Legal Protections and Compliance Checklist for Small Business Owners in the Philippines

Legal Protections and Compliance Checklist for Small Business Owners in the Philippines

This article is practical guidance, not legal advice. Laws and rates update often; verify current requirements with the relevant agency or a Philippine lawyer/CPA before acting.

1) Choose the right legal form (and protect yourself)

Common structures

  • Sole proprietorship — simplest; owner is personally liable for debts and claims.
  • Partnership — two or more persons; partners can be jointly liable (limited partnerships limit liability of limited partners).
  • Corporation — separate juridical entity; shareholders have limited liability. Includes One Person Corporation (OPC) for single owners.
  • Cooperative — member-owned; governed by the Cooperative Development Authority (CDA).

Risk/Protection tips

  • If you want limited personal liability, pick a corporation/OPC.
  • Use founders’/partners’ agreements (or bylaws/board resolutions) covering ownership, roles, IP ownership, vesting, non-compete/non-solicit (where enforceable), dispute resolution, and exit triggers.
  • Keep personal and business funds separate (own bank account); maintain minutes/resolutions to preserve the corporate veil.

2) Name, registration, and permits (the “basic stack”)

A. Business name & entity

  • Sole proprietor: Register business name with DTI (Department of Trade and Industry).
  • Partnership/Corporation/OPC: Register with SEC (Securities and Exchange Commission).
  • Cooperative: Register with CDA.
  • If you need brand protection beyond the name on your permits, apply for a trademark with IPOPHL.

B. Local government After SEC/DTI registration:

  • Barangay Clearance (where the business is located).
  • Mayor’s/Business Permit from the city/municipality; ensure location is compliant with zoning.
  • Fire Safety Inspection Certificate (BFP).
  • Sanitary Permit (City/Municipal Health Office) where applicable.

C. Tax

  • BIR Registration (TIN; Certificate of Registration).

    • Register books of accounts (manual, loose-leaf, or computerized).
    • Get invoicing/receipting authority (ATP) or enroll in applicable e-invoicing/e-receipting systems if covered.
    • Choose VAT or non-VAT/percentage tax status (based on thresholds). Confirm current thresholds and rates; they change.

D. Special/sector permits (as needed)

  • FDA (food, cosmetics, drugs, medical devices); BAI/BFAR for animals/fisheries.
  • DENR-EMB environmental clearances (ECC, hazardous waste generator registration) for certain activities.
  • BSP licensing for pawnshops/money service businesses; IC for insurance intermediaries.
  • DOTr/LTFRB/Marina/CAAP for transport sectors.
  • BOC (import/export registration) if trading internationally.
  • PEZA/BOI registrations for incentives (if eligible).

3) Philippine tax compliance (owner’s quick map)

Registration choices

  • VAT-registered: charge output VAT, claim input VAT, file monthly/quarterly VAT returns, submit SLSP/summary lists as applicable.
  • Non-VAT/Percentage tax: percentage tax in lieu of VAT (for businesses below VAT threshold and not otherwise required to be VAT). Check current rates.

Income tax

  • Corporations: Corporate income tax (rates depend on size and assets under CREATE).
  • Individuals/sole proprietors/partners: Graduated rates under TRAIN (with quarterly payments); optional 8% tax on gross sales/receipts (in lieu of graduated rates + percentage tax) when eligible.

Withholding

  • Compensation withholding on employee salaries.
  • Expanded withholding on payments to suppliers/professionals subject to listed rates.
  • Annual information returns and alphalists required.

Other

  • Documentary Stamp Tax (for certain instruments).
  • Annual Registration Fee (if applicable), Annual ITR, Audited FS (for thresholds/corporations), BIR 2303 display.

Protect-yourself habits: Keep e-copies of all filings and receipts, reconcile books monthly, calendar deadlines (monthly, quarterly, annual), and perform an annual “tax health check” with a CPA.

4) Employer compliance (if you have people)

Onboard correctly

  • Written employment contracts (probationary/regular/project/fixed-term; job description; work location; schedule; compensation; benefits; confidentiality; IP assignment; data privacy clauses; grounds for termination).
  • Company policies/handbook: working hours, leaves, code of conduct, anti-harassment, discipline, data security, BYOD, remote work, drug-free workplace, grievance.

Social contributions

  • Register and remit for SSS, PhilHealth, and Pag-IBIG; submit monthly/quarterly reports and loan amortizations.

Labor standards (highlights)

  • Minimum wage (varies by region; check RTWPB).
  • Overtime, rest days, night shift differential, holiday pay.
  • 13th month pay (mandatory).
  • Service Incentive Leave (minimum 5 days, with exceptions).
  • Maternity (105 days), paternity (7 days), solo parent, and VAWC leave entitlements where applicable.
  • Security of tenure: valid grounds and due process for termination.

OSH (Occupational Safety and Health)

  • Comply with OSH Law and rules: designate Safety Officer(s) based on risk/size, provide first aiders, conduct safety orientations, and keep accident logs. Provide PPE, medical exams where required, and report notifiable incidents to DOLE.

Anti-harassment & safe spaces

  • Policies, training, and complaint mechanisms under the Anti-Sexual Harassment and Safe Spaces laws; post required signages and designate officers to receive complaints.

5) Data privacy & cybersecurity

  • The Data Privacy Act applies to personal data processing.

  • Appoint a Data Protection Officer (DPO) (internal or outsourced).

  • Maintain a Privacy Management Program:

    • Privacy Notice and Consent (where appropriate).
    • Data Processing Inventory and Records of Processing.
    • Privacy Impact Assessments for high-risk activities.
    • Security measures (organizational, physical, technical).
    • Data Sharing Agreement terms when sharing with third parties.
    • Breach response plan and incident reporting within prescribed timelines.

  • Register with the National Privacy Commission when you meet registration triggers (e.g., sensitive data processing, scale/risk thresholds).

  • For online operations, align with the E-Commerce Act and Cybercrime Prevention standards; implement basic cyber hygiene (MFA, backups, encryption-at-rest/in-transit, least-privilege access, vendor due diligence).

6) Consumer, competition, advertising & pricing

  • Consumer Act: truthful representations, warranties, product safety, recall and complaint handling.
  • Price displays: clear, legible price tags and receipts; include all mandatory charges/fees disclosed up front.
  • Warranties/returns: state policy consistent with law and DTI advisories.
  • Promos/raffles: secure DTI permit where required; publish mechanics and report winners/closure.
  • Philippine Competition Act: avoid anti-competitive agreements, bid-rigging, price-fixing, abuse of dominance; observe merger thresholds if you engage in acquisitions.
  • Advertising: truthful ads, influencer disclosures, health/therapeutic claims only with proper substantiation and approvals (e.g., FDA for health products).

7) Environmental & location compliance

  • Check zoning/land use (LGU).
  • For activities with environmental impact: DENR-EMB permits (ECC, wastewater, air emissions, hazardous waste).
  • Solid & hazardous waste segregation, manifests, and transporter/TSDF accreditation.
  • Fire Code compliance: extinguishers, signage, egress, drills, electrical safety; annual BFP inspection.

8) Intellectual property (protect what you build)

  • Trademarks (brand names/logos) through IPOPHL; conduct clearance search before filing.
  • Copyright (software, content, designs) arises upon creation; consider voluntary deposit/recordation.
  • Patents/Utility models for inventions/technical solutions (assess novelty and commercial value).
  • Trade secrets: NDAs, access controls, and policy discipline.
  • IP assignment & works-for-hire clauses in employment/contractor agreements.

9) Foreign ownership & cross-border issues (if applicable)

  • Check the Foreign Investment Negative List (FINL) for restricted activities and required Filipino ownership percentages.
  • The Anti-Dummy Law penalizes circumvention of nationality rules.
  • Retail trade and other sectors have specific minimum capital and qualification rules (amended in recent years).
  • Cross-border data transfers: use appropriate data transfer safeguards and contract terms.

10) E-commerce and platform operations

  • Terms of Service, Privacy Policy, and Returns/Refunds Policy published on your site/app.
  • Transparent shipping fees, delivery windows, and COD policies; comply with distance selling rules.
  • Electronic invoicing/receipts where covered; retain logs and ensure authenticity/integrity.
  • Marketplace sellers: verify seller identities, respond to take-down notices, and manage counterfeit risk.
  • Digital marketing: consent for email/SMS, unsubscribe links, and proper consent for cookies/trackers.

11) Governance & recordkeeping

  • Maintain minute books (board and shareholders), share registers, and stock certificates (for corporations).
  • File General Information Sheet (GIS) and annual reports with SEC as required.
  • Keep books of account and supporting documents for the statutory retention period.
  • Adopt signing authority matrices, bank resolutions, and related-party disclosure controls.
  • Establish whistleblowing and conflict of interest policies proportionate to size.

12) Inspections, audits, and disputes

  • Expect potential inspections from LGU, BFP, DOLE, DENR, FDA, BIR, and NPC depending on your business.
  • Assign a compliance folder (physical or digital): registrations, permits, proof of payments, policies, training logs, inspection reports, corrective actions.
  • Dispute resolution: include venue, governing law, and arbitration/mediation clauses in contracts when suitable; preserve evidence and timelines for claims/defenses.

13) Insurance you should consider

  • General liability (slip-and-fall, property damage).
  • Property/Fire (including business interruption).
  • Professional liability (E&O) for services businesses.
  • Directors & Officers (D&O) for corporations.
  • Cyber insurance if processing personal data or operating online.
  • Compulsory cover where applicable (e.g., motor vehicle).

14) Ethical and anti-corruption posture

  • Adopt a gifts & hospitality policy aligned with the Anti-Graft and Corrupt Practices Act standards.
  • Procurement controls: competitive quotes, approval thresholds, segregation of duties.
  • Third-party due diligence for agents, customs brokers, and distributors.

15) The Practical Compliance Checklist (print and tick)

Before launch

  • Decide on structure: Sole prop / Partnership / (OPC) Corporation / Cooperative.
  • Reserve/clear business name; trademark search.
  • Register: DTI or SEC/CDA (as applicable).
  • Open corporate bank account; capital contributions documented.
  • Lease/locate premises; verify zoning.
  • Barangay Clearance → Mayor’s/Business Permit → Fire & Sanitary permits.
  • BIR registration, books of accounts, invoicing authority; choose VAT vs non-VAT.
  • Sector permits (FDA, DENR, BSP, etc.).
  • Company policies and employment contracts ready.
  • SSS, PhilHealth, Pag-IBIG registration.
  • Data Privacy: appoint DPO, privacy notice, basic security controls.
  • Insurance quotes and minimum coverage in place.

Monthly/Quarterly

  • Payroll processed; SSS/PhilHealth/Pag-IBIG remitted.
  • Withholding taxes filed and paid.
  • VAT/percentage tax returns (as applicable).
  • Books closed; bank reconciliations done; receipts filed.
  • Safety checks (extinguishers, exits) and housekeeping.
  • Customer complaints log reviewed; refunds/returns resolved.
  • Vendor compliance certificates updated (where applicable).

Annually

  • Renew Mayor’s/Business Permit; Fire Safety inspection.
  • BIR Annual Information Returns and ITR filed; Audited FS (if required).
  • SEC GIS/Annual Report filed (for corporations).
  • Data privacy drills and breach simulation; policy refresh.
  • OSH training refresh; health exams where mandated.
  • Fixed asset inventory and impairment review; insurance renewal.
  • Contract roll-forward: expiries, renewals, price increases.
  • Board/shareholders’ meeting minutes updated (corporations).

Events-based

  • New product? Check FDA/labeling and consumer law claims.
  • New location? Zoning, permits, DOLE establishment report.
  • Price/promo changes? DTI permit (if required) and clear mechanics.
  • Data breach/security incident? Follow NPC timelines and IR plan.
  • Hiring/termination? Observe labor due process and clearances.
  • Importing/exporting? Verify BOC registration and regulated goods permits.

16) Foundational documents (templates to prepare with counsel)

  • Articles of incorporation/partnership; bylaws; OPC minutes book.
  • Board/shareholder resolutions (opening bank accounts; signatories; major contracts).
  • Standard NDAs; employment agreement templates (probationary/regular); contractor agreements with IP assignment.
  • Terms of Service, Privacy Policy, Data Sharing/Addendum, Incident Response Plan.
  • OSH Program; Emergency & Evacuation Plan; Visitor & Access Policy.
  • Finance SOPs: petty cash, reimbursements, procurement policy, asset disposal.
  • Complaints & refunds policy; service level commitments.
  • Records retention schedule and litigation hold policy.

17) Common pitfalls (and how to avoid them)

  • Mixing personal and business funds → Separate accounts and expense policies.
  • Operating without updated permits → Track expiries, set calendar reminders.
  • Wrong tax classification → Reassess when crossing thresholds or pivoting models.
  • Oral hiring/“handshake” deals → Put it in writing, even for short gigs.
  • No privacy/security controls → Start small: DPO, inventory data, MFA, backups.
  • Unsafe premises → Quarterly safety walk-throughs; document fixes.
  • Using a “business name” as “brand protection” → File a trademark with IPOPHL.
  • Ignoring competition/advertising rules → Review claims; keep substantiation files.

18) A lean “first 90 days” compliance plan

Days 1–15: Entity registration, local permits, BIR, bank account, basic policies, SSS/PhilHealth/Pag-IBIG. Days 16–45: Contracts (employment/vendor), invoicing set-up, privacy/DPO, OSH baseline (safety officer, first aid). Days 46–90: Sectoral permits, trademark filing, insurance, internal controls, website policies, staff training.

Final word

Compliance is not a one-time chore—it’s an operating system for your business. Start with the basics above, keep good records, and schedule a yearly tune-up with a Philippine lawyer and CPA to catch regulatory changes early.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login