ThaiBev
ThaiBev’s Sustainability 2025
Home / Governance & Economic
Artificial Intelligence

Data Security
and Privacy

Artificial Intelligence
Generative AI is an advanced artificial intelligence technology capable of creating a wide range of new content, such as text, images, reports, designs, and software code, by learning from vast amounts of data. This technology drives innovation and enhances organizational efficiency through capabilities such as summarizing large volumes of information, drafting professional documents, supporting creative thinking, and automating repetitive processes.

However, the adoption of Generative AI also entails significant risks, including cybersecurity threats, personal data protection issues, data accuracy concerns, intellectual property risks, and uncertainties arising from evolving legal and regulatory frameworks. Therefore, organizations and users must be aware of the need for responsible use, with due consideration given to security, compliance, and ethical principles, in order to fully realize the benefits of Generative AI while maintaining organizational trust and long-term sustainability.
Management Approach

The organization recognizes the role of Generative AI in driving innovation, enhancing operational efficiency, and strengthening competitiveness, while also acknowledging the associated risks related to cybersecurity, personal data protection, ethics, and compliance with applicable laws and regulations. To ensure that the adoption and use of Generative AI are appropriate and sustainable, the organization has established an AI Policy and AI Guideline as the primary governance framework for the development, procurement, and use of AI technologies within the organization.

The organization’s AI Policy defines key principles of transparency, accountability, security, and respect for individual rights. It requires that the use of AI must not violate personal data protection, intellectual property rights, or cause adverse impacts on stakeholders. The AI Guideline serves as a practical reference for employees and relevant parties, covering permitted and prohibited uses of AI, the protection of confidential and personal data, the validation of AI-generated outputs, and the avoidance of overreliance on AI without appropriate human judgment.

AI governance is integrated into the organization’s overall risk management, information technology, and cybersecurity frameworks. This includes conducting risk assessments prior to AI deployment, ensuring oversight by relevant functions, and regularly monitoring and reviewing AI usage. In addition, the organization promotes communication, awareness, and training to educate employees on the responsible use of Generative AI, ensuring that such technologies are leveraged to support business objectives while adhering strictly to ethical standards, security requirements, and legal and regulatory obligations.

AI Policy : https://sustainability.thaibev.com/download/ai_en.pdf
Key Projects
1. Control of Access to Sensitive AI Capabilities
The company clearly defines and enforces limitations on access to sensitive AI capabilities. The AI IT Support Center is designed to be used exclusively for answering questions and providing recommendations related to IT support and troubleshooting. Sensitive AI capabilities, such as facial recognition or surveillance, are not enabled in order to prevent violations of privacy.
Systematic access control measures are implemented as follows:
  • Role-Based Access Control (RBAC): Access rights are defined based on roles, separating general users, system administrators, and developers. Administrative AI access is strictly limited to five (5) administrators. Approximately 3,000 system users (employees) access the system via Microsoft Single Sign-On (SSO) for user control and management.
  • Authentication Controls: Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are enforced for system administrators.
  • Data Access Limitation: AI access is restricted to the IT Support knowledge base only, with no connection to personal data or sensitive information. The knowledge base comprises approximately 500 IT support manuals.
  • Audit Logging: All AI usage activities are logged and monitored through audit logs.
  • Approval Process: A formal approval process is required prior to any changes to AI models or the integration of additional systems.
  • Periodic Access Review: User access rights are reviewed on a quarterly basis to ensure compliance with the principles of Least Privilege and Zero Trust.
2. Labeling and Transparency of AI-Generated Content and AI-Driven Decisions
The company has established clear guidelines for labeling and transparency of AI-generated content and outcomes of AI-driven decisions. AI-generated outputs are clearly labeled by defining specific categories of responses that require an explicit AI disclosure, including:
  • IT troubleshooting recommendations
  • Responses that may affect the operation of critical systems, such as SAP, VPN, and email
  • Responses automatically generated based on the knowledge base
  • Responses that carry a higher risk of error or potential impact on users
In all such cases, a clear disclosure message is displayed, for example: “This response is generated by the AI IT Support Assistant. Please verify before proceeding.” Exceptions are defined for low-risk, general responses, such as basic FAQs, where an abbreviated form of labeling may be applied. Standardized labeling templates are established, and usage logs are maintained to enable traceability and retrospective review.

For every labeled response, users are provided with an immediate channel to appeal or report incorrect outcomes, such as a “Report / Appeal” button, which routes the case to IT Support personnel for review and correction. All reported cases are recorded and used to continuously improve the AI system. Currently, the AI IT Support Assistant resolves approximately 70% of total tickets, while the remaining 30% are escalated to IT staff for further handling.

3. Monitoring and Remediation of AI Model Performance Degradation
Mechanisms are established to detect and address changes or degradation in AI model performance over time. This is achieved through systematic monitoring of AI performance and model drift, including the following measures:
  • Definition of Key Performance Indicators (KPIs) and data sources, such as accuracy, response quality, user feedback, and data derived from the appeals process, to monitor AI performance.
  • Continuous data collection and analysis to identify error patterns and detect model drift or performance degradation.
  • Corrective and improvement actions, including updates to the knowledge base, model adjustments, and reviews by the IT and AI Governance teams, with ongoing post-implementation monitoring as part of a continuous improvement process.
  • Target accuracy: ≥ 85%
  • Log review: 1,000 AI queries reviewed per month
  • Knowledge base updates: conducted every three months
4. Fairness and Bias Assessment of AI Systems
AI models that have been deployed are regularly assessed for fairness and bias through a systematic evaluation of AI outcomes and fairness considerations. This includes the following measures:
  • Definition of fairness assessment criteria and Fairness KPIs, such as the consistency of responses to identical questions from users with different roles, and the identification of factors that may lead to bias.
  • Continuous collection and analysis of AI outcomes, including data from user feedback and the appeals process, to identify and assess risks related to inequality or bias (Bias Detection & Analysis).
  • Corrective and improvement actions, such as model adjustments, knowledge base updates, and reviews by the IT and AI Governance teams. An appeals process is also implemented, with human review of submitted cases, and the outcomes are used to continuously improve the AI system (Continuous Improvement).
  • Testing of 50 scenarios per quarter
  • Biannual reviews by the IT Governance team (twice per year)
5. Reducing the Environmental Impact of AI
The company has established guidelines, either internally or in collaboration with suppliers, to systematically reduce the environmental impact of AI usage, particularly with respect to AI data centers and models. The approach includes the following measures:
  • Selection of cloud service providers and data centers that have energy-efficiency policies and support the use of renewable energy.
  • Design and selection of AI models that are appropriate for the intended use cases (right-sizing models) in order to minimize unnecessary resource consumption and control compute usage.
  • Monitoring and reporting of AI system resource consumption, such as energy usage and processing volume, with the data used to drive continuous improvement and ensure alignment with the organization’s sustainability objectives.
  • Reduction of manual IT support tickets by 40%
  • Reduction of PC usage by support staff by approximately 2,000 hours per year
6. Appeals Process for AI Outcomes
The company has established a systematic appeals process to enable users or affected parties to contest AI-generated outcomes. The process includes the following elements:
  • An appeals channel within the system, such as a “Report / Appeal” button
  • Automatic ticket creation and routing to the IT Support team
  • Human-in-the-loop review, ensuring that appeals are assessed by qualified personnel
  • Defined service level agreements (SLAs) for response times, for example, within four (4) hours
  • Communication of review outcomes back to users
  • Utilization of appeals data to continuously improve AI models and the knowledge base
  • Approximately 200 feedback or appeal cases received per month
  • Response SLA: within 4 hours
7. Measurement of AI Sustainability Impact
The company has established a systematic AI Impact Monitoring and Reporting System to track and report the impacts of AI usage. This includes the following elements:
  • Definition of key performance indicators (KPIs) and monitoring scope, such as issue resolution time, the number of tickets handled by AI, and user satisfaction levels.
  • Continuous collection and analysis of AI usage data through logs and dashboards to assess both operational efficiency and sustainability outcomes.
  • Preparation of monthly or quarterly reports for management review, with insights used to continuously improve AI systems and practices (Continuous Improvement).
  • Approximately 10,000 IT support tickets per year
  • AI reduces average response time from 30 minutes to 5 minutes
8. Employee Training on Ethical and Secure Use of AI (AI Training)
The company has established a systematic appeals process to enable users or affected parties to contest AI-generated outcomes. The process includes the following elements:
  • An appeals channel within the system, such as a “Report / Appeal” button
  • Automatic ticket creation and routing to the IT Support team
  • Human-in-the-loop review
  • Defined service level agreements (SLAs) for response times, such as within four (4) hours
  • Communication of review outcomes back to users
  • Use of appeals data to continuously improve AI models and the knowledge base
  • Approximately 1,500 employees participate in training per year
  • Training duration: 2 hours per course
Read More Information about
Artificial Intelligence
in Sustainability Report 2025

Copyright ©2026 Thai Beverage Plc. All Rights Reserved.