Thailand’s New Biometric SIM Registration: A Hurdle for Foreign eSIM Providers?

As Thailand implements its new mandatory “liveness detection” for SIM registration today (August 18, 2025), the move raises questions regarding foreign eSIM providers.

While the National Broadcasting and Telecommunications Commission (NBTC) has lauded the initiative as a crucial step towards enhanced consumer protection, details regarding its implications for international eSIM businesses remain conspicuously absent.

The new regulation, mirroring security measures already in place for Thai financial institutions, will require all new prepaid and postpaid SIM registrations, as well as existing users changing SIMs, to undergo real-time liveness detection verification.

This involves photo and video checks with liveness detection technology, ensuring the individual registering is physically present and not utilizing static images or manipulated media.

The NBTC emphasizes the use of AIS and TRUE’s app, service centers, and authorized dealers for this process.

Both AIS and TRUE possess a gigantic physical infrastructure across the country and have the resources to integrate the necessary biometric technology into their existing applications and retail processes. Indeed, all of the NBTC’s communication surrounding the implementation has only focused on how these two major domestic players will adapt.

However, the same level of clarity and guidance has not been extended to MVNOs who have all ceased operation this month – or to the vast array of foreign eSIM providers who have carved a niche by offering convenient plans to tourists and business travelers visiting Thailand.

These providers typically operate entirely online from abroad, allowing customers to purchase and activate eSIMs remotely, often before even setting foot in the country.

The critical question is: Will the new biometric registration mandate also apply to foreign eSIM providers? If it does, they face a significant logistical and technological hurdle.

There is no mention at the NBTC about any API or requirement to get one. All information is only focused on AIS and TRUE.

The “physical presence” for registration in the information from the NBTC would necessitate a radical shift in the business model for foreign eSIM providers.

How would a traveler purchase an eSIM online from a foreign company and then undergo biometric verification while still abroad? Would these providers need to establish physical registration points within Thailand? Would they need to set up a local company in order to get access to the API (if such exists)?

Conversely, if the biometric mandate is solely enforced on locally registered SIM cards, including those offered by AIS and TRUE, a glaring loophole emerges.

People (scammers, terrorists or not) could simply opt to purchase an eSIM from an overseas provider before or upon arrival, completely circumventing the enhanced security measures intended by the NBTC.

What then would be the true purpose of this initiative if a simple workaround exists through internationally available eSIMs?

The silence from the NBTC regarding the specific requirements for foreign eSIM providers is deafening. This lack of inclusive communication shows what many already know, that the regulator’s primary focus remains on AIS and TRUE, overlooking the burgeoning role of international eSIM services – or local MVNOs for that matter.

While the intention to enhance security is commendable, a fragmented approach that doesn’t address other providers creates an uneven playing field, undermining the effectiveness of the new measures.

For both MVNO license holders and foreign eSIM businesses, the implications are profound. If compliance is required, they face potentially costly investments in technology, setup and infrastructure, or the necessity of forming partnerships with local entities to facilitate in-person verification – which are often owned by the same shareholders as those of TRUE.

Without clear guidelines, these providers are left in limbo, unsure how to adapt their services to the regulations that started today. Ultimately, for Thailand’s biometric SIM registration to be truly effective in combating fraud and enhancing security, the NBTC must provide comprehensive guidance that encompasses all SIM providers, including those operating internationally.

Failure to do so risks creating a system that is both easily circumvented and unfairly burdensome, stifling competition even more (if even possible) and leaving security gaps unaddressed. Clarity for all stakeholders is urgently needed.

The lack of clarity is particularly problematic given Thailand’s status as a core market for many foreign eSIM providers. The kingdom has long been one of the world’s most popular tourist destinations, attracting millions of visitors annually.

While the tourism sector has faced recent challenges, including a notable decline in foreign arrivals in 2025 and intensified competition from regional rivals, the sheer volume of travelers ensures that a significant segment of the market relies on convenient and affordable connectivity solutions.

For foreign eSIM providers, who have built their business model on catering to this demand, the ambiguous regulations pose a direct threat to their operations in a country that is, and must remain, central to their business strategy.

Since 2013, the NBTC has repeatedly changed and tightened SIM card registration rules.

First to “enhance national security,” specifically in the restrictive south, until realizing terrorists were switching to Malaysian SIMs over Thai SIMs for remote bomb detonations.

Then it switched to be about combating fraud, and now about “protecting users.” The NBTC has, in fact, changed, refined, and added to SIM registration rules many times, always affecting the end-users (not the operators) and often in a layered and phased approach, making it difficult to pinpoint an exact number of times.

Here is a timeline of the key changes:

2015: The First Major Mandatory Re-registration. This was a large-scale campaign that required all SIM cards to be linked to a user’s ID card or passport. The goal was to establish a formal database of all users.

2017: Enforcement with Fingerprints (for some). The NBTC introduced a rule that required a fingerprint scan for the registration of new SIM cards in the southern border provinces. This was a targeted security measure aimed at preventing the use of SIMs for illicit activities in that region.

2023: New Rules on Multiple SIMs. The NBTC announced new regulations targeting individuals with more than five SIM cards. This move required these users to re-register their SIMs again and verify their identity again, specifically aiming to crack down on large-scale fraud operations and scams that use “mule SIMs.”

2024: The “Set Zero” Campaign. The NBTC initiated a major re-registration campaign again, this time for mobile banking users (almost everyone in Thailand) whose registered names did not match their mobile banking accounts. This was a direct precursor to the more recent biometric mandate.

2025: Biometric Liveness Detection. This is the latest and most stringent measure, mandating real-time biometric verification for all new SIM registrations and for existing users changing SIMs.

In summary, there has been at least five distinct periods of significant change or re-registration mandates by the NBTC since 2013, with a clear trend toward stricter and more technologically advanced methods of user verification.

Interestingly, none of these have focused on the operators having to do anything but millions of end-users instead, despite many mule accounts and scammers getting SIMs directly from the operators bypassing the existing measures.