ARTICLE
15 July 2026

Thailand Issues AI Guidelines For Telecom Services

TG
Tilleke & Gibbins

Contributor

Tilleke & Gibbins is a leading Southeast Asian regional law firm with over 250 lawyers and consultants practicing in Cambodia, Indonesia, Laos, Myanmar, Thailand, and Vietnam. We provide full-service legal solutions to the top investors and high-growth companies that drive economic expansion in Asia.
Thailand’s National Broadcasting and Telecommunications Commission (NBTC) has published guidelines establishing a risk-based framework for the responsible use of artificial intelligence by telecom licensees.
Thailand Media, Telecoms, IT, Entertainment
Tilleke & Gibbins are most popular:
  • within Cannabis & Hemp, International Law and Consumer Protection topic(s)

Thailand’s National Broadcasting and Telecommunications Commission (NBTC) has published guidelines establishing a risk-based framework for the responsible use of artificial intelligence by telecom licensees. Released on July 2, 2026, the Guidelines on the Use of Artificial Intelligence for Telecommunications Services address governance structures, ethical principles, lifecycle management, and consumer protection obligations.

Scope and Legal Context

The nonbinding guidelines apply to holders of telecom business licenses under Thailand’s telecom licensing laws, but only with respect to the use of AI in providing licensed telecom services. Entities without such licenses are not directly subject to the guidelines, though they may be affected as third-party AI solution providers to licensees.

The guidelines supplement and should be read alongside existing laws, including the Cybersecurity Act, the Personal Data Protection Act (PDPA), the Computer Crime Act, and the NBTC Notification regarding Measures to Protect Telecommunications Service Users’ Rights Regarding Personal Data, Privacy Rights, and Freedom of Telecommunications, as well as forthcoming AI governance legislation being drafted by the ETDA.

AI Governance Structure

Licensees are expected to establish committees, working groups, or designated officers at both policy and operational levels to set strategic direction for AI use, formulate governance policies and tools, and oversee risk management. Roles, responsibilities, and accountability should be clearly defined for all personnel across every stage of the AI lifecycle—including for third-party AI solution providers and outsourced service providers, whose obligations should be explicitly documented in service agreements.

Core Principles

The guidelines identify six core principles that licensees should adhere to when deploying AI:

  • Compliance with laws, ethics, and international standards: AI should respect privacy, dignity, and human rights, and content filtering for inputs and outputs should be considered. For example, the AI should not be designed and developed to be used in generating false information, supporting illegal activities, or causing damage to people.
  • Fairness: Training data should be diverse, representative, and reliably sourced; bias testing is recommended.
  • Security and privacy: Cybersecurity measures should align with international standards (e.g., ETSI TC SAI, ISO/IEC 27090), and personal data should be protected through encryption, anonymization, and access controls. This should be considered together with other existing laws, such as the PDPA and Cybersecurity Act.
  • Transparency: Licensees should explain how AI is used and what factors drive decisions; disclosure to consumers should be proportionate to risk. Information relating to the design and development of AI should also be maintained and investigated when there is an issue with the AI.
  • Accountability: Accountability for AI outcomes should be clearly assigned, and channels for consumer inquiries and complaints should be maintained. For example, internal policies regarding the use of AI should be established.
  • Reliability: AI should produce accurate, consistent results; robustness testing is recommended to ensure operation in unexpected scenarios.

AI Lifecycle Governance

The guidelines prescribe governance measures across six stages of the AI lifecycle: solution design, data preparation, model building, deployment, monitoring and evaluation, and decommissioning. Key requirements include:

  • Predevelopment risk analysis
  • Third-party provider due diligence
  • Data quality and traceability standards
  • Reliability and fairness testing
  • Human oversight mechanisms
  • Secure retirement processes compliant with international standards

External and Internal Communications

Licensees should proactively inform consumers when they are interacting with AI systems, such as chatbots or voicebots. They should also provide warnings when AI-driven recommendations may affect consumer decisions, offer the option to switch to a human agent, and maintain feedback and complaint channels.

Internally, licensees are expected to promote AI literacy across all organizational levels. Non-IT staff should have a sufficient understanding of AI usage and associated risks, while technical staff and external personnel involved in AI development should be trained to comply with organizational policies, AI ethics, and applicable regulations.

Next Steps

Telecom licensees should assess their current AI governance structures against the guidelines’ requirements, focusing on governance committees, lifecycle policies, third-party vendor contracts, consumer disclosure mechanisms, and staff training programs. For M&A transactions in the telecom sector, AI governance maturity and data handling practices should also be incorporated into due diligence assessments.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More