Corporate
Cambodia’s New Nursery Management Sub-Decree: What Operators and Parents Need to Know
Feb 11, 2026 · by Soromnear
Read more
Aside from the transnational consequence of online scam centers, in 2025 alone, online scams reportedly caused Cambodian citizens to lose over USD 45 million, with some cases leading to serious psychological consequences.[1] As a response, Cambodia has introduced a new law on technology-enabled fraud, significantly expanding enforcement powers and increasing legal exposure for both individuals and businesses operating in digital spaces.
At its core, the law targets deception carried out through technology. This includes the use of online platforms, social media, and digital payment systems to obtain money, property, services, or other benefits through dishonest means. However, the law goes further than simply criminalizing fraud itself—it also captures the wider ecosystem that enables it.
For example, the following activities are now explicitly covered:
- Organizing or leading fraud networks or “fraud centers”;
- Recruiting or training individuals to participate in fraud; and
- Collecting or using personal data (such as IDs or passports) for fraudulent purposes.
This broader scope means that early-stage or indirect involvement can still attract serious legal consequences.
Another key development is the expansion of liability beyond individuals. Businesses can now be held criminally responsible if fraud is committed through their systems or platforms or for their benefit. This creates real risk for companies operating in digital environments, particularly those that facilitate user interactions or handle financial transactions.
Extraterritorial Application
One of the most important features of the law is its extraterritorial reach. A company does not need to be physically present in Cambodia to be affected. The law may apply if:
A. A Cambodian user is involved (as a victim or perpetrator);
B. Funds move into or out of Cambodia; or
C. Cambodian banking or financial infrastructure is used.
In practical terms, this means that foreign businesses—such as online platforms, payment providers, and service-based companies—can fall within the scope of Cambodian law simply through their digital footprint.
From an operational perspective, the implications are significant. Companies that host user-generated content or facilitate transactions must consider whether their systems could be used for fraudulent purposes. Weak monitoring, poor verification processes, or gaps in internal controls may expose the business to scrutiny—even where there is no intentional wrongdoing.
Data handling is also becoming a high-risk area. Businesses that collect and store customer information must ensure that such data cannot be misused to create fraudulent accounts or schemes. In addition, authorities now have the power to act quickly, including freezing suspicious transactions for up to 48 hours and ordering the seizure of assets linked to fraud. This increases the importance of real-time monitoring and early detection.
In light of these developments, businesses should take proactive steps to reduce exposure. This includes reviewing internal policies and compliance frameworks; strengthening employee awareness and reporting mechanisms; updating contracts to address fraud-related risks with vendors and partners; and monitoring transactions and digital activity more closely.
Ultimately, this law reflects a broader shift: digital activity is now borderless when it comes to legal risk. As businesses become more connected, the expectation to manage risk responsibly has become a core part of operating in today’s environment.
At Din & Co, we are happy to help businesses assess their exposure, strengthen their compliance systems, and navigate the legal risks of operating in an increasingly digital and cross-border landscape.
Contact Our Expert Team
SIN Soromnear
Co-Principal
Related Articles
Corporate
Corporate