The National Privacy Commission issued Circular No. 2022-04 on 5 December 2022, which sets out the registration framework of Data Protection Officers and Data Processing Systems. Under the Circular, personal information controllers and personal information processors operating in the Philippines are required to register with the NPC as long as they meet any of the conditions for registration. The Circular took effect on 11 January 2023.

The National Privacy Commission issued Circular No. 2022-01 on 12 August 2022, entitled “Guidelines on Administrative Fines”. The Circular fixes the administrative fines to be imposed upon personal information controllers or personal information processors for infractions of the Data Privacy Act of 2012, its implementing rules and regulations, and the issuances of the NPC. The Circular takes effect on 27 August 2022 and will apply prospectively. Thus, complaints that have already been filed with the NPC prior to the effectivity date are not covered by the Circular.

The National Privacy Commission recently announced that the deadline for the submission of Annual Security Incident Reports for the years 2018 to 2021 is on 31 October 2022, while the deadline to submit the 2022 version of said report is on 31 March 2023.

On 12 May 2022, the President issued Executive Order No. 169, which seeks to intensify government efforts in strengthening the franchising industry and to help businesses, especially micro, small and medium enterprises, by developing a transparent and business-friendly environment, and promoting fair and equitable practices.