Foreign Business Act (FBA)
BINDING
Most technology services businesses fall under FBA. Requires 51% Thai ownership or BOI promotion or Foreign Business Licence. Structure entity with a trusted Thai shareholder or use BOI path.
Regional Deep Dive/APAC
Tax & Regulatory // Thailand
Entity type: Thai Limited Company (บริษัทจำกัด) or BOI-promoted Entity
Core Compliance
Corporate Tax
20%
Standard rate; BOI-promoted companies can receive 3–8 year corporate tax holidays
VAT
7%
Currently reduced from standard 10%. Lowest VAT in the region.
Foreign Business Act
51% Thai ownership
FBA requires majority Thai ownership for many service categories. BOI promotion or Treaty of Amity (US only) provides exceptions.
Regulatory Vectors
urgent
PDPA Compliance
REQUIRED
Thailand Personal Data Protection Act 2019 fully effective from 2022. Requires consent management, DPO appointment for large processors, and breach notification within 72 hours.
BOI Promotion (optional but valuable)
OPTIONAL
Board of Investment promotion allows 100% foreign ownership + corporate tax holiday + import duty exemptions. Application takes 3–6 months but unlocks significant advantages.
Royal Decree on Cybersecurity
SECTOR-SPECIFIC
National Cybersecurity Act 2019 applies to critical information infrastructure operators. Most standard SaaS businesses are not directly affected.
Key Legislation
Personal Data Protection Act 2019 (PDPA)
Data protection rights and obligations, effective from June 2022.
Foreign Business Act 1999 (FBA)
Restricts foreign ownership in certain business categories.
National Cybersecurity Act 2019
Governs critical information infrastructure protection.
Entry Recommendation
Apply for BOI promotion early — it solves the foreign ownership problem and delivers tax benefits simultaneously. Engage a Bangkok-based commercial law firm with BOI experience. PDPA compliance is straightforward for standard SaaS.
Regulatory Flashpoints — Evidence Base
Primary regulatory flashpoint
confidence 40PDPA consent and processing basis requirements for personal data.
Needs human review