Begun and held in Metro Manila, on Monday, the "(m) x x x;

twenty-third day of July, two thousand eighteen.

"(n) Hacking – refers to the unauthorized access into
REPUBLIC ACT No. 11449 or interference in a computer system/server or
information and communications system; or any
An Act Providing for Additional Prohibitions to and access in order to corrupt, alter, steal, or destroy
Increasing Penalties for Violations of Republic Act using a computer or other similar information and
No. 8484, Otherwise Known as the "Access Devices communication devices, without the knowledge and
Regulation Act of 1998" consent of the owner of the computer or
information and communications system, including
Be it enacted by the Senate and House of the introduction of computer viruses and the like,
Representatives of the Philippine Congress resulting in the corruption, destruction, alteration,
Assembled: theft or loss of electronic data messages or
electronic documents;
Section 1. Section 2 of Republic Act No. 8484 is
hereby amended to read as follows: "(o) Payment Card – refers to any card of whatever
material or form including any kind of debit card, but
"Sec. 2. Declaration of Policy.— The State recognizes not a credit card, issued by a bank or business entity
the recent advances in technology and the that enables a customer to access an automated
widespread use of access devices in commercial teller machine in order to perform transactions such
transactions. Toward this end, the State shall protect as deposits, cash withdrawals and obtaining account
the rights and define the liabilities of parties in such information. A payment card shall be considered as
commercial transactions by regulating the issuance an access device for the purposes of this Act;
and use of access devices.
"(p) Card Skimming – refers to a type of fraud which
"The State likewise acknowledges that the advances involves illegal copying of information from the
in information technology on access devices have magnetic stripe of payment card to gain access to
been exploited by criminals and criminal syndicates customer accounts;
in perpetrating fraudulent activities that ultimately
undermine the trust of the public in the banking "(q) Application – refers to a computer program
industry. Due to this deleterious effect on the designed to perform a group of coordinated
economy, the State declares that the commission of functions, tasks, or activities for the benefit of the
a crime using access devices is a form of economic user; and
sabotage and a heinous crime and shall be
punishable to the maximum level allowed by law." "(r) Online Banking – refers to the use of the internet
by bank customers in order to manage thqir bank
Section 2. Section 3 of the same Act is hereby accounts and perform account transactions."
amended to read as follows:
Section 3. Section 9 of the same Act is hereby
"Sec. 3. Definition of Terms.— For purposes of this amended to read as follows:
Act, the terms:
"Sec. 9. Prohibited Acts.— The following acts shall
"(a) Access Device – means any card, plate, code, constitute access device fraud and are hereby
account number, electronic serial number, personal declared to be unlawful:
identification number, or other telecommunications
service, equipment, or instrumental identifier, or "(a) producing, using, trafficking in one or more
other means of account access that can be used to counterfeit access devices;
obtain money, good, services, or any other thing of
value or to initiate a transfer of funds (other than a "x x x
transfer originated solely by paper instrument);
"(o) x x x;
"(b) Payment Card – cards that can be used by
cardholders and accepted by terminals to withdraw "(p) x x x;
a cash and/or make payment for purchase of goods
or services, fund transfer, and other financial "(q) skimming, copying or counterfeiting any credit
transactions. Typically, payment cards are card, payment card or debit card, and obtaining any
electronically linked deposits, prepaid, or loan credit information therein with the intent of accessing the
accounts; account and operating the same whether or not cash
is withdrawn or monetary injury is caused by a
"(c) Counterfeit Access Device – means any access perpetrator against the account holder or the
device that is counterfeit, fictitious, altered, or depositary bank;
forged, or an identifiable component of an access
device or counterfeit access device or any fraudulent "(r) production or possession of any software
copy or reproduction of a valid access device; component such as programs, application, or
malware, or any hardware component such as
"x x x skimming device or any electronic gadget or
equipment that is used to perpetrate any of the
"(l) x x x; foregoing acts;
"(s) accessing, with or without authority, any "(e) imprisonment for not less than ten (10) years
application, online banking account, credit card and not more than twelve (12) years and a fine of
account, ATM account, debit card account, in a Five hundred thousand pesos (₱500,000.00) or twice
fraudulent manner, regardless of whether or not it the value obtained by the offender, whichever is
will result in monetary loss to the account holder; higher, without prejudice to the civil liability of the
and offender, in the case of an offense under Section
9(a), (f), and (q), which does not occur after a
"(t) hacking refers to the unauthorized access into or conviction for another offense under Section 9;
interference in a computer system/server, or
information and communication system, or any "(f) imprisonment for not less than twelve (12) years
access in order to corrupt, alter, steal, or destroy but not more than twenty (20) years and a fine of
using a computer or other similar information and Eight hundred thousand pesos (₱800,000.00) or
communication devices without the knowledge and twice the value obtained by the offender, whichever
consent of the owner of the computer or is higher, without prejudice to the civil liability of the
information and communication system, including offender, in the case of any offense under Section 9,
the introduction of computer viruses and the like which occurs after a conviction for another offense
resulting in the corruption, destruction, alteration, under the same section, or an attempt to commit
theft, or loss of electronic data messages or the same; and
electronic documents."
"(g) life imprisonment and a fine of not less than One
Section 4. Section 10 of the same Act is hereby million pesos (₱1,000,000.00) but not more than
amended to read as follows: Five million pesos (₱5,000,000.00) if the offense
constitutes economic sabotage. Economic sabotage
"Sec. 10. Penalties.— Any person committing any of is deemed committed when any of the prohibited
the acts constituting access device fraud acts described in Section 9 hereof is committed
enumerated in the immediately preceding section under the following circumstances:
shall be punished with:
(1) the prohibited act involves the hacking of a
"(a) imprisonment for not less than twelve (12) years bank’s system;
and not more than twenty (20) years and a fine
twice the equivalent of the aggregate amount of all (2) the act of skimming affected fifty (50) or more
affected or exposed bank accounts, but the fine shall payment cards; or
not be less than Five hundred thousand pesos
(₱500,000.00) in the case of an offender who is in (3) the prohibited act affected fifty (50) or more
possession of ten (10) or more counterfeit access online banking accounts, credit cards, payment
devices and/or unauthorized access devices and was cards, and debit cards."
able to access at least one (1) account or had gained
credit by the fraudulent use of any of such access Section 5. The last sentence of Section 14 of the
device in his possession; same Act is hereby amended to read as follows:
"(b) imprisonment for not less than six (6) years and "Sec. 14. x x x
not more than twelve (12) years and a fine of Three
hundred thousand pesos (₱300,000.00) or twice the "A cardholder who abandons or surreptitiously
equivalent of the aggregate amount of all affected or leaves the place of employment, business or
exposed bank accounts, whichever is higher, in 'the residence stated in his application for credit card,
case of an offender who is in possession of ten (10) without informing the credit card company of the
or more counterfeit access devices and/or place where he could actually be found, if at the
unauthorized access devices, but was not proven to time of such abandonment or surreptitious leaving,
have accessed any account or have gained any credit the outstanding and unpaid balance is past due for
through any of the aforementioned access devices; at least ninety (90) days and is more than Two
hundred thousand pesos (₱200,000.00), shall be
"(c) imprisonment for not less than four (4) years prima facie presumed to have used his credit card
and not more than six (6) years and a fine of twice with intent to defraud."
the value of the fraudulently obtained credit,
without prejudice to the civil liability of the offender, Section 6. Section 16 of the same Act is hereby
in the case of an offense involving fraudulent use of amended to read as follows:
a credit card;
"Sec. 16. Reporting Requirements.— All companies
"(d) imprisonment for not less than six (6) years and engaged in the business of issuing access devices,
not more than ten (10) years and a fine of Five including banks, financing companies and other
hundred thousand pesos (₱500,000.00) or twice the financial institutions issuing access devices, as well
value obtained by the offender, whichever is higher, as all partner merchants, shall conduct initial
without prejudice to the civil liability of the offender, investigation on any reported access device fraud
in the case of an offense under items (b), (c), (d), (e), and furnish real-time reports on the result thereof to
(g), (h), (i), (j), (k), (l), (m), (n), (o), (p), (r), (s), and (t) the National Bureau of Investigation (NBI) and the
of Section 9 hereof, which does not occur after a Anti-Cybercrime Group of the Philippine National
conviction for another offense under the same Police (PNP). The report shall contain a narration
section; about the fraud committed and an identification of
the perpetrator, if feasible. The report shall further
constitute the complaint necessary for the NBI or the to facilitate the transfer and promotion of
Anti-Cybercrime Group of the PNP to pursue further technology; to ensure network security, connectivity
investigation and prosecution of the fraud. and neutrality of technology for the national benefit;
Notwithstanding this requirement, banks, financing and the need to marshal, organize and deploy
companies and other financial institutions, including national information infrastructures, comprising in
their subsidiaries and affiliates, issuing access both telecommunications network and strategic
devices shall continue to be regulated and information services, including their interconnection
supervised by the Bangko Sentral ng Pilipinas while to the global information networks, with the
other companies issuing access devices shall necessary and appropriate legal, financial, diplomatic
continue to be regulated and supervised by the and technical framework, systems and facilities.
Securities and Exchange Commission."
PART II
Section 7. If any separable provision of this Act is
declared unconstitutional, the remaining provisions ELECTRONIC COMMERCE IN GENERAL
shall continue to be in force.
CHAPTER I
Section 8. All laws, decrees, executive orders, rules
and regulations or parts thereof which are GENERAL PROVISIONS
inconsistent with this Act are hereby repealed,
amended or modified accordingly. Section 3. Objective - This Act aims to facilitate
domestic and international dealings, transactions,
Section 9. This Act shall take effect fifteen (15) days arrangements agreements, contracts and exchanges
after its publication in the Official Gazette or in a and storage of information through the utilization of
newspaper of general circulation. electronic, optical and similar medium, mode,
instrumentality and technology to recognize the
authenticity and reliability of electronic documents
related to such activities and to promote the
Today is Thursday, November 09, 2023home universal use of electronic transaction in the
government and general public.
ConstitutionStatutesExecutive IssuancesJudicial Section 4. Sphere of Application - This Act shall apply
IssuancesOther IssuancesJurisprudenceInternational to any kind of data message and electronic
Legal ResourcesAUSL Exclusive document used in the context of commercial and
non-commercial activities to include domestic and
Eleventh Congress international dealings, transactions, arrangements,
agreements contracts and exchanges and storage of
REPUBLIC ACT NO. 8792 June 14, 2000 information.
AN ACT PROVIDING FOR THE RECOGNITION AND Section 5. Definition of Terms - For the purposes of
USE OF ELECTRONIC COMMERCIAL AND NON- this Act, the following terms are defined, as follows:
COMMERCIAL TRANSACTIONS AND DOCUMENTS,
PENALTIES FOR UNLAWFUL USE THEREOF, AND FOR (a) "Addressee" refers to a person who is intended
OTHER PURPOSES by the originator to receive the electronic data
message or electronic document. The term does not
Be it enacted by the Senate and House of include a person acting as an intermediary with
Representatives of the Philippines in Congress respect to that electronic data message or electronic
assembled: data document.
PART I (b) "Computer" refers to any device or apparatus
which, by electronic, electro-mechanical, or
SHORT TITLE AND DECLARATION OF POLICY magnetic impulse, or by other means, is capable of
receiving, recording, transmitting, storing,
Section 1. Short Title - This Act shall be known as the processing, retrieving, or producing information,
"Electronic Commerce Act of 2000." data, figures, symbols or other modes of written
expression according to mathematical and logical
Section 2. Declaration of Policy - The State rules or of performing any one or more of these
recognizes the vital role of information and functions.
communications technology (ICT) in nation-building;
the need to create an information-friendly (c) "Electronic Data Message" refers to information
environment which supports and ensures the generated, sent, received or stored by electronic,
availability, diversity and affordability of ICT products optical or similar means.
and services; the primary responsibility of the
private sector in contributing investments and
services in telecommunications and information
technology; the need to develop, with appropriate
training programs and institutional policy changes,
human resources for the information technology
age, a labor force skilled in the use of ICT and a
population capable of operating and utilizing
electronic appliances and computers; its obligation
(d) "Information and Communications System" refers LEGAL RECOGNITION OF ELECTRONIC WRITING
to a system intended for and capable of generating,
sending, receiving, storing, or otherwise processing OR DOCUMENT AND DATA MESSAGES
electronic data messages or electronic documents
and includes the computer system or other similar Section 6. Legal Recognition of Electronic Data
device by or in which data is recorded or stored and Messages - Information shall not be denied legal
any procedures related to the recording or storage effect, validity or enforceability solely on the
of electronic data message or electronic document. grounds that it is in the data message purporting to
give rise to such legal effect, or that it is merely
(e) "Electronic Signature" refers to any distinctive referred to in that electronic data message.
mark, characteristic and/or sound in electronic form,
representing the identity of a person and attached to Section 7. Legal Recognition of Electronic Documents
or logically associated with the electronic data - Electronic documents shall have the legal effect,
message or electronic document or any validity or enforceability as any other document or
methodology or procedures employed or adopted by legal writing, and -
a person and executed or adopted by such person
with the intention of authenticating or approving an (a) Where the law requires a document to be in
electronic data message or electronic document. writing, that requirement is met by an electronic
document if the said electronic document maintains
(f) "Electronic Document" refers to information or its integrity and reliability and can be authenticated
the representation of information, data, figures, so as to be usable for subsequent reference, in that -
symbols or other modes of written expression,
described or however represented, by which a right i. The electronic document has remained complete
is established or an obligation extinguished, or by and unaltered, apart from the addition of any
which a fact may be prove and affirmed, which is endorsement and any authorized change, or any
receive, recorded, transmitted, stored, processed, change which arises in the normal course of
retrieved or produced electronically. communication, storage and display; and
(g) "Electronic Key" refers to a secret code which ii. The electronic document is reliable in the light of
secures and defends sensitive information that cross the purpose for which it was generated and in the
over public channels into a form decipherable only light of all relevant circumstances.
with a matching electronic key.
(b) Paragraph (a) applies whether the requirement
(h) "Intermediary" refers to a person who in behalf therein is in the form of an obligation or whether the
of another person and with respect to a particular law simply provides consequences for the document
electronic document sends, receives and/or stores not being presented or retained in its original from.
provides other services in respect of that electronic
data message or electronic document. (c) Where the law requires that a document be
presented or retained in its original form, that
(i) "Originator" refers to a person by whom, or on requirement is met by an electronic document if -
whose behalf, the electronic document purports to
have been created, generated and/or sent. The term i. There exists a reliable assurance as to the integrity
does not include a person acting as an intermediary of the document from the time when it was first
with respect to that electronic document. generated in its final form; and
(j) "Service provider" refers to a provider of - ii. That document is capable of being displayed to
the person to whom it is to be presented: Provided,
i. On-line services or network access or the operator That no provision of this Act shall apply to vary any
of facilities therefor, including entities offering the and all requirements of existing laws on formalities
transmission, routing, or providing of connections required in the execution of documents for their
for online communications, digital or otherwise, validity.
between or among points specified by a user, of
electronic documents of the user's choosing; or For evidentiary purposes, an electronic document
shall be the functional equivalent of a written
ii. The necessary technical means by which electronic document under existing laws.
documents of an originator may be stored and made
accessible to designated or undesignated third party. This Act does not modify any statutory rule relating
to admissibility of electronic data massages or
Such service providers shall have no authority to electronic documents, except the rules relating to
modify or alter the content of the electronic data authentication and best evidence.
message or electronic document received or to
make any entry therein on behalf of the originator, Section 8. Legal Recognition of Electronic Signatures.
addressee or any third party unless specifically - An electronic signature on the electronic document
authorized to do so, and who shall retain the shall be equivalent to the signature of a person on a
electronic document in accordance with the specific written document if that signature is proved by
request or as necessary for the purpose of showing that a prescribed procedure, not alterable
performing the services it was engaged to perform. by the parties interested in the electronic document,
existed under which -
CHAPTER II
(a) A method is used to identify the party sought to information was generated and in the light of all the
be bound and to indicate said party's access to the relevant circumstances.
electronic document necessary for his consent or
approval through the electronic signature; Section 11. Authentication of Electronic Data
Messages and Electronic Documents. - Until the
(b) Said method is reliable and appropriate for the Supreme Court by appropriate rules shall have so
purpose for which the electronic document was provided, electronic documents, electronic data
generated or communicated, in the light of all messages and electronic signatures, shall be
circumstances, including any relevant agreement; authenticated by demonstrating, substantiating and
validating a claimed identity of a user, device, or
(c) It is necessary for the party sought to be bound, another entity is an information or communication
in or order to proceed further with the transaction, system, among other ways, as follows;
to have executed or provided the electronic
signature; and (a) The electronic signature shall be authenticated by
proof than a letter , character, number or other
(d) The other party is authorized and enabled to symbol in electronic form representing the persons
verify the electronic signature and to make the named in and attached to or logically associated with
decision to proceed with the transaction an electronic data message, electronic document, or
authenticated by the same. that the appropriate methodology or security
procedures, when applicable, were employed or
Section 9. Presumption Relating to Electronic adopted by such person, with the intention of
Signatures - In any proceedings involving an authenticating or approving in an electronic data
electronic signature, it shall be presumed that - message or electronic document;

(a) The electronic signature is the signature of the (b) The electronic data message or electronic
person to whom it correlates; and document shall be authenticated by proof that an
appropriate security procedure, when applicable
(b) The electronic signature was affixed by that was adopted and employed for the purpose of
person with the intention of signing or approving the verifying the originator of an electronic data
electronic document unless the person relying on message and/or electronic document, or detecting
the electronically signed electronic document knows error or alteration in the communication, content or
or has noticed of defects in or unreliability of the storage of an electronic document or electronic data
signature or reliance on the electronic signature is message from a specific point, which, using
not reasonable under the circumstances. algorithm or codes, identifying words or numbers,
encryptions, answers back or acknowledgement
Section 10. Original Documents. - procedures, or similar security devices.

(1) Where the law requires information to be The supreme court may adopt such other
presented or retained in its original form, that authentication procedures, including the use of
requirement is met by an electronic data message or electronic notarization systems as necessary and
electronic document if; advisable, as well as the certificate of authentication
on printed or hard copies of the electronic document
(a) the integrity of the information from the time or electronic data messages by electronic notaries,
when it was first generated in its final form, as an service providers and other duly recognized or
electronic data message or electronic document is appointed certification authorities.
shown by evidence aliunde or otherwise; and
The person seeking to introduce an electronic data
(b) where it is required that information be resented, message or electronic document in any legal
that the information is capable of being displayed to proceeding has the burden of proving its authenticity
the person to whom it is to be presented. by evidence capable of supporting a finding that the
electronic data message or electronic document is
what the person claims it be.
(2) Paragraph (1) applies whether the requirement
therein is in the form of an obligation or whether the
law simply provides consequences for the In the absence of evidence to the contrary, the
information not being presented or retained in its integrity of the information and communication
original form. system in which an electronic data message or
electronic document is recorded or stored may be
established in any legal proceeding -
(3) For the purpose of subparagraph (a) of paragraph
(1):
a.) By evidence that at all material times the
information and communication system or other
(a) the criteria for assessing integrity shall be similar device was operating in a manner that did
whether the information has remained complete not affect the integrity of the electronic data
and unaltered, apart from the addition of any message and/or electronic document, and there are
endorsement and any change which arises in the no other reasonable grounds to doubt the integrity
normal course of communication, storage and of the information and communication system,
display ; and
(b) the standard of reliability required shall be
assessed in the light of purposed for which the
b.) By showing that the electronic data message rights of parties in interest as defined in the
and/or electronic document was recorded or stored following section.
by a party to the proceedings who is adverse in
interest to the party using it; or Section 15. Cross - Examination.
c.) By showing that the electronic data message (1) A deponent of an affidavit referred to in Section
and/or electronic document was recorded or stored 14 that has been introduced in evidence may be
in the usual and ordinary course of business by a cross-examined as of right by a party to the
person who is not a party to the proceedings and proceedings who is adverse in interest to the party
who did not act under the control of the party using who has introduced the affidavit or has caused the
the record. affidavit to be introduced.
Section 12. Admissibility and Evidential Weight of (2) Any party to the proceedings has the right to
Electronic Data Message or Electronic Document. - In cross-examine a person referred to in section 11,
any legal proceedings, nothing in the application of paragraph 4, sub paragraph c.
the rules on evidence shall deny the admissibility of
an electronic data message or electronic document CHAPTER III.
in evidence -
COMMUNICATION OF ELECTRONIC DATA MESSAGES
(a) On the sole ground that it is in electronic form; or OR ELECTRONIC DOCUMENTS
(b) On the ground that it is not in the standard Section 16. Formation of Validity of Electronic
written form, and the electronic data message or Contracts.
electronic document meeting, and complying with
the requirements under Sections 6 or 7 hereof shall (1) Except as otherwise agreed by the parties, an
be the best evidence of the agreement and offer, the acceptance of an offer and such other
transaction contained therein. elements required under existing laws for the
formation of contracts may be expressed in,
In assessing the evidential weight of an electronic demonstrated and proved by means of electronic
data message or electronic document, the reliability data messages or electronic documents and no
of the manner in which it was generated, stored or contract shall be denied validity or enforceability on
communicated, the reliability of the manner in which the sole ground that it is in the form of an electronic
its originator was identified, and other relevant data message or electronic document, or that any or
factors shall be given due regard. all of the elements required under existing laws for
the formation of contracts is expressed,
Section 13. Retention of Electronic Data Message or demonstrated and proved by means of electronic
Electronic Document. - Notwithstanding any data messages or electronic documents.
provision of law, rule or regulation to the contrary -
(2) Electronic transactions made through networking
(a) The requirement in any provision of law that among banks, or linkages thereof with other entities
certain documents be retained in their original form or networks, and vice versa, shall be deemed
is satisfied by retaining them in the form of an consummated upon the actual dispensing of cash or
electronic data message or electronic document the debit of one account and the corresponding
which - credit to another, whether such transaction is
initiated by the depositor or by an authorized
(i) Remains accessible so as to be usable for collecting party: Provided, that the obligation of one
subsequent reference; bank, entity, or person similarly situated to another
arising therefrom shall be considered absolute and
(ii) Is retained in the format in which it was shall not be subjected to the process of preference
generated, sent or received, or in a format which can of credits.
be demonstrated to accurately represent the
electronic data message or electronic document Section 17. Recognition by Parties of Electronic Data
generated, sent or received; Message or Electronic Document. - As between the
originator and the addressee of an electronic data
(iii) Enables the identification of its originator and message or electronic document, a declaration of
addressee, as well as the determination of the date will or other statement shall not be denied legal
and the time it was sent or received. effect, validity or enforceability solely on the ground
that it is in the form of an electronic data message.
(b) The requirement referred to in paragraph (a) is
satisfied by using the services of a third party, Section 18. Attribution of Electronic Data Message. -
provided that the conditions set fourth in
subparagraph s (i), (ii) and (iii) of paragraph (a) are (1) An electronic data message or electronic
met. document is that of the originator if it was sent by
the originator himself.
Section 14. Proof by Affidavit. - The matters referred
to in Section 12, on admissibility and Section 9, on (2) As between the originator and the addressee, an
the presumption of integrity, may be presumed to electronic data message or electronic document is
have been established by an affidavit given to the deemed to be that of the originator if it was sent:
best of the deponent's knowledge subject to the
(a) by a person who had the authority to act on regard the electronic data message or electronic
behalf of the originator with respect to that document received as that which the originator
electronic data message or electronic document; or intended to send, and to act on that assumption,
unless the addressee knew or should have known,
(b) by an information system programmed by, or on had the addressee exercised reasonable care or used
behalf of the originator to operate automatically. the appropriate procedure -

(3) As between the originator and the addressee, an (a) That the transmission resulted in any error
addressee is entitled to regard an electronic data therein or in the electronic document when the
message or electronic document as being that of the electronic data message or electronic document
originator, and to act on that assumption, if: enters the designated information system, or

(a) in order to ascertain whether the electronic data (b) That electronic data message or electronic
message or electronic document was that of the document is sent to an information system which is
originator, the addressee properly applied a not so designated by the addressee for the purposes.
procedure previously agreed to by the originator for
that purpose; or Section 20. Agreement on Acknowledgement of
Receipt of Electronic Data Messages or Electronic
(b) the electronic data message or electronic Documents. - The following rules shall apply where,
document as received by the addressee resulted on or before sending an electronic data message or
from the actions of a person whose relationship with electronic document, the originator and the
the originator or with any agent of the originator addressee have agreed, or in that electronic
enabled that person to gain access to a method used document or electronic data message, the originator
by the originator to identify electronic data has requested, that receipt of the electronic
messages as his own. document or electronic data message be
acknowledged:
(4) Paragraph (3) does not apply:
a.) Where the originator has not agreed with the
(a) as of the time when the addressee has both addressee that the acknowledgement be given in a
received notice from the originator that the particular form or by a particular method, an
electronic data message or electronic document is acknowledgement may be given by or through any
not that of the originator, and has reasonable time communication by the addressee, automated or
to act accordingly; or otherwise, or any conduct of the addressee,
sufficient to indicate to the originator that the
(b) in a case within paragraph (3) sub-paragraph (b), electronic data message or electronic document has
at any time when the addressee knew or should been received.
have known, had it exercised reasonable care of
used any agreed procedure, that the electronic data b.) Where the originator has stated that the effect or
message or electronic document was not that of the significance of the electronic data message or
originator. electronic document is conditional on receipt of the
acknowledgement thereof, the electronic data
(5) Where an electronic data message or electronic message or electronic document is treated as though
document is that of the originator or is deemed to it has never been sent, until the acknowledgement is
be that of the originator, or the addressee is entitled received.
to act on that assumption, then, as between the
originator and the addressee, the addressee is c.) Where the originator has not stated that the
entitled to regard the electronic data message or effect or significance of the electronic data message
electronic document as received as being what the or electronic document is conditional on receipt of
originator intended to send, and to act on that the acknowledgement, and the acknowledgement
assumption. The addressee is not so entitled when it has not been received by the originator within the
knew or should have known, had it exercised time specified or agreed or, if no time has been
treasonable care or used any agreed procedure, that specified or agreed, within the reasonable time, the
the transmission resulted in any error in the originator may give notice to the addressee stating
electronic data message or electronic document as that no acknowledgement has been received and
received. specifying a reasonable time by which the
acknowledgement must be received; and if the
(6) The addressee is entitled to regard each acknowledgement is not received within the time
electronic data message or electronic document specified in subparagraph (c), the originator may,
received as a separate electronic data message or upon notice to the addressee, treat the electronic
electronic document and to act on that assumption, document or electronic data as though it had never
except to the extent that it duplicates another been sent, or exercise any other rights it may have.
electronic data message or electronic document and
the addressee knew or should have known, had it
exercised reasonable care or used any agreed
procedure, that the electronic data message or
electronic document was a duplicate.
Section 19. Error on Electronic Data Message or
Electronic Document. - The addressee is entitled to
Section 21. Time of Dispatch of Electronic Data b. If the originator or the addressee does not have a
Messages or Electronic Documents. - Unless place of business, reference is to be made to its
otherwise agreed between the originator and the habitual residence; or
addressee, the dispatch of an electronic data
message or electronic document occurs when it c. The "usual place of residence" in relation to a
enters an information system outside the control of body corporate, means the place where it is
the originator or of the person who sent the incorporated or otherwise legally constituted.
electronic data message or electronic document on
behalf of the originator. Section 24. Choice of Security Methods. - Subject to
applicable laws and /or rules and guidelines
Section 22. Time of Receipt of Electronic Data promulgated by the Department of Trade and
Messages or Electronic Documents. - Unless Industry with other appropriate government
otherwise agreed between the originator and the agencies, parties to any electronic transaction shall
addressee, the time of receipt of an electronic data be free to determine the type of level of electronic
message or electronic document is as follows: data message and electronic document security
needed, and to select and use or implement
a.) If the addressee has designated an information appropriate technological methods that suit their
system for the purpose of receiving electronic data need.
message or electronic document, receipt occurs at
the time when the electronic data message or PART III
electronic document enters the designated
information system: Provide, however, that if the ELECTRONIC COMMERCE IN SPECIFIC AREAS
originator and the addressee are both participants in
the designated information system, receipt occurs at CHAPTER I.
the time when the electronic data message or
electronic document is retrieved by the addressee; CARRIAGE OF GOODS
b.) If the electronic data message or electronic Section 25. Actions Related to Contracts of Carriage
document is sent to an information system of the of Goods. - Without derogating from the provisions
addressee that is not the designated information of part two of this law, this chapter applies to any
system, receipt occurs at the time when the action in connection with, or in pursuance of, a
electronic data message or electronic document is contract of carriage of goods, including but not
retrieved by the addressee; limited to:
c.) If the addressee has not designated an (a) (i) furnishing the marks, number, quantity or
information system, receipt occurs when the weight of goods;
electronic data message or electronic document
enters an information system of the addressee. (ii) stating or declaring the nature or value of goods;
These rules apply notwithstanding that the place (iii) issuing a receipt for goods;
where the information system is located may be
different from the place where the electronic data
message or electronic document is deemed to be (iv) confirming that goods have been loaded;
received.
(b) (i) notifying a person of terms and conditions of
Section 23. Place of Dispatch and Receipt of the contract;
Electronic Data Messages or Electronic Documents. -
Unless otherwise agreed between the originator and (ii) giving instructions to a carrier;
the addressee, an electronic data message or
electronic document is deemed to be dispatched at (c) (i) claiming delivery of goods;
the place where the originator has its place of
business and received at the place where the (ii) authorizing release of goods;
addressee has its place of business. This rule shall
apply even if the originator or addressee had used a (iii) giving notice of loss of, or damage to goods;
laptop other portable device to transmit or received
his electronic data message or electronic document. (d) giving any other notice or statement in
This rule shall also apply to determine the tax situs connection with the performance of the contract;
of such transaction.
(e) undertaking to deliver goods to a named person
For the purpose hereof - or a person authorized to claim delivery;
a. If the originator or addressee has more than one (f) granting, acquiring, renouncing, surrendering,
place of business, the place of business is that which transferring or negotiating rights in goods;
has the closest relationship to the underlying
transaction or, where there is no underlying (g) acquiring or transferring rights and obligations
transaction, the principal place of business. under the contract.
Section 26. Transport Documents. - (1) Where the
law requires that any action referred to contract of
carriage of goods be carried out in writing or by (a) accept the creation, filing or retention of such
using a paper document, that requirement is met if documents in the form of electronic data messages
the action is carried out by using one or more data or electronic documents;
messages or electronic documents.
(b) issue permits, licenses, or approval in the form of
(2) Paragraph (1) applies whether the requirement electronic data messages or electronic documents;
there in is in the form of an obligation or whether
the law simply provides consequences for failing (c) require and/or accept payments, and issue
either to carry out the action in writing or to use a receipts acknowledging such payments, through
paper document. systems using electronic data messages or electronic
documents; or
(3) If a right is to be granted to, or an obligation is to
be acquired by, one person and no person, and if the (d) transact the government business and/or
law requires that, in order to effect this, the right or perform governmental functions using electronic
obligation must be conveyed to that person by the data messages or electronic documents, and for the
transfer, or use of, a paper document, that purpose, are authorized to adopt and promulgate,
requirement is met if the right or obligation is after appropriate public hearing and with due
conveyed by using one or more electronic data publication in newspapers of general circulation, the
messages or electronic documents unique; appropriate rules, regulations, or guidelines, to,
among others, specify -
(4) For the purposes of paragraph (3), the standard
of reliability required shall be assessed in the light of 1) the manner and format in which such electronic
the purpose for which the right or obligation was data messages or electronic documents shall be
conveyed and in the light of all the circumstances, filed, created, retained or issued;
including any relevant agreement.
2) where and when such electronic data messages or
(5) Where one or more data messages are used to electronic documents have to signed, the use of an
effect any action in subparagraphs (f) and (g) of electronic signature, the type of electronic signature
Section 25, no paper document used to effect any required;
such action is valid unless the use of electronic data
message or electronic document has been 3) the format of an electronic data message or
terminated and replaced by the used of paper electronic document and the manner the electronic
documents. A paper document issued in these signature shall be affixed to the electronic data
circumstances shall contain a statement of such message or electronic document;
termination. The replacement of the electronic data
messages or electronic documents by paper 4) the control processes and procedures as
documents shall not affect the rights or obligation of appropriate to ensure adequate integrity, security
the parties involved. and confidentiality of electronic data messages or
electronic documents or records of payments;
(6) If a rule of laws is compulsorily applicable to a
contract of carriage of goods which is in, or is 5) other attributes required to electronic data
evidenced by, a paper document, that rule shall not messages or electronic documents or payments; and
be inapplicable to such a contract of carriage of
goods which is evidenced by one or more electronic 6) the full or limited use of the documents and
data messages or electronic documents by reason of papers for compliance with the government
the fact that the contract is evidenced by such requirements: Provided, that this Act shall be itself
electronic data messages or electronic documents mandate any department of the government, organ
instead of by a paper document. of state or statutory corporation to accept or issue
any document in the form of electronic data
PART IV messages or electronic documents upon the
adoption, promulgation and publication of the
ELECTRONIC TRANSACTIONS IN GOVERNMENT appropriate rules, regulations or guidelines.
Section 27. Government Use of Electronic Data Section 28. RPWEB To Promote the Use of Electronic
Messages, Electronic Documents and Electronic Documents or Electronic Data Messages In
Signatures. - Notwithstanding any law to the Government and to the General Public. - Within two
contrary, within two (2) years from the date of the (2) years from the effectivity of this Act, there shall
effectivity of this Act, all departments, bureaus, be installed an electronic online network in
offices and agencies of the government, as well as all accordance with Administrative Order 332 and
government-owned and -controlled corporations, House of Representatives Resolution 890, otherwise
that pursuant to law require or accept the filling of known as RPWEB, to implement Part IV of this Act to
documents, require that documents be created, or facilitate the open, speedy and efficient electronic
retained and/or submitted, issue permits, licenses or online transmission, conveyance and use of
certificates of registration or approval, or provide for electronic data messages or electronic documents
the method and manner of payment or settlement amongst all government departments, agencies,
of fees and other obligations to the government, bureaus, offices down to the division level and to the
shall - regional and provincial offices as practicable as
possible, government owned and controlled
corporations, local government units, other public
instrumentalities, universities, colleges and other criminal liability in respect of the electronic data
schools, and universal access to the general public. message or electronic document for which the
person or party acting as a service provider as
The RPWEB network shall serve as initial platform of defined in Section 5 merely provides access if such
the government information infrastructure (GII) to liability is founded on -
facilitate the electronic online transmission and
conveyance of government services to evolve and (a) The obligations and liabilities of the parties under
improve by better technologies or kinds and the electronic data message or electronic document;
electronic online wide area networks utilizing, but
not limited to, fiber optic, satellite, wireless and (b) The making, publication, dissemination or
other broadband telecommunication mediums or distribution of such material or any statement made
modes. in such material, including possible infringement of
any right subsisting in or in relation to such material.
To facilitate the rapid development of the GII, the Provided, That:
Department of Transportation and Communications,
National Telecommunications Commission and the i. The service provider does not have actual
National Computer Center are hereby directed to knowledge, or is not aware of the facts or
aggressively promote and implement a policy circumstances from which it is apparent, that the
environment and regulatory framework that shall making, publication, dissemination or distribution of
lead to the substantial reduction of costs of such material is unlawful or infringes any rights
including, but not limited to, lease lines, land, subsisting in or in relation to such material;
satellite and dial-up telephone access, cheap
broadband and wireless accessibility by government ii The service provider does not knowingly receive a
departments, agencies, bureaus, offices, government financial benefit directly attributable to the unlawful
owned and controlled corporations, local or infringing activity; and
government units, other public instrumentalities and
the general public, to include the establishment of a iii. The service provider does not directly commit any
government website portal and a domestic internal infringement or other unlawful act and does not
exchange system to facilitate strategic access to induce or cause another person or party to commit
government and amongst agencies thereof and the any infringement or other unlawful act and/or does
general public and for the speedier flow of locally not benefit financially from the infringing activity or
generated internal traffic within the Philippines. unlawful act or another person or party; Provider,
further, That nothing in this Section shall affect -
The physical infrastructure of cable and wireless
system for cable TV and broadcast excluding (a) Any obligation founded on contract;
programming content and the management thereof
shall be considered as within the activity of (b) The obligation of a service provider as such under
telecommunications for the purpose of electronic a licensing or other regulatory regime established
commerce and to maximize the convergence of ICT under written law; or
in the installation of the GII.
(c) Any obligation imposed under any written law;
Section 29. Authority of the Department of Trade
and Industry and Participating Entities. - The (d) The civil liability of any party to the extent that
Department of Trade and Industry (DTI) shall direct such liability forms the basis for injunctive relief
supervise the promotion and development of issued by a court under any law requiring that the
electronic commerce in the country with relevant service provider take or refrain from actions
government agencies, without prejudice to the necessary to remove, block or deny access to any
provisions of Republic Act 7653 (Charter of Bangko material, or to preserve evidence of a violation of
Sentral ng Pilipinas) and Republic Act No. 337, law.
(General Banking Act) as amended.
Among others, the DTI is empowered to promulgate Section 31. Lawful Access. - Access to an electronic
rules and regulations, as well as provide quality file, or an electronic signature of an electronic data
standards or issue certifications, as the case may be, message or electronic document shall only be
and perform such other functions as may be authorized and enforced in favor of the individual or
necessary for the implementation of this Act in the entity having a legal right to the possession or the
area of electronic commerce to include, but shall not use of plaintext, electronic signature or file or solely
limited to, the installation of an online public for the authorized purposes. The electronic key for
information and quality and price monitoring system identity or integrity shall not be made available to
for goods and services aimed in protecting the any person or party without the consent of the
interests of the consuming public availing of the individual or entity in lawful possession of that
advantages of this Act. electronic key;

PART V
FINAL PROVISIONS
Section 30. Extent of Liability of a Service Provider. -
Except as otherwise provided in this Section, no
person or party shall be subject to any civil or
Section 32. Obligation of Confidentiality. - Except for Failure to Issue rules and regulations shall not in any
the purposes authorized under this Act, any person manner affect the executory nature of the provisions
who obtained access to any electronic key, of this Act.
electronic data message or electronic document,
book, register, correspondence, information, or Section 35. Oversight Committee. - There shall be
other material pursuant to any powers conferred Congressional Oversight Committee composed of
under this Act, shall not convey to or share the same the Committees and Trade and Industry/Commerce,
with any other person. Science and Technology, Finance and Appropriations
of both the Senate and House of Representatives,
Section 33. Penalties. - The following Acts, shall be which shall meet at least every quarter of the first
penalized by fine and/or imprisonment, as follows: two years and every semester for the third year after
the approval of this Act to oversee its
(a) Hacking or crackling with refers to unauthorized implementation. The DTI, DBM, Bangko Sentral ng
access into or interference in a computer Pilipinas, and other government agencies as may be
system/server or information and communication determined by the Congressional Committee shall
system; or any access in order to corrupt, alter, steal, provide a quarterly performance report of their
or destroy using a computer or other similar actions taking in the implementation of this Act for
information and communication devices, without the first three (3) years.
the knowledge and consent of the owner of the
computer or information and communications Section 36. Appropriations. - The amount necessary
system, including the introduction of computer to carry out the provisions of Sections 27 and 28 of
viruses and the like, resulting in the corruption, this Act shall be charged against any available funds
destruction, alteration, theft or loss of electronic and/or savings under the General Appropriations Act
data messages or electronic documents shall be of 2000 in the first year of effectivity of this Act.
punished by a minimum fine of One Hundred Thereafter, the funds needed for the continued
Thousand pesos (P 100,000.00) and a maximum implementation shall be included in the annual
commensurate to the damage incurred and a General Appropriations Act.
mandatory imprisonment of six (6) months to three
(3) years; Section 37. Statutory Interpretation. - Unless
otherwise expressly provided for, the interpretation
(b) Piracy or the unauthorized copying, reproduction, of this Act shall give due regard to its international
dissemination, or distribution, importation, use, origin and the need to promote uniformity in its
removal, alteration, substitution, modification, application and the observance of good faith in
storage, uploading, downloading, communication, international trade relations. The generally accepted
making available to the public, or broadcasting of principles of international law and convention on
protected material, electronic signature or electronic commerce shall likewise be considered.
copyrighted works including legally protected sound
recordings or phonograms or information material Section 38. Variation by Agreement. - As between
on protected works, through the use of parties involved in generating, sending, receiving,
telecommunication networks, such as, but not storing or otherwise processing electronic data
limited to, the internet, in a manner that infringes message or electronic document, any provision of
intellectual property rights shall be punished by a this Act may be varied by agreement between and
minimum fine of one hundred thousand pesos (P among them.
100,000.00) and a maximum commensurate to the
damage incurred and a mandatory imprisonment of Section 39. Reciprocity. - All benefits, privileges,
six (6) months to three (3) years; advantages or statutory rules established under this
Act, including those involving practice of profession,
(c) Violations of the Consumer Act of Republic Act shall be enjoyed only by parties whose country origin
No. 7394 and other relevant to pertinent laws grants the same benefits and privileges or
through transaction covered by or using electronic advantages to Filipino citizens.
data messages or electronic documents, shall be
penalized with the same penalties as provided in Section 40. Separability Clause. - The provisions of
those laws; this Act are hereby declared separable and in the
event of any such provision is declared
(d) Other violations of the provisions of this Act, shall unconstitutional, the other provisions, which are not
be penalized with a maximum penalty of one million affected, shall remain in force and effect.
pesos (P 1,000,000.00) or six (6) years imprisonment.
Section 41. Repealing Clause. - All other laws,
Section 34. Implementing Rules and Regulations. - decrees, rules and regulations or parts thereof which
The DTI, Department of Budget and Management are inconsistent with the provisions of this Act are
and the Bangko Sentral ng Pilipinas are hereby hereby repealed, amended or modified accordingly.
empowered to enforced the provisions of this Act
and issue implementing rules and regulations Section 42. Effectivity. - This Act shall take effect
necessary, in coordination with the Department of immediately after its publication in the Official
Transportation and Communications, National Gazette or in at least two (2) national newspapers of
Telecommunications Commission, National general circulation.
Computer Center, National Information Technology
Council, Commission on Audit, other concerned Approved:
agencies and the private sector, to implement this
Act within sixty (60) days after its approval.
June 14, 2000 otherwise making use of any resources of a
computer system or communication network.
(b) Alteration refers to the modification or change, in
form or substance, of an existing computer data or
Today is Thursday, November 09, 2023home program.
ConstitutionStatutesExecutive IssuancesJudicial (c) Communication refers to the transmission of
IssuancesOther IssuancesJurisprudenceInternational information through ICT media, including voice,
Legal ResourcesAUSL Exclusive video and other forms of data.
Fifteenth Congress (d) Computer refers to an electronic, magnetic,
optical, electrochemical, or other data processing or
Second Regular Session communications device, or grouping of such devices,
capable of performing logical, arithmetic, routing, or
Begun and held in Metro Manila, on Monday, the storage functions and which includes any storage
twenty-fifth day of July, two thousand eleven. facility or equipment or communications facility or
equipment directly related to or operating in
REPUBLIC ACT NO. 10175 conjunction with such device. It covers any type of
computer device including devices with data
AN ACT DEFINING CYBERCRIME, PROVIDING FOR processing capabilities like mobile phones, smart
THE PREVENTION, INVESTIGATION, SUPPRESSION phones, computer networks and other devices
AND THE IMPOSITION OF PENALTIES THEREFOR connected to the internet.
AND FOR OTHER PURPOSES
(e) Computer data refers to any representation of
Be it enacted by the Senate and House of facts, information, or concepts in a form suitable for
Representatives of the Philippines in Congress processing in a computer system including a
assembled: program suitable to cause a computer system to
perform a function and includes electronic
CHAPTER I documents and/or electronic data messages
whether stored in local computer systems or online.
PRELIMINARY PROVISIONS
(f) Computer program refers to a set of instructions
Section 1. Title. — This Act shall be known as the executed by the computer to achieve intended
"Cybercrime Prevention Act of 2012″. results.

Section 2. Declaration of Policy. — The State (g) Computer system refers to any device or group of
recognizes the vital role of information and interconnected or related devices, one or more of
communications industries such as content which, pursuant to a program, performs automated
production, telecommunications, broadcasting processing of data. It covers any type of device with
electronic commerce, and data processing, in the data processing capabilities including, but not
nation’s overall social and economic development. limited to, computers and mobile phones. The
The State also recognizes the importance of device consisting of hardware and software may
providing an environment conducive to the include input, output and storage components which
development, acceleration, and rational application may stand alone or be connected in a network or
and exploitation of information and communications other similar devices. It also includes computer data
technology (ICT) to attain free, easy, and intelligible storage devices or media.
access to exchange and/or delivery of information;
and the need to protect and safeguard the integrity (h) Without right refers to either: (i) conduct
of computer, computer and communications undertaken without or in excess of authority; or (ii)
systems, networks, and databases, and the conduct not covered by established legal defenses,
confidentiality, integrity, and availability of excuses, court orders, justifications, or relevant
information and data stored therein, from all forms principles under the law.
of misuse, abuse, and illegal access by making
punishable under the law such conduct or conducts. (i) Cyber refers to a computer or a computer
In this light, the State shall adopt sufficient powers network, the electronic medium in which online
to effectively prevent and combat such offenses by communication takes place.
facilitating their detection, investigation, and
prosecution at both the domestic and international (j) Critical infrastructure refers to the computer
levels, and by providing arrangements for fast and systems, and/or networks, whether physical or
reliable international cooperation. virtual, and/or the computer programs, computer
data and/or traffic data so vital to this country that
Section 3. Definition of Terms. — For purposes of the incapacity or destruction of or interference with
this Act, the following terms are hereby defined as such system and assets would have a debilitating
follows: impact on security, national or economic security,
national public health and safety, or any
(a) Access refers to the instruction, communication combination of those matters.
with, storing data in, retrieving data from, or
(k) Cybersecurity refers to the collection of tools, (1) Illegal Access. – The access to the whole or any
policies, risk management approaches, actions, part of a computer system without right.
training, best practices, assurance and technologies
that can be used to protect the cyber environment (2) Illegal Interception. – The interception made by
and organization and user’s assets. technical means without right of any non-public
transmission of computer data to, from, or within a
(l) Database refers to a representation of computer system including electromagnetic
information, knowledge, facts, concepts, or emissions from a computer system carrying such
instructions which are being prepared, processed or computer data.
stored or have been prepared, processed or stored
in a formalized manner and which are intended for (3) Data Interference. — The intentional or reckless
use in a computer system. alteration, damaging, deletion or deterioration of
computer data, electronic document, or electronic
(m) Interception refers to listening to, recording, data message, without right, including the
monitoring or surveillance of the content of introduction or transmission of viruses.
communications, including procuring of the content
of data, either directly, through access and use of a (4) System Interference. — The intentional alteration
computer system or indirectly, through the use of or reckless hindering or interference with the
electronic eavesdropping or tapping devices, at the functioning of a computer or computer network by
same time that the communication is occurring. inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data
(n) Service provider refers to: or program, electronic document, or electronic data
message, without right or authority, including the
(1) Any public or private entity that provides to users introduction or transmission of viruses.
of its service the ability to communicate by means of
a computer system; and (5) Misuse of Devices.
(2) Any other entity that processes or stores (i) The use, production, sale, procurement,
computer data on behalf of such communication importation, distribution, or otherwise making
service or users of such service. available, without right, of:
(o) Subscriber’s information refers to any (aa) A device, including a computer program,
information contained in the form of computer data designed or adapted primarily for the purpose of
or any other form that is held by a service provider, committing any of the offenses under this Act; or
relating to subscribers of its services other than
traffic or content data and by which identity can be (bb) A computer password, access code, or similar
established: data by which the whole or any part of a computer
system is capable of being accessed with intent that
(1) The type of communication service used, the it be used for the purpose of committing any of the
technical provisions taken thereto and the period of offenses under this Act.
service;
(ii) The possession of an item referred to in
(2) The subscriber’s identity, postal or geographic paragraphs 5(i)(aa) or (bb) above with intent to use
address, telephone and other access numbers, any said devices for the purpose of committing any of
assigned network address, billing and payment the offenses under this section.
information, available on the basis of the service
agreement or arrangement; and (6) Cyber-squatting. – The acquisition of a domain
name over the internet in bad faith to profit,
(3) Any other available information on the site of the mislead, destroy reputation, and deprive others
installation of communication equipment, available from registering the same, if such a domain name is:
on the basis of the service agreement or
arrangement. (i) Similar, identical, or confusingly similar to an
existing trademark registered with the appropriate
(p) Traffic data or non-content data refers to any government agency at the time of the domain name
computer data other than the content of the registration:
communication including, but not limited to, the
communication’s origin, destination, route, time, (ii) Identical or in any way similar with the name of a
date, size, duration, or type of underlying service. person other than the registrant, in case of a
personal name; and
CHAPTER II
(iii) Acquired without right or with intellectual
PUNISHABLE ACTS property interests in it.
Section 4. Cybercrime Offenses. — The following acts (b) Computer-related Offenses:
constitute the offense of cybercrime punishable
under this Act: (1) Computer-related Forgery. —
(a) Offenses against the confidentiality, integrity and (i) The input, alteration, or deletion of any computer
availability of computer data and systems: data without right resulting in inauthentic data with
the intent that it be considered or acted upon for (cc) The commercial electronic communication does
legal purposes as if it were authentic, regardless not purposely include misleading information in any
whether or not the data is directly readable and part of the message in order to induce the recipients
intelligible; or to read the message.
(ii) The act of knowingly using computer data which (4) Libel. — The unlawful or prohibited acts of libel
is the product of computer-related forgery as as defined in Article 355 of the Revised Penal Code,
defined herein, for the purpose of perpetuating a as amended, committed through a computer system
fraudulent or dishonest design. or any other similar means which may be devised in
the future.
(2) Computer-related Fraud. — The unauthorized
input, alteration, or deletion of computer data or Section 5. Other Offenses. — The following acts shall
program or interference in the functioning of a also constitute an offense:
computer system, causing damage thereby with
fraudulent intent: Provided, That if no (a) Aiding or Abetting in the Commission of
Cybercrime. – Any person who willfully abets or aids
damage has yet been caused, the penalty imposable in the commission of any of the offenses
shall be one (1) degree lower. enumerated in this Act shall be held liable.
(3) Computer-related Identity Theft. – The (b) Attempt in the Commission of Cybercrime. — Any
intentional acquisition, use, misuse, transfer, person who willfully attempts to commit any of the
possession, alteration or deletion of identifying offenses enumerated in this Act shall be held liable.
information belonging to another, whether natural
or juridical, without right: Provided, That if no Section 6. All crimes defined and penalized by the
damage has yet been caused, the penalty imposable Revised Penal Code, as amended, and special laws, if
shall be one (1) degree lower. committed by, through and with the use of
information and communications technologies shall
(c) Content-related Offenses: be covered by the relevant provisions of this Act:
Provided, That the penalty to be imposed shall be
(1) Cybersex. — The willful engagement, one (1) degree higher than that provided for by the
maintenance, control, or operation, directly or Revised Penal Code, as amended, and special laws,
indirectly, of any lascivious exhibition of sexual as the case may be.
organs or sexual activity, with the aid of a computer
system, for favor or consideration. Section 7. Liability under Other Laws. — A
prosecution under this Act shall be without prejudice
(2) Child Pornography. — The unlawful or prohibited to any liability for violation of any provision of the
acts defined and punishable by Republic Act No. Revised Penal Code, as amended, or special laws.
9775 or the Anti-Child Pornography Act of 2009,
committed through a computer system: Provided, CHAPTER III
That the penalty to be imposed shall be (1) one
degree higher than that provided for in Republic Act PENALTIES
No. 9775.1âwphi1
Section 8. Penalties. — Any person found guilty of
(3) Unsolicited Commercial Communications. — The any of the punishable acts enumerated in Sections
transmission of commercial electronic 4(a) and 4(b) of this Act shall be punished with
communication with the use of computer system imprisonment of prision mayor or a fine of at least
which seek to advertise, sell, or offer for sale Two hundred thousand pesos (PhP200,000.00) up to
products and services are prohibited unless: a maximum amount commensurate to the damage
incurred or both.
(i) There is prior affirmative consent from the
recipient; or Any person found guilty of the punishable act under
Section 4(a)(5) shall be punished with imprisonment
(ii) The primary intent of the communication is for of prision mayor or a fine of not more than Five
service and/or administrative announcements from hundred thousand pesos (PhP500,000.00) or both.
the sender to its existing users, subscribers or
customers; or If punishable acts in Section 4(a) are committed
against critical infrastructure, the penalty of
(iii) The following conditions are present: reclusion temporal or a fine of at least Five hundred
thousand pesos (PhP500,000.00) up to maximum
(aa) The commercial electronic communication amount commensurate to the damage incurred or
contains a simple, valid, and reliable way for the both, shall be imposed.
recipient to reject. receipt of further commercial
electronic messages (opt-out) from the same source; Any person found guilty of any of the punishable
acts enumerated in Section 4(c)(1) of this Act shall
(bb) The commercial electronic communication does be punished with imprisonment of prision mayor or
not purposely disguise the source of the electronic a fine of at least Two hundred thousand pesos
message; and (PhP200,000.00) but not exceeding One million
pesos (PhPl,000,000.00) or both.
Any person found guilty of any of the punishable Section 11. Duties of Law Enforcement Authorities.
acts enumerated in Section 4(c)(2) of this Act shall — To ensure that the technical nature of cybercrime
be punished with the penalties as enumerated in and its prevention is given focus and considering the
Republic Act No. 9775 or the "Anti-Child procedures involved for international cooperation,
Pornography Act of 2009″: Provided, That the law enforcement authorities specifically the
penalty to be imposed shall be one (1) degree higher computer or technology crime divisions or units
than that provided for in Republic Act No. 9775, if responsible for the investigation of cybercrimes are
committed through a computer system. required to submit timely and regular reports
including pre-operation, post-operation and
Any person found guilty of any of the punishable investigation results and such other documents as
acts enumerated in Section 4(c)(3) shall be punished may be required to the Department of Justice (DOJ)
with imprisonment of arresto mayor or a fine of at for review and monitoring.
least Fifty thousand pesos (PhP50,000.00) but not
exceeding Two hundred fifty thousand pesos Section 12. Real-Time Collection of Traffic Data. —
(PhP250,000.00) or both. Law enforcement authorities, with due cause, shall
be authorized to collect or record by technical or
Any person found guilty of any of the punishable electronic means traffic data in real-time associated
acts enumerated in Section 5 shall be punished with with specified communications transmitted by
imprisonment one (1) degree lower than that of the means of a computer system.
prescribed penalty for the offense or a fine of at
least One hundred thousand pesos (PhPl00,000.00) Traffic data refer only to the communication’s origin,
but not exceeding Five hundred thousand pesos destination, route, time, date, size, duration, or type
(PhP500,000.00) or both. of underlying service, but not content, nor identities.
Section 9. Corporate Liability. — When any of the All other data to be collected or seized or disclosed
punishable acts herein defined are knowingly will require a court warrant.
committed on behalf of or for the benefit of a
juridical person, by a natural person acting either Service providers are required to cooperate and
individually or as part of an organ of the juridical assist law enforcement authorities in the collection
person, who has a leading position within, based on: or recording of the above-stated information.
(a) a power of representation of the juridical person
provided the act committed falls within the scope of The court warrant required under this section shall
such authority; (b) an authority to take decisions on only be issued or granted upon written application
behalf of the juridical person: Provided, That the act and the examination under oath or affirmation of
committed falls within the scope of such authority; the applicant and the witnesses he may produce and
or (c) an authority to exercise control within the the showing: (1) that there are reasonable grounds
juridical person, the juridical person shall be held to believe that any of the crimes enumerated
liable for a fine equivalent to at least double the hereinabove has been committed, or is being
fines imposable in Section 7 up to a maximum of Ten committed, or is about to be committed: (2) that
million pesos (PhP10,000,000.00). there are reasonable grounds to believe that
evidence that will be obtained is essential to the
If the commission of any of the punishable acts conviction of any person for, or to the solution of, or
herein defined was made possible due to the lack of to the prevention of, any such crimes; and (3) that
supervision or control by a natural person referred there are no other means readily available for
to and described in the preceding paragraph, for the obtaining such evidence.
benefit of that juridical person by a natural person
acting under its authority, the juridical person shall Section 13. Preservation of Computer Data. — The
be held liable for a fine equivalent to at least double integrity of traffic data and subscriber information
the fines imposable in Section 7 up to a maximum of relating to communication services provided by a
Five million pesos (PhP5,000,000.00). service provider shall be preserved for a minimum
period of six (6) months from the date of the
The liability imposed on the juridical person shall be transaction. Content data shall be similarly
without prejudice to the criminal liability of the preserved for six (6) months from the date of receipt
natural person who has committed the offense. of the order from law enforcement authorities
requiring its preservation.
CHAPTER IV
Law enforcement authorities may order a one-time
ENFORCEMENT AND IMPLEMENTATION extension for another six (6) months: Provided, That
once computer data preserved, transmitted or
Section 10. Law Enforcement Authorities. — The stored by a service provider is used as evidence in a
National Bureau of Investigation (NBI) and the case, the mere furnishing to such service provider of
Philippine National Police (PNP) shall be responsible the transmittal document to the Office of the
for the efficient and effective law enforcement of the Prosecutor shall be deemed a notification to
provisions of this Act. The NBI and the PNP shall preserve the computer data until the termination of
organize a cybercrime unit or center manned by the case.
special investigators to exclusively handle cases
involving violations of this Act. The service provider ordered to preserve computer
data shall keep confidential the order and its
compliance.
Section 14. Disclosure of Computer Data. — Law upon motion, with due notice and opportunity to be
enforcement authorities, upon securing a court heard to the person or persons whose conversation
warrant, shall issue an order requiring any person or or communications have been recorded.
service provider to disclose or submit subscriber’s
information, traffic data or relevant data in his/its Section 17. Destruction of Computer Data. — Upon
possession or control within seventy-two (72) hours expiration of the periods as provided in Sections 13
from receipt of the order in relation to a valid and 15, service providers and law enforcement
complaint officially docketed and assigned for authorities, as the case may be, shall immediately
investigation and the disclosure is necessary and and completely destroy the computer data subject
relevant for the purpose of investigation. of a preservation and examination.
Section 15. Search, Seizure and Examination of Section 18. Exclusionary Rule. — Any evidence
Computer Data. — Where a search and seizure procured without a valid warrant or beyond the
warrant is properly issued, the law enforcement authority of the same shall be inadmissible for any
authorities shall likewise have the following powers proceeding before any court or tribunal.
and duties.
Section 19. Restricting or Blocking Access to
Within the time period specified in the warrant, to Computer Data. — When a computer data is prima
conduct interception, as defined in this Act, and: facie found to be in violation of the provisions of this
Act, the DOJ shall issue an order to restrict or block
(a) To secure a computer system or a computer data access to such computer data.
storage medium;
Section 20. Noncompliance. — Failure to comply
(b) To make and retain a copy of those computer with the provisions of Chapter IV hereof specifically
data secured; the orders from law enforcement authorities shall be
punished as a violation of Presidential Decree No.
(c) To maintain the integrity of the relevant stored 1829 with imprisonment of prision correctional in its
computer data; maximum period or a fine of One hundred thousand
pesos (Php100,000.00) or both, for each and every
(d) To conduct forensic analysis or examination of noncompliance with an order issued by law
the computer data storage medium; and enforcement authorities.

(e) To render inaccessible or remove those computer CHAPTER V

data in the accessed computer or computer and
communications network. JURISDICTION

Pursuant thereof, the law enforcement authorities Section 21. Jurisdiction. — The Regional Trial Court
may order any person who has knowledge about the shall have jurisdiction over any violation of the
functioning of the computer system and the provisions of this Act. including any violation
measures to protect and preserve the computer committed by a Filipino national regardless of the
data therein to provide, as is reasonable, the place of commission. Jurisdiction shall lie if any of
necessary information, to enable the undertaking of the elements was committed within the Philippines
the search, seizure and examination. or committed with the use of any computer system
wholly or partly situated in the country, or when by
Law enforcement authorities may request for an such commission any damage is caused to a natural
extension of time to complete the examination of or juridical person who, at the time the offense was
the computer data storage medium and to make a committed, was in the Philippines.
return thereon but in no case for a period longer
than thirty (30) days from date of approval by the There shall be designated special cybercrime courts
court. manned by specially trained judges to handle
cybercrime cases.
Section 16. Custody of Computer Data. — All
computer data, including content and traffic data, CHAPTER VI
examined under a proper warrant shall, within forty-
eight (48) hours after the expiration of the period INTERNATIONAL COOPERATION
fixed therein, be deposited with the court in a sealed
package, and shall be accompanied by an affidavit of Section 22. General Principles Relating to
the law enforcement authority executing it stating International Cooperation. — All relevant
the dates and times covered by the examination, international instruments on international
and the law enforcement authority who may access cooperation in criminal matters, arrangements
the deposit, among other relevant data. The law agreed on the basis of uniform or reciprocal
enforcement authority shall also certify that no legislation, and domestic laws, to the widest extent
duplicates or copies of the whole or any part thereof possible for the purposes of investigations or
have been made, or if made, that all such duplicates proceedings concerning criminal offenses related to
or copies are included in the package deposited with computer systems and data, or for the collection of
the court. The package so deposited shall not be evidence in electronic form of a criminal, offense
opened, or the recordings replayed, or used in shall be given full force and effect.
evidence, or then contents revealed, except upon
order of the court, which shall not be granted except CHAPTER VII
COMPETENT AUTHORITIES CHAPTER VIII
Section 23. Department of Justice (DOJ). — There is FINAL PROVISIONS
hereby created an Office of Cybercrime within the
DOJ designated as the central authority in all matters Section 27. Appropriations. — The amount of Fifty
related to international mutual assistance and million pesos (PhP50,000,000_00) shall be
extradition. appropriated annually for the implementation of this
Act.
Section 24. Cybercrime Investigation and
Coordinating Center. — There is hereby created, Section 28. Implementing Rules and Regulations. —
within thirty (30) days from the effectivity of this Act, The ICTO-DOST, the DOJ and the Department of the
an inter-agency body to be known as the Cybercrime Interior and Local Government (DILG) shall jointly
Investigation and Coordinating Center (CICC), under formulate the necessary rules and regulations within
the administrative supervision of the Office of the ninety (90) days from approval of this Act, for its
President, for policy coordination among concerned effective implementation.
agencies and for the formulation and enforcement
of the national cybersecurity plan. Section 29. Separability Clause — If any provision of
this Act is held invalid, the other provisions not
Section 25. Composition. — The CICC shall be affected shall remain in full force and effect.
headed by the Executive Director of the Information
and Communications Technology Office under the Section 30. Repealing Clause. — All laws, decrees or
Department of Science and Technology (ICTO-DOST) rules inconsistent with this Act are hereby repealed
as Chairperson with the Director of the NBI as Vice or modified accordingly. Section 33(a) of Republic
Chairperson; the Chief of the PNP; Head of the DOJ Act No. 8792 or the "Electronic Commerce Act" is
Office of Cybercrime; and one (1) representative hereby modified accordingly.
from the private sector and academe, as members.
The CICC shall be manned by a secretariat of Section 31. Effectivity. — This Act shall take effect
selected existing personnel and representatives from fifteen (15) days after the completion of its
the different participating agencies.1âwphi1 publication in the Official Gazette or in at least two
(2) newspapers of general circulation.
Section 26. Powers and Functions. — The CICC shall
have the following powers and functions: Approved,
(a) To formulate a national cybersecurity plan and
extend immediate assistance for the suppression of
real-time commission of cybercrime offenses
through a computer emergency response team
(CERT);
(b) To coordinate the preparation of appropriate and
effective measures to prevent and suppress
cybercrime activities as provided for in this Act;
(c) To monitor cybercrime cases being bandied by
participating law enforcement and prosecution
agencies;
(d) To facilitate international cooperation on
intelligence, investigations, training and capacity
building related to cybercrime prevention,
suppression and prosecution;
(e) To coordinate the support and participation of
the business sector, local government units and
nongovernment organizations in cybercrime
prevention programs and other related projects;
(f) To recommend the enactment of appropriate
laws, issuances, measures and policies;
(g) To call upon any government agency to render
assistance in the accomplishment of the CICC’s
mandated tasks and functions; and
(h) To perform all other matters related to
cybercrime prevention and suppression, including
capacity building and such other functions and
duties as may be necessary for the proper
implementation of this Act.