Republic Act No. 11934 or the Subscriber Identity Module (SIM) Registration Act (SIM Registration Act) was signed into law on October 10, 2022 and took effect on December 27 of the same year. Its Implementing Rules and Regulations (IRR) were signed on December 12, 2022 and took effect on December 27, 2022. The SIM Registration Act mandates all end-users of SIM cards to register their mobile phone numbers.
The SIM Registration Act covers any existing subscriber or any individual or juridical entity which purchases a SIM from a Public Telecommunications Entity (PTE), its agents, resellers, or any entity. All SIM subscribers shall register their SIM by July 25, 2023. Failure to register will result in automatic deactivation of the SIM and will only be reactivated after registration of the same.
All SIMs sold by PTEs, its agents, or any entity shall be in a deactivated state. Those SIMs shall be activated only after the end-user completes the registration process mandated by the law. The SIM Registration Act imposes obligations upon PTEs, their distributors, and subscribers.
The SIM Registration Act penalizes providing false information or documents to register the SIM, selling or transferring of a registered SIM without complying with the required registration, selling stolen SIMs, spoofing a registered SIM, and on the part of PTEs, its agents or employees, refusing to register a SIM without valid reason and for breach of confidentiality with imprisonment, fine, or both.
- PTEs shall maintain their own database of information required under the act. They shall also ensure security and protection of data and comply with minimum information security standards prescribed by DICT consistent with internationally accepted cybersecurity standards and relevant laws, rules, and regulations.
- PTEs shall provide user-friendly reporting mechanisms for their respective end-users upon the latter’s receipt of any potentially fraudulent text or call, and shall, upon due investigation, deactivate, either temporarily or permanently, the SIM used for the fraudulent text or call.
- In case of loss of the SIM, death of the enduser, or request for deactivation, the concerned PTE shall deactivate said SIM within 24 hours from the report of the enduser, immediate family, relatives or guardian. In case of a cyber-attack on the SIM Register, the incident shall be reported to the DICT within 24 hours of detection.
- All end-users shall be required to register their SIMs with PTEs as a pre-requisite to the activation thereof.
- For juridical entities, the certificate of registration, as well as the duly-adopted resolution designating the authorized representative, in case of corporations, and a special power of attorney, in case of other entities, shall be presented. They are also required to submit a duly accomplished control-numbered owner’s registration form. The registration form shall be accomplished electronically through a platform or website to be provided by the PTEs.
- In case of any change in the information of the end-user, or the loss of the SIM, death of the end-user, or any request for deactivation, the end-user shall immediately inform the PTE through its facility established for such purpose.
Read the latest SyCipLaw TMT and Data Bulletin here or via this link.