Draft as of 28 March 2014

Rules and Regulations Implementing

Republic Act No. 10175, Otherwise Known as the
!bercrime "re#ention Act O$ %01%
Pursuant to the authority of the Department of Justice, Department of
Interior and Local Government and Department of Science and Technology under
Republic ct !o" #$#%&, other'ise (no'n as the )*ybercrime Prevention ct of
+$#+,, the follo'ing rules and regulations are hereby promulgated to implement
the provisions of said ct-
&A"'(R I
R)*( 1
"reliminar! "ro#isions
+ection 1. Title. , These Rules shall be referred to as the Implementing Rules and
Regulations of Republic ct !o" #$#%& or the *ybercrime Prevention ct of +$#+"
+ection %. Declaration of Policy. . The State recogni/es the vital role of
information and communications industries such as content production,
telecommunications, broadcasting, electronic commerce, and data processing, in
the nation0s overall social and economic development" The State also recogni/es
the importance of providing an environment conducive to the development,
acceleration, and rational application and e1ploitation of information and
communications technology to attain free, easy, and intelligible access to e1change
and2or delivery of information3 and the need to protect and safeguard the integrity
of computer, computer and communications systems, net'or(s, and databases, and
the confidentiality, integrity, and availability of information and data stored therein,
from all forms of misuse, abuse, and illegal access by ma(ing punishable under the
la' such conduct or conducts" In this light, the State shall adopt sufficient po'ers
to effectively prevent and combat such offenses by facilitating their detection,
investigation, and prosecution at both the domestic and international levels, and by
providing arrangements for fast and reliable international cooperation"
+ection -. Definition of Terms. . 4or purposes of this implementing rules and
regulations, the follo'ing terms are hereby defined as follo's-
1
Draft as of 28 March 2014
a5 Access refers to the instruction, communication 'ith, storing data in,
retrieving data from, or other'ise ma(ing use of any resources of a
computer system or communication net'or("
b5 Act refers to Republic ct !o" #$#%& or the *ybercrime Prevention ct of
+$#+"
c5 Alteration refers to the modification or change, in form or substance, of an
e1isting computer data or program"
d5 Bullying refers to the unla'ful or prohibited acts defied and punishable by
Republic ct !o" #$6+% or the nti78ullying ct of +$#9, committed
through the use of technology or any electronic means"
e5 Child Pornography refers to the unla'ful or prohibited acts defined and
punishable by Republic ct !o" :%%& or the nti7*hild Pornography ct of
+$$:, committed through a computer system- Provided, that the penalty to
be imposed shall be one ;#5 degree higher than that provided for in Republic
ct !o" :%%&"
f5 Collection refers to gathering and receiving information"
g5 Communication refers to the transmission of information through I*T
media, including voice, video and other forms of data"
h5 Competent Authority refers to the *ybercrime Investigation and
*oordinating *enter or the D<J . <ffice of *ybercrime"
i5 Computer refers to an electronic, magnetic, optical, electrochemical, or
other data processing or communications device, or grouping of such
devices, capable of performing logical, arithmetic, routing, or storage
functions and 'hich includes any storage facility or e=uipment or
communications facility or e=uipment directly related to or operating in
con>unction 'ith such device" It covers any type of computer device
including devices 'ith data processing capabilities li(e mobile phones,
smart phones, computer net'or(s and other devices connected to the
internet"
>5 Computer data refers to any representation of facts, information, or concepts
in a form suitable for processing in a computer system including a program
2
Draft as of 28 March 2014
suitable to cause a computer system to perform a function and includes
electronic documents and2or electronic data messages 'hether stored in local
computer systems or online"
(5 Computer program refers to a set of instructions e1ecuted by the computer"
l5 Computer system refers to any device or group of interconnected or related
devices, one or more of 'hich, pursuant to a program, performs automated
processing of data" It covers any type of device 'ith data processing
capabilities including, but not limited to, computers and mobile phones" The
device consisting of hard'are and soft'are may include input, output and
storage components 'hich may stand alone or be connected in a net'or( or
other similar devices" It also includes computer data storage devices or
media"
m5 Critical infrastructure refers to the computer systems, and2or net'or(s,
'hether physical or virtual, and2or the computer programs, computer data
and2or traffic data so vital to this country that the incapacity or destruction of
or interference 'ith such system and assets 'ould have a debilitating impact
on security, national or economic security, national public health and safety,
or any combination of those matters"
n5 Cybersecurity refers to the collection of tools, policies, ris( management
approaches, actions, training, best practices, assurance and technologies that
can be used to protect the cyber environment and organi/ation and user0s
assets"
o5 National Cybersecurity Plan refers to a comprehensive plan of actions
designed to improve the security and enhance cyber resilience of
infrastructures and services" It is a top7do'n approach to cybersecurity that
contains broad policy statements and establishes a set of national ob>ectives
and priorities that should be achieved in a specific timeframe"
p5 Cybersex refers to the 'illful engagement, maintenance, control, or
operation, directly or indirectly, of any lascivious e1hibition of se1ual organs
or se1ual activity, 'ith the aid of a computer system, for favor or
consideration"
=5 Cyber refers to a computer or a computer net'or(, the electronic medium in
'hich online communication ta(es place"
3
Draft as of 28 March 2014
r5 Database refers to a representation of information, (no'ledge, facts,
concepts, or instructions 'hich are being prepared, processed or stored or
have been prepared, processed or stored in a formali/ed manner and 'hich
are intended for use in a computer system"
s5 Hash value refers to the mathematical algorithm produced against digital
information ;a file, a physical dis(, a logical dis(5 thereby creating a ?digital
fingerprint0 or ?digital D!0 for that information" It is by purpose a one7'ay
algorithm and thus it is not possible to change digital evidence, 'ithout
changing the corresponding hash values"
t5 dentifying information refers to any name or number that may be used
alone or in con>unction 'ith any other information, to identify any specific
individual, including any-
#" !ame, date of birth, driver0s license number, passport number or ta1
identification number3
+" @ni=ue biometric data, such as fingerprint or other uni=ue physical
representation3
9" @ni=ue electronic identification number, address, or routing code3 and
A" Telecommunication identifying information or access device"
u5 nterception refers to listening to, recording, monitoring or surveillance of
the content of communications, including procurement of the content of
data, either directly, through access and use of a computer system or
indirectly, through the use of electronic eavesdropping or tapping devices, at
the same time that the communication is occurring"
v5 !a" enforcement authorities refers to the !ational 8ureau of Investigation
;!8I5 and the Philippine !ational Police ;P!P5 under Section #$ of the ct"
'5 #riginal author refers to the person 'ho created or is the origin of the
assailed electronic statement or post using the computer system"
15 Preservation refers to (eeping data, 'hich already e1ists in a stored form,
protected from anything that 'ould cause its current =uality or condition to
4
Draft as of 28 March 2014
change or deteriorate" It is the activity that (eeps that stored data secure and
safe"
y5 $ervice Provider refers to-
#" any public or private entity that provides to users of its service the ability
to communicate by means of a computer system3 and
+" any other entity that processes or stores computer data on behalf of such
communication service or users of such service"
/5 $ubscriber%s information refers to any information contained in the form of
computer data or any other form that is held by a service provider, relating to
subscribers of its services other than traffic or content data and by 'hich can
be established-
#" The type of communication service used, the technical provisions ta(en
thereto and the period of service3

+" The subscriber0s identity, postal or geographic address, telephone and
other access number, any assigned net'or( address, billing and payment
information available on the basis of the service agreement3 or
9" ny other available information on the site of the installation of
communication e=uipment, available on the basis of the service
agreement or arrangement"
aa5Traffic Data or Non&Content Data refers to any computer data other than
the content of the communication, including but not limited to the
communication0s origin, destination, route, time, date, si/e, duration, or type
of underlying service"
bb5 'ithout (ight refers to either- ;i5 conduct underta(en 'ithout or in e1cess
of authority3 or ;ii5 conduct not covered by established legal defenses,
e1cuses, court orders, >ustifications, or relevant principles under the la'"
&A"'(R II
R)*( %
"unishable Acts and "enalties
5
Draft as of 28 March 2014
"art I
ore !bercrimes
+ection .. Cybercrime #ffenses. . The follo'ing acts constitute the offense of
core cybercrime punishable under the ct-
" <ffenses against the confidentiality, integrity and availability of computer
data and systems shall be punished 'ith imprisonment of prision mayor or a
fine of at least T'o hundred thousand pesos;Ph+$$,$$$"$$5 up to a
ma1imum amount commensurate to the damage incurred or both, e1cept no"
& herein-
#" Illegal ccess . The access to the 'hole or any part of a computer system
'ithout right"
+" Illegal Interception . The interception made by technical means 'ithout
right of any non7public transmission of computer data to, from, or 'ithin
a computer system including electromagnetic emissions from a computer
system carrying such computer data- Provided, ho'ever, That it shall not
be unla'ful for an officer, employee, or agent of a service provider,
'hose facilities are used in the transmission of communications, to
intercept, disclose, or use that communication in the normal course of
employment 'hile engaged in any activity that is necessary to the
rendition of service or to the protection of the rights or property of the
service provider, e1cept that the latter shall not utili/e service observing
or random monitoring e1cept for mechanical or service control =uality
chec(s"
9" Data Interference . The intentional or rec(less alteration, damaging,
deletion or deterioration of computer data, electronic document, or
electronic data message, 'ithout right, including the introduction or
transmission of viruses"
A" System Interference . The intentional alteration or rec(less hindering or
interference 'ith the functioning of a computer or computer net'or( by
inputting, transmitting, damaging, deleting, deteriorating, altering or
suppressing computer data or program, electronic document, or electronic
data message, 'ithout right or authority, including the introduction or
transmission of viruses"
6
Draft as of 28 March 2014
&" Bisuse of Devices shall be punished 'ith imprisonment of prision mayor
or a fine of not more than 4ive hundred thousand pesos ;P&$$,$$$"$$5 or
both-
i" The use, production, sale, procurement, importation, distribution or
other'ise ma(ing available intentionally and 'ithout right, of-
;aa5 device, including a computer program, designed or
adapted primarily for the purpose of committing any of the
offenses under this rules3 or
;bb5 computer pass'ord, access code, or similar data by 'hich
the 'hole or any part of a computer system is capable of
being accessed 'ith the intent that it be used for the purpose
of committing any of the offenses under this rules3
ii" The possession of an item referred to in paragraphs &;a5;i5 or ;ii5
above 'ith the intent to use said devices for the purpose of
committing any of the offenses under this section"
Provided, That no criminal liability shall attach 'hen the use, production,
sale, procurement, importation, distribution, or other'ise ma(ing
available, or possession of computer devices or data referred to in this
section is for the authori/ed testing of a computer system"
If any of the punishable acts enumerated in section A;5 is committed
against critical infrastructure, the penalty of reclusion temporal or a fine of at least
4ive hundred thousand pesos ;P&$$,$$$"$$5 up to ma1imum amount
commensurate to the damage incurred or both shall be imposed"
8" *omputer7related <ffenses shall be punished 'ith imprisonment of prision
mayor or a fine of at least T'o hundred thousand pesos;Ph+$$,$$$"$$5 up to
a ma1imum amount commensurate to the damage incurred or both-
#" *omputer7related 4orgery .
i" The input, alteration, or deletion of any computer data 'ithout right
resulting in inauthentic data 'ith the intent that it be considered or
acted upon for legal purposes as if it 'ere authentic, regardless
'hether or not the data is directly readable and intelligible3 or
7
Draft as of 28 March 2014
ii" The act of (no'ingly using computer data 'hich is the product of
computer7related forgery as defined herein, for the purpose of
perpetuating a fraudulent or dishonest design"
+" *omputer7related 4raud . The unauthori/ed input, alteration, or deletion
of computer data or program or interference in the functioning of a
computer system, causing damage thereby 'ith fraudulent intent-
Provided, That if no damage has yet been caused, the penalty imposable
shall be one ;#5 degree lo'er"
9" *omputer7related Identity Theft . The intentional ac=uisition, use,
misuse, transfer, possession, alteration or deletion of identifying
information belonging to another, 'hether natural or >uridical, 'ithout
right- Provided, That if no damage has yet been caused, the penalty
imposable shall be one ;#5 degree lo'er"
*" *ontent7related <ffenses-
#" ny person found guilty of *hild Pornography shall be punished 'ith the
penalties as enumerated in Republic ct !o" :%%& or the )nti7*hild
Pornography ct of +$$:,- Provided, that the penalty to be imposed shall
be one ;#5 degree higher than that provided for in Republic ct !o" :%%&,
if committed through a computer system"
+ection 5. #ther #ffenses. . The follo'ing acts shall also constitute an offense
'hich shall be punished 'ith imprisonment one ;#5 degree lo'er than that of the
prescribed penalty for the offense or a fine of at least <ne hundred thousand pesos
;PhP#$$,$$$"$$5 but not e1ceeding 4ive hundred thousand pesos ;PhP&$$,$$$"$$5
or both-
" iding or betting in the *ommission of *ybercrime" . ny person 'ho
'illfully abets, aids or financially benefits in the commission of any of the
offenses enumerated in the ct shall be held liable"
B. ttempt to *ommit *ybercrime" . ny person 'ho 'illfully attempts to
commit any of the offenses enumerated in the ct shall be held liable"
8
Draft as of 28 March 2014
Provided, that this provision shall not apply in the crimes of ;#5 child pornography
as defined and punished by R"" :%%& or the nti7*hild Pornography ct +$$:3 ;+5
unsolicited commercial communications under Sec" A;c5;95 of R"" #$#%&3 and
online libel under Sec" A;c5;A5 of R"" #$#%&"
"unishable Acts and "enalties
"art II
Other !bercrimes
+ection 5. #ther #ffenses. . The follo'ing constitute other cybercrime offenses
punishable under the ct-
#" *yber7s=uatting . The ac=uisition of a domain name over the internet in
bad faith to profit, mislead, destroy reputation, and deprive others from
registering the same, if such a domain name is-
a" Similar, identical, or confusingly similar to an e1isting trademar(
registered 'ith the appropriate government agency at the time of the
domain name registration3
b" Identical or in any 'ay similar 'ith the name of a person other than
the registrant, in case of a personal name3 and
c" c=uired 'ithout right or 'ith intellectual property interests in it"
*yber7s=uatting shall be punished 'ith imprisonment of prision mayor or a
fine of at least T'o hundred thousand pesos;Ph+$$,$$$"$$5 up to a ma1imum
amount commensurate to the damage incurred or both" Provided, if it is committed
against critical infrastructure, the penalty of reclusion temporal or a fine of at least
4ive hundred thousand pesos ;P&$$,$$$"$$5 up to ma1imum amount
commensurate to the damage incurred or both shall be imposed"
2. *yberse1 . ny person found guilty cyberse1 shall be punished 'ith
imprisonment of prision mayor or a fine of at least T'o hundred
thousand pesos ;P+$$,$$$"$$5 but not e1ceeding <ne million pesos
;P#,$$$,$$$"$$5 or both"
9
Draft as of 28 March 2014
The maintenance, control, or operation of cyberse1 shall be punished
'ith the ma1imum penalty if it involves three or more offenders or
victims" *yberse1 involving a child shall be punished in accordance to
the provision on child pornography of the ct"
3. Libel . The unla'ful or prohibited act of libel as defined in rticle 9&&
of the Revised Penal *ode, as amended, committed through a computer
system or any other similar means 'hich may be devised in the future
shall be punished 'ith prision correccional in its ma1imum period to
prision mayor in its minimum period or a fine ranging from 6,$$$ pesos
up to the ma1imum amount determined by *ourt, or both, in addition to
the civil action 'hich may be brought by the offended party"
Provided, that this provision applies only to the original author of the
post or online libel and not to others 'ho simply receive the post and
react to it"
A" *yber78ullying . ny person found guilty of 8ullying shall be
punished 'ith the penalties as enumerated in Republic ct !o" #$6+%
or the )nti78ullying ct of +$#9,- Provided, that the penalty to be
imposed shall be one ;#5 degree higher than that provided for in
Republic ct !o" #$6+%, if committed through a computer system"
&" <ther offenses . The follo'ing acts shall also constitute an offense
'hich shall be punished 'ith imprisonment one ;#5 degree lo'er than
that of the prescribed penalty for the offense or a fine of at least <ne
hundred thousand pesos ;PhP#$$,$$$"$$5 but not e1ceeding 4ive
hundred thousand pesos ;PhP&$$,$$$"$$5 or both-
*" iding or betting in the *ommission of *ybercrime" . ny person
'ho 'illfully abets, aids or financially benefits in the commission of
any of the offenses enumerated in the ct shall be held liable"
D. ttempt to *ommit *ybercrime" . ny person 'ho 'illfully
attempts to commit any of the offenses enumerated in the ct shall
be held liable"
10
Draft as of 28 March 2014
Provided, that this provision shall not apply in the crimes of ;#5 child pornography
as defined and punished by R"" :%%& or the nti7*hild Pornography ct +$$:3
and online libel under Sec" A;c5;A5 of R"" #$#%&"
+ection /. Corporate !iability. . Chen any of the punishable acts herein defined
are (no'ingly committed on behalf of or for the benefit of a >uridical person, by a
natural person acting either individually or as part of an organ of the >uridical
person, 'ho has a leading position 'ithin, based on ;a5 a po'er of representation
of the >uridical person, ;b5 an authority to ta(e decisions on behalf of the >uridical
person, or ;c5 an authority to e1ercise control 'ithin the >uridical person, the
>uridical person shall be held liable for a fine e=uivalent to at least double the fines
imposable in Section % up to a ma1imum of Ten million pesos ;Php#$,$$$,$$$"$$5"
If the commission of any of the punishable acts herein defined 'as made
possible due to the lac( of supervision or control by a natural person referred to
and described in the preceding paragraph, for the benefit of that >uridical person by
a natural person acting under its authority, the >uridical person shall be held liable
for a fine e=uivalent to at least double the fines imposable in Section % up to a
ma1imum of 4ive million pesos ;Php&,$$$,$$$"$$5"
The liability imposed on the >uridical person shall be 'ithout pre>udice to
the criminal liability of the natural person 'ho has committed the offence"
+ection 7. )iolation of the (evised Penal Code as Amended Through and 'ith
the *se of nformation and Communication Technology. . ll crimes defined
and penali/ed by the Revised Penal *ode, as amended, and special criminal la's
committed by, through and 'ith the use of information and communications
technologies shall be covered by the relevant provisions of the ct- Provided, That
the penalty to be imposed shall be one ;#5 degree higher than that provided for by
the Revised Penal *ode, as amended, and special la's, as the case may be"
+ection 0. !iability under #ther !a"s. . prosecution under the ct shall be
'ithout pre>udice to any liability for violation of any provision of the Revised
Penal *ode, as amended, or special la's"
Provided, that this provision shall not apply to the prosecution of an offender under
;#5 both Section A;c5;A5 of R"" #$#%& and rticle 9&9 of the Revised Penal *ode3
and both Section A;c5;+5 of R"" #$#%& and R"" :%%& or the nti7*hild
Pornography ct of +$$:"
11
Draft as of 28 March 2014
&A"'(RIII
;*hapter ID of the ct5
R)*( -
(n$orcement and Implementation
+ection 1. !a" +nforcement Authorities. . The !ational 8ureau of Investigation
;!8I5 and the Philippine !ational Police ;P!P5 shall be responsible for the
efficient and effective la' enforcement of the provisions of the ct" The !8I and
the P!P shall organi/e a cybercrime division or unit to be manned by Special
Investigators to e1clusively handle cases involving violations of the ct"
The !8I shall create a cybercrime division headed by a Eead gent" The P!P
shall create an anti7cybercrime unit headed by a Police Director"
The <ffice of *ybercrime ;<<*5 created under the ct shall coordinate the efforts
of the !8I and the P!P in enforcing the provisions of the ct"
+ection 10. Po"ers and ,unctions of !a" +nforcement Authorities. . The !8I
and P!P cybercrime unit or division shall have the follo'ing po'ers and
functions-
a" To investigate all cybercrimes 'here computer systems are involved3
b" To conduct data recovery and forensic analysis on computer systems and
other electronic evidence sei/ed3
c" To formulate guidelines in investigation, forensic evidence recovery, and
forensic data analysis consistent 'ith industry standard practices3
d" To provide technological support to investigating units 'ithin the P!P
and !8I including the search, sei/ure, evidence preservation, forensic
recovery of data from crime scenes and systems used in crimes and to
provide testimonies3
e" To develop public, private sector, and la' enforcement agency relations
in addressing cybercrimes3
f" To maintain necessary and relevant databases for statistical and2or
monitoring purposes3
g" To develop capacity 'ithin their organi/ations in order to perform such
duties necessary for the enforcement of the act3
h" To support the formulation and enforcement of the national cybersecurity
plan3 and
i" To perform other functions as may be re=uired by the ct"
12
Draft as of 28 March 2014
+ection 11. Duties of !a" +nforcement Authorities. . To ensure that the technical
nature of cybercrime and its prevention is given focus and considering the
procedures involved for international cooperation, la' enforcement authorities
specifically the computer or technology crime divisions or units responsible for the
investigation of cybercrimes are re=uired to submit timely and regular reports
including pre7operation, post7operation and investigation results and such other
documents as may be re=uired to the Department of Justice ;D<J5 . <ffice of
*ybercrime for revie' and monitoring"
La' enforcement authorities should act in accordance 'ith the guidelines,
advisories, and procedures issued and promulgated by the competent authority in
all matters related to cybercrime, and utili/e the prescribed forms and templates
including but not limited to preservation orders, chain of custody, consent to
search, consent to assume account2online identity, re=uest for computer forensic
e1amination.
+ection 1%. Preservation and (etention of Computer Data" . The integrity of
traffic data and subscriber information shall be (ept, retained and preserved by a
service provider for a minimum period of si1 ;65 months from the date of the
transaction" *ontent data shall be similarly preserved for si1 ;65 months from the
date of receipt of the order from la' enforcement authorities re=uiring its
preservation"
La' enforcement authorities may order a one7time e1tension for another si1 ;65
months provided that once computer data preserved, transmitted or stored by a
service provider is used as evidence in a case, the mere furnishing to such service
provider of the transmittal document to the <ffice of the Prosecutor, shall be
deemed a notification to preserve the computer data until the termination of the
case"
The service provider ordered to preserve computer data shall (eep the order and its
compliance confidential"
+ection 1-. Collection of Computer Data" La' enforcement authorities, 'ith the
issuance of a court 'arrant, shall be authori/ed to collect or record by technical or
electronic means, and service providers are re=uired to collect or record by
technical or electronic means, and2or to cooperate and assist in the collection or
recording of, computer data, associated 'ith specified communications transmitted
by means of a computer system"
13
Draft as of 28 March 2014
The court 'arrant re=uired under this section shall be issued or granted upon
'ritten application and the e1amination under oath or affirmation of the applicant
and the 'itnesses he may produce and the sho'ing- ;#5 that there are reasonable
grounds to believe that any of the crimes enumerated hereinabove has been
committed, or is being committed or is about to be committed3 ;+5 that there are
reasonable grounds to believe that evidence 'ill be obtained is essential to the
conviction of any person for, or to the solution of, or to the prevention of, any such
crimes3 and ;95 that there are no other means readily available for obtaining such
evidence"
+ection 1.. Disclosure of Computer Data. . La' enforcement authorities, upon
securing a court 'arrant, shall issue an order re=uiring any person or service
provider to disclose or submit subscriber0s information, traffic data or relevant data
in his2its possession or control 'ithin seventy7t'o ;%+5 hours from receipt of the
order in relation to a valid complaint officially doc(eted and assigned for
investigation and the disclosure is necessary and relevant for the purpose of
investigation"
+ection 15. $earch- $ei.ure- and +xamination of Computer Data" . Chere a
search and sei/ure 'arrant is properly issued, the la' enforcement authorities shall
li(e'ise have the follo'ing po'ers and duties-
Cithin the time period specified in the 'arrant, to conduct interception, as
defined in this Rules, and-
a" To search and sei/e computer data3
b" To secure a computer system or a computer data storage medium3
c" To ma(e and retain a copy of those computer data secured3
d" To maintain the integrity of the relevant stored computer data3
e" To conduct forensic analysis or e1amination of the computer data storage
medium3 and
f" To render inaccessible or remove those computer data in the accessed
computer or computer and communications net'or("
Pursuant thereof, the la' enforcement authorities may order any person 'ho
has (no'ledge about the functioning of the computer system and the measures to
protect and preserve the computer data therein to provide, as is reasonable, the
necessary information, to enable the underta(ing of the search, sei/ure and
e1amination"
14
Draft as of 28 March 2014
La' enforcement authorities may re=uest for an e1tension of time to
complete the e1amination of the computer data storage medium and to ma(e a
return thereon but in no case for a period longer than thirty ;9$5 days from date of
approval by the court"
+ection 1/. Custody of Computer Data" . ll computer data, including content
and traffic data, e1amined under a proper 'arrant shall, 'ithin forty7eight ;AF5
hours after the e1piration of the period fi1ed therein, be deposited 'ith the court in
a sealed pac(age, and shall be accompanied by an affidavit of the la' enforcement
authority e1ecuting it stating the dates and times covered by the e1amination, and
the la' enforcement authority 'ho may access to the deposit, among other relevant
data" The la' enforcement authority shall also certify that no duplicates or copies
of the 'hole or any part thereof have been made, or if made, that all such
duplicates or copies are included in the pac(age deposited 'ith the court" The
pac(age so deposited shall not be opened, or the recordings replayed, or used in
evidence, or their contents revealed, e1cept upon order of the court, 'hich shall not
be granted e1cept upon motion, 'ith due notice and opportunity to be heard to the
person or persons 'hose conservation or communications have been recorded"
+ection 17. Destruction of Computer Data" . @pon e1piration of the periods as
provided in Sections #+ and #5 hereof, service providers and la' enforcement
authorities, as the case may be, shall immediately and completely destroy the
computer data sub>ect of a preservation and e1amination"
+ection 10. +xclusionary (ule. . ny evidence obtained 'ithout a valid 'arrant
or beyond the authority of the same shall be inadmissible for any proceeding
before any court or tribunal"
The Rules of *ourt shall have suppletory application in implementing the ct"
+ection 11. Non&compliance. . 4ailure to comply 'ith the provisions of *hapter
ID of the ct specifically the orders from la' enforcement authorities shall be
punished as a violation of P"D" !o" #F+: 'ith imprisonment of prision
correccional in its ma1imum period or a fine of <ne hundred thousand pesos
;Php#$$,$$$"$$5 or both, for each and every noncompliance 'ith an order issued
by la' enforcement authorities"
&A"'(R I2
15
Draft as of 28 March 2014
;*hapter D of the ct5
R)*( .
3urisdiction
+ection %0. /urisdiction. , The Regional Trial *ourt shall have >urisdiction over
any violation of the provisions of the ct including any violation committed by a
4ilipino national regardless of the place of commission" Jurisdiction shall lie if any
of the elements 'as committed 'ithin the Philippines or committed 'ith the use of
any computer system 'holly or partly situated in the country, or 'hen by such
commission any damage is caused to a natural or >uridical person 'ho, at the time
the offense 'as committed, 'as in the Philippines"
There shall be designated special cybercrime courts manned by specially trained
>udges to handle cybercrime cases"
+ection %1. Designation of $pecial Prosecutors. 0 The Secretary of Justice shall
designate special prosecutors comprising the prosecution tas(force or division
under the D<J7<ffice of *ybercrime to handle cybercrime cases in violation of the
ct"
&A"'(R 2
;*hapter DI in the ct5
R)*( 5
International ooperation
+ection %%. nternational Cooperation. . ll relevant international instruments on
international cooperation on criminal matters, arrangements agreed on the basis of
uniform or reciprocal legislation, and domestic la's, to the 'idest e1tent possible
for the purposes of investigations or proceedings concerning crimes related to
computer systems and data, or for the collection of electronic evidence of crimes
shall be given full force and effect"

The D<J shall cooperate and render assistance to other nations, as 'ell as re=uest
assistance from foreign states, for purposes of detection, investigation and
prosecution of offenses referred to in the ct and in the collection of evidence in
electronic form in relation thereto" The principles contained in Presidential Decree
16
Draft as of 28 March 2014
!o" #$6: and other pertinent la's as 'ell as e1isting e1tradition and mutual legal
assistance treaties shall apply" In this regard, the central authority shall-
a" Provide assistance to a re=uesting nation in the real7time collection of traffic
data associated 'ith specified communications in the country transmitted by
means of a computer system, 'ith respect to criminal offenses defined in the
ct for 'hich real7time collection of traffic data 'ould be available3
b" Provide assistance to a re=uesting nation in the real7time collection,
recording or interception of content data of specified communications
transmitted by means of a computer system3
c" llo' another nation to-
#" ccess publicly available stored computer data, located in the country, or
else'here3 or
+" ccess or receive, through a computer system located in the country,
stored computer data located in another country, if the nation obtains the
la'ful and voluntary consent of the person 'ho has the la'ful authority
to disclose the data to the nation through that computer system"
d" Receive a re=uest of another nation for it to order or obtain the e1peditious
preservation of data stored by means of a computer system, located 'ithin
the country, relative to 'hich the re=uesting nation shall submit a re=uest for
mutual assistance for the search or similar access, sei/ure or similar
securing, or disclosure of the stored computer data-
#" re=uest for preservation of data under this section shall specify-
i" The authority see(ing the preservation3
ii" The offense that is the sub>ect of a criminal investigation or
proceedings and a brief summary of the related facts3
iii" The stored computer data to be preserved and its relationship to the
offense3
iv" The necessity of the preservation3 and
v" That the re=uesting nation shall submit a re=uest for mutual assistance
for the search or similar access, sei/ure or similar securing, or
disclosure of the stored computer data"
17
Draft as of 28 March 2014
+" @pon receiving the re=uest from another nation, the D<J and la'
enforcement agencies shall ta(e all appropriate measures to preserve
e1peditiously the specified data in accordance 'ith the ct and other
pertinent la's" 4or the purposes of responding to a re=uest, dual
criminality shall not be re=uired as a condition to providing such
preservation3
9" re=uest for preservation may only be refused if-
i" The re=uest concerns an offense 'hich the government of the
Philippines considers as a political offense or an offense connected
'ith a political offense3 or
ii" The government of the Philippines considers the e1ecution of the
re=uest 'ill pre>udice its sovereignty, security, public order or other
national interest"
A" Chere the government of the Philippines believes that preservation 'ill
not ensure the future availability of the data, or 'ill threaten the
confidentiality of, or other'ise pre>udice the re=uesting nation0s
investigation, it shall promptly so inform the re=uesting nation" The
re=uesting nation 'ill determine 'hether its re=uest should be e1ecuted3
and
&" ny preservation effected in response to the re=uest referred to in
paragraph ;a5 shall be for a period not less than si1ty ;6$5 days, in order
to enable the re=uesting nation to submit a re=uest for the search or
similar access, sei/ure or similar securing, or disclosure of the data"
4ollo'ing the receipt of such a re=uest, the data shall continue to be
preserved pending a decision on that re=uest"
e" ccommodate re=uest from another nation to search, access, sei/e, secure,
or disclose data stored by means of a computer system located 'ithin the
country, including data that has been preserved under the previous
subsection"
The government of the Philippines shall respond to the re=uest through the
proper application of international instruments, arrangements and la's-
#" The re=uest shall be responded to on an e1pedited basis 'here-
i" There are grounds to believe that relevant data is particularly
vulnerable to loss or modification3 or
18
Draft as of 28 March 2014
ii" The instruments, arrangements and la's referred to in paragraph ;b5
of this section other'ise provide for e1pedited cooperation"
+" The re=uesting nation must maintain the confidentiality of the fact or the
sub>ect of re=uest for assistance and cooperation" It may only use the
re=uested information sub>ect to the conditions specified in the grant"
f" Ba(e a re=uest to any foreign state for assistance for purposes of detection,
investigation and prosecution of offenses referred to in the ct3
g" The criminal offenses described under *hapter II of the ct shall be deemed
to be included as e1traditable offenses in any e1tradition treaty 'here the
Philippines is a party" Provided, that the offense is punishable under the la's
of both Parties concerned by deprivation of liberty for a ma1imum period of
at least one year or by a more severe penalty"
&A"'(R 2I
;*hapter DII of the ct5
R)*( /
ompetent Authorities
+ection %-. Cybercrime nvestigation and Coordinating Center1 Composition.
The inter7agency body (no'n as the *ybercrime Investigation and *oordinating
*enter ;*I**5, under the administrative supervision of the <ffice of the President,
established for policy coordination among concerned agencies and for the
formulation and enforcement of the national cyber security plan, is headed by the
G1ecutive Director of the Information and *ommunications Technology <ffice
under the Department of Science and Technology ;I*T<7D<ST5 as *hairperson
'ith the Director of the !8I as Dice *hairperson3 the *hief of the P!P3 Eead of
the D<J <ffice of *ybercrime, and one ;#5 representative from the private sector
and academe, as members"
The D<J7<ffice of *ybercrime, 'ith representatives from !8I, P!P, and I*T<7
D<ST, shall serve as the Secretariat for the *I**"
The D<J . <ffice of *ybercrime shall also serve as the <perations *enter of the
*I** and have the follo'ing agencies form part-
#" !ational 8ureau of Investigation
+" Philippine !ational Police
19
Draft as of 28 March 2014
9" D<J . !ational Prosecution Service
A" Information and *ommunications Technology <ffice
&" 8ureau of Immigration
6" Philippine Drug Gnforcement gency
%" 8ureau of *ustoms
F" nti . Boney Laundering *ouncil
9. !ational La' Gnforcement *oordinating *ouncil
Participation and representation in the Secretariat and2or <perations *enter does
not re=uire physical presence but may be done thru electronic modes such as email,
audio7visual conference calls, and the li(e.
+ection %.. Po"ers and ,unctions. . The *I** shall have the follo'ing po'ers
and functions-
a" To formulate a national cybersecurity plan and e1tend immediate
assistance for the suppression of real7time commission of cybercrime
offenses through a computer emergency response team ;*GRT53
b" To coordinate the preparation of appropriate and effective measures to
prevent and suppress cybercrime activities as provided for in the ct3
c" To monitor cybercrime cases being handled by participating la'
enforcement and prosecution agencies3
d" To facilitate international cooperation on intelligence, investigations,
training and capacity building related to cybercrime prevention,
suppression and prosecution through the D<J7<ffice of *ybercrime3
e" To coordinate the support and participation of the business sector, local
government units and nongovernment organi/ations in cybercrime
prevention programs and other related pro>ects3
f" To recommend the enactment of appropriate la's, issuances, measures
and policies3
g" To call upon any government agency to render assistance in the
accomplishment of the *I**0s mandated tas(s and functions3
h" To establish and perform community a'areness program on cybercrime
prevention in coordination 'ith la' enforcement authorities and all
sta(eholders3 and
i" To perform all other matters related to cybercrime prevention and
suppression, including capacity building and such other functions and
duties as may be necessary for the proper implementation of the ct"
20
Draft as of 28 March 2014
+ection %5. Department of /ustice 2D#/31 ,unctions and Duties. , The D<J7
<ffice of *ybercrime ;<<*5, designated as the central authority in all matters
related to international mutual assistance and e1tradition, shall serve the
<perations *enter of the *I*C, and shall have the follo'ing functions and duties-
a" To act as a competent authority for all re=uests for assistance for
investigation or proceedings concerning cybercrimes, facilitate the
provisions of legal or technical advice, preservation and production of data,
collection of evidence, giving legal information and locating suspects3
b" To act on complaints2referrals, to cause the investigation and prosecution of
cybercrimes and other violations of the ct3
c" To issue preservation orders addressed to service providers, subpoena and
summon 'itnesses to appear in an investigation or proceedings for
cybercrime3
d" To re=uire the submission of timely and regular reports including pre7
operation, post7operation and investigation results and such other
documents from the P!P and !8I for monitoring and revie'3
e. To facilitate international cooperation on intelligence, investigations,
training and capacity building related to cybercrime prevention,
suppression and prosecution3
f" To issue and promulgate guidelines, advisories, and procedures in all
matters related to cybercrime, investigation, forensic evidence recovery,
and forensic data analysis consistent 'ith industry standard practices3
g. To prescribe forms and templates including but not limited to preservation
orders, chain of custody, consent to search, consent to assume
account2online identity, re=uest for computer forensic e1amination3 and
h. To underta(e the specific roles and responsibilities of the D<J related to
cybercrime under the Implementing Rules and Regulation of Republic ct
!o" :%%& or the nti7*hild Pornography ct of +$$:"
+ection %/. Computer +mergency (esponse Team 2C+(T3. , The D<ST7I*T
<ffice shall establish and operate the *omputer Gmergency Response Team
;*GRT5 that shall assist the *I** to fulfil its mandate under the ct"

ll instances of computer security incidents detected, suspected or reported by a
third party or through regular monitoring activities performed by the technical
personnel of an organi/ation shall be reported to the *GRT"

21
Draft as of 28 March 2014
To report a computer security incident, the prescribed form to be issued by the
*GRT shall be used at all times"

The *GRT shall perform services such as, but not limited to-
#" Providing technical analysis of computer security incidents3
+" ssisting Internet users in escalating abuse reports to relevant parties3
9" *onducting operational research and development 'or( on emerging threats
to computer security3
A" Issuing relevant alerts and advisories on emerging threats to computer
security3
&" *oordinating computer security incident responses 'ith trusted third parties
at the national and international levels3 and
6" *onducting technical training on computer security and related topics"
CHAPTER VII
RULE 7
Service Providers
+ection 44. Duties of a $ervice Provider. . The follo'ing are the duties of a
service provider-
a" Preserve the integrity of traffic data and subscriber information for a
minimum period of si1 ;65 months from the date of the transaction3
b" Preserve the integrity of content data for si1 ;65 months from the date of
receipt of the order from la' enforcement authorities re=uiring its
preservation3
c" Preserve the integrity of computer data for an e1tended period of si1 ;65
months from the date of receipt of the order from la' enforcement
authorities re=uiring e1tension on its preservation3
d" Preserve the integrity of computer data until the termination of the case
upon receipt of a copy of the transmittal document to the <ffice of the
Prosecutor3
e" Gnsure the confidentiality of the preservation orders and its compliance3
f" *ollect or record by technical or electronic means, and2or to cooperate
and assist la' enforcement authorities in the collection or recording of,
22
Draft as of 28 March 2014
computer data, associated 'ith specified communications transmitted by
means of a computer system3
g" Disclose or submit subscriber0s information, traffic data or relevant data
in his2its possession or control to la' enforcement authorities 'ithin
seventy7t'o ;%+5 hours upon receipt of order and copy of the court
'arrant3
h" Immediately and completely destroy the computer data sub>ect of a
preservation and e1amination after the e1piration of the period provided
in Sections #9 and #& of the ct3 and
i" To perform such other duties as may be necessary and proper to carry
into effect the provisions of the ct"
RULE 8
Duties of Service Providers in Child Pornogr!h" Cses
+ection 44. Duties of a $ervice Provider in Child Pornography Cases. 0 In
line 'ith R:%%& or the nti7*hild Pornography ct of +$$:, the follo'ing
are the duties of a service provider in child pornography cases-
#" n Internet Service Providers ;ISP52Internet *ontent Eost shall install
available technology, program or soft'are, such as but not limited to
system2technology that produces hash value or any similar
calculation, to ensure that access to or transmittal of any form of child
pornography 'ill be bloc(ed or filtered3
+" Service Providers shall immediately notify la' enforcement
authorities 'ithin seven ;%5 days of facts and circumstances relating to
any form child pornography that passes or being committed in their
system3 and
9" service provider or any person in possession of traffic data or
subscriber0s information, shall, upon the re=uest of proper authorities,
furnish the particulars of users 'ho gained or attempted to gain access
to an internet address 'hich contains any form of child pornography"
ISPs shall also preserve customer data records, specifically the time,
origin, and destination of access, for purposes of investigation and
prosecution by relevant authorities under Sections : and ## of R""
:%%&"
23
Draft as of 28 March 2014
CHAPTER VIII
RULE #
Prescri$ed %or&s
+(. %7. Prescribed ,orms. H The D<J . <ffice of *ybercrime shall prescribe
forms and templates including but not limited to preservation orders, chain of
custody, consent to search, consent to assume account2online identity, re=uest for
computer forensic e1amination"
The follo'ing prescribed forms are anne1ed to this IRR-
A" Preservation <rders . nne1 3
&" *hain of *ustody . nne1 83
6" *onsent to Search . nne1 *3
%" *onsent to assume account2online identity . nne1 D3
F" Re=uest for *omputer 4orensic e1amination . nne1 G3
The D<J . <ffice of *ybercrime shall prescribe additional, and2or update e1isting,
forms and templates as necessary, in consultation 'ith *I** members, that are
consistent 'ith international standard practices"
&A"'(R I5
;*hapter DIII of the ct5
R)*( 10
6inal "ro#isions
+(. %7. Appropriations. H The amount of 4ifty million pesos
;PhP&$,$$$,$$$"$$5 shall be appropriated annually for the implementation of the
ct under the fiscal management of D<J 7 <ffice of *ybercrime"
ll proceeds derived from as 'ell as the sale of properties used for the commission
of any violation of the ct shall accrue to the special account of the D<J7<<*
'hich shall be used e1clusively for the proper implementation of the ct.
+ection %0. $eparability Clause. , If any provision of these Rules is held invalid,
the other provisions not affected shall remain in full force and effect"
24
Draft as of 28 March 2014
+ection %1. (epealing Clause. , ll rules and regulations inconsistent 'ith these
Rules are hereby repealed or modified accordingly"
+ection -0. +ffectivity. , These rules and regulations shall ta(e effect fifteen ;#&5
days after the completion of its publication in at least t'o ;+5 ne'spapers of
general circulation"
D<!G in the *ity of Banila, this IIII of IIIIIIIIIIIIIII +$#A"
&ON. 7AN)(* A. RO5A+ II
Secretary
Department of Interior and Local
Government
&ON. 7ARIO 8. 7ON'(3O
Secretary
Department of Science and Technology
&ON. *(I*A 7. 9( *I7A
Secretary
Department of Justice
25