Cybersecurity groups flag loopholes in ‘Konektadong Pinoy’ bill, call for urgent safeguards

• Photo from Pixabay

By TechWatch PH Staff

Cybersecurity groups and digital policy advocates are urging immediate action to address critical security risks found in the current version of the Konektadong Pinoy Bill.

“While we support the bill’s aim of expanding internet access and modernizing the country’s digital infrastructure, we are concerned that certain provisions may unintentionally expose the Philippines to heightened cyber threats — unless stronger safeguards are embedded directly into the law,” said in a joint statement.

The joint statement was signed by the Women in Security Alliance Philippines (WiSAP), Scam Watch Pilipinas, BPO Security Council, PhilDev Science and Technology Foundation, and the Philippine CIO Association.

Representing these organizations were Mel Migriño, Chair and President of WiSAP; Jocel De Guzman, Co-founder of Scam Watch Pilipinas; George Pineda, President of the BPO Security Council; Frederick Blancas, Executive Director of PhilDev S&T Foundation; and Apol Salud, Trustee of the Philippine CIO Association.

Migriño said they recognize the Konektadong Pinoy Act’s strong potential to boost the country’s digital economy, but emphasized the need for the bill to clearly outline and strengthen protective controls.

“As our organizations being composed of technology and cybersecurity practitioners and leaders, we have a vision to a strong digital Philippines which is aligned with the goals of the national government, we believe the great potential of KPA boosting our digital economy but we should also be explicit and comprehensive on how protective controls will be emphasized in the bill,” Migriño said.

“Hence, we released this joint statement to ask key decision makers to consider inclusion ensuring that a robust strategy to operationalize will be done leading to better safeguards to our critical infrastructure,” Migriño added.

A key issue raised is the bill’s allowance for new internet service providers and data transmission participants to operate for up to three years without full compliance with existing cybersecurity and data privacy regulations.

“This grace period, written into the law, cannot be undone or corrected by the Implementing Rules and Regulations (IRR). It opens a dangerous window that hackers, scammers, and potentially even state-sponsored actors could exploit — threatening the security of critical infrastructure and sensitive citizen data,” written in the said joint statement.

In addition, the group expressed concern over the bill’s apparent easing of restrictions for entities, including foreign-controlled firms, seeking to construct or operate essential digital infrastructure such as international cable landing stations and satellite gateways.

They noted that “without a legally mandated national security vetting process, the IRR alone cannot provide the level of scrutiny and accountability required. This raises the risk of unauthorized data access or disruptions to national infrastructure.”

The groups called on President Ferdinand Marcos Jr. and relevant authorities to ensure that these issues are addressed—either through a presidential veto with specific recommendations, the immediate filing of corrective amendments after enactment, or the issuance of supporting executive orders.

They stress the importance of aligning the bill with global cybersecurity practices and existing Philippine laws on data privacy and national security.

They also emphasize the need for a clear risk assessment process that takes into account not just technology and economic viability, but also cybersecurity, privacy, and geopolitical considerations—particularly for infrastructure providers with foreign ownership or control.

Furthermore, they recommend clear legal accountability for any negligence resulting in breaches or disruption of critical systems, and urge the inclusion of enforceable penalties to strengthen deterrence and regulatory oversight.

The group acknowledged the role of the IRR but cautioned that regulations alone cannot compensate for structural weaknesses in the law itself.

They underscored that by embedding essential cybersecurity safeguards directly into the legislation, the Konektadong Pinoy Bill can fulfill its mission of connecting more Filipinos while also securing the country’s digital future against increasingly sophisticated cyber threats.

(The Scam Watch Pilipinas and TechWatch PH are both powered by Truth360 Inc.)