Bank of Thailand flags data portability as missing layer in Thailand’s digital ID ecosystem
Central bank says Thailand’s identity and payments systems are advanced, but fragmented financial data is limiting inclusion and access to credit
The Bank of Thailand is calling for a new data-sharing layer to complete the country’s digital public infrastructure, arguing that while Thailand has successfully built national digital identity and real-time payments systems, the absence of data portability is leaving many users financially invisible.
The central bank’s position, outlined by senior official Daranee Saeju at a recent industry forum in Bangkok, frames Thailand’s digital economy as already anchored by two major components: a national digital identity platform with more than 30 million users and PromptPay, the country’s instant payments system, which has expanded to tens of millions of accounts and processes very high daily transaction volumes.
These systems have enabled broad access to financial services, including remote onboarding and digital payments across much of the population.
However, the Bank of Thailand argues that the system still lacks a third foundational layer: portable, consent-based financial and behavioural data.
Officials describe the current landscape as fragmented across banks, telecom operators, e-commerce platforms, and other service providers, creating what they call “data islands.” In this structure, no single institution can fully see an individual’s economic activity, even when that individual is active in the digital economy.
The practical consequence, according to the central bank, is that some users who regularly participate in digital transactions still struggle to access formal credit.
In one example used by officials, a small-scale entrepreneur who receives digital payments and interacts with government subsidy systems may still be treated as an unknown risk by lenders because their financial history is not portable across institutions.
The Bank of Thailand’s proposed response is a regulated, consent-based data-sharing framework that would allow individuals to control and transfer their own verified financial data between institutions.
Under this model, transaction histories and other relevant records could function as portable financial credentials, potentially improving credit assessment and widening access to loans and other services.
Officials also link the proposal to financial system safety, arguing that fragmented data limits the ability of institutions to detect fraud patterns, particularly as AI-driven financial scams become more sophisticated.
A shared but consent-governed infrastructure, they argue, could improve both inclusion and risk monitoring.
The central bank has already begun advancing supporting initiatives, including a national “Your Data” program designed to set standards for consent-based data exchange and a digital loan documentation system intended to replace paper-based verification with digital transaction records.
What remains unresolved is how quickly such a system can be implemented, how interoperability across private and public databases will be enforced, and how privacy and data ownership safeguards will be operationalised in practice.
While the institutional direction is clear, the technical and regulatory architecture for nationwide data portability is still under development.
The central bank’s position, outlined by senior official Daranee Saeju at a recent industry forum in Bangkok, frames Thailand’s digital economy as already anchored by two major components: a national digital identity platform with more than 30 million users and PromptPay, the country’s instant payments system, which has expanded to tens of millions of accounts and processes very high daily transaction volumes.
These systems have enabled broad access to financial services, including remote onboarding and digital payments across much of the population.
However, the Bank of Thailand argues that the system still lacks a third foundational layer: portable, consent-based financial and behavioural data.
Officials describe the current landscape as fragmented across banks, telecom operators, e-commerce platforms, and other service providers, creating what they call “data islands.” In this structure, no single institution can fully see an individual’s economic activity, even when that individual is active in the digital economy.
The practical consequence, according to the central bank, is that some users who regularly participate in digital transactions still struggle to access formal credit.
In one example used by officials, a small-scale entrepreneur who receives digital payments and interacts with government subsidy systems may still be treated as an unknown risk by lenders because their financial history is not portable across institutions.
The Bank of Thailand’s proposed response is a regulated, consent-based data-sharing framework that would allow individuals to control and transfer their own verified financial data between institutions.
Under this model, transaction histories and other relevant records could function as portable financial credentials, potentially improving credit assessment and widening access to loans and other services.
Officials also link the proposal to financial system safety, arguing that fragmented data limits the ability of institutions to detect fraud patterns, particularly as AI-driven financial scams become more sophisticated.
A shared but consent-governed infrastructure, they argue, could improve both inclusion and risk monitoring.
The central bank has already begun advancing supporting initiatives, including a national “Your Data” program designed to set standards for consent-based data exchange and a digital loan documentation system intended to replace paper-based verification with digital transaction records.
What remains unresolved is how quickly such a system can be implemented, how interoperability across private and public databases will be enforced, and how privacy and data ownership safeguards will be operationalised in practice.
While the institutional direction is clear, the technical and regulatory architecture for nationwide data portability is still under development.
