For the better part of a decade, the European Union has used its Generalised Scheme of Preferences Plus (GSP+) as a quiet but consequential lever on partner countries' digital and human rights frameworks. The Philippines — a GSP+ beneficiary since 2014 — is once again under that lens. The European Parliament has continued to flag press freedom and digital rights concerns in Manila, pointing to ongoing prosecutions under the Cybercrime Prevention Act of 2012 (Republic Act No. 10175) and to privacy risks around the SIM Registration Act of 2022 (Republic Act No. 11934) raised by the Philippines' own National Privacy Commission (NPC).
Strip away the diplomatic wrapping and the message from Brussels is straightforward: trade preferences and digital governance are no longer separable conversations. For policymakers in Manila — and for capitals across the Indo-Pacific watching this play out — the implications go well beyond a single export schedule.
The GSP+ Hook
GSP+ grants tariff cuts on roughly two-thirds of EU tariff lines for vulnerable developing economies that ratify and implement 27 international conventions covering human rights, labor, environment, and good governance. Compliance is monitored, not merely declared. The European Commission's biennial GSP+ reports and the Parliament's resolutions function as a public scoreboard, and the Philippines has appeared on that scoreboard repeatedly in recent years.
Two issues keep resurfacing:
- Cyberlibel under RA 10175. The Maria Ressa and Rappler proceedings have become the international shorthand for how a broadly drafted online-defamation statute can chill journalism. The original 2012 Act criminalised libel committed "through a computer system," and the Supreme Court upheld that provision in Disini v. Secretary of Justice (2014), albeit narrowing some of the law's other clauses.
- SIM registration under RA 11934. Signed into law in October 2022, the SIM Registration Act made the Philippines one of the last ASEAN economies to mandate identity-linked mobile subscriptions. The stated aim — curbing text-based scams and "smishing" — is legitimate. The execution has been contentious, with millions of SIMs deactivated for non-registration and the NPC publicly raising data-protection concerns about the centralised registry and the role of telcos as custodians of sensitive identity data.
Why the EU Cares — and Why Innovators Should Too
From a pro-innovation standpoint, both files matter for reasons that go beyond press freedom optics.
Cyberlibel laws that criminalise online speech create a structural disincentive for platforms, publishers, and small creators to operate or invest in a market. Intermediary liability becomes unpredictable; community moderators face personal exposure; cross-border services tend to over-remove rather than litigate. The chilling effect is not theoretical — it shows up in editorial caution, in declining investigative output, and in venture caution about backing local digital media.
SIM registration mandates carry a different but related innovation cost. A centralised identity-to-number database is, by design, a high-value target. The NPC's own warnings about implementation risk echo what privacy regulators from Brussels to Bangalore have been saying for years: the larger and more centralised an identity dataset, the more attractive it becomes to attackers and the more catastrophic any breach. Reports of Philippine SIM data appearing on illicit marketplaces in 2023 — which authorities disputed but the NPC investigated — illustrate exactly that risk surface.
A Proportionality Problem, Not a Sovereignty One
It would be easy, and wrong, to frame the EU's interest as overreach. GSP+ is a voluntary scheme; beneficiaries opt in knowing the conditions. The harder and more useful question is whether the Philippines' current toolkit is proportionate to the harms it targets.
Criminalising online defamation to deter disinformation is a sledgehammer where civil remedies and platform-level transparency would do the job with fewer collateral costs to speech and investment.
The same logic applies to SIM registration. If the policy goal is reducing scam texts, the more proportionate path runs through carrier-grade messaging filters, mandatory sender-ID authentication, faster takedown of fraudulent numbers, and better consumer reporting tools — measures that don't require building a nationwide identity honeypot. Several jurisdictions, including Mexico in 2022, have rolled back or struck down comparable mandates after privacy and feasibility concerns mounted.
What Brussels Is Actually Asking For
European Parliament resolutions on the Philippines have not demanded the repeal of either statute. The asks have been narrower and more practical: drop or review pending cyberlibel cases against journalists, align the Cybercrime Act with international free-expression standards, and ensure the SIM Registration Act is implemented with robust data-protection safeguards consistent with the Philippines' Data Privacy Act of 2012 (RA 10173) — which the NPC enforces.
That is a reform agenda a pro-innovation government can embrace without conceding sovereignty. Decriminalising libel (or at least ringfencing it from journalistic activity), tightening retention limits on SIM registration data, and giving the NPC stronger audit powers over the registry would address the GSP+ concerns and make the Philippine digital economy a more attractive destination for capital and talent.
The Bigger Signal
The Manila case is a preview of how trade policy and digital rights will increasingly intersect. The EU's Digital Services Act, the AI Act, and the GSP+ framework are converging into a single proposition: market access — for goods, for services, for data flows — comes with rule-of-law expectations on the digital side of the ledger.
For governments tempted to reach for criminal speech laws or maximalist identity mandates, the cost calculus is shifting. The smarter bet is to build digital frameworks that are credible, proportionate, and exportable. Manila has the institutions — an active NPC, an independent judiciary, a vibrant tech sector — to lead on that front. Brussels' continued attention is an invitation to do so, not a punishment for failing to.