Thailand Child Protection Act 2026: What Businesses Must Know

The Thailand Child Protection Act is heading for its most far-reaching overhaul in more than two decades, and the consequences extend well beyond social welfare policy. On 11 May 2026, the Ministry of Social Development and Human Security released a draft Child Protection Act for public review, proposing to repeal and replace the long-standing framework enacted in 2003. For international businesses that run digital platforms, media services, or any product touching children in Thailand, this draft signals a markedly stricter compliance landscape, and the consultation window is closing fast.

Why the Thailand Child Protection Act Overhaul Matters Now

Thailand has regulated child welfare under the Child Protection Act B.E. 2546 (2003) for over twenty years. The new draft does not simply amend that law. Instead, it repeals it entirely and rebuilds the framework from the ground up, reflecting the government’s stated aim to modernise protections for the digital era and to tighten coordination between state agencies, local authorities, and civil society.

Crucially, the draft was opened for public consultation with a short review period that closes on 9 June 2026. Companies that want their concerns heard, or that simply need to understand their future obligations, therefore have little time to prepare. Moreover, because the law expands the concept of harm to include online conduct, its reach now lands squarely on the technology, media, and consumer sectors.

Who Is Affected: Platforms, Media, and Child-Facing Businesses

Although a child protection statute may sound like a matter for schools and welfare officers, the draft’s modern provisions implicate a wide range of commercial operators. In practice, the businesses most exposed include the following.

Online platforms and digital service providers

Social media networks, gaming companies, streaming services, and edtech providers all collect data from, and deliver content to, young users in Thailand. The draft’s new treatment of online conduct means these operators must scrutinise how minors interact with their products, how harmful material is moderated, and how quickly abusive activity is reported and removed. These duties sit alongside the existing rules that already govern digital platforms in Thailand.

Media, advertising, and content companies

Publishers, broadcasters, and advertising agencies face heightened scrutiny over how children are depicted and exploited commercially. As a result, content workflows, talent agreements involving minors, and editorial controls will need review against the expanded standards, much as social platforms have already adapted to Thailand’s advertiser identity verification rules.

Consumer brands and service providers

Any business that markets to families, operates child-oriented venues, or employs young workers should treat the draft as a prompt to audit its policies. Even firms without an obvious connection to children may hold customer data that captures minors.

Key Takeaway: The draft Thailand Child Protection Act is not confined to the welfare sector. Its online-conduct provisions place direct compliance pressure on technology platforms, media companies, and any business that collects data from or markets to minors in Thailand.

Key Reforms in the Draft Thailand Child Protection Act

Three structural changes stand out as the most consequential for businesses operating in Thailand. Each broadens liability and narrows the room for technical defences.

A broader definition of “child”

The current law defines a child as anyone under 18, but excludes those who reach legal majority through marriage. The draft removes that exception entirely. Consequently, every person under 18 falls within the law’s protection without qualification, which simplifies the threshold but also widens the population that businesses must account for.

From “abuse” to the broader concept of “violence”

The 2003 framework centres on “abuse” or “cruelty.” The draft replaces this with the wider concept of “violence,” covering any act or omission that harms a child’s body, mind, or development, as well as abandonment, neglect, and improper exploitation. Significantly, the draft adds developmental harm as a recognised injury and captures misconduct regardless of whether the child consented. For businesses, the inclusion of “omission” matters: failing to act can itself create exposure.

A standalone definition of online sexual abuse

Perhaps the most commercially relevant addition is a dedicated definition of sexual abuse that expressly captures online conduct. This brings grooming, exploitation, and the circulation of harmful material through digital channels within the statute’s core. For platform operators, it raises the stakes around content moderation, age assurance, and incident response.

Key Takeaway: By widening the definition of a child, replacing “abuse” with “violence,” and defining online sexual abuse as a standalone category, the draft expands both the scope of protected conduct and the range of parties who can be held responsible.

Practical Compliance Steps for Businesses in Thailand

While the draft is not yet law, prudent organisations should begin preparing now rather than waiting for enactment. The following measures position a business to adapt efficiently.

Map your exposure. Identify every product, service, and dataset that involves, reaches, or could capture individuals under 18. This audit forms the foundation for every other step.

Strengthen content moderation and reporting. Platforms should review takedown procedures, escalation paths, and cooperation channels with Thai authorities, ensuring that harmful or abusive content can be addressed swiftly. Many of these controls overlap with the obligations covered in our guide to online compliance in Thailand.

Review age assurance and data handling. Because the draft intersects with Thailand’s data protection regime, businesses should confirm that consent, retention, and access controls reflect the heightened sensitivity of children’s information.

Update contracts and internal policies. Talent agreements involving minors, employee handbooks, and supplier terms should reflect the expanded definitions of harm, including the duty not to neglect or omit protective action.

Engage during consultation. Where a provision is ambiguous or commercially burdensome, submitting feedback before 9 June 2026 is the most direct way to shape the final text.

Key Takeaway: Early preparation is far cheaper than retrofitting compliance after enactment. A structured exposure audit, combined with stronger moderation and data controls, gives businesses a defensible position under the new framework.

How the Draft Intersects With Thailand’s Digital and Data Laws

The draft Child Protection Act does not operate in isolation. It overlaps with Thailand’s Personal Data Protection Act, the Computer Crime Act, and the growing body of platform and advertising rules that already govern online business. Children’s data, for instance, attracts elevated protection under data privacy principles, and the new emphasis on online harm reinforces obligations that digital operators already face.

For foreign investors, the practical lesson is that Thailand is steadily aligning its digital governance with international child-safety standards, including the principles underlying the UN Convention on the Rights of the Child. Businesses that treat child safety as a coherent, cross-statutory programme, rather than a series of isolated obligations, will navigate this environment with far greater confidence.

Frequently Asked Questions

When will the new Thailand Child Protection Act take effect?
The measure remains a draft. The Ministry of Social Development and Human Security opened it for public review on 11 May 2026, with the consultation period closing on 9 June 2026. After consultation, the draft must complete the legislative process before it becomes enforceable, so businesses still have a window to prepare and to submit feedback.
Does the draft Child Protection Act apply to foreign-owned companies in Thailand?
Yes. The law applies to conduct and operations within Thailand regardless of the owner’s nationality. Foreign-owned platforms, media companies, and consumer businesses that serve Thai users or collect data from minors should assume they fall within scope and plan accordingly.
How does the draft affect online platforms specifically?
The draft introduces a standalone definition of sexual abuse that expressly covers online conduct, and it broadens harm to include omissions. In practice, this raises expectations around content moderation, age assurance, incident reporting, and cooperation with Thai authorities for any platform accessible to children.
What is the most important change for businesses to note?
The shift from “abuse” to the broader concept of “violence” is pivotal. It captures developmental harm, applies regardless of a child’s consent, and includes failures to act. This expands potential liability for organisations that previously assumed a narrow definition of misconduct.
Should we wait until the law passes before acting?
Waiting is rarely advisable. An exposure audit, stronger moderation and data controls, and updated contracts take time to implement. Preparing now reduces cost and risk, and engaging during the consultation period lets your business help shape the final requirements.

Need Help Navigating Thailand’s Child Protection Reforms?

Lex Bangkok advises international businesses, platforms, and investors on Thailand’s evolving regulatory landscape. Our team translates complex legislative change into clear, actionable compliance strategy tailored to your operations.

Schedule a Consultation