The E-Governance Act has cleared Congress. The Senate approved it 21-0 on January 27, 2025; both chambers ratified the bicam report on June 9, 2025. As of late June, it was transmitted for presidential signing; effectivity follows publication. Translation: the compliance clock hasn’t started yet—but when it does, agencies will be racing that first year.

What the law actually requires (the non-negotiables)

  • A government-wide E-Gov Unified PMO within 1 year of effectivity. DICT must stand up a portfolio office to standardize and overseat ICT programs across government. This is the backbone for prioritization, gating, and kill-switches on failing projects. Congress HREP Documentation

  • Scope: everyone, including LGUs. Coverage extends across executive, legislative, judiciary, constitutional bodies, GOCCs, SUCs, and LGUs—front-office and back-office alike. No carve-outs. Congress HREP Documentation

  • Single, unified digital stack. The vision is an Integrated Government Network with services consolidated through eGovPH, rather than every agency running its own silo. Agencies must designate a CIO to drive this. Daily TribuneSenate of the Philippines

  • Baseline security and privacy controls. DICT will set minimum information-security standards and require privacy impact assessments on systems handling personal data—before rollout. Congress HREP Documentation

Early rollout challenges (expect these to bite first)

  1. Budget timing vs. legal timing. The law’s “one-year from effectivity” clock won’t wait for the next budget cycle. Without bridge funding and reprogramming, agencies will slip—particularly for PMO staffing, discovery work, and quick wins. (Risk: Day-365 non-compliance.)

  2. CIOs in title, not in power. Mandating CIOs doesn’t fix authority gaps. If CIOs don’t control procurement gates, architecture standards, and decommissioning decisions, nothing changes except the org chart. Senate of the Philippines

  3. Interoperability vs. legacy reality. The Act wants a unified network; the installed base is a museum: old ERPs, bespoke portals, and fragile integrations. Expect a two-speed plan: APIs and adapters now; deeper core replacement later.

  4. Procurement mismatch. Even with the updated procurement rules emphasizing strategic planning and market scoping, ICT buys still stall on specs written for hardware, not services and outcomes. Agencies must shift to capability-based, milestone-tied contracting. GPPB-TSO

  5. Security & privacy debt. Minimum standards and PIAs will expose gaps—especially in LGUs that have never done threat modeling or data mapping. The pain is front-loaded but unavoidable. Congress HREP Documentation

  6. Network & data-transit constraints. Interop dies without bandwidth and dependable last-mile. The broader connectivity reforms (e.g., Konektadong Pinoy Act) are enablers, but they won’t arrive overnight—plan for degraded-mode operations.

  7. Change management is not a memo. Citizen-facing redesign (forms, queues, “one-and-done” transactions) is where adoption lives or dies. If agencies treat this as “IT’s project,” expect low usage and political blowback.

The ruthless 90-day checklist (starting Day 0 of effectivity)

For NGAs and LGUs—do these in the first quarter after effectivity to stay ahead of the one-year clock:

  1. Name accountable owners. Appoint the CIO (if not yet) and a business co-owner per flagship service; publish their decision rights. Senate of the Philippines

  2. Inventory the top 20 transactions. Map current steps, systems, personal data elements, and legal bases. Identify quick win candidates (high-volume, low-complexity).

  3. Run privacy & security triage. Conduct PIAs and gap scans against DICT’s minimum standards; assign remediation owners and dates. Congress HREP Documentation

  4. Draw the interop plan. For each transaction, specify data providers/consumers, APIs needed, and what moves to eGovPH vs. what stays behind the fence.

  5. Reframe procurement. Convert wish-lists into outcome-based scopes with discovery sprints, fixed milestones, and kill criteria; align to the updated procurement guidance. GPPB-TSO

  6. Stand up an internal “tiger team.” Product owner, architect, cybersecurity lead, legal/privacy counsel, finance. No spectators.

  7. Publish a public service roadmap. Simple, dated, and citizen-readable. Credibility is a delivery plan, not a press release.

What LGUs should stop assuming

  • “DICT will do it for us.” The law gives DICT architecture and portfolio authority; it doesn’t deliver your process redesign or your data cleanup. Congress HREP Documentation

  • “We’ll comply once we get the new system.” Compliance starts with governance, data, and design—not a procurement award.

  • “We’re too small to matter.” The Act covers every LGU. Small cities can leapfrog if they standardize forms, reuse APIs, and pool procurement. Congress HREP Documentation

Bottom line

The Act is finally positioned to land. The winners will be the agencies and LGUs that treat the first 90 days like a sprint—locking owners, data, APIs, and procurement around a few citizen-critical journeys. Everyone else will spend the year explaining delays while the compliance clock runs out.