DATA PROTECTION groups urged the President to sign the Konektadong Pinoy bill, noting that the Philippines will be left with outdated systems without such legislation, putting it further behind its neighbors.
“Contrary to claims by a few groups against Konektadong Pinoy, the bill actually addresses long-standing gaps that have resulted in inadequate and underprotected digital infrastructure,” they said in a joint statement a week before President Ferdinand R. Marcos, Jr.’s State of the Nation Address.
They noted that preserving the status quo of fragmented cybersecurity enforcement and inconsistent standards poses a “greater risk.”
In 2022, the Philippines was cited as the “most internet-poor” in Southeast Asia, with over 50 million potential users unable to afford basic internet packages. The Philippines has improved since, relinquishing last place to Laos and Timor-Leste.
Under the proposed law, regulators are tasked with setting and enforcing cybersecurity rules specific to the data transmission industry.
Section 9 of the ratified bill requires all Data Transmission Industry Participants (DTIP) to either obtain a third-party certification for ISO/IEC 27001, or comply with Department of Information and Communications Technology (DICT) cybersecurity standards.
Cybersecurity requirements should be obtained within two years of registration, after which a DTIP will face penalties.
The bill also seeks to subject DTIPs to cybersecurity performance audits as a requirement for continued operations and license renewal.
Currently, most internet service providers are not subject to cybersecurity standards.
“Diversity is a key principle in many aspects of resiliency, which also applies to information security,” the groups said. “By lowering structural barriers to market entry, Konektadong Pinoy not only promotes competition but also strengthens digital infrastructure by encouraging multiple network operators, thus preventing a single point of failure or attack.”
The DICT estimates that about 19,000 barangays — 45% of the total — still lack digital infrastructure, and 37.5% of households remain unconnected.
“A critical reading of the Konektadong Pinoy bill would reveal that the concerns and issues raised by other groups or organizations are unfounded. While the concerns and issues raised are valid, the bill includes safeguards that address them,” according to Angel Averia, president of the Philippine Computer Emergency Response Team and co-founder of the ASEAN-Japan Cybersecurity Community Alliance.
The groups also refuted claims that the bill would weaken regulatory oversight.
“The bill requires prior National Telecommunications Commission (NTC) authorization for an entity operating international gateways and backbone facilities. It subjects DTIPs to vetting and audit, including national security reviews, and prohibits the entry of foreign government-controlled and state-owned entities in the data transmission industry,” it said.
The signatories to the joint statement include the National Association of Data Protection Officers of the Philippines, the Philippine Computer Emergency Response Team, the Philippine Cable and Telecommunications Association, Inc., the Game Developers Association of the Philippines, the Global Digital Inclusion Partnership, Web3 Pangasinan, and the De La Salle University’s Jesse M. Robredo Institute of Governance.
These groups join the 35 ICT industry, business chambers, public sector, and civil society groups; and 53 medical and healthcare associations that have expressed support for the Konektadong Pinoy bill.
“Advocates have emphasized that Konektadong Pinoy aligns with global best practice, ease of doing business, and international cybersecurity standards,” the groups said. — Beatriz Marie D. Cruz
