FPJ Panday Bayanihan Party-List Rep. Brian Poe has made the case for the swift passage of his twin bills that aim to create a stronger, more unified national cybersecurity framework in the Philippines.

In a recent technical working group (TWG) meeting of the House Committee on Information and Communications Technology, Poe shared to his congressman-colleagues the salient points of House Bill (HB) No.4191 or the Critical Infrastructure Cybersecurity Standards Act, and HB No. 4187 or the Cyber Maturity and National Resilience Act.

Poe says that while the two measures use different mechanisms, they are designed to work together and “collectively address the urgent multifaceted threat to our nation’s digital future” through a single strategy anchored on defense and measurement. 

In his remarks during the TWG meeting, the assistant majority leader underscored that the country’s critical systems—including banks, energy, telecommunications, and citizens’ personal data—rely on the integrity of computer networks.

He noted that the Philippines has already seen “far too many incidents of ransomware, data breaches, and disruptions to essential services". He added that these threats are no longer isolated crimes but strategic risks that can “undermine confidence in government and destabilize critical sectors".

"The time for piecemeal, reactive responses is over,” said Poe, who underscored that the country needed a holistic, mandatory, and continuously improving national strategy.

Poe described HB No. 4191 as the measure that sets non-negotiable cybersecurity standards for the country’s digital future. He says that while some frameworks already exist, there is still “no unified law mandating minimum standards across all critical sectors".

HB No.4191 fills that gap by prescribing minimum cybersecurity controls for both government and private critical infrastructure operators “from banking to energy to healthcare".

Among the key requirements under measure are the adoption of Zero-Trust Architecture for system access; Multi-Factor Authentication (MFA) across the board; creation of trained Cyber Incident Response Teams (CIRTs) in every department; and a unified national cybersecurity incident response framework to ensure that, during an attack, “government and industry are coordinated, not confused".

Poe emphasized that non-compliance will carry clear and meaningful penalties, including fines of up to ₱20 million for repeat offenses, because “the security of our critical infrastructure is a matter of national security".

The Pangasinan-based lawmaker notes that HB No.4187 complements HB No.4191 by making sure the standards are actually implemented and improved over time. "Setting standards is meaningless if we don’t measure compliance," he said.

He says that while HB No.4191 sets the baseline, HB No.4187 establishes a mechanism for evaluating government agencies and private firms’ maturity against cyber attacks. 

According to Poe, the proposed Cyber Maturity law mandates an annual, independent Cyber Maturity and Posture Assessment (CMPA) for all covered entities and requires objective third-party audits measured against globally recognized cybersecurity standards such as ISO 27001, NIST, and CMMC.

It also creates the National Cybersecurity Accreditation and Ranking System (NCARS) to promote transparency by showing which entities are strong and which are lagging behind in their defenses. On top of this, it requires that each assessment produce a concrete, time-bound Cybersecurity Improvement Plan (CIP) so that vulnerabilities are fixed as soon as they are found. 

Poe say this ensures the country is “always moving forward, fixing vulnerabilities as soon as they are found", instead of allowing weaknesses to accumulate. 

Poe described the bills as a “partial but urgent cyber resilience architecture” that works in tandem; one sets the minimum standards, while the other measures and drives improvement. 

As a parting shot, the party-list lawmaker said the Philippines “cannot risk the future of our digital economy and the safety of our citizens on outdated practices or voluntary measures”.