E-signature in the Philippines: 
Laws, regulations, and standards

Zoho Sign's take on ensuring secure e-signatures 
for Philippine businesses

Sign Up for free Request Demo

A quick rundown of e-signatures

Electronic signatures are digital versions of your signature that indicate your agreement to the contents of an online contract. They provide a hassle-free way to sign documents remotely, eliminating the need for physical paperwork and enabling more streamlined transactions.

They are legally binding for a variety of purposes and can either be typed, drawn on the screen of an electronic device, or uploaded from your desktop. This modern alternative to wet signatures has been adopted across the world, as it empowers individuals and businesses to sign documents online in a legal, secure, and efficient way.

How can e-signatures elevate your Philippine business?

The Philippines hopped onto the digital bandwagon early on, with the enactment of the Electronic Commerce Act of 2006 officially recognising e-signature legality. Zoho Sign, a digital signature solution, can help you ditch the traditional chase for physical signatures and transform the way your business operates, offering a secure, efficient, and legally binding way to sign documents electronically.

Adopting Zoho Sign can drive Philippine businesses to success by checking off essential boxes, such as:

  • Speed
  • Productivity
  • Authentication
  • Security
  • Remote access
  • Improved user experience
  • Affordability

E-signatures: Key industries and applications

E-signatures have become integral to many industries in the Philippines, streamlining processes and enhancing efficiency. A few of them include:

  • Education
  • HR
  • Finance
  • Transport
  • Insurance
  • Healthcare and life sciences
  • Technology
  • Banking
  • Legal

Electronic signatures in the Philippines

In the Philippines, the Electronic Commerce Act of 2000 ("ECA") and its Implementing Rules and Regulations ("IRR") legally recognise the use of electronic signatures.

Further, the Supreme Court of the Philippines' Rules on Electronic Evidence ("REE"), along with Joint Administrative Order No. 2 ("JAO") issued by the Department of Trade and Industry and the Department of Science and Technology, establish regulations for digital signatures verified by certification authorities and promote the use of a secure public key infrastructure (PKI).

Zoho Sign can act as a reliable partner and facilitate legally binding transactions across various domains, paving the way for progress and innovation in the Philippine market.

The legal framework of E-Signatures

The E-Signature laws in the Philippines acknowledge three distinct categories of electronic signatures:

1. Electronic Signatures

The ECA defines an "Electronic Signature" as "any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or electronic document or any methodology or procedures employed or adopted by a person and executed or adopted by such person with the intention of authenticating or approving an electronic data message or electronic document."

2. Digital Signatures

According to REE, a "Digital Signature" is "an electronic signature consisting of a transformation of an electronic document or an electronic data message using an asymmetric or public crypto system such that a person having the initial untransformed electronic document and the signer’s public key can accurately determine:

  • whether the transformation was created using the private key that corresponds to the signer’s public key
  • whether the initial electronic document had been altered after the transformation was made."

3. Secure Electronic Signatures

As stated by JAO, a "Secure Electronic Signature" is "an electronic signature which is created and can be verified through the application of a security procedure or combination of security procedures that ensures such electronic signature:

  • is unique to the signer
  • can be used to identify objectively the signer of the data message
  • was created and affixed to the date message by the signer or using a means under the sole control of the signer
  • was created and is linked to the data message to which it relates in a manner such that any change in the data message would be revealed."

What makes an e-signature equivalent to a handwritten signature?

1. Electronic Signatures

An Electronic Signature is deemed just as valid as a handwritten signature on a paper document, provided certain criteria are met. These include:

  • The Electronic Signature must clearly identify the party and express their agreement or approval of the electronic document.
  • The chosen method for Electronic Signing must be reliable and suitable for the document's purpose, considering all pertinent factors and agreements.
  • The party must use the Electronic Signature to complete the transaction.
  • The recipient of the document must be authorised and able to authenticate the Electronic Signature and make a decision on whether to proceed with the transaction.

2. Digital Signatures

A Digital Signature is legally equivalent to a traditional handwritten signature when authenticated using the methods outlined below:

  • By evidence that a specific method or process was employed to create a Digital Signature and confirm its authenticity
  • By any other legal means
  • By any method that the judge deems satisfactory to confirm the authenticity of the Electronic Signature

3. Secure Electronic Signatures

A Secure Electronic Signature is considered valid provided that its certificate is issued by an information certifier accredited by both the Department of Trade and Industry (DTI) and the Department of Science and Technology (DOST). This is in accordance with the international standards recognised under section 12 of JAO.

However, certificates from non-accredited certifiers are still valid if they meet relevant international standards or if there is substantial evidence to prove that the certificate directly links the Secure Electronic Signature to the signer’s identity.

Presumptions about Electronic Signatures

  • The Electronic Signature belongs to the person it is associated with.
  • The Electronic Signature was intentionally affixed by that person to either sign or approve the electronic document. However, this is not applicable if the person depending on the electronically signed document is aware of any defects or unreliability in the signature, or if, under the given circumstances, it would be unreasonable to trust the signature.
  • The procedures used to affix or validate the Electronic Signature operated without any errors or issues.

Disputable presumptions about Digital Signatures

  • The information in the certificate is accurate.
  • The Digital Signature was generated during the certificate's valid period.
  • The message associated with the Digital Signature has remained unaltered since the moment it was signed.
  • The designated certification authority has issued the certificate.
  • A digitally signed document is authentic when being submitted as evidence.

Use cases for e-signatures

According to the ECA, electronic signatures can be used for any type of data message or electronic document. This is applicable for both business and personal use, encompassing both domestic and international transactions, agreements, contracts, data transfers, and information storage.

As per Executive Order No. 810, all government agencies and instrumentalities must use digital signatures in their e-government services.

Digital signature certificate

REE defines a "Certificate" as an electronic document issued to support a Digital Signature. Its purpose is to verify and confirm the identity, or other significant attributes, of the individual who possesses a specific key pair.

Certification authority

A "Certification Authority" (CA) is a type of "information certifier" that issues certificates related to cryptographic keys for digital signatures. An information certifier is a person or entity that provides identification services and certifies information to support and ensure trust in secure electronic signatures. Essentially, a certification authority is a specialized information certifier focused on digital signature certificates.

The Department of Trade and Industry – Philippine Accreditation Bureau (DTI-PAB) is responsible for the accreditation and evaluation of the certification authorities.

The Department of Trade and Industry (DTI), in collaboration with the Department of Science and Technology (DOST), may periodically publish a non-exhaustive list of accredited information certifier bodies in their website.

Recognition of foreign certificates

The legality of an Electronic Signature or a certificate is not contingent upon its place of issuance or the location of the issuer. The parties involved in transactions can specify the certifier or type of certification service required for documents or signatures submitted to them. If both parties consent to use a specific electronic signature and certificate, their mutual agreement is adequate for cross-border recognition.

 

Why opt for Zoho Sign?

Philippine citizens and businesses can speed up their digital signing processes and thrive in the digital age by employing Zoho Sign, as they can be assured of a seamless signing experience, high reliability, and improved security.

  • Identification and reliability:

    Zoho Sign employs strong authentication techniques, such as OTP authentication and PKI-based signing, to ensure that the e-signature is uniquely identifiable.

  • Intention of the signatory:

    This can be collectively projected by the contents of the electronic documents (e.g., terms in an agreement), audit trail, and completion certificate.

  • Control over the data used for the signature:

    Only the signatory is allowed to review the document before signing and provide choices to make changes or reject the document if necessary.

  • Enhanced security:

    Zoho Sign employs robust encryption protocols, such as the military grade AES-256 encryption at rest and the TLS/SSL protocol in transit, to ensure that the data transmission between the signing platform and the data being signed is secure. This prevents exposure of documents and data from data breaches.

  • Detectable alterations:

    Zoho Sign ensures any alterations to the electronic signature or the document to which the signature is affixed are detectable through an elaborate audit trail of occurrence of all activities during the signing process. This audit trail comprises critical information such as the identity of the signatory, the timestamp of the signature, and changes made to the document.

  • Trusted document timestamping:

    Zoho Sign has partnered with certification authority GlobalSign to provide digital timestamps in the Philippines. This helps validate the authenticity of an e-signature, and it aids in verifying that the signed document existed in the given form at the time of signing and remains unaltered. This strengthens the reliability of signatures and makes them tamper-proof.

    GlobalSign

Key takeaway

With an increasing number of Philippine businesses making the digital switch in the last decade, it's not a surprise that electronic signatures have grown in popularity. They are widely accepted as the most modern, secure, and efficient method for execution of documents. Zoho Sign, with its suite of robust features and enhanced security, emerges as a trusted partner, helping businesses gain a competitive edge in the ever-evolving marketplace.

Resources

Disclaimer

The information provided in this document is for general informational purposes only and shall not be construed as legal, regulatory, or any other form of professional advice. Zoho Sign disclaims any liability for any error in the information provided herein. We recommend that you consult your legal counsel for any questions that you may have in this regard.