Insight

Reference

·

Supporting source

PDPA and physical-cyber convergence compliance spend

~THB 4-6B incremental (2023-2024)

As ofIncremental 2023-2024 compliance spend·Sources4·Supporting

Thailand's Personal Data Protection Act (PDPA), in force June 2022, drove an estimated incremental THB 4-6 billion in 2023-2024 compliance and physical-cyber convergence spend across the FM and security operator base per Electronic Transactions Development Agency (ETDA) tracking and industry interviews. The bulk landed in upgrading access-control systems to log-and-retain visitor PII, replacing analogue CCTV with cyber-hardened IP cameras, segregating BMS (Building Management System) networks from corporate IT under IEC 62443 zoning, and stand-up of in-house DPO (Data Protection Officer) functions or outsourced DPO-as-a-service contracts. NIST CSF 2.0 alignment and ISO 27001 certification became contractual prerequisites at top-tier mall, hospital, and data-centre clients.

Download CSV ↓Compare plans →

Figure in context

Thailand's Personal Data Protection Act (PDPA), in force June 2022, drove an estimated incremental THB 4-6 billion in 2023-2024 compliance and physical-cyber convergence spend across the FM and security operator base per Electronic Transactions Development Agency (ETDA) tracking and industry interviews. The bulk landed in upgrading access-control systems to log-and-retain visitor PII, replacing analogue CCTV with cyber-hardened IP cameras, segregating BMS (Building Management System) networks from corporate IT under IEC 62443 zoning, and stand-up of in-house DPO (Data Protection Officer) functions or outsourced DPO-as-a-service contracts. NIST CSF 2.0 alignment and ISO 27001 certification became contractual prerequisites at top-tier mall, hospital, and data-centre clients.

Thailand's Personal Data Protection Act (PDPA), in force June 2022, drove an estimated incremental THB 4-6 billion in 2023-2024 compliance and physical-cyber convergence spend across the FM and security operator base per Electronic Transactions Development Agency (ETDA) tracking and industry interviews. The bulk landed in upgrading access-control systems to log-and-retain visitor PII, replacing analogue CCTV with cyber-hardened IP cameras, segregating BMS (Building Management System) networks from corporate IT under IEC 62443 zoning, and stand-up of in-house DPO (Data Protection Officer) functions or outsourced DPO-as-a-service contracts. NIST CSF 2.0 alignment and ISO 27001 certification became contractual prerequisites at top-tier mall, hospital, and data-centre clients.

Time scope

Incremental 2023-2024 compliance spend

Source basis

Supporting source

Interpretation notes

What this tells you

Thailand's Personal Data Protection Act (PDPA), in force June 2022, drove an estimated incremental THB 4-6 billion in 2023-2024 compliance and physical-cyber convergence spend across the FM and security operator base per Electronic Transactions Development Agency (ETDA) tracking and industry interviews. The bulk landed in upgrading access-control systems to log-and-retain visitor PII, replacing analogue CCTV with cyber-hardened IP cameras, segregating BMS (Building Management System) networks from corporate IT under IEC 62443 zoning, and stand-up of in-house DPO (Data Protection Officer) functions or outsourced DPO-as-a-service contracts. NIST CSF 2.0 alignment and ISO 27001 certification became contractual prerequisites at top-tier mall, hospital, and data-centre clients.

What not to do with it

Incremental capex plus operating spend over a normalised pre-PDPA baseline. Excludes pure-IT cybersecurity spend not tied to physical security or BMS systems.

Related figures

Adjacent numbers that add context without drowning the value.

2020-2024 (NESDC and DBD series)
~THB 145B (2024)

Thailand security and facility management sector revenue (2020-2024)

Department of Business Development, NESDC service-sector accounts, Association of Security Industry of Thailand, Thailand Facility Management Association

2024 contracted revenue share
Top-5 ~32-35%

Thailand security and FM operator market share

ASIT operator disclosures, TFMA membership filings, ISS/Sodexo/Compass/Securitas Thailand company filings, industry interviews

2024 registered headcount
~480,000-520,000 guards

Thailand licensed security guard headcount

Royal Thai Police Security Guards Registration Division, Association of Security Industry of Thailand, Ministry of Labour wage surveys

2020-2024
~THB 36B (2024)

Thailand commercial cleaning services revenue (2020-2024)

Thailand Facility Management Association, NESDC service-sector accounts, DBD operator filings

2024 FM addressable spend mix
Office and retail ~52%

Thailand FM addressable spend by property type

TFMA membership data, CBRE Thailand commercial property research, JLL Thailand FM tracking, NESDC

Cumulative active IBC approvals as of FY2024
~85-95 active IBC FM-adjacent projects

BOI IBC and supportive-services project approvals

Thailand Board of Investment, BOI Annual Report, industry interviews

Report context

Thailand Security & Facility Management Services Market Intelligence

Thailand's security and facility-management services (SFMS) sector generates ~THB 110-120B in annual spend across manned guarding, integrated facility management, commercial cleaning, technical and HVAC maintenance, and a fast-growing security-technology overlay. ISS Thailand, Sodexo, OCS Group, Compass and Rentokil Initial anchor the international 3PL side; G4S (Allied Universal) and Securitas dominate cross-border guarding; CPN Maintenance, Siam Piwat, One Bangkok and ICONSIAM run captive FM desks; PDPA, BOI IBC 7.7-7.9 and the Security Guard Business Act B.E. 2558 (2015) shape the licensing perimeter.

Open report →

PDPA and physical-cyber convergence compliance spend · Insight