14 January 2026
The Implementing Rules and Regulations (IRR) of Republic Act No. 12234, or the Konektadong Pinoy Act (KPA), also known as the law on Open Access in Data Transmission, has just taken effect.
Recent developments
On 5 November 2025, the Department of Information and Communications Technology (DICT), the National Telecommunications Commission (NTC), the Department of Economy, Planning and Development, and the Philippine Competition Commission (PCC) signed the final version of the KPA’s IRR.
On 1 December 2025, the IRR was posted on the Official Gazette of the Philippines’ website. It was published in a newspaper of general circulation shortly thereafter and has recently taken effect. Please read our earlier client alerts on the KPA, as well as on its legislative deliberations, for further context on the developments leading to its enactment.
Salient provisions
1. Refinement of relevant definitions
The KPA primarily governs data transmission, the provision of data transmission services and the operation of data transmission industry participants (DTIPs). The IRR has clarified that “data transmission” includes sending and receiving digital or digitized analog signals over a communication medium, including “future innovations that may arise.” DTIPs, in turn, include all entities engaged in data transmission services, including public telecommunications entities (PTEs), value-added services (VAS) providers, and satellite systems providers or operators to the extent of their respective businesses engaged in data transmission services.
2. Clarification on the scope
The IRR clarifies that the provision of basic telephone services, such as the local exchange telephone service for residence and business establishments provided via the circuit-switched telephone network, whether delivered through wired or wireless technologies, is excluded from the KPA’s scope of application. However, traditional basic telephone service providers, such as international carriers, interexchange carriers, local exchange operators, and mobile radio services providers, are still covered by the KPA, but only to the extent of their respective businesses engaged in data transmission.
3. Registration of DTIPs
All segments of the data transmission network shall be competitive and open. For this purpose, all persons or entities seeking to engage in data transmission services must simply obtain a DTIP registration from the NTC through an expedited administrative procedure.
The IRR provides that all preexisting permits, licenses or accreditations for the provision of data transmission services, such as VAS certificates of registration, remain valid until expiry.
The IRR also prescribes the minimum terms and conditions for a DTIP certificate of registration. All registered DTIPs will be included in a DTIP registry to be published by the NTC and the DICT.
4. Requirement for an administrative authorization in lieu of a congressional franchise for telecommunications networks
The IRR explicitly states that a legislative franchise is no longer required for registered DTIPs to build, own and operate network infrastructure, including international gateway facilities and backbone networks, as well as to use spectrum resources. Only a certificate of authorization, which the NTC will issue through a speedy and expeditious administrative process, would be required.
5. Cybersecurity requirements
Under the KPA’s IRR, all DTIPs are required to obtain either (i) a cybersecurity certification from a third party organization or (ii) a cybersecurity compliance certification from the DICT Cybersecurity Bureau. DTIPs must also submit a quarterly report to the NTC containing information on, among others, all service interruptions and network outages encountered during the quarter.
6. Setting of eligibility criteria and performance standards
The KPA mandates the NTC to issue, subsequent to the IRR’s effectivity, the eligibility criteria for the registration of DTIPs, as well as the performance standards applicable to all DTIPs. The IRR clarifies that, as a minimum requirement, a DTIP must be duly registered or organized under the laws of the Philippines in order to qualify for registration as a DTIP.
7. Establishment of a Spectrum Management Policy Framework
The KPA mandates the formulation by the DICT, in coordination with the NTC and the PCC, of the Spectrum Management Policy Framework (SMPF), which will prescribe the national policies and guiding principles that govern the management of spectrum, including spectrum valuation and pricing, spectrum allocation and spectrum assignment for public, private and government use. The IRR mandates the issuance of the SMPF within one year from the date of the IRR’s effectivity and clarifies that the SMPF must also include a framework to rationalize the computation and charging of spectrum fees.
8. Direct access to satellite systems
The IRR reiterates that duly registered DTIPs may deploy satellite technology and use associated spectrum in any or all segments of their broadband network without the need for a lease or rent capacity from PTEs or other network providers.
9. Obligation to grant access
Access providers, or entities that own, lease or operate digital infrastructure and services contained in the “access list” to be determined jointly by the DICT, the NTC and the PCC, are mandated to grant access to their digital infrastructure and services on an open, fair, reasonable and nondiscriminatory (FRAND) basis, subject to the technical feasibility of an access seeker’s request. The access list shall include all digital infrastructure and services necessary for an access seeker to offer its data transmission service competitively. The IRR mandates the release of the initial access list within three months from the IRR’s effectivity.
10. Potential measures to safeguard local data
The IRR, reiterating the KPA, empowers the DICT to formulate policies “to safeguard local data.”
Why the KPA’s IRR is relevant to you
The IRR clarifies and provides additional guidelines for the implementation of the KPA. The IRR clarifies, in particular, the scope of its application, as well as elaborates on the various processes and procedures outlined in the law, particularly those in relation to the registration of DTIPs, and authorization to build telecommunications networks and to use spectrum resources. The IRR also reiterates that DTIPs are not required to obtain a congressional franchise in order to build, own and operate network infrastructure.
The enactment of the KPA, and the taking effect of its IRR, are welcome developments for the data transmission industry, as businesses seeking to engage in data transmission services in the Philippines or to build and operate network infrastructure would simply need to obtain registration or authorization through a simple administrative procedure.
Coupled with the amendments to the Public Service Act previously introduced by RA 11659 (which removed the 40% foreign ownership investment cap on the telecommunications sector), the passage of the KPA and the taking effect of its IRR have effectively resulted in the removal of all significant legal barriers to entry into the Philippine data transmission sector by foreign players.
However, insofar as the KPA and its IRR empower the DICT to formulate policies to safeguard local data, businesses engaged in cross-border data transfers must exercise heightened vigilance on the DICT’s potential actions as regards data localization.