A legal analysis released by local law firm Geronimo Law is calling for the consolidation of the Philippine cybersecurity enforcement functions, arguing that the current system of overlapping agencies creates confusion, duplicates work, and slows responses to cyber incidents.
In a seven-page paper titled “The Fragmented State of Cyber Enforcement”, the law firm mapped the roles of various government agencies involved in cybersecurity, cybercrime investigation, prosecution, and data privacy enforcement.
According to the paper, the Cybercrime Investigation and Coordinating Center (CICC) serves as the government’s policy and strategy hub, helping shape national cybersecurity initiatives and overseeing the National Computer Emergency Response Team.
The Department of Justice’s Office of Cybercrime handles legal and international cooperation matters, while operational investigations are conducted separately by the Philippine National Police Anti-Cybercrime Group and the National Bureau of Investigation’s Cybercrime Division.
The National Privacy Commission, meanwhile, focuses on data privacy violations and organizational accountability under the Data Privacy Act.
The report argues that this division of responsibilities creates a complicated regulatory environment for organizations responding to cyber incidents.
“The current distributed layout is structurally confusing. Corporate victims navigating a major network breach face separate reporting demands and duplicate technical requirements,” the paper stated.
It added that organizations often need to coordinate with multiple agencies simultaneously, depending on the nature of the incident.
“They must answer to the privacy commission regarding data leakage, request strategic help from the cybercrime center, and choose between the bureau or the police for an active case,” the report said.
According to the analysis, the resulting fragmentation can strain government resources and create jurisdictional disputes.
“This fragmentation thins out state forensic resources and fuels unnecessary jurisdictional turf wars, slowing down critical incident response times,” the paper noted.
To address these issues, Geronimo Law proposed moving toward a single cyber enforcement authority that would centralize incident reporting, evidence preservation, and litigation processes.
“Achieving robust cyber resilience requires shifting toward a singular, unified enforcement authority to streamline incident reporting, data preservation, and litigation,” the report concluded.
