OPINION: AI legislation taking a wrong turn in the Philippines

The business process outsourcing (BPO) sector — 1.57 million workers as of 2023, contributing 7.4% of GDP — faces direct displacement as AI absorbs the routine functions that had defined it: customer service, data entry, basic financial processing. The International Labor Organization estimates 89% of BPO jobs face high automation risk. Globally, AI accounted for 26% of all job cuts in April 2026 — the second consecutive month it ranked as the top driver of layoffs, per outplacement firm Challenger, Gray & Christmas. The Philippine BPO sector, built on the exact functions AI is now automating, sits directly in the path of this disruption. Meanwhile, AI-generated deepfakes have moved from hypothetical to documented harm — Senator Ronald Dela Rosa and Mayor Sebastian Duterte shared a deepfake video of fake student interviews about VP Sara Duterte’s impeachment, with Dela Rosa defending it as acceptable because he agreed with the point of the message. The harm is not arriving from the future. It is already here — and it is arriving through deployment.

The Philippines Congress reaches for the EU AI Act as its answer. But this is copying the wrong homework — the EU AI Act was built for jurisdictions that develop and deploy frontier AI, not so much for the ones that deploy it in non-frontier, consumerist states like ours. Philippine legislation may be heading in the wrong direction not because it lacks ambition, but because it is seeking to govern and regulate an AI economy which the Philippines does not have.

Copying the wrong homework

The majority of the bills that were filed in the House of Representatives were framed in EU AI Act’s core structure— risk-based classification, General Purpose Artificial Intelligence (GPAI) regulation with model capability thresholds such as those above 1025 FLOPs, conformity assessments, and provider obligations that flow downstream. The dominant legislative imagination is provider-facing. To be sure, the EU AI Act does regulate deployers aside from providers — but the AI Act targets frontier AI development lifecycles because the EU has the institutional infrastructure, enforcement capacity, and market leverage to make lifecycle governance meaningful and real. Copying the text without considering context produces obligations that exist on paper. The Philippines may lack enforceable long arm jurisdiction over frontier AI systems which the bills are designed to regulate, and it has no domestic AI industry for those obligations to land on in contrast to the EU, which has domestic frontier AI developers like Mistral and Aleph Alpha and an established enterprise AI ecosystem those obligations were written for.

Article continues after this advertisement

When categories break down

A Philippine fintech lending platform illustrates why the provider-deployer distinction breaks down in practice in the Philippines. The Philippine fintech lending platform simultaneously develops its own proprietary AI credit scoring models that supplies an AI system to partner banks and deploys it to Filipino borrowers. If one turns to the pending bills in Congress to find which category which it would fall under, no clean categorical answer emerges— because it functions as provider, deployer, and even user, simultaneously — a hybrid the pending bills’ rigid classification cannot resolve, lacking the role-transformation provisions that make such cases governable under the original EU AI Act framework.

FEATURED STORIES

TECHNOLOGY

TECHNOLOGY

TECHNOLOGY

If a Filipino borrower is wrongly denied credit, who is accountable under a provider-facing regulatory regime? The developer is in Shanghai, outside Philippine territorial jurisdiction. The borrower has no clear appeal pathway. ISP blocking cannot reach algorithmic decisions made inside a locally registered entity. The answer may lay in function-based regulation: obligations that follow what an actor does at each point of contact, not what corporate category it occupies. This requires AI supply chain analysis, focusing on the end user or consumer. When the fintech lending platform scores a borrower, disclosure obligations apply. When it supplies a model to a bank, audit obligations apply. When it denies credit, the right to explanation applies – regardless of whether the fintech lending platform is classified as provider, or deployer.

What actually needs regulation

The solution for writing good black letter law may lay in function-based, not actor-based, approaches.  Function-based regulation maps the risk or harm linked to a function, then imposes the obligation to apply specific controls, and then assigns who shall bear that obligation. One can turn to the OECD AI Incident Monitor (OECD AIM) and MIT AI Risk Repositories, which document AI-related risks globally, be they catastrophic or innocuous risks, including cases specific to the Philippines, and which provide an evidence base for risk selection rather than legislative guesswork.

Using OECD AIM, three categories emerge as the more immediate candidates:

Article continues after this advertisement

Information harms: AI deepfakes being used by politicians to spread misinformation and false claims that can undermine public trust and create cracks within political stability.

Labor harms: AI threatens to displace over 1.3 million positions in the BPO industry due to the deployment of AI in customer service while at the same time there are no safety nets that would protect these workers.

Fairness/rights harms: The National Privacy Commission’s cease-and-desist order against an AI-powered biometric data collection system – citing invalid consent and excessive biometric data collection – shows what enforcement looks like when jurisdiction is clear.

The last case is instructive. The National Privacy Commission acted because the purported harm fell squarely within its privacy mandate. The same institutional logic must extend across sectors: BSP governing AI in credit and lending, DOLE governing algorithmic labor management, DICT governing AI in digital infrastructure. Each agency knows its sector’s risk landscape. The legislation should recognize their domain mandate and empower them to act within it. However, the bills pending in Congress today do not empower sector agencies to act within their mandates. The Philippine Council on Artificial Intelligence created under several bills is an advisory body — not an enforcement mechanism. Advising on AI policy and governing AI deployment are fundamentally different things. Instead of reinventing the wheel or perfunctory copy-paste, the better question for lawmakers today would be: How can AI legislation better harness the domain expertise and existing resources of government agencies today?

The cost of getting it wrong

Like misaligned AI, misdirected legislation is not just ineffective – it is a structural failure, producing controls that are unresponsive at the ground level. Policy transfer scholarship has long warned that copying regulatory frameworks without adapting them to local institutional realities produces what Dolowitz and Marsh call ‘uninformed transfer’, or policies that are detached from the conditions that made them work elsewhere. The Philippine AI bills are a textbook case.

If we push through with legislation that is misaligned with social need, we are not just letting bad actors go ungoverned– we are missing out a governance opportunity throughout the entire deployment layer.

Article continues after this advertisement

What good legislation would do?

Effective AI governance for the Philippines should be function-based, deployer-facing, and tailored to sector-specific risks. It can start even without legislation — through an executive order, sector agencies can coordinate to build deployment-context risk assessments and registries, transferable to a central AI authority once that central body is established. DOLE cannot govern algorithmic labor management alone- it needs DICT’s technical capacity. BSP cannot govern AI in lending without clear risk criteria. No single agency can, but each agency must. The Philippines does not need to copy homework from others. It just needs a good glance of where it actually sits in the global AI supply chain – and legislate from there.

* Yanro Ferrer is a Fellow at AI Safety Diliman under the 1st cohort of its AI Governance Accelerator, focusing on non-frontier AI governance and AI risk-based frameworks in AI policy in the Global South. He also is a lecturer at Ateneo de Manila University, where he teaches and researches digital sociology, technology, and contemporary online cultures. His work focuses on the interaction between humans and technological systems, particularly in the areas of AI, platforms, and sociotechnical life. Drawing from interdisciplinary approaches in sociology and science and technology studies, his research examines how digital infrastructures shape identity, communication, and governance in networked and institutional contexts. Alongside his academic work, he drafts bills and conducts legislative research for a member of the House of Representatives of the Philippines, contributing to policy discussions at the intersection of technology, regulation, and public institutions.

**Atty. Edsel Tupaz is Lead Researcher and Fellow at the AI Governance Accelerator Program of AI Safety Diliman.   He is a Senior Partner at Gorriceta Africa Cauton & Saavedra and leads its Data Privacy, Cybersecurity, and & AI Initiatives practice.  He is included in the Top 100 Lawyers in the Philippines for 2023, 2024, and 2025.

The authors acknowledge the supervision of Ze Shen Chin of AI Standards Lab and a Research Affiliate at the Oxford Martin School AI Governance Initiative, as well as Lenz Dagohoy and Lexley Villasis of AI Safety Diliman.

Your subscription could not be saved. Please try again.

Your subscription has been successful.

AI Safety Diliman is supported by Kairos, an AI safety field-building nonprofit focused on strengthening the global AI safety and policy talent pipeline, and is fiscally sponsored by the Berkeley Existential Risk Initiative, an entity that supports academic and field-building efforts to reduce catastrophic risks associated with advanced technologies.