Thai FDA
Thailand — Thai FDA
Medical Device Act B.E. 2562 + Thai FDA cybersecurity expectations
Authority
Food and Drug Administration, Thailand, Medical Device Control Division
Enforced
2021 (revised MD Act)
Legal framework
Medical Device Act B.E. 2562 + PDPA Thailand + ETDA guidance
Scope
All medical devices marketed in Thailand. Cybersecurity guidance applies to SaMD and connected devices.
Pre-market
Risk-class proportional dossier following ASEAN CSDT; FDA / CE approvals accepted as supporting evidence.
Post-market
Adverse-event reporting, software change notifications.
SBOM
RecommendedEncouraged but not mandated.
Vulnerability disclosure
ThaiCERT coordinated disclosure encouraged.
Penalty
Licence suspension, fines, criminal liability under MD Act and PDPA.
Unique requirements
- 01Thai Authorised Representative
- 02Thai-language labelling and IFU
- 03Establishment licence prerequisite
Highlights
- ASEAN CSDT template alignment
- PDPA Thailand effective 2022
- FDA / CE approvals accepted
Aligns with
Timeline
-
2019
Medical Device Act B.E. 2562 enacted
-
Jun 2022
PDPA full enforcement
-
2023
Cybersecurity expectations clarified
Key documents
Related markets
Frequently asked about Thailand
Is SBOM required for medical devices in Thailand?
Recommended. Encouraged but not mandated.
What does Thai FDA require for pre-market cybersecurity?
Risk-class proportional dossier following ASEAN CSDT; FDA / CE approvals accepted as supporting evidence.
What are the post-market cybersecurity obligations under Thai FDA?
Adverse-event reporting, software change notifications.
What is the penalty for non-compliance with Thai FDA cybersecurity rules?
Licence suspension, fines, criminal liability under MD Act and PDPA.
How much of my FDA cybersecurity package is reusable in Thailand?
Roughly 75% — an editorial estimate based on overlapping evidence requirements (threat model, SBOM, security risk assessment, pen-test report).