A January Advisory With Wider Implications
On January 22, 2026, acting Justice Secretary Frederick A. Vida issued Office of Cybercrime (OOC) Advisory Opinion No. 001, Series of 2026, settling an issue that had been quietly contested for months: only law enforcement agencies (LEAs) recognized by law can collect digital evidence in cybercrime cases. Manuals issued by other bodies, the advisory said, "are without legal basis for criminal prosecution and must not be utilized in case build-up or court proceedings." The Guidelines for Cybercrime Investigation and Prosecution (GCIP), promulgated by the DOJ in 2024, are now the "sole and uniform standard" for cybercrime investigation and forensic examination.
Read in isolation, the advisory looks like a turf demarcation between the DOJ, the Philippine National Police's Anti-Cybercrime Group (PNP-ACG), and the National Bureau of Investigation. Read against the wider law-enforcement data-request architecture the Philippines has built since 2022, it is the most consequential procedural intervention in years.
The Strongest Case for the Advisory
Prosecutors have a real problem to solve. Digital evidence is volatile and easily alterable, and Philippine cybercrime cases have collapsed at trial on chain-of-custody grounds when non-LEA officials — administrative regulators, anti-fraud task forces, occasionally private investigators — touched seized devices. Concentrating collection in trained LEAs operating under the Supreme Court's 2018 Rule on Cybercrime Warrants (A.M. No. 17-11-03-SC) is a defensible response to a documented prosecutorial failure pattern.
The advisory also has a quieter rights-protective effect: it forecloses an emerging side-door whereby administrative agencies asked telcos or platforms for "voluntary" data hand-overs that no court had authorized. By making LEA channels exclusive, it pushes more requests into a regime that at least nominally requires probable cause and a judge.
The Legal Architecture Behind the Order
Three statutes shape how Philippine law enforcement reaches user data today.
The Cybercrime Prevention Act of 2012 (RA 10175) and the 2018 Rule on Cybercrime Warrants set the procedural backbone. Service providers — telcos, platforms, ISPs — must respond to a subscriber-information, traffic-data, or content-data warrant within 72 hours of receipt. Preservation orders run six months, extendable once.
The SIM Registration Act of 2022 (RA 11934), signed by President Marcos on October 10, 2022, gave LEAs a new substrate to query. To trace a mobile number to a name and address, agencies must satisfy one of four narrow conditions, including a court order on probable cause or a subpoena issued on a sworn complaint. The architecture is, on paper, proportionate. The cost was substantial: by July 30, 2023, more than 54 million unregistered SIMs had been deactivated across the three major operators — overwhelmingly belonging to low-income users who never completed the paperwork.
The Konektadong Pinoy Act (RA 12234), which lapsed into law on August 24, 2025, layered cybersecurity-audit and incident-reporting duties on a much wider class of "data transmission industry participants," from satellite providers to mesh-network operators. Within two years, each must hold an ISO-based cybersecurity certification or a DICT Cybersecurity Bureau compliance certificate, and report material incidents to the National CERT. It does not, notably, create any new law-enforcement access channel — a deliberate restraint worth crediting.
The National Privacy Commission sits across all three, with its May 2025 Circular 2025-01 on body-worn cameras setting access-control standards for footage that ends up in LEA hands, and its April 2026 Advisory No. 2026-01 confirming that scraped public data does not become consent.
Where the Architecture Falls Short
The Philippines now has more law-enforcement-data plumbing than most ASEAN peers. What it does not have is the public-reporting habits that make that plumbing trustworthy.
The DOJ Office of Cybercrime does not publish aggregate cyber-warrant numbers. Neither the PNP-ACG nor the NBI publishes how many subscriber-information warrants they served in 2025, against which providers, in how many cases data was produced, or how many were challenged in court. Globe, Smart, and DITO publish no Philippines-specific transparency reports. Google and Meta publish country-level statistics, but those snapshots are months old and capture only a sliver of the request stream.
Without that data, three things are impossible to assess from outside: whether the 72-hour disclosure deadline is being met after meaningful judicial review or via rubber-stamp orders; whether the SIM Registration database is being queried at the rate the law's drafters projected, or far above it; and whether the new advisory will produce a measurable drop in cases dismissed on chain-of-custody grounds — the very metric Secretary Vida cited as its purpose.
What Proportionate Looks Like From Here
The DOJ's January advisory should stand. The next steps should be administrative, not legislative.
- Mandatory annual transparency reports from the PNP-ACG, NBI, and DOJ Office of Cybercrime, broken out by warrant type, requesting unit, provider category, and judicial outcome.
- A statutory sunset review of the SIM Registration Act's disclosure provisions in 2027, against fraud-reduction outcomes that the DICT has so far not quantified.
- A safe harbor under the Data Privacy Act for providers that publish their own Philippine government-request statistics, removing the legal grey area around what aggregated disclosure is permitted.
The Philippines has built a creditable, warrant-based regime in under a decade — and resisted, in the Konektadong Pinoy Act, the temptation to bolt new bulk-access powers onto it. The remaining work is showing, in public and in numbers, that the regime is actually being used the way it was written. A procedural fix without a transparency follow-through is a half-built reform.