Title
DOJ Rules on Cybercrime Prevention Act 2012
Law
Doj Rules And Regulations Implementing Republic Act No. 10175, Otherwise Known As The "cybercrime Prevention Act Of 2012"
Decision Date
Aug 12, 2015
The Implementing Rules and Regulations (IRR) of the Cybercrime Prevention Act of 2012 provides guidelines for the protection of computer systems and data, enforcement of cybercrime laws, and international cooperation in combating cybercrimes in the Philippines.
implementing rules and regulations
guidelines
protection

Policy and definitions established

  • The State recognizes the vital role of information and communications industries, including content production, telecommunications, broadcasting, electronic commerce and data processing, in social and economic development.

  • The State commits to providing an environment conducive to the development and rational application of information and communications technology to attain free, easy, and intelligible access to exchange and/or delivery of information.

  • The State requires protection of the integrity of computer systems, networks and databases, and safeguarding of the confidentiality, integrity, and availability of information and data stored therein from misuse, abuse, and illegal access by making such conduct punishable under Republic Act No. 10175.

  • The State adopts sufficient powers to prevent and combat cybercrime by facilitating detection, investigation, prosecution, and fast and reliable international cooperation.

  • The rules define “Access,” “Alteration,” “Central Authority,” “Child Pornography,” “Collection,” “Communication,” “Competent Authority,” “Computer,” “Computer data,” “Computer program,” “Computer system,” “Content Data,” “Critical infrastructure,” “Cybersecurity,” “Cybersex,” “Cyber,” “Database,” “Digital evidence,” “Electronic evidence,” “Forensics,” “Forensic image,” “Hash value,” “Identifying information,” “Information and communication technology system,” “Interception,” “Internet content host,” “Law enforcement authorities,” “Original author,” “Preservation,” “Service provider,” “Subscriber’s information,” “Traffic Data or Non-Content Data,” and “Without Right.”

  • “Child Pornography” means unlawful acts under Republic Act No. 9775 (Anti-Child Pornography Act of 2009) committed through a computer system, with the penalty one (1) degree higher than under Republic Act No. 9775.

  • “Competent Authority” refers to either the Cybercrime Investigation and Coordinating Center or the DOJ Office of Cybercrime, as applicable.

  • “Hash value” is a one-way digital fingerprint created by a mathematical algorithm against digital information.

  • “Without Right” covers conduct undertaken without or in excess of authority, or conduct not covered by legal defenses, excuses, court orders, justifications, or relevant principles under law.

  • “Preservation” means keeping data that exists in a stored form protected from changes or deterioration.

  • “Service provider” includes entities providing users the ability to communicate by means of a computer system, and entities that process or store computer data on behalf of such communication service or users.

  • “Traffic Data or Non-Content Data” means computer data other than the content of communications, including origin, destination, route, time, date, size, duration, and type of underlying service.

Cybercrime offenses and penalties

  • Section 4 provides core cybercrime offenses punishable under Republic Act No. 10175.

  • Offenses against confidentiality, integrity and availability of computer data and systems include Illegal Access, Illegal Interception, Data Interference, System Interference, Misuse of Devices, Computer-related offenses, and Content-related offenses as enumerated in Section 4.

  • Illegal Access is committed by accessing the whole or any part of a computer system without right.

  • Illegal Interception is committed by intercepting by technical means and without right any non-public transmission of computer data to, from, or within a computer system, including electromagnetic emissions carrying such computer data.

  • Illegal Interception is not unlawful for an officer, employee, or agent of a service provider whose facilities are used in transmission, when interception/disclosure/use is in the normal course of employment, necessary to rendition of service or protection of rights/property of the service provider, and does not utilize service observing or random monitoring other than for mechanical or service control quality checks.

  • Data Interference is committed by intentionally or recklessly altering, damaging, deleting, or deteriorating computer data, electronic documents, or electronic data messages without right, including introduction or transmission of viruses.

  • System Interference is committed by intentionally altering, or recklessly hindering or interfering with functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering, or suppressing computer data or program, electronic document or electronic data message without right or authority, including viruses.

  • Misuse of Devices is committed through any of the following acts and is punished with imprisonment of prision mayor, or a fine of not more than PHP 500,000, or both:

    • Use, production, sale, procurement, importation, distribution, or otherwise making available intentionally and without right of devices or computer programs designed or adapted primarily for committing any core offenses under the rules; or passwords/access codes/similar data enabling access to a computer system with intent to use them to commit core offenses.
    • Possession of an item referred to for the intent to use it for committing core offenses.
    • No criminal liability attaches when use, production, sale, procurement, importation, distribution, otherwise making available, or possession is for authorized testing of a computer system.

  • If any punishable acts under Section 4(A) are committed against critical infrastructure, the penalty is reclusion temporal, or a fine of at least PHP 500,000 up to maximum commensurate to the damage incurred, or both.

  • Computer-related offenses are punished with imprisonment of prision mayor, or a fine of at least PHP 200,000 up to maximum commensurate to the damage incurred, or both, including:

    • Computer-related Forgery: input, alteration, or deletion of computer data without right resulting in inauthentic data with intent it be considered or acted upon for legal purposes as if authentic (regardless of whether readable/intelligible); or knowingly using computer data that is the product of such forgery for fraudulent or dishonest designs.
    • Computer-related Fraud: unauthorized input, alteration or deletion of computer data or program, or interference in functioning of a computer system causing damage with fraudulent intent; if no damage has yet been caused, the penalty imposable is one (1) degree lower.
    • Computer-related Identity Theft: intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another natural or juridical person without right; if no damage has yet been caused, the penalty imposable is one (1) degree lower.

  • Content-related offense—Child Pornography is punished under Republic Act No. 9775:

    • The penalty imposed is one (1) degree higher if committed through a computer system.

  • Section 5 lists other cybercrimes punishable under the Act, including:

    • Cyber-squatting: acquisition of a domain name in bad faith to profit, mislead, destroy reputation, and deprive others from registering it, when the domain name is similar/identical/confusingly similar to a registered trademark; or identical/in any way similar to another person’s name; or acquired without right or with intellectual property interests.
    • Cyber-squatting is punished with imprisonment of prision mayor or a fine of at least PHP 200,000 up to maximum commensurate to damage, or both.
    • If cyber-squatting is committed against critical infrastructure, the penalty is reclusion temporal, or a fine of at least PHP 500,000 up to maximum commensurate to damage, or both.
    • Cybersex: willful engagement, maintenance, control, or operation of a lascivious exhibition of sexual organs or sexual activity with aid of a computer system for favor or consideration; punished with imprisonment of prision mayor, or a fine of at least PHP 200,000 but not exceeding PHP 1,000,000, or both.
    • Cybersex involving a child is punished in accordance with the Act’s child pornography provision.
    • If cybersex maintenance/control/operation also constitutes an offense under Republic Act No. 9208, as amended, prosecution under the Act is without prejudice to liability under the Revised Penal Code and special laws including R.A. No. 9208, consistent with Section 8.

  • Libel through a computer system: unlawful or prohibited acts of libel under Article 355 of the Revised Penal Code committed through a computer system or similar means in the future are punished with prision correccional in its maximum period to prision mayor in its minimum period or a fine ranging from PHP 6,000 up to the maximum amount determined by court, or both, in addition to the civil action of the offended party.

  • The libel provision applies only to the original author of the post or online libel, not to those who simply receive the post and react to it.

  • Other offenses are punished with imprisonment one (1) degree lower than the prescribed penalty for the offense, or a fine of at least PHP 100,000 but not exceeding PHP 500,000, or both, including:

    • Aiding or Abetting in the Commission of Cybercrime, except for:
      • Sections 4(c)(2) on Child Pornography and 4(c)(4) on online Libel.
    • Attempt to Commit Cybercrime, except for:
      • Sections 4(c)(2) on Child Pornography and 4(c)(4) on online Libel.

Corporate liability and related-law rules

  • Section 6 imposes corporate liability when punishable acts are knowingly committed on behalf of or for the benefit of a juridical person by a natural person acting with leading position within the juridical person based on a power of representation, authority to take decisions, or authority to exercise control.

  • Under Section 6, the juridical person is liable for a fine equivalent to at least double the fines imposable in Section 7, up to PHP 10,000,000.

  • Under Section 6, if commission was made possible due to lack of supervision or control by a natural person under the preceding paragraph, the juridical person is liable for a fine equivalent to at least double the fines imposable in Section 7, up to PHP 5,000,000.

  • Corporate liability under Section 6 does not bar the criminal liability of the natural person who committed the offense.

  • Section 7 provides that all crimes defined and penalized by the Revised Penal Code (as amended) and special criminal laws committed by, through and with the use of information and communications technologies are covered by the Act.

  • For covered crimes under Section 7, the penalty imposed is one (1) degree higher than that provided by the Revised Penal Code (as amended) and special laws.

  • Section 8 provides that prosecution under the Act is without prejudice to liability for violations of the Revised Penal Code (as amended) or special laws.

  • The Section 8 rule limits dual prosecution by excluding:

    • Prosecution of an offender under both Section 4(c)(4) of R.A. 10175 and Article 353 of the Revised Penal Code.
    • Prosecution of an offender under both Section 4(c)(2) of R.A. 10175 and R.A. 9775 (Anti-Child Pornography Act of 2009).

Enforcement powers, warrants, and evidence handling

  • Section 9 assigns law enforcement of the Act to the National Bureau of Investigation (NBI) and the Philippine National Police (PNP).

  • The NBI and PNP must organize a cybercrime division/unit staffed by Special Investigators to exclusively handle cases involving violations of the Act.

  • The NBI must create a cybercrime division headed by at least a Head Agent.

  • The PNP must create an anti-cybercrime unit headed by at least a Police Director.

  • The DOJ Office of Cybercrime (OOC) created under the Act coordinates NBI and PNP enforcement.

  • Section 10 grants NBI and PNP cybercrime units powers/functions including investigation of cybercrimes involving computer systems, data recovery and forensic analysis, and forensic guidelines consistent with industry standards.

  • Section 10 requires technological support for search, seizure, evidence preservation, and forensic recovery, including testimonies.

  • Section 10 requires development of databases for statistical/monitoring purposes and capacity-building within organizations.

  • Section 10 requires support for formulation and enforcement of the national cybersecurity plan and performance of other functions as required by the Act.

  • Section 11 requires law enforcement authorities to submit timely and regular reports, including pre-operation, post-operation, and investigation results, and other documents the DOJ Office of Cybercrime requires for review and monitoring.

  • Section 11 requires compliance with competent authority guidelines/advisories/procedures and use of prescribed forms and templates, including preservation orders, chain of custody, consent to search, consent to assume account/online identity, and request for computer forensic examination.

  • Section 12 requires service providers to keep, retain, and preserve traffic data and subscriber information for a minimum of six (6) months from the date of the transaction.

  • Section 12 requires service providers to preserve content data for six (6) months from the date of receipt of the order from law enforcement authorities requiring preservation.

  • Section 12 permits law enforcement to order a one-time extension for another six (6) months.

  • Under Section 12, once preserved computer data is used as evidence, furnishing the service provider with a copy of the transmittal document to the Office of the Prosecutor is deemed notification to preserve data until final termination and/or as ordered by court.

  • Under Section 12, the service provider ordered to preserve must keep the order and compliance confidential.

  • Section 13 authorizes law enforcement authorities, upon issuance of a court warrant, to collect or record by technical/electronic means and authorizes service providers to collect/record and/or cooperate in collection of computer data associated with specified communications transmitted by a computer system.

  • Under Section 13, the court warrant must be issued after written application and examination under oath/affirmation showing reasonable grounds that:

    • a crime enumerated in the Act has been committed, is being committed, or is about to be committed;
    • the evidence to be obtained is essential to conviction, solution, or prevention; and
    • there are no other means readily available for obtaining such evidence.

  • Section 14 requires law enforcement authorities, upon securing a court warrant, to issue an order requiring disclosure/submission within seventy-two (72) hours from receipt to provide subscriber’s information, traffic data, or relevant data necessary and relevant for investigation in relation to a valid complaint officially docketed and assigned for investigation.

  • Under Section 14, law enforcement authorities must record all sworn complaints in their official docketing system.

  • Section 15 provides that, when a search and seizure warrant is properly issued, law enforcement authorities may conduct interception as defined in the rules and shall have powers/duties including:

    • search and seize computer data;
    • secure the computer system or data storage medium;
    • make and retain a copy of secured computer data;
    • maintain integrity of stored computer data;
    • conduct forensic analysis/examination;
    • render inaccessible or remove the computer data in the accessed computer or network.

  • Section 15 authorizes law enforcement to order a person with knowledge of the computer system functioning and protection measures to provide reasonable necessary information to enable search, seizure, and examination.

  • Section 15 permits requesting extension to complete examination and return, but never longer than thirty (30) days from date of court approval.

  • Section 16 requires custody and court deposit: all examined computer data must, within forty-eight (48) hours after expiration of the period fixed in the warrant, be deposited with the court in a sealed package with an affidavit stating dates/times covered and law enforcement access among other data.

  • Section 16 requires certification that no duplicates/copies were made or, if made, all are included in the package.

  • Under Section 16, the sealed package cannot be opened, recordings replayed, used in evidence, or contents revealed except by court order upon motion with due notice and opportunity to be heard to persons whose conversations/communications were recorded.

  • Section 17 mandates destruction: upon expiration of preservation and examination periods (under Sections 12 and 15) or until final case termination and/or court order, service providers and law enforcement authorities must immediately and completely destroy the computer data subject of preservation and examination orders or warrants.

  • Section 18 establishes an exclusionary rule: evidence obtained without a valid warrant or beyond authority is inadmissible in any proceeding before any court or tribunal.

  • Section 18 applies the Rules of Court suppletorily in implementing the Act.

  • Section 19 imposes penalties for non-compliance: failure to comply with Chapter IV of the Act and Rules 7 and 8 on law enforcement orders is punished as a violation of Presidential Order No. 1829, with imprisonment of prision correccional in its maximum period or a fine of PHP 100,000, or both, for each and every noncompliance with an order issued by law enforcement authorities.

  • Section 20 limits service provider liability for access-related roles:

    • No civil or criminal liability attaches for mere provision of access regarding computer data, subject to conditions that the service provider lacks actual knowledge (or awareness of apparent facts) that dissemination is unlawful/infringing, does not knowingly receive financial benefit directly attributable to unlawful/infringing activity, and does not directly commit infringement/unlawful acts, induce/cause others to commit them, and does not directly benefit financially from infringement or unlawful acts of others.
    • Section 20 preserves contractual obligations, licensing/regulatory obligations, obligations imposed under law, and civil liabilities to the extent forming the basis for injunctive relief requiring removal, blocking, denial of access, or preservation of evidence.

Jurisdiction, venue, and prosecution structure

  • Section 21 grants the Regional Trial Court (RTC) jurisdiction over any violation of the Act, including violations committed by a Filipino national regardless of place of commission.
  • Under Section 21, jurisdiction lies if any element is committed within the Philippines, if committed with use of a computer system wholly or partly situated in the country, or when damage is caused to a natural or juridical person in the Philippines at the time of commission.
  • Section 22 provides venue for criminal actions in the RTC of the province or city where the cybercrime or any of its elements is committed, where any part of the computer system used is situated, or where any damage to a natural or juridical person took place.
  • Section 22 provides that the court where the criminal action is first filed acquires jurisdiction to the exclusion of other courts.
  • Section 23 provides designation of special cybercrime courts manned by specially trained judges to handle cybercrime cases.
  • Section 24 requires the Secretary of Justice to designate prosecutors and investigators comprising a prosecution task force/division under the DOJ Office of Cybercrime to handle cybercrime cases in violation of the Act.

International cooperation and central authorities

  • Section 25 commands that all relevant international instruments on cooperation in criminal matters and reciprocal arrangements receive full force and effect to the widest extent possible for investigations/proceedings concerning crimes related to computer systems and data and collection of electronic evidence.
  • The DOJ must cooperate, render assistance, and request assistance from foreign states for detection, investigation, and prosecution of offenses under the Act and collection of electronic-form evidence.
  • Section 25 applies Presidential Decree No. 1069 and pertinent laws and existing extradition and mutual legal assistance treaties.
  • Section 25 designates the central authority to provide:
    • assistance to a requesting State for real-time collection of traffic data associated with specified communications transmitted by a computer system in the country, subject to Section 13;
    • assistance for real-time collection, recording, or interception of content data, subject to Section 13;
    • allowing access to publicly available stored computer data located in the country or elsewhere, or access/receipt of stored data through a computer system located in the country where the other State has lawful and voluntary consent of the person with lawful authority to disclose the data.
  • Section 25 requires responding to requests to order or obtain expeditious preservation of data stored by computer systems within the country, where the requesting State submits a request for mutual assistance for search/access, seizure/securing, or disclosure.
  • A preservation request under Section 25 must specify: the authority seeking preservation, the offense and brief facts, the data to be preserved and its relationship to the offense, and necessity of preservation.
  • Section 25 provides that dual criminality is not required as a condition for responding to preservation requests.
  • Section 25 allows refusal of preservation requests only when:
    • the request concerns political offenses or offenses connected with political offenses; or
    • execution would be prejudicial to Philippine sovereignty, security, public order, or other national interest.
  • Section 25 provides that any preservation effected must last not less than sixty (60) days.
  • Section 25 requires the DOJ and law enforcement to take appropriate measures to expeditiously preserve specified data in accordance with the Act and other laws.
  • Section 25 provides expedited response rules when vulnerable data loss/modification is expected or when instruments/arrangements provide expedited cooperation.
  • Section 25 requires confidentiality by the requesting State regarding the fact/subject of request, and limits use of information subject to conditions in the grant.
  • Section 25 deems the Act’s Chapter II offenses included as extraditable offenses in any extradition treaty where Philippines is a party, provided they are punishable by deprivation of liberty for a minimum period of at least one year or a more severe penalty in both States.
  • The Secretary of Justice designates appropriate State Counsels for international cooperation matters.

Competent bodies and cybersecurity coordination

  • Section 26 establishes the Cybercrime Investigation and Coordinating Center (CICC) under administrative supervision of the Office of the President for policy coordination and for formulation and enforcement of the national cybersecurity plan.

  • Section 26 provides CICC composition as an Executive Committee headed by the Executive Director of ICT Office under DOST as Chairperson, with the Director of the NBI as Vice-Chairperson, and the Chief of the PNP, the Head of the DOJ Office of Cybercrime, and one (1) representative each from the private sector, NGOs, and the academe as members.

  • Section 26 requires support by Secretariats for Cybercrime, Administration, and Cybersecurity, manned from existing personnel/representatives.

  • Section 26 allows CICC to enlist assistance of other government agencies including:

    • Bureau of Immigration;
    • Philippine Drug Enforcement Agency;
    • Bureau of Customs;
    • National Prosecution Service;
    • Anti-Money Laundering Council;
    • Securities and Exchange Commission;
    • National Telecommunications Commission;
    • and other offices/agencies/units as necessary.

  • Section 26 provides that the DOJ Office of Cybercrime serves as the Cybercrime Operations Center of the CICC and submits periodic reports to the CICC.

  • Section 26 provides participation need not require physical presence; electronic modes such as email and audio-visual conference calls are allowed.

  • Section 27 mandates CICC to formulate a national cybersecurity plan and extend immediate assistance through a CERT for suppression of real-time commission of cybercrime offenses.

  • Section 27 requires coordination of prevention/suppression measures, monitoring cybercrime cases, facilitating international cooperation on intelligence/investigations/training/capacity-building, and coordinating support and participation of business sectors, local government units, and NGOs.

  • Section 27 empowers CICC to recommend enactment of laws and issuances, call on government agencies to assist, conduct community awareness programs, and perform other cybercrime prevention and suppression matters.

  • Section 28 designates the DOJ Office of Cybercrime (OOC) as:

    • central authority in international mutual assistance and extradition matters related to cybercrime; and
    • the Cybercrime Operations Center of the CICC.

  • Section 28 requires the OOC to act on assistance requests for investigations/proceedings, facilitate advice/preservation/production of data/collection of evidence, and cause investigation and prosecution of cybercrimes and other Act violations.

  • Section 28 requires the OOC to issue preservation orders to service providers, administer oaths, issue subpoenas, and summon witnesses in investigations/proceedings.

  • Section 28 requires monitoring service provider compliance with Chapter IV of the Act and Rules 7 and 8, and requiring timely and regular reports from PNP and NBI for monitoring and review.

  • Section 28 empowers the OOC to issue and promulgate guidelines/advisories/procedures for cybercrime investigation and forensic evidence/data analysis consistent with industry standards, and to prescribe forms and templates including preservation orders, chain of custody, consent to search, consent to assume account/online identity, and requests for computer forensic examination.

  • Section 28 assigns specific DOJ-related roles/responsibilities under the implementing rules of Republic Act No. 9775 regarding anti-child pornography.

  • Section 29 requires DOST-ICT Office to establish and operate a Computer Emergency Response Team (CERT) to coordinate cybersecurity activities.

  • Section 29 mandates CERT to extend immediate assistance to CICC with cybersecurity and the national cybersecurity plan, issue cybersecurity guidelines/advisories/procedures, facilitate international cooperation on intelligence/training/capacity-building, and serve as a focal point for cybersecurity incidents.

  • Section 29 requires CERT to provide technical analysis of computer security incidents, assist in escalating abuse reports, research emerging threats, issue alerts/advisories, coordinate incident responses with trusted third parties nationally and internationally, and conduct technical training.

  • Section 29 designates the PNP and NBI as the CERT’s field operations arm, and allows CERT to enlist other government agencies to perform CERT functions.

Service provider duties and child pornography duties

  • Section 30 imposes duties of a service provider, including preservation and cooperation obligations:
    • preserve integrity of traffic data and subscriber information for minimum six (6) months from transaction date;
    • preserve integrity of content data for six (6) months from date of receipt of preservation order;
    • preserve integrity of computer data for extended preservation for six (6) months from receipt of order requiring extension;
    • preserve integrity of computer data until final case termination and/or as ordered upon receipt of copy of the transmittal document to the Office of the Prosecutor;
    • ensure confidentiality of preservation orders and compliance;
    • collect or record by technical/electronic means and/or

Analyze Cases Smarter, Faster
Jur helps you analyze cases smarter to comprehend faster, building context before diving into full texts. AI-powered analysis, always verify critical details.

About Privacy Terms