Under the Cybersecurity Act B.E. 2562 (2019), a Regulator refers to a government agency,
private entity, or individual legally assigned the authority and responsibility to supervise
or regulate the operations of government agencies or Critical Information Infrastructure (CII).
Relevant sections of the Cybersecurity Act concerning Regulators are listed below.
Assigns regulatory authorities to establish rules, responsibilities, and operational frameworks for cybersecurity management across government agencies and Critical Information Infrastructure.
Defines the duties of CII organizations and regulators, including establishing appropriate cybersecurity standards.
Empowers the committee to designate sectors such as national security, finance, transportation, energy, healthcare, and ICT as Critical Information Infrastructure.
Regulators must inspect cybersecurity standards of CII organizations and notify them to correct deficiencies.
CII organizations must conduct cybersecurity risk assessments and audits at least once per year.
When a significant cyber threat occurs, CII organizations must report it to the relevant authority and regulator.