Detailed overview
The Philippines does not currently have a single comprehensive AI Act. AI is regulated mainly through data privacy law, official AI policy, sectoral regulation and guidance from the National Privacy Commission, or NPC.
NPC Advisory 2024-04
The NPC issued Advisory No. 2024-04 on the Application of the Data Privacy Act to Artificial Intelligence Systems Processing Personal Data. The advisory applies where personal data is processed in the development, deployment, training or testing of AI systems.
The advisory explains that the Data Privacy Act, its implementing rules and NPC issuances apply to AI systems that process personal information or sensitive personal information. An AI system may process personal data during data collection, model training, testing, prompt processing, profiling, inference, output generation, monitoring or system improvement.
Privacy principles
Organisations using AI with personal data must comply with privacy principles, including transparency, legitimate purpose, proportionality, data quality, security, accountability and protection of data-subject rights. High-risk AI processing may require stronger governance, risk assessment, documentation, privacy impact assessment and human oversight.
AI-generated imagery warnings
The NPC has also warned about risks from AI-generated imagery, including misuse of personal information, non-consensual intimate imagery and harmful content involving children. The NPC recommends safeguards, transparency and mechanisms to remove harmful AI-generated content.
Penalties
There is no single Philippine AI-specific penalty table. Penalties arise under the Data Privacy Act, cybercrime law, consumer law, intellectual-property law, employment law, sector-specific regulation or criminal law depending on the AI use case and violation.