- within Technology, Environment and Corporate/Commercial Law topic(s)
- with readers working within the Retail & Leisure industries
This briefing sets out a round-up of certain key developments in Philippine technology law in the first three quarters of 2025 and a general situationer on AI use regulation.
And Access For All
Konektadong Pinoy Act Ushers In a New Connectivity Regime;
Implementing Rules Issued
Republic Act No. 12234, commonly known as the Konektadong Pinoy Act (KPA), lapsed into law on August 24, 2025. Its implementing rules and regulations were signed on November 5, 2025 and will come into force 15 days from publication.
The law establishes a new regime for the local telecommunications industry and creates a new player – the data transmission industry participant (DTIP). Data transmission refers to the process of sending and receiving digital or digitized analog signals over a communication medium to one or more computing networks, communication or electronic devices.
The regulatory sea change is that while previously, any services involving connectivity or operating a network required a congressional franchise and a certificate of public convenience and necessity (CPCN) from the National Telecommunications Commission (NTC), the KPA has effectively removed these requirements except for basic telephone services such as landline and mobile phone offerings.
Under KPA, an entity can offer connectivity, and generally need only to register with the NTC as a DTIP.
In practical terms, the new law appears to allow providers such as those offering value added services (VAS) to establish their own networks without having to contract with existing local network operators or in the alternative pursue the more time-consuming and effortful option of obtaining their own franchises and CPCNs.
The KPA is the latest in a series of legal developments that have been seen as opening up the local telecommunications industry: with the acceptance of passive infrastructure operation, specifically, that of tower assets, being confirmed as a non-telecoms business, sometime in 2020, and the relaxation of nationality restrictions applicable to telecoms as well as the nontelecoms characterization of VAS under the 2022 amendment of the Public Service Act.
The IRR
The KPA's implementing rules and regulations (IRR) were made available by the Department of Information and Communications Technology (DICT) on November 5, 2025 and will become effective after 15 days from their date of publication in a newspaper of general circulation. (The discussion on the IRR in this briefing is based on the copy made available by the DICT on its website.)
General policies; data transmission industry segments — The IRR mirrors the open access, fair competition and technology neutrality policies set out in the KPA, and the push towards shared digital infrastructure. While the rules underscore the intent to remove barriers and facilitate registration of providers, they note the need for the NTC to still come up with various eligibility criteria and standards for participants in the data transmission segments: (a) international gateway facilities; (b) core or backbone network; (c) middle mile; (d) last mile; and (e) any other segment as may be defined by the DICT in a separate issuance.
Registration requirement — As noted in the KPA, DTIPs must register with the NTC. The validity of the certificate for last mile participants shall be up to five years, middle mile for up to ten years, and core or backbone network and international gateway facility for up to fifteen years, renewable for the same period. An applicant may request a shorter validity of not less than one year. A registry of all DTIPs is supposed to be published by the DICT and the NTC within three months from the IRR's effectivity.
Change in control — An interesting set of provisions in the new IRR are the change in control provisions. While NTC approval for transfers of licenses and change in control is not a new consideration, the definition of what a substantial change in control is, is notable. For instance, the following, among other transactions, expressly trigger the need for NTC approval: (i) any direct or indirect sale, transfer, or disposal of 20% or more of the voting shares or equity interest of the DTIP, whether in a single transaction or a series of related transactions within a twelve-month period, (ii) any transaction that results in a new entity, person, or group exercising the power to elect a majority of the board of directors or otherwise direct the management and policies of the DTIP, and (iii) assignment or transfer of a material portion of network assets that would impair the DTIP's ability to meet its service obligations.
Passive Infrastructure — The IRR reiterates the requirement for the DICT to promulgate policies that would ensure that passive infrastructure are made available for co-location and co-use by its owners and operators on an open, fair, reasonable and nondiscriminatory basis; are built in remote, unserved, and underserved areas; and are proliferated in the most costefficient and timely manner. The IRR, however, adds that the DICT shall "endeavor" to update its existing tower regulation – specifically DICT Department Circular (DC) No. 08, series of 2020 or the "Policy Guidelines on the CoLocation and Sharing of Passive Telecommunications Tower Infrastructure for Macro Cell Sites" within one month after the IRR's effectivity. Independent tower companies are specifically required in the IRR to "strictly comply" with the DICT's policies on infrastructure sharing.
There is a lot to unpack because of the KPA's and the IRR's broad regulatory footprint — from new cybersecurity requirements to transition issues — and issuances and guidance from the DICT and NTC should be monitored.
For additional discussion on the pre-IRR KPA, see "Dissecting the Konektadong Pinoy Law" by Rose Marie M. KingDominguez, published in The Manila Times, August 29, 2025.
Quicklook at AI
Philippines Seeks to Find Firm Footing in AI Regulation
The Philippines continues to develop a fuller regulatory framework for artificial intelligence (AI) use. This is a brief roundup of legal initiatives and developments in local AI regulation.
Congress has yet to pass a general law focused on AI. Policy analysts view statutes on digital innovation as effectively promoting AI-enabled innovation and workforce readiness (e.g., Republic Act No. (RA) 11293 or the Philippine Innovation Act, and RA 11337 or the Innovation Startup Act (2019)), but these laws do not specifically regulate AI use. RA 11927 or the Philippine Digital Workforce Competitiveness Act (2022), which sets out policies for digital skills training and inclusive access, may be meaningful should local enterprises begin to consider the impact of migrating to automated systems on personnel.
Meanwhile, enterprises seeking to deploy or offer AIdriven services or products must look at general laws and certain sector specific issuances. These include:
- Data Privacy Act of 2012, which regulates the processing of
personal data, including their use in automated processes.
- National Privacy Commission (NPC) Advisory No. 2024-04 that provides guidance on application of personal data privacy laws and related rules and issuances in respect of data processing by AI systems
- Data processing systems operating in the Philippines and utilizing automated processes need to be registered with the NPC.
- The Philippine Constitution, the Civil Code, the Labor Code and other laws on labor, social, health, and human rights protections, which set out potentially relevant principles such as those against discrimination and abuse of right.
- Statutes relating to cybercrime such as the Cybercrime Prevention Act of 2012 and the Antionline Sexual Abuse or Exploitation of Children Act that refer to the use of artificial intelligence to, among others, construct deepfake imagery in the context of producing or distributing sexual assault content.
- RA 11035 or The Balik Scientist Act which prioritizes emerging technologies, including AI, to promote innovation and knowledge transfer, and incentivizes Filipino scientists to engage in mentorship, training, lecture, research and development, technology transfer initiatives, and other similar endeavors.
On government policies focused on AI, the Department of Information Communications and Technology has released the National Cybersecurity Plan (NSCP) 2023-2028 that sets out strategies to address security risks. The Department of Trade and Industry has also proposed a National AI Strategy Roadmap (NAISR), which aims to lay the foundation for the country's AI development. An updated version, NAISR 2.0, was launched in 2024. As part of its initiatives, the trade department has also established the Center for AI Research (CAIR) to serve as an AI research hub.
Philippine lawmakers are eager to make a mark in this area. One of the most recent bills that have been filed in relation to AI is House Bill No. 5158 or the AI Development and Regulation Act, which has been currently referred to the Committee on Information and Communications Technology for consideration. This bill proposes to establish the principles for the development, application and use of AI systems, a "Bill of Rights" for Filipino data subjects, and a Philippine Council on AI, which will act as a policy-making and advisory body. The bill also provides for penalties or creation or use of AI that manipulates, exploits, or controls any person beyond his or her consciousness to materially distort his or her behavior in a manner that is likely to cause him or her or another person physical or psychological harm.
Another notable bill is House Bill No. 1484, or the DataDriven Governance and AI Solutions Act, which seeks to enable the national government and local government units to adopt AI and data-driven systems for public planning, service delivery, and decision-making. It also aims to institutionalize multi-sectoral pilot projects, including: (i) traffic flow optimization using AI prediction models, (ii) disaster risk mapping and early warning systems, (iii) predictive analytics for education, health, and social services, (iv) digital twins for infrastructure and climate resilience, (v) chatbots or virtual assistants for frontline services, (vi) fraud detection in tax collection or procurement, and (vii) natural language processing for document management.
Bills focused on regulating AI use, particularly when employed to commit criminal or harmful acts, include House Bill No. 2312, or the Anti-Deepfake Personality Rights Protection Act, which penalizes the unauthorized creation, dissemination, or commercial exploitation of deepfakes and requires labeling synthetic content, with "deepfake" defined as any AI-generated or manipulated media that falsely depicts a person's appearance, voice, or actions as if they were real or authentic.
Likely Directions
The trend of local policymakers and regulators is to be open to AI use but any general or comprehensive laws or rules on AI that will eventually be passed will likely follow a more protectionist approach, potentially similar to that of the EU's AI Act. A focus on the impact on employment can be expected.
For additional information, see the Philippine chapter of InDepth: Artificial Intelligence Law by Rose Marie M. KingDominguez and Patrick Edward L. Balisong, published in Lexology
Fintech
Latest on Crypto and Digital Assets
The BSP regulations on virtual asset service providers (VASPs) are fairly recent, and this is seen as the policymakers trying to catch up with virtual asset (VA) systems that are delivering financial services in faster and more economical means. Acceptance and use of VASPs is on the rise in the Philippines. In August 2025, the BSP announced that the moratorium on the issuance of new licenses for VASPs shall continue indefinitely. While the BSP recognizes the advantages the roll-out of such services provide, it noted continued concerns on consumer protection and increasing issues on cybercrime as the main driver for the continued moratorium. With respect to existing VASPs, they continue to be able to operate under the regulatory supervision of the BSP.
Similarly, the SEC has recently introduced its own regulatory framework for Crypto Asset Service Providers (CASPs), signaling that crypto-related financial services are not only accepted but are also subject to oversight by both the BSP and the SEC, depending on the nature of the services involved. This reflects a broader national attitude of cautious openness toward the crypto industry.
For additional information, see the Philippine chapter of the Global Fintech Guide by Rose Marie M. King-Dominguez, Melyjane G. Bertillo-Ancheta, Hiyasmin H. Lapitan, John Paul V. de Leon, and Patrick Edward L. Balisong, published in Multilaw
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
