[ DTI DEPARTMENT ADMINISTRATIVE ORDER NO. 11-01, February 18, 2011 ]

PRESCRIBING RULES AND GUIDELINES FOR THE IMPLEMENTATION OF EXECUTIVE ORDER NO. 810, SERIES OF 2009, ENTITLED œINSTITUTIONALIZING THE CERTIFICATION SCHEME FOR DIGITAL SIGNATURES AND DIRECTING THE APPLICATION OF DIGITAL SIGNATURES IN E-GOVERNMENT SERVICES 



Pursuant to the provisions of Republic Act No. 8792 otherwise known as the œElectronic Commerce Act of 2000,  its implementing Rules and Regulations, and the provisions of Executive Order (EO) No. 810 issued on 15 June 2009 entitled, œInstitutionalizing the Certification Scheme for Digital Signatures and Directing the Application of Digital Signatures in E-Government Services, this Department Administrative Order(DAO) is hereby issued to prescribe the general rules and guidelines for the implementation of the EO:

1.  Scope

This DAO prescribes the general rules and guidelines for the implementation of the National Certification Scheme for Digital Signatures in the Philippines adopted by virtue of EO 810, as it appears in Annex A* .

2.  Accreditation of Certifcation Authorities(CAs)

The rules governing the accreditation of CAs are prescribed under DAO No.10-09 issued by the Department of Trade and Industry (DTI) on 29 September 2010.

3.  Technical Standards for Digital Signatures

For the initial implementation of EO 810, and to ensure interoperability of digital certification technology and support international cooperation on certification services including mutual recognition and cross-certification , accredited CAs are hereby required to use internationally-accepted standards for digital signatures as may be prescribed by the Commission on Information and Communications Technology (CICT) -National Computer Center (NCC), in coordination with the DTI-Bureau of Product Standards (BPS). This set of standards , to be issued as a separate document by the Root  CA, shall be updated from time-to-time to consider the emergence of new international standards and/or updates on the current standards.

4.  Establishing the ldentity of the Subscribers of Digital Certificates

An individual applicant or the authorized representative of the juridical applicant shall personally apply for a digital certificate with a Registration Authority (RA)or directly with the CA. Face-to-face verification is necessary in addition to the submission of the following minimum requirements:

4.1 An  individual applicant is required to submit the following minimum requirements for verification of identity and address:

4.1.1. Birth certificate printed on security paper for Filipino citizen or Alien Certificate of Registration(ACR) card for a foreigner
4.1.2. Taxpayer Identification Number (TIN)
4.1.3. One(1) Unified Multi-Purpose ldentification (UMID)-compliant card. In the absence of a UMID-compliant card, two (2) valid identification (lD) cards with photo and signature. (In considering which lD cards are valid, reference may be made to Bangko Sentral ng Pilipinas (BSP) Circular No.608, Series of 2008,as maybe amended.)
4.1.4. Passport-size color photo taken within the last six (6) months
4.1.5. Valid address supported by a copy of the latest utility bill with the same address found on the valid identification card (if the utility bill is in the name of another person, applicant must show proof of relationship); or a Barangay Clearance
4.1.6. Phone number (mobile and/or landline number)

The RA or CA may waive the birth certificate requirement if the applicant present his/her valid Philippine Passport.

4.2 The authorized representative of the juridical applicant is required to submit the following minimum requirements for verification of identity (both of the organization and authorized representative) and address:

For authorized company representative :

4.2.1. Birth certificate printed on security paper for Filipino citizen or Alien Certificate of Registration(ACR) card for a foreigner
4.2.2. Taxpayer Identification Number (TlN)
4.2.3 One (1) Unified Multi-Purpose Identification (UMID)-compliant card. In the absence of a UMID-compliant card, two (2) valid identification lD) cards with photo and signature. (In considering which lD cards are valid, reference maybe made to BSP Circular No. 608, Series of 2008, as maybe amended.)
4.2.4. Company-issued ID card with photo and signature or UMID-compliant card
4.2.5. Passport-size color photo taken within the last six (6) months
4.2.6. Phone number (mobile and/or landline number)

The RA or CA may waive the birth certificate requirement if the applicant
presents his/her valid Philippine Passport.

For the juridical applicant:

Government

4.2.7 Taxpayer Identification Number of the juridical applicant
4.2.8. Authorization letter/board resolution naming the authorized representative/s (up to a maximum of three (3)
4.2.9. Government Service Insurance System(GSIS) registration number
4.2.10  Valid address of the organization supported by a copy of the latest utility bill with the same address.

Non-Government

4.2.11 Taxpayer Identification Number of the juridical applicant
4.2.12. Authorization letter/board resolution naming the authorized representative (up to a maximum of three (3)
4.2.13.Copy of Securities and Exchange Commission (SEC) business registration or DTI Certificate of Business Name Registration
4.2.14. Copy of Business Permit issued by the Local Government Unit (LGU)
4.2.15. Social Security System (SSS) Employer clearance
4.2.16. Valid address of the organization supported by a copy of the latest utility bill with the same address

The juridical entity organization shall be responsible for notifying the RA or CA in writing should there be any changes in its authorized representative/s or address.

4.3  As provided for in Sec. 12.8 of DTI DAO 10-09,a digital certificate has a validity period of one(1) year. For the renewal of the digital certificate with the same RA or CA, the RA or CA may waive face to face verification of identity of the subscriber (individual, authorized company representative or juridical entity). The RA or CA may allow online submission of applications for renewal of digital certificate subscriptions.

4.4 Should there be any changes in the form and/or content of the subscriber ™s requirements previously submitted to the RA or CA specified in Secs. 4.1 to 4.2 of this Order, the RA or CA shall require submission of the amended/new documents upon renewal of digital certificate subscription. In this instance, the RA or CA may require face-to-face verification of the subscriber.

5. Dispute Resolution

The Philippine Accreditation Office (PAO) shall handle disputes pertaining to the accreditation of CAs or other issues arising from the same, pursuant to DTI DAO No. 10-09, Series of 2010.

As the Root CA, the National Computer Center (NCC) under the CICT shall handle disputes pertaining to the use and issuance of digital certificates or other issues related to the same, pursuant to NCC-CICT ™s implementing guidelines.

6. Other Applicable Laws and Penalties

The use and issuance of digital certificate shall be covered by the provisions of Republic Act No. 8792 or the Electronic Commerce Act of 2000, Republic Act No. 8484 or the Access Devices Regulation Act of 1998and Republic Act No. 7394 or the Consumer Act of the Philippines and their lmplementing Rules and Regulations (lRRs). Hence, violations committed against such laws in relation to the use and issuance of digital certificates shall be subject to the penalties applicable under said laws and their lRRs.

7. Miscellaneous Provision

This DAO does not preclude the other government agencies designated to provide the necessary services to implement the scheme from issuing their own set of rules or guidelines.

8. Separability Clause

In the event that any of the provisions of this Order is declared invalid or unconstitutional, All the provisions not affected thereby shall remain valid and in effect.

9. Effectivity

This Order shall take effect fifteen (15) days after publication of its full text in the
Official Gazette or in one (1) newspaper of general circulation.
Adopted: 18 February 2011


(SGD.) GREGORY L. DOMINGO
Secretary

Recommending Approval:

(SGD.) ATTY. ADRIAN S. CRISTOBAL, JR.
Undersecretary for International Trade




* Text Available at Office of the National Administrative Register, U.P. Law Complex, Diliman, Quezon City