Thailand Introduces New Measures for SIM Registration and Proposes Expanded KYC Requirements
The NBTC has established new SIM registration rules and is currently consulting on additional, expanded KYC measures.
The National Broadcasting and Telecommunications Commission (NBTC) has implemented new, mandatory compliance obligations for telecommunications licensees in Thailand regarding SIM card registration. The measures, which took effect on May 16, 2026, address identity verification procedures, SIM management controls, and mandatory data retention practices.
Beyond these immediate requirements, the NBTC is also consulting on additional “Know Your Customer” (KYC) measures that would significantly broaden customer onboarding and documentation standards for all users. Licensees must now navigate these enforceable rules while preparing for the potential adoption of more extensive verification protocols.
On May 15, 2026, The NBTC published the Notification on Measures for Prevention and Suppression of Technology Crime No. 2, in the Government Gazette, amending the earlier notification issued on August 24, 2025.
Separately, on May 25, 2026, the NBTC Office also invited 546 telecommunications licensees for consultation on NBTC’s proposed additional “Know Your Customer” (KYC) registration and identity verification measures that would significantly expand customer onboarding and documentation requirements.
The binding notification and the draft KYC measures are related but distinct. The notification imposes enforceable obligations that are already in effect, while the draft KYC measures remain under consultation and may later be adopted in a separate notification or amendment.
New SIM Registration Compliance Obligations Now in Force
SIM Card Registration Cap for Foreign Nationals
Under the new notification, individuals without Thai nationality are limited to registering no more than three SIM cards per service provider.
Identity verification must be conducted using a passport. Where a passport is unavailable, acceptable alternatives include travel documents or certificates of identity issued by foreign governments together with supporting Thai government-issued identification documents, including pink ID cards and white ID cards for persons without registration status.
Registration must take place in person at a branch office or authorized dealer.
Telecommunications operators must also develop identity verification systems and obtain NBTC approval before implementing those systems.
SIM Activation and Reverification Requirements
Both Thai and non-Thai users must activate registered SIM cards within 60 days after registration. SIM cards that remain inactive beyond that period may only be activated after the user undergoes in-person reverification confirming that the individual seeking activation is the same person who originally registered the SIM.
Restrictions on SIM Box and Gateway Devices
The notification also prohibits telecommunications operators from allowing unauthorized SIM box or gateway devices capable of supporting four or more SIM cards to connect to mobile networks unless those devices are licensed under the Radio Communications Act.
Blacklist Screening Obligations
Operators are required to refuse registration of additional mobile numbers for individuals listed in technology crime-related databases maintained by the Royal Thai Police.
Restrictions on Use of Thai IP Addresses Abroad
International telecommunications licensees are prohibited from using Thai-registered IP addresses to provide services outside Thailand, except in cases where end users temporarily carry mobile devices abroad.
Data Retention Obligations
Operators must retain personal data relating to active users throughout the service period and for at least 180 days after contract termination.
The categories of retained data are to be limited to information necessary for technology crime investigations, with the scope to be jointly determined by the NBTC Office, the Royal Thai Police, and the relevant telecommunications licensee.
Draft KYC Measures Currently Under Consultation
In addition to the measures already in force, the NBTC Office has proposed a separate set of draft KYC registration and identity verification requirements for telecommunications users. These draft measures would substantially expand the categories of information operators must collect during customer onboarding.
1. Thai Nationals
Operators must record the following personal and usage data:
Personal Information:
- National ID card number
- Full name
- Date of birth
- Address appearing on the national ID card
- Contact address
- Telephone number
Service Usage:
- Service activation date
- Registration location or point of sale
- Type of telecommunications service requested
- Purpose for using the service (through checklist-based forms)
Additional Data:
- Income information (where applicable)
2. Foreign Nationals
Operators must record the following information for non-Thai users:
Personal Information:
- Passport number or government-issued travel document number
- Full name
- Date of birth
- Address appearing on the passport or travel document
- Contact address
- Telephone number
Service Usage:
- Service activation date
- Registration location or point of sale
Additional Requirements:
- Electronic copies of supporting identification documents must be retained
- Registration must generally be conducted in person
3. Juristic Persons
Operators must collect extensive corporate and representative information for juristic person customers.
Corporate Information:
- Commercial registration documents
- Corporate affidavit or certificate of incorporation
- Registered name and address
- Tax identification number
- VAT registration documents (Phor.Por. 20)
- Registered capital information
- Financial statements (where applicable)
Service Usage:
- Name of the contact person or corporate representative
- Service activation date
- Registration location or point of sale
- Type of telecommunications service requested
- Purpose for using the service (through checklist-based forms)
Additional Registration Representative Requirements:
Where registration is conducted directly by an authorized director:
- National ID number
- Address
- Contact address
- Date of birth
- Telephone number
Where registration is conducted through a proxy:
- Power of attorney documentation
- National ID number of the proxy
- Address and contact address
- Date of birth
- Telephone number
For foreign-incorporated entities:
- Appointment of a Thailand-based representative who is a Thai national
- Power of attorney documentation
- Thai representative’s national ID information
- Address and contact details
- Date of birth
- Telephone number
Operational & Compliance Impact on Telecom Operators and MVNOs
The measures that took effect on May 16, 2026. impose significant operational and compliance obligations on mobile virtual network operators (MVNOs) and smaller operators, who may needs to build or redesign onboarding and identity verification systems, integrate screening systems with police databases, implement controls to enforce SIM ownership caps, and review internal data retention frameworks, subject to NBTC approval.
If adopted, the draft KYC measures would further expand onboarding and recordkeeping obligations.
The proposed requirements also raise practical and privacy-related considerations under Thailand’s Personal Data Protection Act (PDPA), especially regarding proportionality, lawful basis, and data minimization principles.
The prohibition on SIM Boxes/Gateway devices may also affect certain IoT deployments and enterprise communications infrastructure unless the relevant equipment is properly licensed under the Radio Communications Act.
Telecommunications licensees should review current compliance frameworks against the newly effective notification and closely monitor developments relating to the proposed KYC measures.
In particular, operators should prioritize:
- Implementation and NBTC approval of identity verification systems;
- Procedures for enforcing foreign-user SIM registration limits;
- SIM box detection and network controls;
- Integration with blacklist screening systems;
- Assessment of data retention practices under both the notification and the PDPA; and
- Preparation for possible expansion of KYC documentation requirements if/when the draft measures are formally adopted.
LATEST MVNO NEWS





