Cybercrime Complaint Procedure Philippines

Cybercrime Complaint Procedure in the Philippines

A comprehensive legal guide as of May 2025

1. Governing Framework

Source of law Key provisions relevant to complaints
Republic Act (RA) 10175 – Cybercrime Prevention Act of 2012 Defines cyber-offences and authorises the DOJ-OOC, PNP-ACG and NBI-CCD to investigate; vests jurisdiction in designated Regional Trial Courts (RTCs); empowers courts to issue preservation, disclosure, interception and search-and-seizure warrants.
Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC, effective 15 Aug 2018) Prescribes six specialised warrants (WPD, WCD, WHCCD, WID, WTD, WSPD) and sets filing, service and return timelines.
Rule on Electronic Evidence (A.M. No. 01-7-01-SC) Admits electronic documents, metadata, logs, and print-outs as functional equivalents of originals if authenticity is shown.
National Prosecution Service (NPS) Rules on E-Complaint Filing (DOJ Dept. Circ. No. 020-2020) Allows digital submission of sworn complaints and annexes to any prosecutor’s office.
Special laws frequently charged together with RA 10175 RA 9995 (Anti-Photo & Video Voyeurism), RA 9775 (Anti-Child Pornography), RA 8484 (Access Devices), RA 11934 (Subscriber Identity Module Registration), RA 10173 (Data Privacy Act), etc.

Practical tip: Even if your grievance squarely fits another statute (e.g., online fraud under RA 8484), add a Cybercrime Act violation whenever any ICT system or device was used. The cyber aggravating circumstance automatically increases the penalty by one degree (Sec. 6, RA 10175).

2. Where to File

Complaining party Primary forum Alternative
Private persons & companies NBI Cybercrime Division (CCD) – online “Report Now” portal or walk-in PNP Anti-Cybercrime Group (ACG) or any field unit
Government agencies Their own CISD/ICT unit, then endorsement to NBI CCD or PNP ACG Department of Information and Communications Technology-Cybercrime Investigation Coordinating Center (DICT-CICC) for high-profile, inter-agency, or cross-border cases

Venue rule: An e-complaint may be filed where any element of the offence occurred, where the computer system or data involved is located, or where the complainant resides. (Sec. 21, RA 10175; A.M. 17-11-03-SC, Sec. 3.)

3. Step-by-Step Complaint Workflow

  1. Evidence Acquisition & Preservation

    1. Capture full-screen screenshots or screen recordings showing the URL bar, date-time stamp, and context.
    2. Download logs, e-mails (with complete headers), chat transcripts, mobile forensics images (.UFDR, .ZIP), CCTV or phone videos.
    3. Execute a Notarised Affidavit of Authenticity by the IT custodian or device owner.
    4. Within 24 hours of learning of the crime, request a Data Preservation Letter from NBI/PNP for the service provider (initial 30 days, renewable up to 180 days).

  2. Filing the Affidavit-Complaint

    • Contents: personal details, narration of facts in chronological order, specific cybercrime provision violated, list of evidence, witnesses, and prayer for relief.
    • Attach digital evidence in read-only flash drives or sealed DVDs, plus hash value (SHA-256) certifications.

  3. Law-Enforcement Validation & Forensic Imaging

    • NBI CCD/PNP ACG issues Documentation/Receipt of Property Seized (Chain-of-Custody Sec. 9, A.M. 17-11-03-SC).
    • Forensic copy created using write-blockers; generates MD5/SHA-1 hashes recorded in the Digital Forensics Report.

  4. Prosecutorial Review (Preliminary Investigation)

    • Complaint docketed in the e-Complaint System; subpoena duces tecum/ad testificandum e-mailed to respondents.
    • Parties submit counter-affidavits. Prosecutor resolves probable cause within 60 days (NPS Manual 2022).

  5. Information Filing & Issuance of Cybercrime Warrants

    • If probable cause is found, an Information is filed in the nearest designated Cybercrime RTC (see SC Administrative Circular 13-2023).

    • Simultaneously, prosecutors or law-enforcement may apply ex parte for:

      • WPD – Web Preservation
      • WCD – Disclosure of subscriber & traffic data
      • WHCCD – Historical call-cell site data
      • WID – Interception (wiretap)
      • WTD – Tracking of real-time traffic data
      • WSPD – Search, seizure & onsite forensic examination

  6. Arrest, Seizure & Digital Triage

    • In-flagrante warrantless arrest remains possible (Rule 113, Sec 5, RoC).
    • Confiscated devices undergo onsite triage (preview only) before transfer to a certified digital laboratory.

  7. Trial

    • The RTC sits as a special cybercrime court; applies Judicial Affidavit Rule to expedite testimony.
    • E-evidence admitted under Rule on Electronic Evidence; authenticity rebuttably presumed if original hash matches.

  8. Judgment & Remedies

    • Conviction penalties follow the penalty next higher in degree doctrine (Sec. 6, RA 10175).
    • Restitution (actual damages) and forfeiture of devices are routinely imposed.
    • Aggrieved parties may appeal to the Court of Appeals within 15 days; interlocutory orders may be assailed via Rule 65.

4. Timelines at a Glance

Process Legal deadline
Compliance by service provider with WCD/WTD Within 72 hours from receipt (A.M. 17-11-03-SC, Sec. 9).
Filing of return for WPD/WSPD 10 days after implementation.
Preservation Letter effectivity 30 days, extendible up to 6 months with court approval.
Prosecutor resolution (PI) 60 days (NPS Manual), extendible for complex cases.
Trial commencement Within 30 days from arraignment (Sec. 8, Cybercrime Act).
Full trial completion Within 180 days (guideline, not mandatory).

5. Specialised or High-Risk Categories

  1. Online Child Sexual Abuse & Exploitation (OCSAE)

    • Parallel application of RA 9775; mandatory in-camera proceedings; immediate blocking or take-down order addressed to ISPs under Sec. 15, RA 9775.

  2. Banking & e-Wallet Fraud

    • BSP Circular 1140 (2022) requires banks/e-money issuers to provide complainants with an initial incident report within 2 hours and final resolution within 10 days.
    • Victims should still file a cybercrime complaint to trigger criminal prosecution.

  3. Data Breach with Criminal Aspect

    • File separate notification to the National Privacy Commission (NPC) under the 72-hour rule, even if a cybercrime complaint is pending.

  4. Cross-Border Offenders

    • The DOJ - Office of Cybercrime (OOC) acts as Central Authority for Mutual Legal Assistance Treaty (MLAT) requests and Budapest Convention channels (Philippines acceded 28 Feb 2024).
    • Extradition may be grounded on cyber-offences carrying at least two years maximum penalty.

6. Frequently Asked Tactical Questions

Question Answer
Can I sue directly in court without going through the NBI or prosecutor? No. All cybercrime cases are public offences. The Information must come from the prosecutor after preliminary investigation or inquest.
Do I need to surrender my phone as evidence? Ideally no; provide a forensic clone or supervised extraction. However, investigators may seize originals if authenticity or chain-of-custody is disputed.
Is mediation possible? Yes, for patrimonial disputes (e.g., online estafa) under Court-Annexed Mediation Rules, but not for cyber-libel, which is public in nature.
What if the suspect is a minor? The Juvenile Justice & Welfare Act (RA 9344) applies; diversion is mandatory for penalties below 12 years. The cyber aggravating circumstance is still assessed.

7. Common Pitfalls & How to Avoid Them

  1. Delays in Preservation Requests – Service providers routinely purge logs after 90 days; file your letter immediately.
  2. Inadmissible Screenshots – Always embed the full URL and system time; better, use hash-stamped captures via trusted apps (e.g., Amber Witness, Hash-My-Photo).
  3. Improper Venue Choices – Filing in a non-cybercrime-designated RTC risks dismissal on jurisdictional grounds.
  4. Chain-of-Custody Breaks – Keep a single, signed Evidence Movement Log; label storage media with date, case number, and hash.

8. Civil & Administrative Avenues

  • Separate civil action for damages may be filed with the RTC or withheld and raised after criminal conviction (Art. 29, Civil Code).
  • NLRC jurisdiction for employer-employee cyber-harassment.
  • NPC complaint for privacy breaches.
  • IC complaint for phishing related to insurance policies.

9. Sample Affidavit-Complaint Skeleton (extract)

AFFIDAVIT-COMPLAINT

I, (Maria Reyes), Filipino, of legal age, … state under oath:

1. That on 8 May 2025 at around 09:30 H, I received an email from <phishing@bank-alert.com>…
2. I clicked the link <https://bankph-verify.info> which triggered an SMS OTP…
3. Respondent John Doe used the credentials to transfer ₱95,000.00 to GCash acct. no. 09XX-XXX-XXXX.
4. The foregoing acts constitute **Violations of Secs. 4(a)(1) [Illegal Access], 4(b)(3) [Computer-related Fraud] & 6, RA 10175**.
x x x

10. Checklist for Complainants

  • Evidence captured with hashes
  • Notarised affidavit with ID photocopy
  • Preservation request filed (< 24 h)
  • USB/DVD labelled and sealed
  • Screenshots printed and signed on reverse
  • Contact details of witnesses attached

11. Key Contacts (as of May 2025)

  • NBI-Cybercrime Division – nbi.gov.ph / (+632) 8525-4093
  • PNP-ACG 24/7 Hotlines – 0998-598-8116 (Globe) / 0917-639-2077 (Smart)
  • DOJ-Office of Cybercrime (OOC)cybercrime@doj.gov.ph
  • DICT-CICCreport@cicc.gov.ph

12. Concluding Notes

Filing a cybercrime complaint in the Philippines remains evidence-centric. The sooner you secure digital traces and engage specialised law-enforcement, the higher your success rate. Because procedures and designated courts can change via Supreme Court circular or DOJ directives, always verify the latest issuances before filing.

This article is for informational purposes only and does not constitute legal advice. For specific cases, consult a Philippine lawyer experienced in cybercrime litigation.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login