Computer Crimes Act

Section 18

Subject to the provisions of Section 19 and for the purpose of facilitating investigations where there exists reasonable cause to believe that an offence under this Act has been committed, a competent official shall, to the extent necessary for identifying the perpetrator of such offence, be vested with the following powers:

To issue a written inquiry to any person involved in the commission of an offence under this Act, or to summon such person to provide verbal statements, written explanations, or any relevant documents, data, or evidence in a comprehensible format;

To request computer traffic data pertaining to communications made via a computer system by a service user, or from other relevant individuals;

To order a service provider to submit user-related data required to be retained pursuant to Section 26 or any such data in the possession or under the control of the service provider;

To make copies of computer data or computer traffic data from a computer system in which there is reasonable cause to believe an offence under this Act has occurred, in cases where the said computer is not in the custody of the competent official;

To order any person who possesses or controls computer data or equipment used to store such data to surrender said data or equipment to the competent official;

To inspect or access any computer system, computer data, computer traffic data, or storage equipment that constitutes evidence of, or may be used to identify the perpetrator of, an offence under this Act; and to require the relevant party to submit such data to the necessary extent;

To decrypt, or to require any person involved in the encryption of such data to decrypt or assist in decrypting, any computer data;

To seize or attach a suspect computer system for the purpose of securing evidence relating to an offense under this Act or to identify the perpetrator thereof.

Section 19

The powers granted under Section 18(4), (5), (6), (7), and (8) shall be exercised only upon obtaining a judicial warrant issued by a court of competent jurisdiction.

The petition for such warrant shall specify the reasonable grounds to believe that an offence under this Act has been or will be committed, the reasons necessitating the exercise of the power, the nature of the alleged offence, a description of the computer equipment or systems implicated, and any known identifying details of the alleged offender. The court shall consider and decide upon the petition without delay.

Upon receiving judicial authorization, and prior to executing any action under Section 18(4), (5), (6), (7), or (8), the competent official shall provide the owner or possessor of the relevant computer system with a copy of the memorandum stating the reasonable grounds justifying the exercise of such powers. If the identity or whereabouts of the owner or possessor is unknown, the official shall submit such memorandum at the earliest possible opportunity.

For any action taken under Section 18(4), (5), (6), (7), or (8), a senior officer of the competent official must submit a memorandum detailing the description and rationale of the operation to a court of competent jurisdiction within forty-eight (48) hours of said action as evidentiary documentation.

In exercising the power under Section 18(4), copying of computer data may be undertaken only upon reasonable belief of an offence under this Act, and must not unduly interfere with or obstruct the business operations of the data owner or possessor.

For actions taken pursuant to Section 18(8), the competent official shall issue a formal letter of seizure or attachment to the owner or possessor of the computer system as proof thereof. Seizure or attachment shall not exceed a period of thirty (30) days unless extended by a court order. Petitions for such extensions may be filed and granted for one or more additional periods, provided the total duration does not exceed sixty (60) days.

When the seizure or attachment is no longer necessary, or upon the expiration of the authorized period, the competent official shall promptly return the seized system or lift the attachment.

The seizure or attachment letter shall conform to the form and procedures prescribed by Ministerial Regulation.

Section 20

Where the offense involves dissemination of computer data that may affect the security of the Kingdom as prescribed in Division 2, Title 1 or Title 1/1 of the Penal Code, or where the data may contravene public order or good morals, the competent official appointed by the Minister may submit a petition, along with supporting evidence, to a court of competent jurisdiction seeking an order to restrain such dissemination.

Upon the court’s issuance of a restraining order, the competent official shall execute the order personally or direct the relevant service provider to implement the restraint accordingly.

Section 21

Where a competent official, having relevant authority, determines that any computer data contains undesirable sets of instructions, such official may issue an order directing the owner or possessor of said data to suspend its use, destroy or correct such data, or impose conditions governing the use, possession, or dissemination thereof.

For the purposes of this Section, undesirable sets of instructions shall include any code or instruction set that causes computer data, computer systems, or other instruction sets to be damaged, destroyed, altered, added to, interrupted, or rendered incapable of functioning according to their intended design. This shall not include instruction sets intended to prevent or correct such outcomes as prescribed by Ministerial Regulation and duly published in the Government Gazette.

Section 22

A competent official shall not disclose or transmit any computer data, computer traffic data, or service user data obtained pursuant to Section 18 to any third party.

The prohibition in paragraph one shall not apply where such disclosure is:

(1) necessary for the prosecution of offences under this Act;

(2) necessary for initiating legal proceedings against a competent official for abuse of authority; or

(3) conducted pursuant to an order or permission granted by a court of competent jurisdiction.

Any competent official who violates the provisions of paragraph one shall be liable to imprisonment for a term not exceeding three years, or a fine not exceeding sixty thousand baht, or both.

Section 23

Any competent official who negligently allows third parties to access computer data, computer traffic data, or service user data obtained under Section 18 shall be liable to imprisonment for a term not exceeding one year, or a fine not exceeding twenty thousand baht, or both.

Section 24

Any individual who, with knowledge of computer data, computer traffic data, or service user data acquired by a competent official under Section 18, discloses such data to a third party, shall be liable to imprisonment for a term not exceeding two years, or a fine not exceeding forty thousand baht, or both.

Section 25

Computer data, computer traffic data, or any other data lawfully obtained by a competent official under this Act shall be admissible as evidence in criminal proceedings pursuant to the Criminal Procedure Code or any other applicable law, provided such data was not obtained through coercion, inducement, deception, or other unlawful means.

Section 26

A service provider shall retain computer traffic data for a minimum period of ninety (90) days from the date the data enters the computer system. If necessary, a competent official may, on a case-by-case or temporary basis, order the service provider to retain such data for a period exceeding ninety days but not exceeding one (1) year.

Service providers shall retain sufficient user information from the commencement of service to enable identification of the user. Such information shall also be retained for a further period not exceeding ninety (90) days after termination of the service agreement.

The classes of service providers to which the foregoing provisions shall apply, and the effective date of their application, shall be prescribed by Ministerial Regulation and published in the Government Gazette.

Any service provider who fails to comply with the obligations under this Section shall be subject to a fine not exceeding five hundred thousand baht.

Section 27

Any person who fails to comply with an order issued by a competent official or the court under Sections 18, 20, or 21 shall be subject to a fine not exceeding two hundred thousand baht, and a further daily fine not exceeding five thousand baht until full compliance is achieved.

Section 28

The Minister shall appoint competent officials under this Act. Such appointees must possess expertise in computer systems and meet additional qualifications as may be prescribed by the Minister.

Section 29

In the performance of duties under this Act, a competent official appointed by the Minister shall be deemed an administrative official or senior police officer under the Criminal Procedure Code and shall have the authority to receive complaints and conduct investigations solely in relation to offenses under this Act.

For the purposes of arrest, detention, search, investigation, and prosecution of individuals accused of committing offenses under this Act, the competent official shall coordinate with the investigating officer with jurisdiction to ensure actions remain within the scope of lawful authority.

The Prime Minister, in consultation with the Minister, shall jointly issue regulations governing coordination procedures as prescribed in paragraph two.

Section 30

A competent official performing duties under this Act shall present an official identification card to the relevant individual or entity upon request.

Such identification card shall conform to the format prescribed by Ministerial Regulation and published in the Government Gazette.