TL;DR: The Philippines’ Electronic Commerce Act underpins legal recognition of electronic transactions, digital signatures and online business practices as e-commerce use grows from 47.27 million users in 2022 to a projected 60.41 million by 2027, according to eMudhra. For identity teams, the real issue is not digitisation itself but whether authentication, signing, access and audit controls can sustain trust at scale.
NHIMG editorial — based on content published by eMudhra: the Philippines Electronic Commerce Act and its implications for e-commerce security and trust
By the numbers:
- That number is expected to reach 60.41 million by 2027, underscoring the scale of the trust problem as digital commerce expands.
Questions worth separating out
Q: How should organisations secure electronic transactions without slowing commerce?
A: Use layered identity assurance.
Q: Why do digital signatures need governance beyond cryptography?
A: Because cryptography only proves that a key signed something, not that the right person or system was allowed to use that key.
Q: What do security teams get wrong about e-commerce fraud controls?
A: They often treat fraud prevention, IAM and legal evidence as separate workstreams.
Practitioner guidance
- Tie transaction risk to identity assurance levels Classify payment, contract and merchant-admin actions by risk tier, then require stronger proofing or step-up authentication for the highest-risk flows.
- Govern signing keys as high-value credentials Put certificate issuance, storage, renewal and revocation under explicit ownership, and monitor certificate expiry and misuse with the same discipline used for privileged credentials.
- Unify fraud, IAM and audit evidence Create a single evidence trail that links identity proofing, authorisation, signature events and transaction records so disputes can be investigated without manual record stitching.
What's in the full article
eMudhra's full article covers the operational detail this post intentionally leaves for the source:
- How the Electronic Commerce Act applies to digital signatures, electronic records and online business practices in the Philippines
- Why the article frames SSL/TLS certificates and PKI as trust controls for commerce platforms
- How eMudhra positions identity verification and digital trust in the context of secure online transactions
- What the article says about consumer protection, compliance and cross-border digital trade
👉 Read eMudhra's analysis of the Philippines Electronic Commerce Act and digital trust →
Philippine e-commerce law: what it means for identity and trust controls?
Explore further
Electronic commerce law becomes an identity governance issue the moment transactions need to be trusted at scale. The legal recognition of electronic signatures and records only matters if organisations can show that identity proofing, signing authority and access rights were controlled at the point of action. That makes IAM, PKI and fraud prevention part of the compliance model, not peripheral controls. Practitioners should treat transaction trust as a governed identity workflow.
A question worth separating out:
Q: Who is accountable when an electronic transaction is disputed?
A: Accountability usually sits with the business owner of the transaction flow, supported by security, identity and legal functions. The organisation must be able to prove who authenticated, who signed, what authority they had and whether the supporting records were retained correctly.
👉 Read our full editorial: Philippine e-commerce law raises the stakes for digital identity governance