(Translation)
PAGE4
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
Computer Crime Act
B.E 2550 (2007)
______
Bhumibol Adulyadej, Rex.
Given on this 10th day of June B.E. 2550 (2007)
Being the 62nd year if the present reign.
His Majesty King Bhumibol Adulyadej has been pleasantly pleased to proclaim that as
it is deemed appropriate to enact a law governing the commission of a computer-related
offence.
His Majesty, therefore, granted His Royal assent forthe promulgation of the Computer
CrimeActinaccordwiththerecommendationandconsentoftheNationalLegislative
Assembly as follows:
Section 1 This Act shall be called the “Computer CrimeAct B.E 2550 (2007)”.
Section 2 ThisAct will come into force30 days following the dateof its publication in
the Government Gazette.
Section 3 In this Act,
“ComputerSystem”meansapieceofequipmentorsetsofequipmentunits,whose
function isintegratedtogether, for whichsets ofinstructions andworking principlesenable it
or them to perform the duty of processing data automatically.
“ComputerData” means data, statements, or sets of instructions contained in a computer
system,theoutputofwhichmaybeprocessedbyacomputersystemincludingelectronicdata,
accordingtotheLawofElectronicTransactions.
(Translation)
PAGE5
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
“ComputerTrafficData”meansdatarelatedtocomputersystem-based
communicationsshowingsourcesoforigin, starting points,destinations,routes,time, dates,
volumes,timeperiods,typesofservicesorothersrelatedtothatcomputersystem’s
communications.
“Service Provider” shall mean:
(1) A person who providesservice to the public withrespect to access to theInternet
or other mutual communicationvia a computersystem, whether ontheir own behalf, or inthe
name of, or for the benefit of, another person
(2)A person who provides serviceswith respectto thestorage of computer datafor
the benefit of the other person
“Service User” means a person who uses the services provided by a service provider,
with or without fee
“Competent Official” means apersonappointedbyaMinistertoperformduties
under this Act.
“Minister” means aMinister who hasresponsibility and controlfor the executionof
this Act.
Section 4. TheMinister of Informationand Communications Technology shall have
responsibility andcontrolfor theexecutionof thisAct andshallhave theauthorityto issuea
Ministerial Rule for the purpose of the execution of thisAct.
AMinisterial Rule shall be enforceableuponitspublicationintheGovernment
Gazette.
Chapter 1
Computer-Related Offences
Section5. Anypersonillegallyaccessingacomputersystemforwhichaspecific
accesspreventionmeasurethatisnotintendedfortheirownuseisavailableshallbesubject
to imprisonment forno longer thansix months ora fine ofnot more thanten thousand bahtor
both.
Section6.Ifanypersonknowingofameasuretopreventaccesstoacomputer
system specificallycreated by athird party illegally discloses that measure in amanner that is
likelytocausedamagetothethirdparty,thentheyshallbesubject toimprisonmentforno
longer than one year or a fine of not more than twenty thousand baht or both.
Section7.Ifanypersonillegallyaccessescomputerdata, forwhichthereisa
specificaccesspreventionmeasurenotintendedfortheirownuseavailable,thenheorshe
shall besubject toimprisonment forno longerthan twoyears ora fineof notmore thanforty
thousand baht or both.
Section10.Any personwho illegallycommits anyact that causes theworking ofa
thirdparty’scomputersystemtobesuspended,delayed, hinderedordisruptedtotheextent
thatthecomputersystemfailstooperatenormallyshallbesubjecttoimprisonmentforno
longer than five years or a fine of not more than one hundred thousand baht or both.
(Translation)
PAGE6
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
Section8.Anypersonwhoillegallycommitsanyactbyelectronicmeansto
eavesdrop a thirdparty’s computer data in process of beingsent in acomputer system andnot
intended for the publicinterest or general people’suse shall be subject toimprisonment for no
longer than three years or a fine of not more than sixty thousand baht or both.
Section 9.Any person who illegallydamages, destroys, corrects, changesor amends
athirdparty’s computerdata,eitherinwholeorinpart,shallbesubjecttoimprisonmentfor
no longer thanfive years or a fine of not more than one hundred thousand baht or both.
Section13.Anypersonwhosellsordisseminatessetsofinstructionsdevelopedasa
tool used in committing an offence under Section 5, Section 6, Section 7,Section 8, Section 9,
Section10andSection11shallbesubjecttoimprisonmentfornotmorethanoneyearora
fine of not more than twenty thousand baht, or both.
Section 11Any person sending computer data orelectronic mailto another personand
coveringupthesourceofsuchaforementioneddatain amannerthatdisturbstheother
person’s normal operation of their computersystem shall besubject to afine of notmore than
one hundred thousand baht.
Section 12. The perpetration of an offence under Section 9 or Section 10 that:
(1)causesdamage,whetheritbeimmediateorsubsequentandwhetheritbe
synchronoustothepublicshallbesubjecttoimprisonmentfornolongerthantenyearsora
fine of not more than two hundred thousand baht.
(2) is an actthat is likelyto damage computerdata or a computersystem related tothe
country’s security, public security and economic security or public services or is anact against
computer dataor acomputer systemavailable forpublic useshall besubject toimprisonment
fromthreeyearsuptofifteenyearsandafineofsixtythousandbahtuptothreehundred
thousand baht.
Thecommissionofanoffenceunder(2)thatcausesdeathtoanotherpersonshallbe
subject to imprisonment from ten years up to twenty years.
(4)thatinvolvesimport toacomputersystemofanycomputerdataofapornographic
naturethat ispublicly accessible;
(Translation)
PAGE7
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
Section 14. If anyperson commits any offenceof the following acts shall be subjectto
imprisonmentfornotmorethanfiveyearsorafineofnotmorethanonehundredthousand
baht or both:
(1) that involves import to a computersystem of forged computerdata, either in whole
or in part, or falsecomputer data, in a mannerthat is likely tocause damage to that third party
or the public;
(2) that involvesimport toa computer systemof falsecomputer data ina mannerthat
is likely to damage the country’s security or cause a publicpanic;
(3)that involvesimport toacomputersystemofanycomputerdatarelatedwithan
offence against the Kingdom’s security under the Criminal Code;
Ifapartyinjuredbyanoffenceunderparagraphonehasdiedbeforefilinga
complaint,then theirparents, spouseor childrenmay filea complaint andshall bedeemed to
be the injured party.
Section17. Anypersoncommittinganoffence against this ActsidetheKingdom and;
out
(1) theoffenderisThaiandthegovernmentofthecountrywheretheoffencehas
occurred or the injured party is required to be punished or;
(5)thatinvolvesthedisseminationorforwardingofcomputerdataalreadyknownto
be computer data under (1) (2) (3) or (4);
Section15. Anyserviceproviderintentionallysupportingorconsentingtoanoffence
underSection14withinacomputersystemundertheircontrol shall be subject tothesame
penalty as that imposed upon a person committing an offence under Section 14.
Section16.Anyperson,whoimports toacomputer systemthat ispublicly
accessible, computer datawhere a third party’s pictureappears either created, edited, added or
adapted by electronic means orotherwise in amanner that islikely to impairthat third party’s
reputation or cause that third partyto be isolated, disgusted or embarrassed, shall be subject to
imprisonment for not longer than threeyears or a fine of not more thansixty thousand baht, or
both.
Ifthecommissionunderparagraphoneisatrustworthyactiontheperpetratorisnot
guilty.
An offence under paragraph one shall be a compoundable offence.
Chapter 2
Competent Officials
(Translation)
PAGE8
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
(2)theoffenderisanon-citizenandtheThai governmentorThai personwhoisan
injured party or the injured party is required to be punished;
shall be penalized within the Kingdom.
Section 19.The power ofauthority of therelevant competent official under Section
18(4),(5),(6),(7)and(8),isgivenwhenthat competentofficialfilesapetitiontoacourt
withjurisdictionfor aninstructiontoallowtherelevantcompetentofficialtotake action.
Section18.WithinthepowerofSection19andforthebenefitofaninvestigation,if
there isreasonable causeto believethat thereis theperpetration ofan offenceunder thisAct,
thenarelevantcompetentofficialshallhaveanyofthefollowingauthoritiesonlyas
necessary to identify a person who has committed an offence in order to:
(1) issuean inquiryletter toany personrelated tothe commissionof anoffence under
thisAct orsummonthemto givestatements,forward written explanationsor anyother
documents, data or evidence in an understandable form.
(2)callforcomputertrafficdatarelatedtocommunicationsfromaserviceuserviaa
computer system or from other relevant persons.
(3) instruct a serviceprovider todeliver toa relevant competentofficial serviceusers-
relateddatathat must bestoredunderSection26orthatisinthepossessionorunderthe
control of a service provider;
(4) copycomputer data, computertraffic datafrom acomputer system, in whichthere
isa reasonablecausetobelievethatoffencesunderthisActhavebeencommittedif that
computer is not yet in the possession of the competent official;
(5)instruct apersonwhopossessesorcontrolscomputerdataorcomputerdatastorage
equipment todeliver totherelevant competent official thecomputerdata or theequipment pieces;
(6) inspectoraccessacomputer system, computerdata, computertrafficdataor
computer datastorage equipment belongingto anyperson thatis evidenceof, ormay beused
as evidence relatedto, thecommissionof anoffenceor usedin identifying aperson whohas
committedan offence,andinstructthatpersontosendthe relevantcomputerdatatoall
necessary extent as well;
(7) decodeany person’s computer dataor instructany personrelated tothe encryption
of computerdata todecode thecomputer dataor cooperatewith arelevant competent official
in such decoding;
(8) seize orattach the suspect computer system for the purposeof obtaining detailsof an
offence andthepersonwhohascommittedanoffence under thisAct;
Whenthecourtapprovespermission,andbeforetakinganyactionaccordingtothe
court’sinstruction,therelevantcompetentofficialshallsubmita copyofthereasonable
ground memorandumto show that an authorizationunder Section18 (4),(5), (6),(7) and(8),
mustbeemployedagainsttheownerorpossessorofthecomputersystem,asevidence
thereof. If thereis noowner ofsuch computerthereby, therelevant competent official should
submit a copy of said memorandum as soon as possible.
InordertotakeactionunderSection18(4),(5),(6),(7)and(8), theseniorofficerof
the relevant competent officialshall submit acopy ofthe memorandumabout thedescription
andrationaleoftheoperationtoacourtwithjurisdictionwithinfortyeight (48) hours after
the action has been taken as evidence thereof.
(Translation)
PAGE9
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
However,thepetitionmustidentifyareasonablegroundtobelievethattheoffenderis
committingorgoingtocommitanoffenceundertheActaswellasthereasonofrequesting
theauthority,includingthecharacteristicsoftheallegedoffense,adescriptionofthe
equipment usedto committhe allegedoffensive action anddetails of theoffender, as much as
this can be identified. The court should adjudicate urgentlysuch aforementioned petition.
Ifthecourtgivesaninstructiontorestrainthedisseminationofcomputerdata
accordingtoparagraphone,therelevantcompetentofficialshallconducttherestrainteither
When copying computerdata under Section18 (4), and given that it may bedone only
whenthereisareasonablegroundtobelievethatthereisanoffenceagainsttheAct,such
action mustnot excessively interfere or obstruct the businessoperation of thecomputer data’s
owner or possessor.
RegardingseizureorattachmentunderSection18(8),arelevantcompetentofficial
must issue a letter of seizure or attachment to the person who owns or possesses that computer
systemasevidence.Thisisprovided,however,that theseizureorattachmentshallnotlast
longer than thirty days.If seizure orattachment requiresa longer timeperiod, a petitionshall
be filedat acourt withjurisdiction forthe extensionof theseizure orattachment timeperiod.
Thecourtmayallowonlyoneorseveral time extensions,howeveraltogetherfornolonger
thansixtydays.Whenthat seizure or attachment is nolongernecessary,oruponitsexpiry
date,thecompetentofficialmustimmediatelyreturnthecomputersystemthatwasseizedor
withdraw the attachment.
Theletterof seizureor attachmentunderparagraph oneshall bein accordancewitha
Ministerial Rule.
Section 20. If anoffence under thisAct istodisseminate computer data that might have an
impacton theKingdom’ssecurity asstipulated inDivision2type 1or type 1/1of theCriminal
Code, or that it might be contradictory to the peace and concord or goodmorals of the people, the
competent officialappointedbytheMinister mayfile apetitiontogether withtheevidence to acourt
with jurisdiction to restrain the dissemination of such computer data.
The undesirable sets of instructions under paragraph oneshall mean to include sets of
instructions that cause computer data, acomputer system or other instruction sets tobe damaged,
destroyed,corrected, changed,added,interruptedor, fail toperformaccording topre-determined
instructions or otherwise as required by arelevant Ministerial Rule, with the exception ofsetsof
instructions aimed atpreventingorcorrecting theforegoingsetsofinstructions asrequired bya
Minister andpublished in theGovernmentGazette.
(Translation)
PAGE10
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
byhimself orinstruct theServiceProvidertorestrainthedisseminationof suchcomputer
data.
Section21.Ifarelevantcompetentofficialfoundthatanycomputerdatacontains
undesirable sets of instructions, a relevant competent official withthe authority to prohibit the
saleordisseminationofsuch,mayinstructthepersonwhoownsorpossessesthecomputer
datatosuspendtheuse of,destroyorcorrect thecomputerdata therein,ortoimposea
conditionwithrespecttotheuse,possessionordisseminationoftheundesirablesetsof
instructions.
Section 25. Data, computerdata orcomputer trafficdata thatthe competentofficial
acquiredunderthisActshallbeadmissibleasevidenceundertheprovisionoftheCriminal
Section 22.A relevant competent official shall not disclose or delivercomputer data,
computer traffic data or service users’ data acquired under Section18 to any person.
The provisions under paragraphone shall not applyto any actions performedfor the
benefit oflodging alawsuit against aperson whohas committedan offenceunder thisAct or
forthebenefitoflodgingalawsuitagainst arelevantcompetentofficialonthegroundsof
their abuse of authority or for action taken according to a court’s instruction or permission.
Any competent official who violates paragraph one must be subject to imprisonment
for no longer than three years or a fine of not more than sixty thousand baht, or both.
Section 23. Any competent official whocommits anact ofnegligence that causes a
thirdpartytoknowofcomputerdata,computertrafficdataoraserviceuser’s dataacquired
underSection 18mustbe subject toimprisonmentfor nomore thanone year ora fineof not
more than twenty thousand baht, or both.
Section 24. Any person knowing of computer data, computer traffic data or a service
user’s data acquired by a relevant competent official under Section18 and disclosingit to any
personshallbesubjecttoimprisonmentfornolongerthantwoyearsorafineofnotmore
than forty thousand baht, or both.
Thetypesofserviceprovidertowhomtheprovisionsunderparagraphoneshall
apply and the timingof this application shall be established by a Minister and published in the
Government Gazette.
(Translation)
PAGE11
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
ProcedureCodeorotherrelevantlawrelatedtotheinvestigation,however,itmustnotbein
the way of influencing, promising, deceiving or other wrongful ways.
Section 26. A service providermust storecomputer trafficdata forat leastninety days
fromthedateonwhichthedataisinput intoacomputersystem.However,ifnecessary,a
relevant competent officialmay instruct a serviceprovider tostore datafor aperiod oflonger
than ninetydays but notexceeding one yearon a special case bycase basis oron a temporary
basis.
The serviceprovidermustkeepthenecessaryinformationoftheserviceuserin
ordertobeabletoidentifytheserviceuserfromthebeginningoftheserviceprovision,and
such informationmust bekept fora furtherperiod notexceeding ninetydays afterthe service
agreement has been terminated.
ThePrimeMinisterisinchargeof theRoyalThai PoliceHeadquarters andwitha
Ministershall havea jointauthoritytoestablisharegulationwithrespect to the means and
action-related procedures under paragraph two.
AserviceproviderwhofailstocomplywiththisSectionmustbesubjecttoafineof
not more than five hundred thousand baht.
Section 27. Ifany personfails tocomplywith theinstructions of courtor relevant
competentofficialunderSection18orSection20orfailstocomplywiththecourt’s
instruction underSection 21shall besubject toa fineof notmore thantwo hundredthousand
bahtand afurtherdailyfine of not morethanfivethousand baht until therelevantcorrective
action has been taken.
Section28.Regardingtheappointmentof acompetent officialunderthisAct,the
Ministershallappointpersonswithknowledgeof,andexpertisein,computer systemsand
having the qualifications as required by the Minister.
Section29.InperformanceofthedutiesunderthisAct,thecompetentofficial
appointed by the Minister shall be an administrative officeror a senior police officer under the
CriminalProcedureCodecompetenttoreceiveapetitionoraccusationandbeauthorizedto
investigate only on an offence under this Act.
Inarresting, controlling,searching,investigating, andfilingalawsuitagainst a
personwhocommitsanoffenceunderthisAct,andforwhat iswithintheauthorityofan
administrativeofficeroraseniorpoliceofficer, suchcompetentofficershallcoordinatewith
the relevant investigating officer in charge to takeaction within their authorized duties.
The identity card shall be as per the form required by a Minister andpublished in the
Government Gazette.
(Translation)
PAGE12
GOVERNMENT GAZETTE
VOL. 124 SECTION 27 KOR.
18 JUNE 2007
Section 30. In theperformance of duties,a relevant competent official must produce
an identity card to a relevant person.
Remark:-Therationale fortheissueofthisActas oftodayisthatacomputersystemis
essential tobusiness operationsand thehuman wayof life,as such,if anyperson commitsan
actthatdisablestheworkingofacomputersystemaccordingtothepre-determined
instructions orthat causesaworkingerror – adeviationfromthat requiredby thepre-
determinedinstructions orthatresorts toany meansto illegally knowof, correct ordestroy a
thirdparty’sdatacontainedinacomputersystemorthatusesacomputersystemto
disseminatefalseorpornographiccomputerdata,thenthatact willdamageandaffectthe
country’seconomy,societyandsecurityincludingpeople’speaceandgoodmorals.
Therefore, it isdeemed appropriateto stipulate measuresaimed at preventingand suppressing
such acts.Hence the enactment of this Act.
Countersigned
General Surayud Chulanont
Prime Minister