含羞草社区

The past year was marked by significant legal and regulatory developments in the field of artificial intelligence (AI) as the government, together with its partners and other stakeholders, continue to acknowledge the need for a whole-of-government approach, not just in the related areas of innovation and competitiveness, but also in the area of governance.

The Philippines recently enacted the E-Governance Act, expressly recognising the necessity of leveraging the power of information and communications technology in the delivery of public services to drive national development and progress. Accordingly, one of its objectives is to foster an informed and data-driven decision-making process for policymakers by utilising data analytics results, among other pertinent factors.

Among several e-government programmes sought to be developed or enhanced under the law include the Human Capital Management Information System (HCMIS), which seeks to automate HR-related functions in government by utilising analytics to provide insights necessary for strategic HR functions such as performance management, forecasting, promotion and succession planning. The government is interested in tapping the benefits of automation with the help of AI, thereby opening doors for more investment and/or partnerships with the private sector.

As mentioned in a previous article for this publication, one of the seven strategic imperatives under the country’s National AI Strategy Roadmap 2.0 (NAISR 2.0) is transforming education and nurturing future AI talent. In line with this, the country’s Department of Education has very recently issued its Foundational Guidelines on Artificial Intelligence in Basic Education, which provides the framework for the responsible integration of AI in basic education based on the principle of safe innovation.

The guideline’s framework is anchored on three interrelated areas:

1. 1. AI in education, with key features including an emphasis on:
      1. Human oversight, making clear that AI is a support tool and therefore not a substitute for professional judgement or classroom management, and
      2. Transparency, by requiring disclosures of AI use where appropriate;
   2. Education on AI, which focuses on the development of digital literacy, critical thinking, and ethical awareness so that educators and learners can interact with AI tools safely, assess AI outputs critically, and make informed decisions; and finally,
   3. AI for education systems, which covers the use of AI to enhance education governance, planning, monitoring and school operations.

Under this last area (3), while the Department of Education acknowledges the importance of partnerships and multisectoral collaborations, it requires potential vendors/partners, among others, to agree not to train models on the department’s data.

One of the principles that underpin the guidelines’ framework is risk proportionate regulation, where the department categorises AI applications and usage by risk, applying stricter controls to high-risk uses while enabling safe innovation for minimal or limited risk tools. Risk classifications, in turn, are determined by the system’s purpose and context of use rather than the specific user.

Prior to the implementation of AI technologies, schools are required to undergo Digital Maturity Assessment, and prior to use, the AI system must be registered with the department’s AI Registry.

Another strategic imperative under NAISR 2.0 is establishing a robust, connected and networked environment. In line with this, the country recently enacted the Konektadong Pinoy (Connected Filipino) Act.

Recognising the importance of digital inclusivity and the need to narrow the digital divide, the law pursues an “open access” policy for all qualified data transmission industry participants (DTIPs) in all segments of the data transmission network. DTIPs include VoIP service providers, internet service providers (ISPs), and satellite systems providers or operators (SSPOs) to the extent of their businesses engaged in data transmission services. Companies that qualify as DTIPs can put up or lease their own networks without the need for a congressional franchise. Instead, DTIPs must register with the National Telecommunications Commission (NTC).

“Open access” refers to the system of allowing the use of data transmission networks and associated facilities in a transparent manner, subject to fair, reasonable, and non-discriminatory terms. For instance, the government shall come up with a list of digital infrastructure and services (access list) that is owned, leased or operated by an access provider, access to which is considered necessary to enable an access seeker to offer data transmission services competitively.

The parameters for inclusion in the list are that the access must:

1. 1. Promote competition, entry and expansion of new players; and
   2. Encourage the efficient use of and investment in digital infrastructure.

Access providers shall grant access to digital infrastructure and services contained in the access list on an open, fair, reasonable and non-discriminatory basis, subject to the technical feasibility of the access seeker’s request. Should there be a dispute, the same may be brought to the NTC for resolution.

Any refusal to provide access may result in administrative fines unless the refusal is based on failure to pay open market fees, or where granting access will expose the access provider to security risks detrimental to its technical operations, as confirmed by the Department of Information and Communications Technology (DICT).

The law also requires:

1. 1. The passive infrastructure owner, lessor or operator to make available for co-location and co-use its passive infrastructure, which are necessary for or capable of supporting data transmission networks or services on an open, fair, reasonable and non-discriminatory basis subject to technical feasibility; and
   2. This passive infrastructure is to be built especially in remote, unserved and underserved areas. If a big player refuses access without a valid technical or safety reason, smaller providers may bring the dispute to the NTC, either for enforcement or mediation.

To address legitimate concerns on cybersecurity arising from an “open access” policy, the law requires DTIPs to secure a cybersecurity certification from a reputable third-party organisation within two years from registration; otherwise, it may be suspended or its registration cancelled.

From an international perspective, the above-mentioned legal and policy directions are in line with the country’s assumption of the Asean chair on 1 January 2026, under the theme “Navigating our future together”, where the responsible advancement of AI is expected to play a significant role. The Philippine president emphasised this as he presented his vision of the three Asean pillars: peace and security; economic; and socio-cultural at the national launch of the Philippine chair of Asean 2026.

Philippines Grok takedown highlights AI privacy risks

Earlier this year, the DICT ordered the takedown of AI tool Grok in the Philippines for allowing the generation of malicious content and material involving real people, and even prominent figures, without their knowledge and consent, thereby potentially violating the country’s Cybercrime Prevention Act among other penal laws. However, the takedown was lifted a few days later, after xAI (Grok’s developer) committed to implementing corrective measures.

Considering the close regulatory proximity between AI applications and data protection law, the National Privacy Commission (NPC) recently joined other data protection authorities in issuing a joint statement on AI-generated imagery and the protection of privacy, which expressed concern about AI systems that generate realistic images and videos depicting identifiable individuals without their knowledge and consent, and the harms it may cause.

Although data protection authorities acknowledge that regulatory intervention may be necessary, it urges organisations to:

1. 1. Implement robust safeguards to prevent the misuse of personal information;
   2. Ensure meaningful transparency, including acceptable uses and consequences of misuse;
   3. Provide effective and accessible mechanisms for individuals to request the removal of harmful content involving personal information; and
   4. Address specific risks to children.

DIVINALAW
8/F Pacific Star Bldg,
Sen Gil Puyat Ave cor Makati Ave,
Makati City 1200, Philippines
Tel: +63 2 8822 0808
Email: info@divinalaw.com