Approved on September 12, 2012, the Cybercrime Prevention Act of 2012 (formally known as Republic Act No. 10175) is a piece of Philippine law. It attempts to solve legal concerns related to the Internet and online interactions in the Philippines. Cybersquatting, cybersex, child pornography, identity theft, illegal data access, and libel are all prohibited by law. The law has drawn criticism for criminalizing libel, which is seen as a restriction on the right to free speech and constitutes “cyber authoritarianism,” while being praised for punishing unlawful online activities that were not addressed by earlier statutes. Its use against reporters such as Maria Ressa of Rappler has been met with a great deal of criticism. A temporary restraining order that suspended the Act’s execution for 120 days was issued by the Supreme Court of the Philippines on October 9, 2012. It was reiterated on February 5, 2013, “until further orders from the court.”

The majority of the statute was affirmed by the Supreme Court on February 18, 2014, including the contentious cyber-libel section.

The Genesis of the Cybercrime Act: From Early Drafts to Legal Force

One of the first laws in the Philippines to specifically criminalize cybercrime, the Cybercrime Prevention Act of 2012, lacked a clear legal precedence before it was put into effect. While some computer-related acts were controlled by the Electronic Commerce Act of 2000 (Republic Act No. 8792), it did not provide a legal framework for the general prosecution of computer-related offenses. For example, Onel De Guzman, the computer programmer who was allegedly responsible for the ILOVEYOU computer worm, was never charged by Philippine authorities since, at the time, there was no legal foundation for such a prosecution under the country’s then-current laws.

The Legal and Regulatory Committee of the former Information Technology and eCommerce Council (ITECC), the forerunner of the Commission on Information and Communication Technology (CICT) and the Department of Information and Communications Technology (DICT), started drafting the first drafts of the Anti-Cybercrime and Data Privacy Acts in 2001. Former Secretary Virgilio “Ver” Peña led the committee, with the Attorney in charge of the legal and regulatory committees. Parade, Claro. The Information Security and Privacy Sub-Committee, led by Elfren Meneses, Chief of the National Bureau of Investigation’s (NBI) Anti-Computer Crime and Fraud Division (ACCFD), and Albert P. Dela Cruz, the former president of the Philippine Computer Emergency Response Team (PHCERT), took the initiative to implement the laws. The Presidential Management Staff (PMS), which handled operational and administrative duties, made up the CICT secretariat. During that time, a lot of different organizations and special interest groups obtained the first draft of the bill.

A number of cybercrime-related bills that were proposed in the 14th and 15th Congress took the place of this. Together, House Bill No. 5808 (written by Representative Susan Yap-Sulit of Tarlac’s second district and 36 other co-authors) and Senate Bill No. 2796 (filed by Senator Edgardo Angara) created the Cybercrime Prevention Act. Shortly after Renato Corona’s impeachment, on June 5 and 4, 2012, both motions were approved by their respective houses. On September 12, President Benigno Aquino III signed the Act’s final draft.

Jurisdiction and Enforcement: The Reach of the Philippines’ Cybercrime Law

The Act is divided into eight chapters with 31 parts. Numerous offenses are rendered unlawful, including cybersquatting, data interference, device abuse, unauthorized access (hacking), computer-related offenses like computer fraud, content-related offenses like cybersex and spam, and more. Additionally, this measure supports Section 355 of the Philippines’ Revised Penal Code, which prohibits libel, as well as Republic Act No. 9775, better known as the Anti-Child Pornography Act of 2009, and child pornography, both of which are prohibited when done on a computer. Additionally, the Act has a “catch-all” provision that renders any computer-related activity that is now prohibited under the Revised Penal Code unlawful as well. We’ll take these acts more seriously than we would have under the Revised Penal Code.

Philippines Cybercrime Law

Because the Act has worldwide power, it applies to all Filipino nationals, regardless of where they were commissioned. Whether the illicit gadget is entirely or partially situated in the Philippines or whether an injury is inflicted against a natural or legal person who was present at the time of the crime, there is jurisdiction when criminal action occurs in the Philippines. The Act’s infractions will be tried in regional trial courts.

The Act has a provision known as the “takedown clause.” This provision permits the Department of Justice to erase data without a judge’s approval if they believe it violates the Act’s guidelines. When the Act was first being considered in Congress, this section was not included. On May 31, 2012, it was added during Senate deliberations. Another law, which states that data must be retained on computers for six months after the transaction date, is in addition to the “takedown” requirement. Law enforcement may request an additional six months to be added to this time.

The Act also directs the Department of Justice to oversee the establishment of a hacking team consisting of special agents who would solely investigate Act violations by the National Bureau of Investigation and the Philippine National Police. When there is a valid cause, the unit has the authority to search for and seize computer data and equipment. It may also get real-time traffic statistics from Internet service providers and compel them to turn over computer data to the unit within 72 hours after obtaining a court order.

The National Bureau of Investigation is responsible for investigating offenses that violate Republic Act 10175, also known as the Cybercrime Prevention Act of 2012, according to Republic Act 10876, the National Bureau of Investigation Reorganization and Modernization Act.


The Cybercrime Prevention Act of 2012, officially known as Republic Act No. 10175, stands as a landmark legislation in the Philippines aimed at addressing a spectrum of online offenses and bolstering digital security measures. Enacted to fill legal gaps in regulating cyber activities, the law criminalizes various cybercrimes, including hacking, identity theft, and cybersex, while also controversially incorporating provisions on libel. Despite initial challenges and debates surrounding its constitutionality and impact on freedom of expression, the Act has been affirmed by the Supreme Court of the Philippines, albeit with modifications. Moving forward, its enforcement and application remain pivotal in navigating the complexities of digital crime in the Philippines’ evolving legal landscape.

Suggested for you