1. What is the current legal landscape for TMT in your jurisdiction?

Current Legal Landscape

The Philippines is rapidly emerging as one of Southeast Asia’s most dynamic hubs for the Technology, Media, and Telecommunications (“TMT”) industry. With digital activities accounting for a growing share of gross domestic, the Philippine government is shifting toward a modern, innovation-driven, regulatory framework – one designed to attract investment, protect consumers, and adapt quickly to technological changes.

Gorriceta Africa Cauton & Saavedra (“Gorriceta” or “The Firm”) is widely regarded as the leader in navigating and shaping this legal landscape, advising digital banks, blockchain innovators, telecommunications companies, and data center operators, and helping them navigate the complex compliance obligations that define the Philippine regulatory ecosystem.

Key Regulatory Developments

A Robust Framework for Virtual Assets and Fintech

The Bangko Sentral ng Pilipinas (“BSP”) and the Securities and Exchange Commission (“SEC”) have introduced progressive and robust licensing and compliance frameworks for Virtual Asset Service Providers (“VASPs”) and Crypto-Asset Service Providers (“CASPs”).

• Virtual Assets and Crypto-Finance: The BSP and the SEC have introduced robust regimes governing virtual assets, digital finance, and related service providers. BSP Circular No. 1108 (2021) sets out the baseline for VASPs / Virtual Currency Exchanges, imposing stringent requirements on governance, cybersecurity, customer protection, transaction monitoring, and anti-money laundering adherence. SEC Memorandum Circular Nos. 4 and 5 (2025) further institutionalized the oversight of CASPs including local incorporation mandates, minimum capital thresholds, asset segregation, data governance expectations, ongoing reporting, and disclosure regimes for tokenized offerings.
• Electronic Money Issuance and Payment Infrastructure: Fintech’s rails and wallet layer in the Philippines are governed by a separate but complementary set of rules that oversee electronic money and payment systems. Under the National Payment Systems Act (Republic Act No. 11127), the BSP is vested with exclusive authority over payment systems, defines “Operators of Payment Systems” (“OPS”), and establishes the statutory foundation for the supervision of the country’s national payments infrastructure. Electronic Money Issuers (“EMIs”) are subject to the relevant provisions of the Manuals of Regulations for Banks and Non-Bank Financial Institutions, as updated by BSP Circular No. 1166, Series of 2023, which enhanced the regime governing e-money issuance and operations, covering liquidity management, redemption safeguards, consumer protection, and capitalization requirements. In 2024, the BSP further strengthened the digital payments ecosystem by expanding oversight into Merchant Payment Acceptance Activities (“MPAA”) through BSP Circular No. 1198, Series of 2024 which introduced industry best practices and additional consumer safeguards for payment acceptance operators, reinforcing trust in retail digital payments.

Gorriceta supports clients from sandbox applications to ongoing regulator engagement, ensuring layered compliance and real-time risk control implementations.

Regulatory Sandboxes: Controlled Innovation with Legal Clarity

Regulatory sandboxes have become a cornerstone of the Philippines’ approach to fostering controlled innovation with legal clarity. These frameworks allow fintech and other TMT players to pilot novel products and business models under closely supervised, time-bound conditions while receiving tailored regulatory feedback. In addition to the BSP’s FinTech Regulatory Sandbox, the Securities and Exchange Commission’s Strategic Sandbox (“Stratbox”) has emerged as a key channel for innovation, particularly for products that straddle traditional securities regimes and emerging crypto-asset constructs.

Gorriceta has been instrumental in advising clients on entry into both sandbox environments, including early adopters of the Stratbox and the CASP Thematic Sandbox. Gorriceta also assists in structuring pilots so that CASP-related products (such as  controlled-leverage derivatives and staking offerings) are framed appropriately for stratified testing, drafting the required application materials, operationalizing compliance protocols, and reconciling overlapping requirements between the Stratbox and CASP regimes. By doing so, Gorriceta enables clients to conduct real-world market tests with calibrated risk, secure iterative regulatory engagement, and build transition pathways from pilot phase to full-scale deployment.

Sandboxes have also empowered both large incumbents and emerging players, such as Pluang Philippines, to expand their offerings, promote financial inclusion, and drive technological advancement, particularly in underserved markets. The sandboxes now function as a regulatory laboratory for the TMT sector and serve as a model for collaborative policy development between government and industry.

Reducing Market Entry Barriers: A Policy Pivot Toward Accessibility

Another significant legislative milestone is the Konektadong Pinoy Bill, a forward-looking measure that removes antiquated requirements for market participation in the data transmission space. Once enacted, this law will allow Data Transmission Industry Participants (“DTIPs”) to operate with an NTC-issued authorization rather than undergoing the burdensome process of securing a legislative franchise or a Certificate of Public Convenience and Necessity (“CPCN”).

This reform opens the door for more agile market participation, especially by foreign investors, emerging digital telcos, and regional players seeking to invest in Philippine connectivity infrastructure. Gorriceta has already been engaged by early entrants preparing to operate under this streamlined regime and has been instrumental in advising on structuring, capitalization, and cross-border compliance strategies in anticipation of the bill’s enactment.

Collectively, these developments signify a deliberate move by Philippine regulators toward a more open, technology-forward business environment – one that aligns with global trends while fostering localized innovation. Gorriceta continues to be at the forefront of this transformation, leveraging its domain expertise to help clients capitalize on these legal tailwinds.

Faster Pipes, Fewer Permits: The Telco Acceleration Playbook

The government has accelerated telco roll-outs through complementary measures that simplify permits and expand shared infrastructure. The streamlining drive began with the Revised Joint Memorandum Circular No. 01, Series of 2021 issued by allied authorities such as the Anti-Red Tape Authority, the Department of Information and Communications Technology, and the Department of the Interior and Local Government which introduced single-window processing, standardized requirements, and time-bound Service Legal Agreements for towers and related civil works at both national and LGU levels. Building on and broadening those reforms, Executive Order No. 32 issued in 2023 later institutionalized end-to-end permit simplification across agencies and Local Government Units and extended it beyond towers to fiber, poles, in-building solutions, and underground facilities.

From Cart to Compliance: Internet Transactions Act and its Implementing Rules and Regulations (“IRR”)

The Internet Transactions Act, implemented by its IRR, establishes a unified framework for online trade and platform governance, aiming to build trust between digital platforms, online merchants, and consumers. It vests the e-Commerce Bureau with supervisory and enforcement powers, requires platform-level merchant verification and disclosures, sets consumer redress mechanisms and notice-and-takedown duties, and clarifies obligations for foreign operators serving Philippine users. The regime aligns commercial practices with data/privacy, cybersecurity, and advertising rules, and introduces registration and reporting touchpoints that digital marketplaces must incorporate into product and compliance roadmaps.

Algorithms with Accountability: AI Strategy to Statute

AI policy is now moving on two tracks. First, the Department of Trade and Industry’s National AI Strategy Roadmap 2.0 (“NAISR 2.0”) sets the executive-branch agenda for responsible adoption, skills and R&D, and the Center for AI Research (“CAIR”) as a hub for industry–academia collaboration. Second, the Artificial Intelligence Regulation Act (“AIRA”), a bill that would establish a National AI Commission (“NAIC”) attached to the Department of Science and Technology, aims to create a National Registry of AI Systems and make registration a prerequisite for licensing and commercial deployment,  and implement a risk-based framework with an AI Ethics Review Board, transparency and labeling duties, incident reporting, and administrative/civil/criminal penalties for non-compliance.

Public Rails & Trust Layers: Free Public Wi-Fi, Backbone, and National PKI

Connectivity and digital-trust programs continue to underpin market growth. The Free Public Internet Access program of the Department of Information and Communications Technology expands last-mile connectivity in priority sites (e.g. Geographically Isolated and Disadvantaged Areas), complementing the National Fiber Backbone to reduce access costs for ISPs and enterprises. Additionally, to strengthen security and transactional trust, the Philippine National Public Key Infrastructure (“PNPKI”) provides government-grade digital certificates for agencies and private users, enabling secure e-services, e-signatures, and encrypted communications across the ecosystem.

2. What three essential pieces of advice would you give to clients involved in TMT matters?

Establish Regulatory Compliance as a Strategic Pillar from Day One

In a sector where technological advantage is often measured in speed, many innovators overlook foundational compliance. However, in the TMT space, where businesses interface with multiple regulatory authorities (e.g., BSP, SEC, NPC, NTC), mapping all regulatory touchpoints early is not just optional but is prerequisite for sustainable growth.

Gorriceta strongly advises clients to develop a licensing and regulatory roadmap that accounts for every function in the business model, whether it involves handling user data, facilitating transactions, offering financial services, or hosting third-party content. With early planning, businesses can preempt costly regulatory missteps and avoid product rollbacks or public enforcement actions.

In particular, data privacy compliance must be deeply embedded into an organization’s culture. The Data Privacy Act of 2012 remains a key law, but its enforcement has become more proactive. Gorriceta assists clients in going beyond mere checkbox compliance by applying privacy-by-design principles, performing data protection impact assessments (DPIAs), and integrating privacy provisions into user agreements, vendor contracts, and platform operations.

Take a Proactive, Not Reactive, Approach to Intellectual Property (IP) Protection

The advent of AI, open-source systems, and user-generated content has significantly complicated IP strategy. Algorithms trained on third-party data, generative tools creating potentially infringing content, and platforms relying on licensed APIs all carry latent risks.

Gorriceta urges clients to secure their IP early and broadly, including trademarks, source code, software licenses, and proprietary methodologies. The Firm regularly advises on IP registration strategies, platform-specific IP policies, and drafting of robust licensing, confidentiality, and data usage agreements. In emerging sectors like NFT marketplaces and AI-assisted content creation, Gorriceta has also provided legal risk frameworks that help clients balance innovation with enforceability.

 Adopt a Dynamic Mindset: Regulation Moves Fast, and So Should You

The TMT sector is marked by rapid regulatory evolution, often driven by emerging technologies, new consumer behaviors, or global developments. Clients must remain strategically agile to avoid compliance bottlenecks.

Pioneering laws like the Internet Transactions Act of 2023, which now requires stringent seller registration, complaint resolution mechanisms, and liability frameworks for e-commerce platforms, are just the beginning. Gorriceta equips clients with forward-compatible contracts, modular platform terms, and governance structures that can quickly pivot as new laws take effect. The Firm also conducts regulatory horizon scanning, helping businesses anticipate legislative changes and adjust their internal systems accordingly.

3. What are the greatest threats and opportunities in TMT law in the next 12 months?

Threats:

Cybersecurity Vulnerabilities and Digital Fraud

The rapid digitization of financial and TMT services has materially increased clients’ exposure to cyber threats, ranging from data breaches, ransomware, and phishing to sophisticated insider and supply-chain attacks. Philippine regulators now expect robust, enterprise-grade cybersecurity and fraud prevention controls, particularly from VASPs, CASPs, electronic money issuers, and fintech platforms. Compliance overlay includes the Data Privacy Act (and NPC implementing rules) on personal data protection and breach notification, the Cybercrime Prevention Act’s framework for responding to unlawful intrusions, and sectoral guidance from the BSP and SEC requiring incident detection, escalation, and timely remediation protocols.

Gorriceta assists clients in designing and implementing multi-layered cybersecurity and anti-fraud architectures, including governance policies, third-party risk management, encryption standards, continuous monitoring, and red-team exercises. The Firm drafts tailored incident response and data breach playbooks, advises on regulatory notification obligations and timing, and coordinates with the NPC and relevant law enforcement or cybercrime units during post-incident investigations. In addition, Gorriceta counsels on cyber insurance placement, conducts legal and technical risk audits, and integrates cyber resilience into broader compliance and product design strategies to mitigate legal, reputational, and operational fallout from digital threats.

The Rise of Deepfakes and AI Voice Cloning

AI-generated impersonations of public figures, family members, and executives have enabled sophisticated scams and reputational attacks. The misuse of deepfake videos and voice cloning technology has already triggered legal debates around digital identity theft, consent, and platform liability.

Gorriceta is currently working with digital content platforms and telecom providers to embed AI verification tools, establish consent frameworks for voice and likeness usage, and draft terms of service that delineate platform liability. The Firm anticipates this issue escalating into a central compliance area, especially as generative AI tools become more accessible.

Opportunities:

Unprecedented Growth in Digital Infrastructure, M&A, and Cross-Border Investment 

The Philippines is entering a golden age for digital infrastructure investment, fueled by liberalized FDI rules, consumer demand for high-speed connectivity, and regulatory reforms. This has catalyzed a new wave of joint ventures, acquisitions, and project finance arrangements in the TMT space.

Gorriceta represents leading players across these deal types, including investors entering the data center space, fiber broadband consortia, and cloud infrastructure ventures. The Firm has handled the full deal lifecycle, from term sheet negotiation and legal due diligence to regulatory approvals with the NTC, SEC, and Philippine Competition Commission (“PCC”).

Notably, there is an increasing shift toward asset-light models, wherein telcos outsource tower operations, SaaS platforms migrate infrastructure to hyperscalers, and fintechs adopt leaner structures. Gorriceta’s corporate and TMT teams are well-positioned to provide tailored legal support for these emerging configurations.

4. How do you ensure high client satisfaction levels are maintained by your practice?

Gorriceta’s TMT practice sustains high client satisfaction by blending deep subject-matter expertise with a genuinely client-centric execution model and a long-term partnership mindset.

The team is made up of specialists who understand the technical, legal, and commercial intricacies of the digital economy. Whether navigating complex business models, licensing requirements, architecting compliance for cloud-native products, or structuring cross-border data and localization arrangements, the legal advice is commercially aligned, and implementable.

Gorriceta is grounded in a holistic understanding of each client’s operating model, from onboarding and monetization to growth plans, so that legal opinions and solutions are practical, implementable, and aligned with business objectives. Clients regularly highlight Gorriceta’s responsiveness, clarity, and ability to translate complex regulatory risk into manageable, business-forward actions.

Finally, the relationship is seen as lasting rather than transactional. Gorriceta advises clients through multiple funding rounds, product evolutions, and geographic expansions, proactively anticipating legal friction points and adapting advice as the client’s innovation trajectory shifts. This continuity fosters trust, and reinforces satisfaction across each client’s business lifecycle.

5. What technological advancements are reshaping TMT law and how can clients benefit from them? 

Blockchain and Smart Contracts: Codifying Trust

Blockchain has transitioned from a concept to an established infrastructure. Today, it supports a wide range of applications, including cross-border payments, digital ID systems, tokenized real estate, and digital collectibles. The rise of stablecoins, cryptocurrencies pegged to fiat currencies, has significantly impacted remittance flows in the Philippines.

Gorriceta assists clients in structuring blockchain-based operations with complete regulatory compliance, including token issuance strategies, smart contract auditing, and platform governance protocols. The Firm has also provided advice on securities classification, AML protocols, and custodial arrangements related to tokenized assets.

Artificial Intelligence (AI): Automating Compliance and Efficiency

AI is playing an increasingly central role in digitized businesses by automating compliance workflows and improving operational precision, ranging from KYC/KYB onboarding and real-time anomaly/fraud detection to smart contract drafting, predictive risk scoring, and regulatory monitoring. At the same time, its use introduces novel legal and governance considerations around data privacy, explainability, bias, and automated decision-making.

Gorriceta advises clients on the full spectrum of these issues: conducting legal due diligence on AI-enabled systems, assessing privacy and data-use implications under the Data Privacy Act, designing governance frameworks for algorithmic accountability, and embedding transparency and auditability into model deployment.

The Firm also helps structure contractual allocations of liability with vendors, drafts appropriate disclosures for end-users, and builds internal policies for internal oversight. In parallel, Gorriceta engages in early-stage regulatory dialogue and horizon scanning on emerging Philippine AI policy, positioning clients to harness efficiency gains while proactively managing compliance and reputational risk.