You're Already Using AI.
But Is Your Business Safe?
Every day your staff types client data into ChatGPT, you're risking a PDPA violation without knowing it. Kooru TrustAI helps you use AI safely, systematically, and without fear of legal consequences — from Day One all the way to Enterprise.
Find the Right Package for Me →The Invisible Risks —
A Silent Crisis in Business
This isn't just a technical issue. It's about legal accountability, reputation, and the survival of your business in the AI era.
Staff Use ChatGPT Without Any Policy
Patient records, client data, and trade secrets are leaked daily without anyone knowing. PDPA fines reach up to 5 million THB.
Not Sure If Your AI Use Is Even Legal
Images, articles, and code generated by AI — can they actually be used commercially? Use them wrong and copyright lawsuits can follow at any time.
No Visibility Into What AI Tools Staff Are Using
Shadow AI refers to tools employees use without approval — the biggest blind spot in your organization, invisible to the naked eye, and a serious legal liability.
Clinics Using AI Diagnostics Risk More Than They Think
Uncertified AI medical tools used without proper patient consent leave doctors personally liable for all outcomes.
You Have an 'AI Policy' — But Nobody Follows It
A beautifully written document sitting in a folder no one opens is not real AI Governance. You need a system with enforceable, measurable results.
No AI Law in Thailand Yet — But the EU AI Act Is Coming
If your business serves European clients or uses European technology, the EU AI Act already applies to you — whether you know it or not.
One Investment.
Lasting Risk Protection.
Wherever you are in your AI journey — just starting out or building your own AI system — there's a package designed specifically for you.
Gap Analysis
- ✦ Full AI Readiness Survey
- ✦ Clear gap identification with 🔴🟡🟢 scoring
- ✦ 3-dimension analysis: PDPA + IP Law + ISO 42001
- ✦ Initial AI Tool Inventory of all tools in use
- ✦ Top 3 Priority Actions to take immediately (WHAT / WHY / HOW)
- ✦ 30-minute consultation call to walk through the report 1-on-1
Know exactly where your organization stands in AI Governance within 72 hours — instead of guessing and risking PDPA fines that are hundreds of times higher than 7,900 THB.
- → SMEs using AI with no existing policies at all
- → Clinics concerned about PDPA and patient data
- → Businesses wanting an "AI health check" before investing further
System Setup
- ✦ AI Acceptable Use Policy (AUP) — signed and ready to deploy
- ✦ AI Tool Inventory Register — full visibility of all tools in your org
- ✦ AI Risk Assessment Register with 4-dimension Scoring Matrix
- ✦ Staff Training (90 min) + Training Records usable as legal evidence
- ✦ Updated Privacy Notice / Consent Form for AI use
- ✦ AI Governance SOP Manual (7-chapter internal operations guide)
- ✦ Quick Reference Desk Cards (print-ready)
- ✦ 90-Day Action Roadmap + Final Handover Meeting
Your organization gets a truly working AI Governance system — if audited by PDPC or faced with litigation, you'll have documentation proving you've done everything correctly.
- ✦ Clinical AI Risk Assessment for clinics
- ✦ Verification of FDA/CE/Thai FDA certification for AI medical tools
- ✦ Patient Consent Form for AI-assisted care
Governance
- ✦ Establish an AI Ethics & Governance Committee
- ✦ Complete AI Policy Suite (AUP + Ethics + Procurement + Incident Response)
- ✦ Quarterly AI Governance Audit (4x per year)
- ✦ 🌐 Network Audit by NetBright (Cisco Gold Partner)
- ✦ Vendor Contract Review — DPA and liability clauses for all vendors
- ✦ Detailed Data Supply Chain Mapping
- ✦ On-call Incident Support (4-hour SLA)
- ✦ Monthly Regulatory Watch Report
Kooru + NetBright prove your policy is actually enforced in your network using Cisco Secure Network Analytics to detect Shadow AI traffic invisible to the naked eye — no one else in Thailand offers this.
- → Organizations of 50+ using AI in core processes
- → Businesses building AI products or deeply integrating AI
- → Healthcare with multiple branches or needing DPO-as-a-Service
Why Kooru TrustAI
Is Unlike Anything Else on the Market
Governance + Network = Proven Real
Most consultants can only offer paper policies. We prove yours is actually enforced in your network with a Cisco-powered audit through NetBright.
100% Thai Context Expertise
Thai PDPA ≠ EU GDPR. Thai healthcare complexity. Thai corporate culture. We design solutions that genuinely work in this specific context.
Real Deliverables, Not Just Slides
Every package includes tangible deliverables: policy documents, risk registers, training records — all usable as legal evidence if you're ever audited.
Fast and Measurable
Package 1 done in 3 days. Package 2 in 20 days. Not a 6-month project with nothing to show. Every phase has clear, trackable milestones.
Healthcare-Grade Expertise
We understand the complexity of Clinical AI, sensitive health data, and patient consent — details that other consultancies consistently overlook.
Built to Scale with You
Start at Package 1, grow to 2, then 3. No need to start over each time. Every package builds on the last, growing with your business.
From 'Not Knowing Your Risks'
to 'A Safe AI System'
Simple and streamlined. Designed for SMEs without a dedicated IT team — no documents required in advance.
Complete the AI Readiness Survey (30 minutes)
After payment, you'll receive a survey link immediately. No documents required in advance — just answer honestly about how your business currently operates.
We Analyze and Deliver Your Report Within 48 Hours
Every answer is reviewed against PDPA, IP Law, and ISO 42001, then compiled into an easy-to-read Traffic Light Report.
30-Minute Consultation Call — Walk Through It Together
We don't just email you a PDF and disappear. We sit down together to explain your Top 3 Actions — what to do, how to do it, and who's responsible.
Fix It Yourself or Upgrade to Package 2
If you'd like us to handle the implementation, Package 2 is the logical next step. If you prefer the DIY route, we provide a complete checklist to guide you.
Every Day You Wait Is Another Day at Risk
AI doesn't wait for you to be ready. Neither does the law. Start with a Gap Analysis at 7,900 THB — that's 100x less than the minimum PDPA fine.
📩 Contact Us Today Start with Package 1 →Every Question You Want to Ask
Before You Decide
Straightforward answers about AI Governance, PDPA, and Kooru TrustAI services — no jargon, no runaround.
AI Governance is the system and policies that define how your organization uses AI in a safe, responsible, and legally compliant manner — covering which tools employees may use, what data may be entered into AI, and whether AI usage aligns with PDPA and related laws.
For Thai SMEs, the greatest risk is employees feeding customer data or trade secrets into AI tools without any governing policy — potentially leading to PDPA fines of up to 5 million THB per case — hundreds of times the cost of our service.
Yes — especially if employees use ChatGPT to handle customer-related data. Under PDPA Section 26, sending health, personal, or financial data into a third-party AI constitutes personal data processing and requires a proper legal basis.
Not sure how much risk your organization carries? Start with:
📋 Package 1: Gap Analysis 💰 7,900 THB ⚡ 3 Days
You'll receive a Traffic Light Report that clearly shows your risks and exactly what to address first.
Package 1 is the "Diagnosis" — understand exactly where your organization has gaps, with your Top 3 Priority Actions included.
📋 Gap Analysis 💰 7,900 THB (reg. 19,900) ⚡ 3 Business Days
Package 2 is the "Treatment" — actually building a complete AI Governance system within your organization. You receive a full set of 8 documents that serve as evidence in the event of an audit or inspection.
🏗️ System Setup 💰 59,000 THB (reg. 99,000) ⚡ 20 Business Days
Most clients start with Package 1 and upgrade to Package 2 after seeing the report — both packages build on each other with no duplication of work.
Health data is classified as Sensitive Personal Data under PDPA Section 26, carrying a higher level of protection than ordinary data. Key risks for healthcare organizations include:
- ▸ Doctors or nurses entering patient records into personal ChatGPT accounts
- ▸ Using AI for diagnosis without Thai FDA, CE, or FDA approval
- ▸ No Informed Consent disclosing AI use in the treatment process to patients
- ▸ No protocol for managing AI errors that directly affect patient outcomes
Kooru TrustAI includes a Healthcare-Specific Assessment within Package 2 and Package 3 at no additional cost.
Package 2 is a time-bounded project that wraps up in 20 business days. Package 3 is an Ongoing Partnership that continuously maintains your organization's AI Governance system.
Key differentiators in Package 3:
- ▸ Live Network Audit using Cisco Secure Network Analytics with NetBright (Cisco Gold Partner) — detecting invisible Shadow AI traffic
- ▸ Quarterly Joint Audits every 3 months across both governance and network layers
- ▸ Vendor Contract Review — examining DPA and liability clauses for every vendor you use
- ▸ On-call Incident Support with a 4-hour SLA
💎 Premium Partnership 📞 Free 30-Min Discovery Call 🚫 No Commitment
Shadow AI refers to AI tools that employees use on their own without organizational approval — such as using a personal ChatGPT account for work tasks or trying new AI tools without management's knowledge.
The danger: your organization has no way of knowing what data was sent out, no Data Processing Agreement exists with the vendor, and your data may be used to train AI models without consent.
How Kooru detects Shadow AI:
- ▸ Package 2 — AI Tool Inventory Survey covering every person in the organization, not just asking management
- ▸ Package 3 — NetBright detects Shadow AI at the network layer using Cisco Secure Network Analytics, proven by traffic data — not just employee recall
PDPA is Thai law already in force — violations carry both civil and criminal penalties. It covers data subjects' rights and the obligations of personal data controllers.
ISO 42001:2023 is the international standard specifically for AI Governance — spanning Risk Assessment, AI Policy, Monitoring, and Continuous Improvement. It is not mandated by Thai law, but it is the best framework for building a comprehensive system.
Simply put: PDPA says "what you cannot do" — ISO 42001 says "how to do it well." Kooru TrustAI uses both as the foundation for analyzing and designing systems across every package.
Absolutely — Kooru TrustAI is designed specifically for SMEs without an IT team.
- ▸ Packages 1 and 2 require no special IT infrastructure — simply complete a questionnaire and attend a training session
- ▸ For Package 3's technical complexity, NetBright (Cisco Gold Partner) handles the entire technical layer on your behalf
Every deliverable is immediately actionable — no IT knowledge required. We write for people, not engineers.
Not always — you must check the Terms of Service of each AI tool before every use.
- ▸ Some AI tools grant full commercial use rights
- ▸ Others restrict commercial rights to paid plans only
- ▸ Some carry copyright risk from training data that may expose you to claims by original rights holders
Under Thailand's Copyright Act B.E. 2537, this risk is real and actionable. The Gap Analysis in Package 1 identifies which AI tools your organization uses and where IP risks lie.
Nothing to prepare in advance — start immediately after payment. Here is the timeline for each package:
Complete a 30-min questionnaire → receive report within 3 business days → 30-min Zoom call. Your total time commitment: approx. 1 hour.
2-hour Kickoff Meeting + 90-min Training Session. We handle everything else. Full system delivered within 20 business days.
Schedule a free 30-min Discovery Call with no commitment to design a scope tailored specifically to your organization.
Designed for reliability. Built on standards.
