The Concept of ‘The SIM Registration Act’ (RA 11934)

The Rule on ‘Real-Time Collection of Traffic Data’

March 26, 2026

The Rule on ‘Confidentiality of SIM Data’

March 26, 2026

I. Introduction

This memorandum provides an exhaustive legal analysis of Republic Act No. 11934, otherwise known as the “Subscriber Identity Module (SIM) Registration Act.” Enacted on October 10, 2022, the law establishes a mandatory registration framework for all Subscriber Identity Module (SIM) cards and social media accounts in the Philippines. The primary legislative intent is to deter the proliferation of electronic communication-aided crimes such as fraud, libel, identity theft, text scams, and terrorism, by establishing a verifiable user identity linked to each SIM. This memo will examine the law’s key provisions, constitutional underpinnings, implementing rules, and its practical and legal implications.

II. Statement of Objectives and Legislative Policy

As declared in Section 2 of the law, the State recognizes the vital role of information and communications technology in nation-building. The policy aims to regulate the registration and use of SIMs to aid law enforcement, end the anonymity that facilitates crimes, and protect consumers from unlawful activities. A core objective is to establish a centralized database administered by public telecommunications entities (PTEs), which shall be made accessible to law enforcement agencies only upon the issuance of a court order or a subpoena in specific cases, thereby attempting to balance security with the right to privacy.

III. Definition of Key Terms

“Subscriber Identity Module (SIM)”: The integrated circuit that securely stores the international mobile subscriber identity (IMSI)* and its related key, used to identify and authenticate subscribers on mobile devices.
“Public Telecommunications Entity (PTE)”: Any entity authorized by the National Telecommunications Commission (NTC)* to provide telecommunications services to the public.
“End-user”: The person who purchases a SIM from a PTE or authorized dealer* and registers it under their name.
“Bureau of Jail Management and Penology (BJMP)” and “Bureau of Corrections (BuCor)”: Government agencies responsible for the custody and rehabilitation of persons deprived of liberty (PDLs)*, for whom special registration procedures are provided.
“Social Media Account”: As defined in the Implementing Rules and Regulations (IRR), an account created on social media platforms* that enables a person to post, share, and interact with content.

IV. Mandatory Registration Requirements

Section 5 mandates the registration of all existing and new SIMs. For individual end-users, registration requires the submission of a duly accomplished control-numbered registration form with the following: (a) full name; (b) date of birth; (c) sex; (d) address; and (e) a valid government-issued identification document with a photo. For juridical entities, the required details include business name, business address, and the authorized signatory’s full name. PTEs are required to verify the submitted information against the presented ID. Failure to register an existing SIM within the set deadlines (as extended) results in deactivation. The sale of an activated but unregistered SIM is prohibited.

V. Registration of Social Media Accounts

Section 6 requires the registration of social media accounts. Upon creation of an account, a social media provider shall require the user to provide a real name and phone number. Crucially, the law states that the provided phone number must be tied to a registered SIM. This provision links online anonymity directly to the SIM registration database. The Department of Information and Communications Technology (DICT), in consultation with relevant agencies, is tasked with issuing the specific guidelines for this section, which, as of this writing, are still pending.

VI. Data Privacy and Security Obligations

Sections 9 and 10 impose stringent data privacy and security obligations on PTEs. They are mandated to adhere to the principles of the Data Privacy Act of 2012 (RA 10173) and are strictly prohibited from disclosing any subscriber information unless upon a lawful order from a court or other competent authorities. The SIM Register (the centralized database) is to be treated as confidential. PTEs must implement reasonable and appropriate organizational, physical, and technical security measures to protect the database. Any breach must be reported to the National Privacy Commission (NPC) and the DICT within 72 hours.

VII. Penal Provisions and Liabilities

The law prescribes graduated penalties for various violations, ranging from fines to imprisonment. The table below provides a comparative overview of the key penal provisions.

Provision Violated	Responsible Party	Penalty
Sale of an activated but unregistered SIM (Sec. 12)	Seller/Authorized Dealer	Fine: ₱100,000 to ₱300,000 for the first offense; ₱300,000 to ₱500,000 for subsequent offenses.
Failure to register a SIM (Sec. 12)	End-user	Automatic Deactivation of the SIM.
Provision of false or fictitious information or use of fraudulent IDs (Sec. 12)	Registrant/End-user	Imprisonment of 6 months to 2 years or a fine of ₱100,000 to ₱300,000, or both. Liability for all damages resulting from the fraudulent registration.
Breach of Confidentiality due to Negligence (Sec. 13)	PTE Employee/Officer	Imprisonment of 6 months to 2 years or a fine of ₱500,000 to ₱4,000,000, or both.
Breach of Confidentiality with Malicious Intent (Sec. 13)	PTE Employee/Officer	Imprisonment of 1 year to 6 years or a fine of ₱500,000 to ₱4,000,000, or both.
Spoofing (i.e., transmitting misleading caller ID info) (Sec. 14)	Any Person	Imprisonment of 6 years to 12 years or a fine of ₱200,000 to ₱2,000,000, or both.
Non-compliance by PTEs (e.g., failure to secure data, maintain register) (Sec. 15)	Public Telecommunications Entity	Fine: ₱500,000 to ₱4,000,000 for the first offense; ₱1,000,000 to ₱5,000,000 and possible revocation of franchise or license for subsequent offenses.

VIII. Constitutional and Legal Issues

The law has been scrutinized for potential conflicts with constitutional rights. Proponents argue it is a valid exercise of police power to promote public safety and order. Critics raise concerns regarding:

The Right to Privacy: While the law incorporates data protection measures, the mandatory collection of personal data and its linkage to social media accounts is seen by some as a form of state surveillance, potentially chilling freedom of speech and expression.

Freedom of Speech and Expression: Anonymity can be essential for whistleblowing, political dissent, and personal security. Mandating real-name registration may create a chilling effect on protected speech.

Due Process and Proportionality: Questions arise as to whether the law is the least restrictive means to achieve its goals, and if the penalties are proportionate to the offenses.

Equal Protection: The special registration procedures for PDLs and minors (who must register under a parent or guardian’s name) are designed to address specific vulnerabilities but require careful implementation to avoid arbitrary classification.

IX. Implementing Rules and Regulations (IRR) and Relevant Issuances

The DICT, NTC, and NPC jointly promulgated the Implementing Rules and Regulations (IRR) on December 12, 2022, which operationalized the law. Key features of the IRR include: detailed registration procedures for various user types (individuals, juridical entities, foreigners, PDLs, minors); technical specifications for the SIM Register; and guidelines for deactivation and reactivation. Furthermore, the NTC has issued several Memorandum Circulars to provide specific directives to PTEs, and the DICT has issued public advisories regarding registration deadlines, which were extended multiple times to accommodate the public.

X. Conclusion

The SIM Registration Act (RA 11934) represents a significant legislative effort to modernize the regulatory environment for mobile and online communications in the Philippines. Its success hinges on the effective and privacy-conscious implementation by PTEs and government agencies, robust enforcement of its penal provisions against bad actors, and vigilant oversight by the NPC and the judiciary to prevent abuses. The law’s ultimate test will be its tangible impact on reducing electronic communication-aided crimes while withstanding constitutional challenges related to fundamental civil liberties. Ongoing review and potential amendments may be necessary to refine its mechanisms and ensure it serves the public interest without undue infringement on constitutional rights.