Corporate Cyber Libel in the Philippines: When Companies and Officers Face Criminal Liability for Social Media Defamation

Introduction: Why corporate cyber libel issues arise in business disputes

Corporate competition often spills into public statements—press releases, official Facebook posts, “clarifications” on X (Twitter), or paid content that criticizes a rival. In the Philippines, these communications can trigger criminal exposure for libel when they impute a discreditable act, condition, or circumstance and are published to third persons. When the publication happens online, the issue becomes cyber libel, which carries a heavier penalty than ordinary libel under the Cybercrime Prevention Act of 2012 (Republic Act No. 10175, 2012), particularly because offenses committed through information and communications technology are penalized more severely.

This article explains (1) whether a company can sue or be sued for social media defamation, (2) what cyber libel is under Philippine law, and (3) when corporate officers and responsible employees can be held criminally liable for defamatory corporate posts or press releases—especially those aimed at competitors.

Governing laws and rules for online libel involving companies

1) Libel under the Revised Penal Code

Cyber libel builds on the concept of libel under the Revised Penal Code provisions on defamation. In online settings, the legal analysis generally begins with whether the statement is libelous in the first place (imputation + publication + identifiability + malice, subject to recognized defenses).

2) Cyber libel under the Cybercrime Prevention Act of 2012 (RA 10175, 2012)

RA 10175 treats libel committed through a computer system as a cybercrime content-related offense. The Supreme Court has clarified that cyber libel is not a “new” crime separate from libel; it is the same libel offense, committed through ICT, with the ICT element functioning as a qualifying circumstance and affecting penalty and related cybercrime rules. This is explained in Causing v. People of the Philippines, et al. (G.R. No. 258524, 2023) and reaffirmed in Causing v. People (G.R. No. 258524, 2026).

3) Corporate liability under RA 10175

RA 10175 expressly recognizes corporate (juridical person) liability for cybercrime offenses when committed on behalf of or for the benefit of a juridical person by persons in positions of authority, or when made possible by lack of supervision or control. The statute provides for fines against the juridical person without prejudice to the criminal liability of the natural person who committed the offense (Cybercrime Prevention Act of 2012, RA 10175, Section 9, 2012).

4) DOJ mediation rules affecting the civil aspect of libel/cyber libel complaints

For certain offenses including libel and cyber libel, DOJ rules require mediation of the civil aspect before or in relation to the preliminary investigation process, subject to the circular’s coverage and exclusions (Department Circular No. 031, 2023). This can matter in corporate disputes where parties want damages, apology/rectification, or settlement terms, not only prosecution.

Is there “internet libel” under the Revised Penal Code alone?

For statements made online before the effectivity of RA 10175, the Supreme Court has recognized the view that the Revised Penal Code’s “similar means” did not originally include the internet, so criminal liability under Article 355 for online publication had serious limitations pre-RA 10175. This is reflected in Peñalosa v. Ocampo, Jr. (G.R. No. 230299, 2023), which discusses the absence of “internet libel” under the RPC for online posts prior to RA 10175.

For current disputes, however, RA 10175 squarely covers libel committed through computer systems, and the doctrinal framing is that cyber libel is still libel—committed through ICT—rather than a wholly separate species of offense (Causing v. People of the Philippines, et al., G.R. No. 258524, 2023; Causing v. People, G.R. No. 258524, 2026).

Prescription: How long do you have to file a cyber libel case?

Because cyber libel is treated as the same crime as libel (with ICT as the mode/qualifying circumstance), the Supreme Court held that the one-year prescriptive period for libel under the Revised Penal Code applies to cyber libel, and it is generally counted from discovery by the offended party, authorities, or their agents (as discussed in Causing v. People of the Philippines, et al., G.R. No. 258524, 2023; and Causing v. People, G.R. No. 258524, 2026).

This is a crucial corporate risk point: a company that delays internal fact-finding, board discussion, or demand letter exchanges may inadvertently run into prescription issues if it intends to pursue a cyber libel complaint.

Can a company sue for cyber libel?

A corporation may pursue remedies when its reputation is attacked, but the approach requires careful framing.

Criminal angle: Philippine criminal law traditionally focuses on natural persons as offended parties in personal defamation, but corporate entities can be implicated in disputes involving reputation, goodwill, and business standing. In practice, cyber libel complaints often proceed where the defamatory imputation targets identifiable persons (officers, representatives) or where the publication clearly pertains to the corporation’s reputation in a way that connects to identifiable individuals. The viability depends heavily on the exact statements, identifiability, and proof of publication and malice.

Civil angle: Even where criminal theory is disputed, a corporation frequently has a clearer path in civil claims for damages related to defamatory publications that injure business reputation, goodwill, or cause quantifiable harm. Historically, Philippine libel law has recognized civil actions alongside criminal enforcement (Act No. 277, 1901, which provided a right of civil action in libel contexts).

Can a company be sued (or prosecuted) for cyber libel?

Yes, in the sense that a company can face juridical person liability under RA 10175 in the form of fines when cybercrime offenses are knowingly committed on its behalf or for its benefit by those in authority, or when the offense is enabled by lack of supervision or control (Cybercrime Prevention Act of 2012, RA 10175, Section 9, 2012).

Separately—and more urgently from a personal-risk perspective—natural persons (officers, employees, social media managers, PR heads, editors, and approving executives) may face criminal liability depending on their participation, approval, authorship, or control over publication.

When corporate officers can be held criminally liable for defamatory posts or press releases

In corporate cyber libel disputes, criminal exposure typically turns on authorship, approval, control, and benefit. RA 10175’s corporate liability framework supports the theory that cybercrime acts can be committed “on behalf of” or “for the benefit of” a juridical person by individuals in leading positions, and that lack of supervision/control can also trigger corporate fines—while preserving the individual’s criminal liability (RA 10175, Section 9, 2012).

Common situations that create officer exposure

The following scenarios frequently appear in competitor disputes:

• Official corporate statement approved at the top: A CEO/President or Chair approves a press release accusing a competitor of fraud, illegal activity, or scams, and it is posted on the company website and social media pages.
• “Marketing war” posts: The marketing head runs ads or posts suggesting a rival’s product is fake, unsafe, or stolen IP, without solid factual basis.
• Compliance or “public warning” announcements: A corporation posts “advisories” naming a competitor as unlicensed or violating laws, when the matter is disputed or inaccurately stated.
• Delegated posting with weak controls: Social media admins publish harsh accusations based on internal rumors; leadership claims it was “not authorized,” but there are no approval workflows.

Proof issues: What investigators and courts usually look for

In corporate cyber libel cases, the dispute often becomes evidence-driven. Typical proof points include:

• Who wrote the text (drafts, emails, chat approvals, document metadata).
• Who approved publication (sign-offs, board or executive instructions, PR clearance protocols).
• Who controlled the account/page (admin roles, business manager access, authentication logs).
• Whether the statement was made for corporate benefit (competitive advantage, damage to rival, crisis response).

Even outside the cyber libel setting, Philippine regulatory decisions reflect the willingness to hold responsible corporate officers personally liable when they are shown to have knowledge, participation, or reasonable grounds to know the wrongful nature of corporate communications. For example, in securities enforcement, misleading statements can result in liability not only for the corporation but also for responsible officers when knowledge can be established (SEC En Banc Case No. 03-24-541, 2026). While this is a different legal regime, the evidentiary themes—control, knowledge, and responsibility—often mirror how corporate communications are assessed in other contexts.

Summary table: Company vs officer exposure in corporate cyber libel disputes

Who may be liable	Possible basis	Typical trigger in competitor posts
Corporation (juridical person)	RA 10175, corporate liability and fines (Section 9, 2012)	Post issued on behalf/for benefit of company; weak supervision controls enable defamatory content
CEO/President/Chair or approving officer	Individual criminal liability preserved under RA 10175 (Section 9, 2012); cyber libel treated as libel committed through ICT (Causing, 2023; 2026)	Approval of press release/post imputing crime, fraud, dishonesty, or discreditable condition
PR head, marketing lead, social media manager, content writer	Direct participation in drafting/publishing; proof of control over publication channel	Authorship, scheduling, boosting/advertising, refusal to retract after demand

Procedures: What happens after a corporate cyber libel complaint is filed

1) Assess coverage for mediation of the civil aspect

Under DOJ Department Circular No. 031 (2023), the civil aspect of cyber libel and libel complaints may be routed to mediation under the circular’s conditions, with exclusions depending on the nature of the case and accompanying offenses.

2) Preliminary investigation and evidence building

Corporate parties should expect requests for screenshots, URLs, device/account ownership information, certifications, and witness affidavits. Since cyber libel is typically time-sensitive due to prescription, evidence gathering should be organized early (Causing v. People of the Philippines, et al., G.R. No. 258524, 2023; Causing v. People, G.R. No. 258524, 2026).

3) Litigation decisions and who may pursue remedies

In criminal proceedings, the State controls prosecution decisions and remedies. Relatedly, the Supreme Court has emphasized limits on a private offended party’s standing in challenging certain prosecutorial/court actions in criminal cases, underscoring that criminal procedure choices may restrict what a private complainant can do independently (Peñalosa v. Ocampo, Jr., G.R. No. 230299, 2023).

Compliance and risk reduction for corporations and officers

Corporations can reduce cyber libel exposure (and protect officers) by formalizing controls that show good faith, diligence, and supervision.

• Adopt a publication approval matrix: Define who can publish “official” competitor-related statements and require legal review for high-risk content.
• Use substantiated language: Avoid categorical accusations of crimes (e.g., “estafa,” “scammer,” “illegal,” “fake”) unless backed by verifiable public records and carefully framed.
• Separate opinion from factual assertions: Ensure statements do not imply undisclosed defamatory facts.
• Retention and audit trails: Keep drafts, approval emails, and admin access logs to establish who authored/approved content.
• Rapid response protocol: If a post is challenged, preserve evidence and consult counsel immediately; evaluate retraction, clarification, or mediation options under DOJ rules.

Conclusion: What companies and officers should remember

In the Philippines, social media defamation in a corporate setting can escalate into cyber libel, and liability may attach both to the corporation (through fines under RA 10175’s corporate liability scheme) and to individual officers and employees who author, approve, or control publication (Cybercrime Prevention Act of 2012, RA 10175, Section 9, 2012). The Supreme Court’s rulings emphasize that cyber libel is essentially libel committed through ICT, and it prescribes in one year counted from discovery—making early legal assessment and evidence preservation critical (Causing v. People of the Philippines, et al., G.R. No. 258524, 2023; Causing v. People, G.R. No. 258524, 2026).

For corporations, the safest approach is to treat competitor-related public communications as high-risk: build approval workflows, require legal review, document decision-making, and consider mediation avenues where appropriate (Department Circular No. 031, 2023). For officers, the takeaway is simple: if you authorize or control a defamatory corporate post, you may be exposed personally—regardless of whether the message was issued “in the company’s name.”

About Nicolas and De Vega Law Offices

 Nicolas and de Vega Law Offices is a full-service law firm in the Philippines.  You may visit us at the 16th Flr., Suite 1607 AIC Burgundy Empire Tower, ADB Ave., Ortigas Center, 1605 Pasig City, Metro Manila, Philippines.  You may also call us at +632 84706126, +632 84706130, +632 84016392 or e-mail us at [email protected]. Visit our website https://ndvlaw.com.