DEPARTMENT OF TRADE AND INDUSTRY
DEPARTMENT ADMINISTRATIVE ORDER NO. 11-01
Series of 2011
SUBJECT: PRESCRIBING RULES AND GUIDELINES FOR THE IMPLEMENTATION OF EXECUTIVE ORDER NO. 810, SERIES OF 2009, ENTITLED "INSTITUTIONALIZING THE CERTIFICATION SCHEME FOR DIGITAL SIGNATURES AND DIRECTING THE APPLICATION OF DIGITAL SIGNATURES IN E-GOVERNMENT SERVICES"
Pursuant to the provisions of Republic Act No. 8792 otherwise known as the "Electronic Commerce Act of 2000," its Implementing Rules and Regulations, and the provisions of Executive Order (EO) No. 810 issued on 15 June 2009 entitled, "Institutionalizing the Certification Scheme for Digital Signatures and Directing the Application of Digital Signatures in E-Government Services," this Department Administrative Order (DAD) is hereby issued to prescribe the general rules and guidelines for the implementation of the EO:
This DAD prescribes the general rules and guidelines for the implementation of the National Certification Scheme for Digital Signatures in the Philippines as adopted by virtue of EO 810, as it appears in Annex A.
2. Accreditation of Certification Authorities (CAs)
The rules governing the accreditation of CAs are prescribed under DAD No. 10-09 issued by the Department of Trade and Industry (DTI) on 29 September 2010.
3. Technical Standards for Digital Signatures
For the initial implementation of EO 810, and to ensure interoperability of digital certification technology and support international cooperation on certification services including mutual recognition and cross-certification, the accredited CAs are hereby required to use internationally-accepted standards for digital signatures, as may be prescribed by the Commission on Information and Communications Technology (CICT)-National Computer Center (NCC), in coordination with the DTI-Bureau of Product Standards (BPS). This set of standards, to be issued as a separate document by the Root CA, shall be updated from time-to-time to consider the emergence of new international standards and/or updates on the current standards.
4. Establishing the Identity of the Subscribers of Digital Certificates
An individual applicant or the authorized representative of the juridical applicant shall personally apply for a digital certificate with a Registration Authority (RA) or directly with the CA. Face-to-face verification is necessary in addition to the submission of the following minimum requirements.
4.1. An individual applicant is required to submit the following minimum requirements for verification of identity and address:
4.1.1. Birth certificate printed on security paper for Filipino citizen or Alien Certificate of Registration (ACR) card for a foreigner
4.1.2. Taxpayer Identification Number (TIN)
4.1.3. One (1) Unified Multi-Purpose Identification (UMIO)-compliant card. In the absence of a UMIO-compliant card, two (2) valid identification (10) cards with photo and signature. (In considering which 10 cards are valid, reference may be made to Bangko Sentral ng Pilipinas (BSP) Circular No. 608, Series of 2008, as may be amended.)
4.1.4. Passport-size color photo taken within the last six (6) months
4.1.5. Valid address supported by a copy of the latest utility bill with the same address found on the valid identification card (if the utility bill is in the name of another person, applicant must show proof of relationship); or a Barangay Clearance
4.1.6. Phone number (mobile and/or landline number) The RA or CA may waive the birth certificate requirement if the applicant presents his/her valid Philippine Passport.
4.2. The authorized representative of the juridical applicant is required to submit the following minimum requirements for verification of identity (both of the organization and authorized representative) and address:
For authorized company representative:
4.2.1. Birth certificate printed on security paper for Filipino citizen or Alien Certificate of Registration (ACR) card for a foreigner
4.2.2. Taxpayer Identification Number (TIN)
4.2.3. One (1) Unified Multi-Purpose Identification (UMIO)-compliant card. In the absence of a UMIO-compliant card, two (2) valid identification (10) cards with photo and signature. (In considering which 10 cards are valid, reference may be made to BSP Circular No. 608, Series of 2008, as may be amended.)
4.2.4. Company-issued 10 card with photo and signature or UMIO-compliant card
4.2.5. Passport-size color photo taken within the last six (6) months
4.2.6. Phone number (mobile and/or landline number)
The RA or CA may waive the birth certificate requirement if the applicant presents his/her valid Philippine Passport.
For the juridical applicant:
4.2.7. Taxpayer Identification Number of the juridical applicant
4.2.8. Authorization letter/board resolution naming the authorized representative/s (up to a maximum of three (3)
4.2.9. Government Service Insurance System (GSIS) registration number
4.2.10.Valid address of the government entity supported by a copy of the latest utility bill with the same address
4.2.11. Taxpayer Identification Number of the juridical applicant
4.2.12. Authorization letter/board resolution naming the authorized representative (up to a maximum of three (3)
4.2.13. Copy of Securities and Exchange Commission (SEC) business registration or DTI Certificate of Business Name Registration
4.2.14. Copy of Business Permit issued by the Local Government Unit (LGU)
4.2.15. Social Security System (SSS) Employer Clearance
4.2.16. Valid address of the organization supported by a copy of the latest utility bill with the same address
The juridical entity/organization shall be responsible for notifying the RA or CA in writing should there be any changes in its authorized representative/s or address.
4.3 As provided for in Sec. 12.8 of DTI DAO 10-09, a digital certificate has a validity period of one (1) year. For the renewal of the digital certificate with the same RA or CA, the RA or CA may waive face-to-face verification of identity of the subscriber (individual, authorized company representative or juridical entity). The RA or CA may allow online submission of applications for renewal of digital certificate subscriptions.
4.4 Should there be any changes in the form and/or content of the subscriber's requirements previously submitted to the RA or CA specified in Secs. 4.1 to 4.2 of this Order, the RA or CA shall require submission of the amended/new documents upon renewal of digital certificate subscription. In this instance, the RA or CA may require face-to-face verification of the subscriber.
5. Dispute Resolution
The Philippine Accreditation Office (PAO) shall handle disputes pertaining to the accreditation of CAs or other issues arising from the same, pursuant to DTI DAO No. 10-09, Series of 2010.
As the Root CA, the National Computer Center (NCC) under the CICT shall handle disputes pertaining to the use and issuance of digital certificates or other issues related to the same, pursuant to NCC-CICT's implementing guidelines.
6. Other Applicable Laws and Penalties
The use and issuance of digital certificates shall be covered by the provisions of Republic Act No. 8792 or the Electronic Commerce Act of 2000, Republic Act No. 8484 or the Access Devices Regulation Act of 1998 and Republic Act No. 7394 or the Consumer Act of the Philippines and their Implementing Rules and Regulations (IRRs). Hence, violations committed against such laws in relation to the use and issuance of digital certificates shall be subject to the penalties applicable under said laws and their IRRs.
7. Miscellaneous Provision
This DAO does not preclude the other government agencies designated to provide the necessary services to implement the scheme from issuing their own set of rules or guidelines.
8. Separability Clause
In the event that any of the provisions of this Order is declared invalid or unconstitutional, all the provisions not affected thereby shall remain valid and in effect.
This Order shall take effect fifteen (15) days after publication of its full text in the Official Gazette or in one (1) newspaper of general circulation.
(Sgd.)GREGORIO L. DOMINGO
(Sgd.)ATTY. ADRIAN S. CRISTOBAL, JR.
Undersecretary for International Trade
Date: February 18, 2011
CERTIFICATION SCHEME FOR DIGITAL SIGNATURES
Philippine Daily Inquirer, February 23, 2011, B6
The Lawphil Project - Arellano Law Foundation