Digital Signature Certification and Use EO

Electronic signatures represent identity and authenticate electronic data/messages using various methodologies
Electronic Commerce Act (Republic Act No. 8792) Section 8 grants legal recognition to electronic signatures, imposing strict conditions to qualify as handwritten signatures
Digital signatures defined by Supreme Court Rules on Electronic Evidence as cryptographic transformations ensuring document authenticity and integrity using asymmetric cryptosystems

Executive Order adopts a framework establishing a national certification scheme for digital signatures, detailed in Annex A
Department of Trade and Industry (DTI) tasked to issue implementing guidelines under its mandate from the Electronic Commerce Act

National Computer Center (NCC) under Commission on Information and Communications Technology (CICT) designated as Root Certification Authority (Root CA) and Government Certification Authority (Government CA), responsible for:
- Operating Root CA system and issuing certificates to accredited Certification Authorities (CAs)
- Issuing government transaction certificates and publishing Certificate Revocation Lists (CRL)
- Developing technical standards for digital signatures with DTI's Bureau of Product Standards
- Ensuring interoperability, resolving disputes, and supporting international cooperation
Government agencies providing e-services act as Registration Authorities (RA), responsible for user identification, registration, certificate requests, validation, and revocation
DTI's Philippine Accreditation Office (PAO) designated as Accreditation and Assessment Body for CAs, empowered to:
- Issue accreditation criteria and guidelines
- Accredit, assess, revoke or suspend licenses of CAs
- Establish advisory and other functional committees

All government agencies providing electronic services must require digital signatures
Aimed at ensuring confidentiality, authenticity, integrity, and non-repudiation in government electronic transactions
Inclusion of digital signature projects in agency Information Systems Strategic Plans (ISSP) submitted to NCC for approval and endorsement to Department of Budget and Management (DBM)
NCC-CICT tasked with planning, directing, monitoring implementation, and assisting RAs
Phased compliance deadlines: priority agencies within 2 years; others within 3 years from issuance

CICT directed to prioritize funding for projects that implement digital signatures
Agencies must submit manpower and budgetary requirements to DBM
DBM to ensure appropriation of necessary resources in consultation with DTI and CICT

DTI mandated to promote digital signatures in private sector for trade and commerce
Government regulatory agencies to identify critical electronic services requiring high security levels and to enforce digital signature use in those services

NCC authorized to charge fees for certificate issuance intended to recover service costs
Government Registration Authorities may also charge fees or absorb costs subject to contractual arrangements
Fee imposition or increases regulated per relevant government circulars
Private Accredited Certification Authorities (ACAs) set market-based fees; their associated RAs may choose to cover costs depending on contract

Disputes related to accreditation of CAs, issuance and use of digital certificates, and related issues, to be resolved by designated agencies per formulated rules and regulations

Interim personnel may be appointed through various civil service mechanisms to manage Root CA, Government CA, and RAs
DTI and CICT to recommend long-term manpower solutions to DBM
Until private ACAs become operational, NCC assumes role of private ACA

All conflicting issuances, orders, rules, or regulations are repealed, amended or modified accordingly