Acceptable Use Policy (Philippines)
ACCEPTABLE USE POLICY
Cybercrime Prevention Act (RA 10175, 2012) | Data Privacy Act (RA 10173, 2012) | Electronic Commerce Act (RA 8792, 2000)
Effective Date: [Effective Date]
This Acceptable Use Policy ("AUP") establishes the rules governing the use of information technology systems, networks, digital platforms, and internet access provided by [Organization Name] ("Company"). This AUP applies to [Covered Persons] who access or use the Company's systems and resources.
1. COVERED SYSTEMS AND RESOURCES
1.1 This AUP applies to the following systems and resources: [Systems Description]
1.2 Use of any covered system or resource constitutes acceptance of this AUP and agreement to comply with all applicable Philippine laws, including the Cybercrime Prevention Act (RA 10175, 2012), the Data Privacy Act (RA 10173, 2012), the Electronic Commerce Act (RA 8792, 2000), and the Intellectual Property Code (RA 8293, 1997).
2. PERMITTED USES
2.1 Covered systems and resources may be used for: (a) legitimate business purposes of the Company; (b) authorized job functions and responsibilities; and (c) limited personal use that does not interfere with work duties, compromise security, or violate this AUP.
3. PROHIBITED CONDUCT
3.1 Users are prohibited from using Company systems or resources to engage in any of the following activities:
(a) Unauthorized access to computer systems, networks, or data — prohibited under Section 4(a)(1) of the Cybercrime Prevention Act (RA 10175, 2012);
(b) Unauthorized interference with data or computer systems, including uploading malware, ransomware, or viruses — prohibited under Sections 4(a)(3) and 4(a)(4) of RA 10175;
(c) Identity theft or unauthorized use of another person's credentials — prohibited under Section 4(b)(3) of RA 10175;
(d) Online libel, cybersex, or distribution of child sexual abuse material (CSAM) — prohibited under Sections 4(c)(1)-(4) of RA 10175 and the Anti-Child Pornography Act (RA 9775, 2009);
(e) Unauthorized collection, use, or disclosure of personal data of third parties — prohibited under the Data Privacy Act (RA 10173, 2012);
(f) Reproduction, distribution, or public communication of copyrighted material without authorization — prohibited under the Intellectual Property Code (RA 8293, 1997);
(g) Sending unsolicited commercial communications (spam) in violation of the Anti-Spam provisions of RA 10175;
(h) Gender-based online harassment in violation of the Safe Spaces Act (RA 11313, 2019);
(i) Any activity that facilitates or constitutes money laundering in violation of the Anti-Money Laundering Act (RA 9160, as amended);
(j) Any other activity that violates Philippine law or exposes the Company to legal liability.
4. MONITORING AND PRIVACY
4.1 [Monitoring Statement]
4.2 The Company may, without prior notice, inspect, copy, review, or delete any content stored in or transmitted through Company systems for security, compliance, or investigative purposes, consistent with NPC Advisory Opinion 2018-020 and the Data Privacy Act (RA 10173).
5. ENFORCEMENT AND CONSEQUENCES
5.1 Violations of this AUP may result in: (a) written warning; (b) suspension of system access; (c) disciplinary action up to and including termination of employment in accordance with the Labor Code (PD 442) and Company HR policies; and (d) referral to law enforcement authorities, including the NBI Cybercrime Division at nbi.gov.ph and the PNP Anti-Cybercrime Group (PNP-ACG), where violations constitute criminal offenses under RA 10175 or other Philippine law.
5.2 To report suspected violations of this AUP, contact: [Reporting Contact]
6. AMENDMENTS
6.1 The Company reserves the right to amend this AUP at any time. Amendments will be communicated through official Company channels, and continued use of Company systems constitutes acceptance of the amended AUP.
Authorized Representative
________________
Signature
User Acknowledgment
________________
Signature
What Is a Acceptable Use Policy (Philippines)?
An Acceptable Use Policy in the Philippines lays down the policy the organisation applies, giving staff or users clear guidance on their responsibilities.
The Cybercrime Prevention Act (RA 10175) is the primary Philippine statute criminalizing unauthorized access to computer systems, data interference, system interference, and computer-related identity theft. An AUP gives contractual teeth to these legal prohibitions by making users expressly acknowledge the boundaries of permitted conduct. Organizations that publish and enforce an AUP are better positioned before the National Bureau of Investigation (NBI) Cybercrime Division and the Philippine National Police Anti-Cybercrime Group (PNP-ACG) when seeking to prosecute unauthorized users or report cybercrime incidents.
For Philippine internet service providers (ISPs) licensed by the National Telecommunications Commission (NTC) under Republic Act 7925 (Public Telecommunications Policy Act), an AUP is both a commercial and regulatory document. NTC Memorandum Circular 07-07-2007 and subsequent circulars require ISPs to implement mechanisms to prevent misuse of their networks, which is typically operationalized through a published AUP. Bangko Sentral ng Pilipinas (BSP) Circular 982 (2017) on technology risk management also recommends that BSP-supervised financial institutions implement AUPs for their information systems.
An Acceptable Use Policy differs from a Terms and Conditions agreement in that the AUP focuses specifically on the technical and behavioral rules for system and network use — particularly cybersecurity-related conduct — while the T&C covers the broader commercial relationship. In practice, many Philippine organizations incorporate the AUP as a schedule or exhibit to the T&C.
The legal framework governing the Acceptable Use Policy (Philippines) in Philippines draws on several key statutes and regulatory bodies. Under Philippine law, the Civil Code of the Philippines (Republic Act No. 386) governs contractual obligations. The Revised Corporation Code (Republic Act No. 11232) regulates corporate entities through the Securities and Exchange Commission (SEC). The Labor Code of the Philippines (Presidential Decree No. 442) and Department of Labor and Employment (DOLE) govern employment matters. The Data Privacy Act of 2012 (Republic Act No. 10173) and the National Privacy Commission (NPC) protect personal data. The Bureau of Internal Revenue (BIR) administers tax obligations under the National Internal Revenue Code. Parties executing a Acceptable Use Policy (Philippines) in Philippines should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Revised Corporation Code (RA 11232, 2019) sets the foundational requirements.
When Do You Need a Acceptable Use Policy (Philippines)?
An Acceptable Use Policy is needed by any Philippine organization that provides technology systems, internet access, digital platforms, or computing resources to users, employees, or third parties.
Any Philippine company that provides employees with access to corporate IT systems — including computers, email, internet connectivity, and cloud applications — needs an AUP as part of its employment policies. The DOLE's guidelines on digital workplace conduct and the Labor Code (PD 442) recognize that employers may regulate the use of company resources through documented policies, and the National Labor Relations Commission (NLRC) has upheld dismissals based on violation of company IT policies where the AUP was clearly communicated to employees.
An internet service provider (ISP) or telecommunications company licensed by the National Telecommunications Commission (NTC) needs an AUP to define prohibited network uses — including spamming, unauthorized port scanning, distribution of malware, and facilitation of phishing attacks — consistent with the Cybercrime Prevention Act (RA 10175).
A cloud computing service provider, web hosting company, or SaaS platform serving Philippine customers needs an AUP to protect its infrastructure from abuse, limit its liability for user-generated content under the Electronic Commerce Act (RA 8792), and establish grounds for service suspension or termination.
A Philippine university, school, or educational institution providing students and faculty with internet access and computing facilities needs an AUP consistent with the Commission on Higher Education (CHED) and Department of Education (DepEd) guidelines on responsible technology use.
A financial technology (fintech) company supervised by the Bangko Sentral ng Pilipinas (BSP) needs an AUP as part of its technology risk management framework under BSP Circular 982 (2017) and the Manual of Regulations for Banks (MORB).
Parties in Philippines should prepare a Acceptable Use Policy (Philippines) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Philippine law, the Civil Code of the Philippines (Republic Act No. 386) governs contractual obligations. The Revised Corporation Code (Republic Act No. 11232) regulates corporate entities through the Securities and Exchange Commission (SEC). The Labor Code of the Philippines (Presidential Decree No. 442) and Department of Labor and Employment (DOLE) govern employment matters. The Data Privacy Act of 2012 (Republic Act No. 10173) and the National Privacy Commission (NPC) protect personal data. The Bureau of Internal Revenue (BIR) administers tax obligations under the National Internal Revenue Code. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Acceptable Use Policy (Philippines)
A thorough Philippine Acceptable Use Policy must include the following essential elements.
Scope and Applicability: Clear statement of which systems, networks, and services are covered by the AUP, and which users — employees, contractors, customers, or third-party vendors — are subject to it.
Permitted Uses: Description of the authorized purposes for which the systems or services may be used, including any limitations on personal use of corporate resources.
Prohibited Conduct: Detailed list of prohibited activities, including: unauthorized access or hacking in violation of Section 4 of the Cybercrime Prevention Act (RA 10175); distribution of malware, viruses, or ransomware; spamming or phishing; unauthorized collection of personal data in violation of the Data Privacy Act (RA 10173); transmission of child sexual abuse material (CSAM) in violation of the Anti-Child Pornography Act (RA 9775); online libel in violation of Section 4(c)(4) of RA 10175; and copyright infringement under the Intellectual Property Code (RA 8293).
Monitoring and Privacy: Statement of the organization's right to monitor system use, with appropriate notice to employees under NPC Advisory Opinion 2018-020 on workplace monitoring and the constitutional right to privacy under Article III, Section 2 of the 1987 Constitution of the Philippines.
Enforcement and Consequences: Graduated enforcement mechanisms — from warning to account suspension to termination — and the organization's right to refer violations to law enforcement, including the NBI Cybercrime Division or PNP-ACG.
Reporting Mechanism: A clear process for users to report suspected violations of the AUP, including contact details for the organization's IT security or compliance team.
Amendment: Right of the organization to amend the AUP with appropriate notice, consistent with Civil Code Article 1306 on contractual freedom within the bounds of law and morals.
Additional compliance elements for a Acceptable Use Policy (Philippines) used in Philippines include: Under Philippine law, the Civil Code of the Philippines (Republic Act No. 386) governs contractual obligations. The Revised Corporation Code (Republic Act No. 11232) regulates corporate entities through the Securities and Exchange Commission (SEC). The Labor Code of the Philippines (Presidential Decree No. 442) and Department of Labor and Employment (DOLE) govern employment matters. The Data Privacy Act of 2012 (Republic Act No. 10173) and the National Privacy Commission (NPC) protect personal data. The Bureau of Internal Revenue (BIR) administers tax obligations under the National Internal Revenue Code. Forms-legal.com provides this template as a starting point for Philippines-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Acceptable Use Policy (Philippines) (Philippines) [Legal document template]. Forms Legal. https://forms-legal.com/philippines/business/contracts/acceptable-use-policy-philippines
"Acceptable Use Policy (Philippines) (Philippines)." Forms Legal, 2026, https://forms-legal.com/philippines/business/contracts/acceptable-use-policy-philippines.
@misc{formslegal-acceptable-use-policy-philippines,
author = {{Forms Legal}},
title = {Acceptable Use Policy (Philippines) (Philippines)},
year = {2026},
howpublished = {\url{https://forms-legal.com/philippines/business/contracts/acceptable-use-policy-philippines}},
note = {Free legal document template. Based on Revised Corporation Code (RA 11232, 2019)}
}Also available for these jurisdictions:
Frequently Asked Questions
A Philippine Acceptable Use Policy should reference several key statutes. The Cybercrime Prevention Act of 2012 (RA 10175) criminalizes unauthorized access, data interference, system interference, computer-related identity theft, computer-related fraud, cybersquatting, cybersex, child pornography, unsolicited commercial communications (spam), and online libel — all of which should be prohibited in an AUP. The Data Privacy Act of 2012 (RA 10173) prohibits unauthorized processing of personal data, and users should be prohibited from collecting, storing, or transmitting personal data of third parties through the system without authorization. The Intellectual Property Code of the Philippines (RA 8293, 1997) prohibits copyright infringement and trademark violation — users should be prohibited from uploading or distributing infringing content. The Electronic Commerce Act (RA 8792, 2000) governs the legal validity of electronic transactions and documents on the platform. The Anti-Child Pornography Act (RA 9775, 2009) and the Anti-Photo and Video Voyeurism Act (RA 9995, 2009) prohibit the distribution of illegal content. The Safe Spaces Act (RA 11313, 2019) prohibits gender-based online harassment, which should be addressed in the AUP's content and conduct rules.
Yes, a Philippine employer may monitor employee use of company-owned systems, networks, and devices, but this right must be exercised within constitutional and statutory limits. The 1987 Constitution of the Philippines guarantees the right to privacy under Article III, Section 2 (right against unreasonable searches and seizures) and Article III, Section 3 (right to privacy of communication). The Supreme Court of the Philippines, in Pollo v Constantino-David (G.R. No. 181881, 2011), held that government employees have a reduced expectation of privacy in employer-owned computers used for official work when a policy on computer use is in place. For private-sector employees, the National Labor Relations Commission (NLRC) has recognized employer monitoring rights where the employer has a clear, documented, and communicated AUP or IT policy. The National Privacy Commission (NPC) Advisory Opinion 2018-020 on workplace monitoring requires that employees be informed of the monitoring in advance, and that monitoring be limited to what is necessary for the legitimate purpose (e.g., security, productivity). CCTV monitoring, email monitoring, and internet use tracking are permissible under the Data Privacy Act (RA 10173) where the AUP or employment contract establishes the legal basis for such processing.
The Cybercrime Prevention Act of 2012 (RA 10175) imposes criminal penalties that are one degree higher than those prescribed by the Revised Penal Code (Act 3815, 1930) for equivalent offline offenses. Unauthorized access to a computer system (hacking) carries imprisonment of prision correccional (6 months and 1 day to 6 years) or a fine of not less than PHP 200,000. Computer-related identity theft carries prision mayor (6 years and 1 day to 12 years) or a fine of at least PHP 200,000. Online child pornography under Section 4(c)(2) of RA 10175 carries reclusion temporal (12 years and 1 day to 20 years) per the Anti-Child Pornography Act (RA 9775). Online libel under Section 4(c)(4) of RA 10175 carries prision correccional in its minimum period. The Supreme Court in Disini v Secretary of Justice (G.R. No. 203335, 2014) upheld most provisions of RA 10175 as constitutional, confirming the law's broad scope. The Department of Justice (DOJ) Office of Cybercrime (OOC) at doj.gov.ph and the NBI Cybercrime Division at nbi.gov.ph are the primary agencies handling cybercrime complaints and prosecution.
A Acceptable Use Policy (Philippines) does not legally require a lawyer in Philippines, and individuals and businesses may draft and execute the document independently. The Revised Corporation Code (RA 11232, 2019) does not mandate legal representation for the creation or signing of this type of document. However, seeking independent legal advice from a qualified Philippines lawyer is recommended for transactions involving substantial financial value, complex regulatory requirements, or cross-border elements where multiple legal jurisdictions may apply. A lawyer can verify that the document complies with all applicable statutory requirements, identify potential risks specific to the transaction, and confirm that the terms adequately protect the interests of all parties involved. The Supreme Court of the Philippines has jurisdiction over disputes arising from this type of document, and Securities and Exchange Commission (SEC Philippines) may impose additional compliance obligations depending on the nature of the underlying transaction. Professional legal review is particularly advisable where the document will be submitted to government agencies or used as evidence in legal proceedings.
A Acceptable Use Policy (Philippines) does not legally require a lawyer in the Philippines, though legal advice is recommended. Under Philippine law, the Civil Code of the Philippines (Republic Act No. 386) governs contracts. The Securities and Exchange Commission (SEC) regulates corporate documents. The Department of Labor and Employment (DOLE) oversees employment agreements. The Data Privacy Act of 2012 (Republic Act No. 10173) and National Privacy Commission (NPC) impose data protection obligations. The Bureau of Internal Revenue (BIR) requires tax compliance. Forms-legal.com provides this template as a starting point — always review with a qualified Philippine attorney for significant transactions. Under Philippines law, Revised Corporation Code (RA 11232, 2019), parties should seek independent legal advice from a qualified lawyer to confirm compliance with all applicable requirements. Under Philippine law, the Civil Code of the Philippines (Republic Act No. 386) governs contractual obligations. Forms-legal.com provides this template as a starting point for Philippines-compliant documentation.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Terms and Conditions (Philippines)
A comprehensive Terms and Conditions agreement for Philippine businesses and websites, compliant with the Electronic Commerce Act (RA 8792), Consumer Act of the Philippines (RA 7394), and Data Privacy Act (RA 10173). Covers user obligations, intellectual property, limitation of liability, governing law, and dispute resolution under Philippine law.
Privacy Policy (Philippines)
A compliant Privacy Policy for Philippine businesses under the Data Privacy Act of 2012 (RA 10173), National Privacy Commission (NPC) regulations, and the implementing rules. Covers lawful basis for processing, data subject rights, retention periods, cross-border transfers, and NPC complaint procedures.
Website Terms of Use (Philippines)
Website Terms of Use for Philippine websites and digital platforms, compliant with the Electronic Commerce Act (RA 8792), Cybercrime Prevention Act (RA 10175), and Data Privacy Act (RA 10173). Covers site access, user conduct, content ownership, disclaimers, and Philippine governing law.