined as a computer or computer system which a government agency or a private agency uses in its business which relates to the state security, public safety, economic stability of the country, or public infrastructure.

The CSA will establish the National Cyber Security Committee ("NCSC"), the Oversight Committee on Cyber Security and the Office of the National Cyber Security Committee, as well as the Executive Board of the Office of the National Cyber Security Committee.  Pursuant to the CSA, the NCSC will issue a policy and plan on Cyber Security.  The government agencies, regulatory authorities, and CII agencies are required to prepare their code of conduct and qualifications framework on Cyber Security in compliance with the NCSC's policy and plan on Cyber Security.  They also have a duty to prevent, cope with and minimize the risk of Cyber Attacks according to their code of conduct and qualifications framework.

---

Amendment to Trade Remedies Laws

An amendment to the Anti-Dumping and Countervailing Act (No. 2) B.E. 2562 (2019) ("Amendment") was published in the Royal Gazette on 22 May 2019 and will come into effect on 19 November 2019.

There are a number of changes introduced by the Amendment, which are primarily intended to more consistently implement the provisions of the WTO Agreement on Subsidies and Countervailing Measure and the Anti-Dumping Agreement.

One of the key amendments is the introduction of anti-circumvention measures.  In case a circumvention of anti-dumping and countervailing measure ("AD/CV measure") is found, the collection of anti-dumping duty and/or countervailing duty shall be extended to the importation of products circumventing the AD/CV measure at a rate not exceeding the maximum rate collected from the product subject to the AD/CV measure imposed on the exporting countries.  This will enhance the ability of Thai authorities to more effectively enforce AD/CV measures.

---

New Amendment to the Labour Protection Act now Effective

On 5 April 2019, the Labour Protection Act (No.7) B.E. 2562 (2019) ("Amended LPA"), which amended the existing Labour Protection Act B.E. 2541 (1998), was published in the Royal Gazette. The Amended LPA came into force on 5 May 2019.

Amendments were made to the following areas:

• Minimum of 3 days' paid Business Leave
• Increased Maternity Leave entitlement
• New Category of Severance Pay for those who have worked for 20 years or more
• Wages Payable During Suspension of Business
• Relocation of Workplace
• Change of Employer
• Payment in Lieu of Advance Notice
• Statutory Payments shall be made within 3 days

---