The recently ratified “Konektadong Pinoy” Bill, a landmark measure aiming to revolutionize digital connectivity in the Philippines, is now under scrutiny from cybersecurity and consumer advocacy groups. While the bill promises wider internet access and improved digital infrastructure, watchdogs are urging President Ferdinand Marcos Jr. to take a closer look at certain provisions that could potentially compromise national cybersecurity.
What is the ‘Konektadong Pinoy’ Bill?
The “Konektadong Pinoy” Bill, formerly Senate Bill No. 2699, seeks to establish a comprehensive and inclusive framework for data transmission and connectivity across the Philippines. Its central goal is to bridge the digital divide, especially in underserved and remote areas, by expanding access to the internet and supporting the development of digital infrastructure.
Ratified by Congress in June 2025, the bill now awaits the President’s signature to be enacted into law.
Promise of Progress: The Pros of the Bill
Advocates of the bill cite several key benefits:
- Expanded Internet Access – The measure encourages more players in the internet service sector, particularly in underserved areas, helping ensure that more Filipinos—especially in geographically isolated and disadvantaged areas—can get connected.
- Modernized Infrastructure – The bill promotes the modernization of digital infrastructure, which can boost economic productivity, facilitate e-governance, and support digital literacy.
- Simplified Market Entry – By allowing data transmission industry participants (DTIPs) to begin operations upon registration, the law is seen as removing bureaucratic bottlenecks and attracting more competition.
Opening the Door to Threats: The Cons and Cybersecurity Concerns
Despite the bill’s positive intentions, several watchdog groups have expressed deep concern over its potential cybersecurity pitfalls. In a joint statement, organizations including Scam Watch Pilipinas, Women in Security Alliance Philippines, and the BPO Security Council highlighted several vulnerabilities in the bill’s current form:
1. Delayed Cybersecurity Certification
One of the bill’s most controversial provisions is found in Section 9, which allows ISPs and other DTIPs to operate for up to three years without a cybersecurity certification. Although the law requires certification within a year of operation, it grants a six-month grace period even for non-compliance—effectively creating a window of risk.
“This grace period, written into the law, cannot be undone or corrected by the Implementing Rules and Regulations,” the groups warned. “It opens a dangerous window that hackers, scammers, and potentially even state-sponsored actors could exploit — threatening the security of critical infrastructure and sensitive citizen data.”
2. Lack of National Security Vetting
Another major concern is the absence of a mandatory national security vetting process for foreign-controlled firms that seek to build or operate critical digital infrastructure. Without such scrutiny, the country could be left vulnerable to unauthorized data access, surveillance, or infrastructure disruptions.
The watchdogs emphasized that digital infrastructure is a matter of national security and should be treated with the same gravity as military or energy assets.
Risks to Philippine Cybersecurity: What’s at Stake?
If left unaddressed, the bill’s current provisions could have severe consequences:
- Data Breaches – Uncertified ISPs may lack the robust systems necessary to safeguard users’ personal and financial data.
- Infrastructure Sabotage – Critical systems used in finance, telecommunications, or government services could be disrupted or compromised.
- Espionage and Surveillance – Foreign players without vetting may embed vulnerabilities in infrastructure, allowing for covert access to sensitive communications.
- Reputational Damage – A cyberattack or data leak could undermine trust in the country’s digital economy, deterring investment and damaging the government’s credibility.
Proposed Safeguards: What Can Be Done?
To mitigate these risks, the signatory groups proposed several urgent actions for President Marcos Jr. and legislators:
- Remove the Grace Period – Require all DTIPs to comply with global cybersecurity standards before commencing operations.
- Mandate Comprehensive Risk Assessments – Include considerations for privacy, national security, and geopolitical factors in project evaluations.
- Enforce Vetting of Infrastructure Providers – Regardless of country of origin, all entities building or operating critical digital infrastructure must undergo security clearance.
- Impose Accountability Measures – Introduce penalties for DTIPs whose negligence results in data breaches or infrastructure failures.
These groups are calling on the President to either issue a veto with specific recommendations, pass immediate amendments, or issue executive directives to strengthen the bill’s provisions before implementation.
A Call for Secure Connectivity
The “Konektadong Pinoy” Bill represents a critical step forward in closing the digital divide and enabling inclusive digital growth. However, as experts point out, speed must not come at the expense of security. Without adequate safeguards, the very infrastructure designed to empower citizens could become a liability.
As President Marcos weighs the bill’s future, the challenge lies in crafting a digital policy that not only connects every Filipino—but protects them too.
