Digital Signatures Certification and Use EO

A formal National Certification Scheme for Digital Signatures in the Philippines is adopted as per the framework laid out in an annex.

The Department of Trade and Industry (DTI) is mandated to issue the necessary guidelines to implement the National Certification Scheme under the Electronic Commerce Act.

a) Root Certification Authority (CA)

Function is assigned to the National Computer Center (NCC) under the Commission on Information and Communications Technology (CICT).
Responsibilities include operating the Root CA system, issuing certificates to accredited government and private CAs, developing and prescribing technical standards in cooperation with DTI's Bureau of Product Standards, ensuring interoperability, resolving disputes, and supporting international certification cooperation.

b) Government Certification Authority (CA)

Also operated by NCC.
Duties include issuing certificates for government transactions, publishing certificates and Certificate Revocation Lists (CRLs), and handling revocation requests.

c) Registration Authority (RA)

Government agencies providing e-government services act as RA.
Functions include identifying and registering users, transmitting certificate requests to the Government CA, validating certificates, and requesting revocations.

d) Accreditation and Assessment Body

DTI through its Philippine Accreditation Office (PAO) is the accrediting and assessment body for Certification Authorities (CAs).
Responsibilities include issuing accreditation criteria and guidelines; accrediting CAs; conducting compliance assessments; revoking or suspending CA licenses for noncompliance; and establishing advisory and other necessary committees.

All government agencies and instrumentalities providing electronic services must require digital signatures to ensure confidentiality, authenticity, integrity, and non-repudiation.
Such initiatives must be included in the agencies' Information Systems Strategic Plan (ISSP) and submitted for approval and endorsement.
NCC-CICT tasked with planning, directing, monitoring, and assisting in implementation.
Implementation timeline: Priority agencies to comply within two years; others within three years.

CICT directed to prioritize funding applications for projects immediately requiring digital signatures.
Agencies must submit manpower and budgetary needs to the Department of Budget and Management (DBM).
DBM is tasked with ensuring funding allocations as part of the government regular budget in coordination with DTI and CICT.

DTI is mandated to promote digital signatures in private ICT systems for secure, authentic, and non-repudiable transactions.
Government regulatory bodies are tasked to study critical private electronic services that require high security and enforce digital signature use where necessary.

NCC (as Root and Government CA) authorized to charge fees to recover service costs.
Government RAs may charge fees or absorb costs based on contracts.
Private Accredited Certification Authorities (ACAs) and RAs set market-determined, just, and reasonable fees; private RAs may also absorb costs.
New or increased fees subject to existing government circular provisions.

Issues concerning CA accreditation, certificate issuance and use, and related matters to be resolved by designated agencies per prescribed rules and regulations.

Interim personnel arrangements (detail, reassignment, secondment) to manage Root CA, Government CA, and RA functions during initial implementation.
Until private ACAs are operational, NCC will assume the role of private ACA.
DTI and CICT to recommend manpower arrangements to DBM.

All contrary orders, rules, regulations, or parts thereof are repealed, amended, or modified accordingly.