EO 810: Digital Signature Certification Scheme

Republic Act No. 8792 (Electronic Commerce Act of 2000) Section 8 grants legal recognition to electronic signatures.
Strict requirements must be satisfied for an electronic signature to be equivalent to a handwritten signature.
Electronic signatures include digital signatures generated by compliant technology.
Supreme Court Rules on Electronic Evidence define digital signature as an electronic signature using asymmetric or public key cryptography, ensuring document authenticity and integrity.

A National Certification Scheme for Digital Signatures is adopted to provide a secure digital signature system nationwide.

DTI is mandated to issue guidelines implementing the National Certification Scheme.

Root Certification Authority (Root CA):
- Operated by the National Computer Center (NCC) under CICT.
- Manages Root CA system and issues certificates to accredited government and private Certification Authorities (CAs).
- Develops technical standards in coordination with DTI’s Bureau of Product Standards.
- Ensures interoperability and handles dispute resolution related to digital certificates.
Government Certification Authority (Government CA):
- Also operated by the NCC.
- Issues digital certificates for government transactions and some private-sector purposes.
- Publishes certificates and Certificate Revocation Lists (CRL) and manages revocation requests.
Registration Authority (RA):
- Government agencies providing e-government services act as RAs.
- Responsible for user identification, registration, certificate request transmissions, validation, and revocation requests.
Accreditation and Assessment Body:
- The DTI through the Philippine Accreditation Office (PAO) serves as this body.
- Sets accreditation criteria for CAs, accredits and assesses compliance, and can revoke/suspend CA licenses.
- Establishes an Advisory Committee and other necessary committees for policy formulation and effective implementation.

All government agencies providing electronic services must require digital signatures.
Aims to guarantee confidentiality, authenticity, integrity, and non-repudiation in government electronic transactions.
Implementation integrated into agencies’ Information Systems Strategic Plans (ISSP), subject to NCC-CICT approval.
NCC-CICT tasked to plan, direct, monitor implementation, and assist RAs.
Timelines:
- Priority agencies: Compliance within 2 years.
- Other agencies: Compliance within 3 years.

CICT to prioritize funding for projects implementing digital signatures under the E-government Fund.
Government agencies to submit manpower and budget requirements to the Department of Budget and Management (DBM).
DBM to ensure appropriation of resources in regular budgets in coordination with DTI and CICT.

DTI to promote use of digital signatures to protect confidentiality, authenticity, integrity, and non-repudiation in private ICT transactions.
Regulatory entities to identify critical private electronic services requiring high security standards and mandate digital signatures therein.

NCC authorized to charge fees for certificates issued as Root CA and Government CA to recover service costs.
Registration Authorities also authorized to charge fees; may choose to subsidize costs under specific contracts.
New fees or increases subject to government circulars regulating fees.
Private Accredited CAs set fees based on market conditions, with possible subsidization by private Registration Authorities.

Accredited agencies designated under the scheme shall hear and resolve disputes involving CA accreditation, certificate issuance/use, and related issues.

Interim personnel assigned to manage Root CA, Government CA, and Registration Authority functions during initial period.
Personnel movements subject to Civil Service Commission rules.
Until private Accredited Certification Authorities become operational, NCC assumes their role.

All orders, rules, and regulations inconsistent with this Executive Order are repealed, amended, or modified accordingly.