Republic Act 10175 – Cybercrime Prevention Act was signed into law last September 12, 2012.

This law is already in

effect as the Supreme Court uphold its constitutionality (February 18, 2014). Although some provisions were
deemed as unconstitutional (struck down) particularly Sections 4(c)(3), 7, 12, and 19.

It is a law considered to be 11 years in the making as various groups, organizations, and personalities lobbied for its
passage. It took awhile for the law to be passed as legislators and various stakeholders need to understand the
magnitude of cybercrime and whether the penalty provisions indicated in the E-Commerce Law – Republic Act 8792 is
sufficient or not.

Types of Cybercrime Penalty

Prision mayor (imprisonment of six years and 1

day up to 12 years) or a fine of at least Two
hundred thousand pesos (P200,000) up to a
maximum amount commensurate to the damage
1. Illegal access incurred or BOTH.————————If committed
Unauthorized access (without right) to a computer system against critical infrastructure:Reclusion temporal
or application. (imprisonment for twelve years and one day up to
twenty years) or a fine of at least Five hundred
thousand pesos (P500,000) up to a maximum
amount commensurate to the damage incurred or
BOTH

2. Illegal interception
Unauthorized interception of any non-public transmission – same as above
of computer data to, from, or within a computer system.

3. Data Interference
Unauthorized alteration, damaging, deletion or – same as above
deterioration of computer data, electronic document, or
electronic data message, and including the introduction or
transmission of viruses.Authorized action can also be
covered by this provision if the action of the person went
beyond agreed scope resulting to damages stated in this
provision.

4. System Interference
Unauthorized hindering or interference with the
functioning of a computer or computer network by
inputting, transmitting, damaging, deleting, deteriorating,
altering or suppressing computer data or program,
– same as above
electronic document, or electronic data messages, and
including the introduction or transmission of
viruses.Authorized action can also be covered by this
provision if the action of the person went beyond agreed
scope resulting to damages stated in this provision.

5. Misuse of devices
The unauthorized use, possession, production, sale,
procurement, importation, distribution, or otherwise
making available, of devices, computer program designed
or adapted for the purpose of committing any of the
– same as above except fine should be no more
offenses stated in Republic Act 10175.Unauthorized use
than Five hundred thousand pesos (P500,000).
of computer password, access code, or similar data by
which the whole or any part of a computer system is
capable of being accessed with intent that it be used for
the purpose of committing any of the offenses under
Republic Act 10175.

6. Cyber-squatting
Acquisition of domain name over the Internet in bad faith
– same as above
to profit, mislead, destroy reputation, and deprive others
from the registering the same. This includes those existing
trademark at the time of registration; names of persons
other than the registrant; and acquired with intellectual
property interests in it.Those who get domain names of
prominent brands and individuals which in turn is used to
damage their reputation – can be sued under this
provision.Note that freedom of expression and
infringement on trademarks or names of person are
usually treated separately. A party can exercise freedom
of expression without necessarily violating the trademarks
of a brand or names of persons.

7. Computer-related Forgery
Unauthorized input, alteration, or deletion of computer
data resulting to inauthentic data with the intent that it be Prision mayor (imprisonment of six years and 1
considered or acted upon for legal purposes as if it were day up to 12 years) or a fine of at least Two
authentic, regardless whether or not the data is directly hundred thousand pesos (P200,000) up to a
readable and intelligible; orThe act of knowingly using maximum amount commensurate to the damage
computer data which is the product of computer-related incurred or BOTH.
forgery as defined here, for the purpose of perpetuating a
fraudulent or dishonest design.

8. Computer-related Fraud
Unauthorized input, alteration, or deletion of computer
data or program or interference in the functioning of a
computer system, causing damage thereby with
fraudulent intent.
– same as aboveProvided, That if no damage has
yet been caused, the penalty imposed shall be
one (1) degree lower.

9. Computer-related Identity Theft

Unauthorized acquisition, use, misuse, transfer,
– same as above
possession, alteration or deletion of identifying information
belonging to another, whether natural or juridical.
10. Cybersex
Willful engagement, maintenance, control, or operation,
directly or indirectly, of any lascivious exhibition of sexual
organs or sexual activity, with the aid of a computer Prision mayor (imprisonment of six years and 1
system, for favor or consideration.There is a discussion day up to 12 years) or a fine of at least Two
on this matter if it involves “couples” or “people in hundred thousand pesos (P200,000) but not
relationship” who engage in cybersex. For as long it is not exceeding One million pesos (P1,000,000) or
done for favor or consideration, I don’t think it will be BOTH.
covered. However, if one party (in a couple or
relationship) sues claiming to be forced to do cybersex,
then it can be covered.

11. Child Pornography

Penalty to be imposed shall be one (1) degree
Unlawful or prohibited acts defined and punishable
higher than that provided for in Republic Act
by Republic Act No. 9775 or the Anti-Child Pornography
9775, if committed through a computer system.
Act of 2009, committed through a computer system.

****** Unsolicited Commercial

Communications (SPAMMING)
THIS PROVISION WAS STRUCK DOWN BY THE
SUPREME COURT AS UNCONSTITUTIONAL.

12. Libel
Unlawful or prohibited acts of libel as defined in Article
355 of the Revised Penal Code, as amended committed
through a computer system or any other similar means
Penalty to be imposed shall be one (1) degree
which may be devised in the future.Revised Penal Code
higher than that provided for by the Revised
Art. 355 states Libel means by writings or similar means.
Penal Code, as amended, and special laws, as
— A libel committed by means of writing, printing,
the case may be.
lithography, engraving, radio, phonograph, painting,
theatrical exhibition, cinematographic exhibition, or any
similar means, shall be punished by prision correccional in
its minimum and medium periods or a fine ranging from
200 to 6,000 pesos, or both, in addition to the civil action
which may be brought by the offended party.The
Cybercrime Prevention Act strengthened libel in terms of
penalty provisions.The electronic counterpart of libel has
been recognized since the year 2000 when the E-
Commerce Law was passed. The E-Commerce Law
empowered all existing laws to recognize its electronic
counterpart whether commercial or not in nature.

Imprisonment of one (1) degree lower than that of

13. Aiding or Abetting in the commission of
the prescribed penalty for the offense or a fine of
cybercrime – Any person who willfully abets or aids in the
at least One hundred thousand pesos (P100,000)
commission of any of the offenses enumerated in this Act
but not exceeding Five hundred thousand pesos
shall be held liable.
(P500,000) or both.

14. Attempt in the commission of cybercrime Any

person who willfully attempts to commit any of the – same as above
offenses enumerated in this Act shall be held liable.

15. All crimes defined and penalized by the Revised Penal

Penalty to be imposed shall be one (1) degree
Code, as amended, and special laws, if committed by,
higher than that provided for by the Revised
through and with the use of information and
Penal Code, as amended, and special laws, as
communications technologies shall be covered by the
the case may be.
relevant provisions of this Act.

Although not exactly a cybercrime, I am including this
here as penalties are also imposed by the law.
16. Corporate Liability. (Section 9)
When any of the punishable acts herein defined are
knowingly committed on behalf of or for the benefit of a
juridical person, by a natural person acting either
individually or as part of an organ of the juridical person,
who has a leading position within, based on:(a) a power of
For sanctioned actions, Juridical person shall be
held liable for a fine equivalent to at least double
the fines imposable in Section 7 up to a maximum
of Ten million pesos (P10,000,000).For neglect
such as misuse of computer resources that
resulted to cybercrime committed in organization
physical or virtual premises or resources, juridical
person shall be held liable for a fine equivalent to
 representation of the juridical person provided the act at least double the fines imposable in Section
committed falls within the scope of such authority;(b) an 7 up to a maximum of Five million pesos
authority to take decisions on behalf of the juridical (P5,000,000).Criminal liability may still apply to
person. Provided, That the act committed falls within the the natural person.
scope of such authority; or(c) an authority to exercise
control within the juridical person,It also includes
commission of any of the punishable acts made possible
due to the lack of supervision or control.

Section 10: There are Law Enforcers who are authorized to create investigations. These are the NBI and PNP.

Section 11: The duty of Law Enforcement Authorities is to ensure that the cybercrime must be prevented. DOJ will review and monitor the results of
the investigation for further analysis.

Section 12: Any traffic data gathered refer to only the communication’s origin, destination, route, time, date, size, duration, or type of underlying
service. This information can be used as evidence in case of committing the acts and will issue a warrant. Data of all the people are monitored and
can be access by the government.

Section 13: Data from computers are preserved for a minimum period of 6 months. The data will be preserved by the service provider and shall be
kept confidential its order and compliance.

Section 14: They should disclose information, traffic data or relevant data in the person’s possession or control for 72 hours. These documents will
be used for investigation purposes.

Section 15: Any technologies used for the act will be taken and used against you. A search and seizure warrant is properly issued that gives the
authorities power to investigate.
Section 16: The custody of computer and traffic data examined under a proper warrant within 48 hours will be sealed and kept confidential. There
will be no duplicates and all data gathered will only be shown/heard in court.

Section 17: Upon expiration of the data, the gathered data will be destroyed. All the preserve and examined that they attain will be destroyed also.

Section 18: If there is no proper warrant, the evidence gathered can not be used against you. It shall be inadmissible for any proceeding before any
court or tribunal.

Section 19: The computer data is prima facie that violates the act will be restricted or blocked. The DOJ issues this order.

Section 20: A fine of Php 100,000.00 and /or imprisonment will be given if the person does not comply with the law enforcers. These punishments
will be given each and every time the person does not comply with the authorities.

Section 21: Every Filipino who commits the act will be imprisoned regardless where they are in the world. Only if, the act was committed in the
Philippines.

Section 22: In relation to International Cooperation, they will use full effort and force to find the person who committed the act. They will use
computer systems and data or any electronic forums for evidence.

Section 23: The DOJ will be the central authority. International mutual assistance will be working with the DOJ also.

Section 24: The act will be effective within 30 days and the Cybercrime Investigation and Coordinating Center (CICC) will take charge in the
national cybersecurity plan. They will be under administrative supervision by the Office of the President.

Section 25: The CICC will be headed by the Executive Director of Information and Communications Technology Office and is under the
Department of Science and Technology (ICTO- DOST). There will be 1 representative from a private sector and academe, as members.
Section 26: The CICC has powers and functions regarding the Cybercrime Act. They coordinate, recommend, monitor, take action and formulate
cybersecurity plan.

Section 27: An appropriation is made for the implementation of the act. A total of Php 50,000,000.00 will be appropriated annually for
implementation.

Section 28: The ICTO-DOST, DOJ and DILG will join the formulation for the needed rules and regulations within 90 days. The 90 days will start from
the approval of the act and effective implementation.

Section 29: If this act is help invalid, other provisions will still take effect. They will still use and remain a full force and effect to this act.

Section 30: All the laws that are inconsistent from this act will be repealed and modified. The Electronic Commerce Act will be hereby modified.

Section 31: The act will take effective after 15 days of completion. The publication will be posted in the Official Gazette or in at least 2 newspapers
of general circulation.