Learning from International DPI Efforts

By

Allison Price

,

Silvana Rodriguez

, and

Alberto Rodríguez

In this second article of the research collection, Infrastructure for the Digital Age, experts weigh in on questions exploring the potential for digital public infrastructure (DPI) to support a healthier digital environment in the United States through essential services and frameworks that are open, inclusive, and adaptable. Each article summarizes major themes from experts' responses to a prompt, followed by a curated collection of expert insights.

Prompt: What lessons from DPI implementation and initiatives from international partners can be applied in the United States?

If the United States were to decide to take on a greater role in supporting the next generation of civic tech and government solutions, it could look to the DPI experiences of a growing number of countries. Frequently cited pioneering examples include Pix, ConectaGOV, and Digital ID (Brazil), X-Road (Estonia), Aadhaar and India Stack (India), and Diia (Ukraine), as well as the Mojaloop, MOSIP, and District Health Information Software 2 solutions in use across multiple countries. But a closer look reveals many more countries are encouraging residents to register for digital ID programs designed to provide secure and trusted access to government online services. The promise of SID (Argentina), myID (Australia), Fayda (Ethiopia), Island.is (Iceland), Maisha (Kenya), PhilSys (Philippines), Diia.pl (Poland), NDID (Thailand), and other endeavors is what can be built to connect with these ID systems, from issuing real-time payments, to accessing public health records, to securing business licenses and beyond.

While DPI is often perceived as a government tool to strengthen the provision of public and private services, decisions around its implementation and tech governance can carry much broader geopolitical implications. Increasingly, high-level efforts to recognize, coordinate, and advance trusted DPI initiatives are on the global agenda, from European Union policy leadership to G7, G20, and UN workstreams. DPI could conceivably help the implementing country buffer the potential impact of global political and commercial dynamics by strengthening its public services and economic activity. Further, competition is on the rise among countries seeking to export their digital infrastructure and the values encoded within. Concerns range from autocratic overtones and declining democracies, to the sociopolitical and data privacy risks from potential government overreach, to the risk of further marginalizing vulnerable communities.

Key Findings

Reflecting on global efforts, experts suggest a wide range of best practices and strategies to inform U.S. assessment of the field, including fundamental shifts in mindset not just in terms of technology governance, but also of technology policy. Domestic customization considerations, different technical approaches, and the value of public and private sector strengths also need to be balanced when adapting a system.

• Realize that domestic context matters and that there isn't a one-size-fits-all solution with tech. Whether a DPI solution is effective and safe is specific to its local context. For example, DPI in the United States might involve partnerships with the private sector, such as allowing banks to validate identity. In contrast, countries with emerging financial systems or smaller populations might focus more heavily on government-led initiatives to provide digital identity services. The key is to understand the needs and conditions of each country - and even cities - when designing and administering DPI solutions.
• Commit to privacy when implementing design standards and ensure that the proper guardrails are in place. Privacy measures and data protection should be core to the design process from the outset, rather than an afterthought. Important principles include collecting data as minimally as possible, ensuring transparency of data usage, and giving users ample control over their data.
• Address legal and political constraints and learn from cautionary cases of human rights implications. For example, a key concern is the risk between using DPI data for legitimate law enforcement purposes as opposed to using it for intrusive or targeted surveillance.
• Start small with one DPI project and build others as a stack or portal approach; solve for an initial specific problem but architect to solve for many.
• Plan to measure the effectiveness of DPI through user-centric research and design. Ideally, governments should also share open data, allowing access to researchers, stakeholders, and public actors. The next level of this approach would include processes to ensure genuine consideration and implementation of public input.
• Leverage public and private strengths in cross-sector collaboration. For DPI to be valued as an approach in the United States, there needs to be a path to overcoming vested interests, which are often exacerbated by existing business models and legacy operations. It's important to get the private sector on board in both designing and using DPI; be alert for potential market distortions and other unintended effects.
• Make open source DPI tools, including measures for data standards, interoperability, and discoverability, easily accessible to all government agencies. This will require a concerted effort to train public sector practitioners to deploy tools safely and effectively.
• Anticipate needs as DPI becomes institutionalized, including accountability and redress mechanisms, sustainability planning from funding to capacity to environmental concerns, and dealing with network effects or even the potential for new monopolies.

Building on the insights provided by experts below, the next article in this collection will address mitigating risks and overcoming barriers to DPI development and implementation.

Go to the next article in the research collection: MANAGING RISKS AND POTENTIAL HARMS WITH DPI IMPLEMENTATION

A Curated Collection of Expert Insights

Prompt: What lessons from DPI implementation and initiatives from international partners can be applied in the United States?

Context Impacts Implementation

Audrey Tang, Senior Research Fellow at the Collective Intelligence Project and Beth Simone Noveck, Professor and Director of The Burnes Center for Social Change, and The GovLab at Northeastern University

Digital Participation Infrastructure (DPI) isn't a one-size-fits-all solution. In addition to using DPI on a sustained basis, the second lesson from earlier DPI experiments is to use the "right horse for the right course." Different platforms serve different purposes, and often, we need to combine a tool for problem definition with a different one for solution identification or implementation to arrive at a workable solution.

To advance the adoption of DPI in the US and elsewhere, we need to:

• Make open source DPI tools easily accessible to all government agencies;
• Train public servants in deploying these tools effectively;
• Measure the effectiveness of DPI;
• Establish processes to ensure genuine consideration and implementation of public input.

Daniel Castro, Director at the Center for Data Innovation

Success begets success. Many countries start with one DPI project, and then build others. Successful adoption and tangible results both help prove the value of the projects to the public (and dispel concerns) and provide government agencies with the skills and experience to build additional projects. For example, Estonia's DPI projects have grown from a few functions to a complex digital ecosystem.

Another lesson is that the domestic context matters. When looking at digital ID programs in other countries, one common factor is that each government had to adapt its digital ID initiatives to the practical realities of their country. For example, some countries (Norway and Sweden) have relied heavily on banks in the roll out of digital IDs. Germany used its postal authority to help verify people's identities. Austria relied, at least in part, on telecom operators for its A1Signature initiative for e-signing. In each of these cases the government found a partner based on existing relationships between citizens.

Privacy Preservation and the Public Interest are Critical Components

Ethan Zuckerman, Professor and Director of the Digital Public Infrastructure Initiative at UMass Amherst

The obvious analogy everyone reaches for is Aadhaar, the ambitious Indian identification program that's being used for direct benefit transfer, insurance and banking-a government project to establish a "voluntary" identity scheme is now being used as a canonical identifier for a variety of services. This idea that a government system could be used to enable a variety of private sector uses is a great lesson, but so are the cautionary tales associated with it - there are serious privacy concerns about Aadhaar, and the Indian courts have been forced to rule that Aadhaar is not mandatory and services cannot be denied for those who choose not to opt in.

One lesson here is that governments are often the biggest economic actors in a country and can contribute an enormous amount to the economic success of projects. Tim Berners-Lee's SOLID project has been working with the Indian national railway and the National Health service of Great Britain for those reasons, finding a way to demonstrate the utility of SOLID at scale by testing systems with hundreds of millions of users.

But I think it's important to consider DPI much more broadly. I think independent public broadcasting, like that of the BBC, DW and others can be considered a DPI as well. Aadhaar is easy to understand because it maps onto the ways in which software developers think, creating a useful identity mechanism, something that's very hard to accomplish in large scale software deployments. But accurate news is also an infrastructure, in this case for democratic decision making. We tend to ignore it because it doesn't have as neat an analogy to building businesses, but it's still an example of a digital product that has public benefit, is hard to provision privately, and which makes other social behaviors possible.

Joseph Lorenzo Hall, Distinguished Technologist of Strong Internet at the Internet Society

There are clear tensions between the use of DPI data for law enforcement and surveillance. India is a big advocate of DPI efforts, but it also is constantly seeking to undermine standard Internet security practices such as end-to-end encryption used for web and messenger software like Signal and WhatsApp. It's difficult to see how both standard security and privacy techniques can exist alongside these increasing desires to use infrastructure against the users and applications that rely on it, without the governments realizing that security and privacy are table stakes for the use of DPI (e.g., There is research under current peer review showing that the Israeli use of their COVID-19 contact tracing app for surveillance reduced the utility of that service for population health).

This tension will only intensify as we transition to more privacy-preserving measurements where raw data is never collected or exposed to a centralized service, and as we secure more of our Internet communications surface area. This has been a focus for almost two decades, and significant progress has been made (e.g., almost all web sessions are secured end-to-end).

Safeguarding Human Rights and Building Meaningful Oversight Bodies Must Be Prioritized

Laura Bingham, Professor and Executive Director at the Institute for Law, Innovation & Technology at Temple University

The United States lacks an adequate legal framework for safeguarding fundamental rights in the context of DPIs (understood by the current G20 definition, to be society-wide infrastructure). Specifically, it lacks guarantees of equal protection that sufficiently cover disparate impact discrimination to provide the necessary level of protection for negatively impacted persons and groups. The availability of disparate impact redress for discriminatory effects of initiatives of the scale and multifaceted character of DPIs is fragmented and weakening through recent Supreme Court precedent interpreting current law.

Second, the same Court has drastically narrowed the scope of a constitutional right to privacy, which has been a cornerstone of multistakeholder efforts to achieve safe and inclusive DPI implementation in India and Jamaica, for example.

Finally, the United States is also politically constrained in two key respects: the capacity to build and fund institutional structures to protect constitutional democracy and individual rights, and the capacity to engage in effective, legitimate Congressional oversight. While strong institutions like the GAO, OIGs, FCC and FTC can play analogous roles to the essential contributions from oversight bodies in other jurisdictions, political deadlock in the legislative branch and the ensuing trust and transparency deficits pose a major challenge.

Lacey Strahm, Policy Lead at OpenMined

Through the UN PET Lab, National Statistical Offices (NSOs) are experimenting with novel solutions that leverage the UN Global Platform-a cloud-service ecosystem to support international and inter-agency collaboration in the development of official statistics. The UN Global Platform can be viewed as a DPI initiative made possible through the continued collaboration of international partners with a common goal-maximizing their ability to serve the public by unlocking more value from official statistics.

Some NSOs are running DPI pilot projects to enable remote access to microdata for external researchers. Others are working to demonstrate a new approach to international data analysis using the open-source data science platform Syft. This architecture, when in full use, can enable private joins on nonpublic data without each NSO needing to access the other NSO's data directly. As these technologies mature, the expectation is that they will support investigations into key national and cross-border policy and governance questions.

The United States Census Bureau is a member of the UN PET Lab and is involved in some of these projects. Still, other U.S. agencies can learn from this pioneering DPI work and see how U.S. entities can interact and benefit from international DPIs.

Pursuing Reusable and Interoperable Components

Daniel Abadie, Senior Technical Advisor at the Centre for Digital Public Infrastructure

Two of the original digital public infrastructures were crafted in the U.S.: the Internet and the GPS network. These two world changing infrastructures allowed our society to expand in a way and velocity we had never experienced, leading to the digital era we live in today.

Thanks to that, governments worldwide have been developing DPI solutions for many years, trying to transform the 20th century organizations into modern societies. India advanced on their digital ID with the goal of verifying identity (that doesn't provide entitlement to anything) to build digital services on top, especially focused on financial inclusion. Estonia had the chance to create a government administration digital by design, building an efficient way to share data and integrate with multiple public-private organizations, X-Road. Brazil created a financial ecosystem during the pandemic to provide social benefits to its citizens, leading to the implementation of PIX by the Central Bank. Argentina created a digital wallet, including official documentation like driving licenses, ID card, vaccines and implemented a digital ID API for the financial system. Ukraine created a mobile app to rebuild its government administration and provide services to its citizens. All these initiatives (different from each other in their technology, design, goals, and scale) have a common link; they are all built with a building block approach, using reusable components to scale.

David Eaves, Professor and Deputy Director in Digital Government at the UCL Institute for Innovation and Public Purpose

America can learn from international partners, and it has a great deal it can learn from its own accomplishments in the past. DPI is less about specific technology, it is about a way of thinking... about how a combination of technology and governance can create interoperable systems that are shared means to many ends.

What Americans can learn from international partners is really two things. First, to be reminded of what a DPI mindset is like. What does it mean to think digitally and infrastructure first? It is a different mindset that policy makers more focused on solving specific problems don't naturally adopt. Second, is to be reminded that many DPI projects start off by solving a *specific problem* but are architected to facilitate *many ends*.

Finally, other countries are, in part, pursuing DPI because they want to ensure sovereignty over systems central to the functioning of a digital era society. Figuring out what those are, and how Americans want to think about managing them is another place for possible learning from other countries.

Yolanda Martínez, Practice Manager for Digital Development in Latin America and the Caribbean at The World Bank

Implementing digital public infrastructure can benefit from the lessons learned in different countries that have pioneered such initiatives. In Mexico, a National Digital Service Standard enabled citizens to access birth and professional certificates-using an identity DPI-in a unified digital experience. Before the digital and interoperability standards were agreed upon by 32 State Governments, each held different paper formats and processes, making access to services very bureaucratic.

Governments can develop a set of reusable software components/technology stack to enable common services like identity, payments, information exchange, notifications, verifiable credentials, among others, and make them available to government entities at all levels of government, as well as private sector entities, to digitize services at scale. A National CIO/CDX Council can jointly define the priorities for developing the national DPI stack and rapid prototyping environment, reusing open-source resources available in the global DPI ecosystem. For instance, GovStack Global-founded by Estonia, Germany, ITU, and DIAL-provides standard-based technical specifications, a "ready-to-do-it-your-self" SandBox environment demonstrating integration scenarios between Building Blocks that enables different user journeys across life events.

Planning for Accountability

Akash Kapur, Senior Fellow at New America and The GovLab, and Visiting Research Scholar at Princeton University

Get the private sector on board-not just by creating room for private enterprise and innovation, but by getting private sector actors in the room when designing the systems that make up a country's DPI. The entrepreneurial, innovation-friendly design pioneered by India's DPI/Aadhaar architects has been one of the real keys to the India Stack's success. I think of it as "free market by design."

• Try to envision (and plan) for future network effects and new monopolies. An emerging reality in India's DPI appears to be the creation of new forms of monopoly in the payments network-specifically, Walmart-owned-PhonePE has about 50% market share, and GooglePay has around 37%. Such monopolies, which simply replace existing/earlier concentrations of private sector power, especially in American-controlled technology companies, appear to undercut the P (i.e. public) aspect of DPI. It's important to think about how network effects and other monopoly inducing behavior can rear their heads in unexpected ways, at various points in the digital ecosystem.
• Plan for institutionalization, and especially redress and accountability. DPI projects often begin as technical projects, and (as in India's case) somewhat on the fly, in a not fully fleshed out, entrepreneurial manner. But then the government (and bureaucrats) step in, and a process of institutionalization begins. It is essential to think ahead, to try to imagine what DPI might look like when it is more "institutionalized"-and especially to address issues surrounding redress and accountability.

Adapting From Crisis to Connectivity

Alek Tarkowski, Co-Founder and Director of Strategy at the Open Future Foundation

First, I would like to highlight here one specific case: the DIIA.pl module of the Polish mObywatel is a mobile app that serves as a platform for an increasing number of public administration services (including digital ID or digital prescriptions). mObywatel is not yet a DPI in the accepted sense of the term-as it lacks the key aspect of offering an infrastructure for services other than government's own. Yet it is an important example of digital infrastructure. In the case of DIIA.pl, the existence of both mObywatel and the Ukrainian DIIA created a possibility for connecting these two digital services. This was done very quickly, and already in July 2022, several months after the start of the war in Ukraine, the mObywatel app allowed Ukrainian citizens to present their ID in digital form-in particular when crossing the Shengen border. As such, it was an important case of making two public digital infrastructures interoperable. At that time, over 1.6 million Ukrainian citizens fled the country because of the war, creating major logistical challenges for the administrations on both sides of the border. I think that diia.pl is an important real life example of a digital solution that proved to be sustainable and resilient in face of a humanitarian crisis.

Secondly, I would like to point to a different issue, related to European policy debates on DPIs, in the context of the Next Generation Internet initiative. This debate points to the need to expand the concept of DPIs so that it transcends critical internet and e-government infrastructures. We have been pointing to the need to fully address the issue of building Digital Public Space (as defined in the EU Declaration on Digital Rights and Principles) by expanding the scope of DPIs to include communication infrastructures; this has also been addressed by the "Missing Layers" initiative. Such a broader perspective is crucial if we want DPIs to fully address challenges of the digital environment as not just a digital market, but also a digital space that needs to be made more healthy and functional.

There are Many Interrelated Lessons from Global DPI Initiatives

Susan Aaronson, Professor and Director of the Digital Trade and Data Governance Hub at George Washington University

I think the US could benefit from thinking about the internet as a commons for data.

Diana Zamora, Director of Global Public Policy at Mastercard

Lessons from global DPI initiatives include:

• Role of the private sector: It is essential to create an environment that encourages private sector innovation and rewards entrepreneurs for the risks they take in serving previously unattended markets. Striking the right balance between economic incentives, regulatory frameworks, and common standards is key to enabling these ecosystems to scale and remain economically viable.
• Monetization for sustained impact: When designing payments in a DPI context, the regulatory framework and the economic incentives should not create a crowding out of private investment.
• Leveraging public and private strengths: Ensuring cooperation between government and private sector is essential to build a healthy and competitive ecosystem for DPI. Clear mechanisms for dialogue and joint innovation will optimize knowledge and resources, to allow for a regulatory framework that drives innovation, accountability, and high-quality DPI.
• Global fragmentation risk: Government-led DPI initiatives pose the risk of global fragmentation if systems are developed in different jurisdictions and without mitigation measures. Interoperability and international standards harmonization should be integrated in a comprehensive safeguarding framework. Given global policymakers' focus on global cross-border trade, data flows, and movement of goods and services, fragmentation risk should be mitigated into all funding, financing, and development of payments infrastructure.
• Surveillance and lack of privacy protection: While analyzing transactional data can inform public policy, proper guardrails must be in place to protect citizens' privacy and human rights, especially in regimes where democracies are still consolidating, to prevent potential surveillance and scrutiny.
• Market distortions and absence of competitive neutrality: Competitive neutrality states that private and public enterprises should enjoy the same regulatory treatment without any competitive advantage. This is crucial for fostering competition and providing the best services to consumers. However, when the entity regulating card schemes also builds and operates the real-time payment system, a conflict arises, leading to market distortions that hinder DPI's goals of inclusion and competition. Additional risks include governments using DPI in ways that create regulatory uncertainty, market concentration, crowding-out, reducing private investment and innovation. To mitigate these risks, strong DPI safeguards that preserve market discipline standards are essential.
• Tax base erosion: Central Bank-run payment systems in Latin America, such as Transferencias 3.0 in Argentina, ACH in Colombia, Sinpe in Costa Rica, and PIX in Brazil, have gained popularity for peer-to-peer (P2P) and person-to-merchant (P2M) transactions. However, these systems are creating economic distortions by potentially eroding the tax base and creating an uneven playing field among digital payment technologies.

Go to the next article in the research collection: Managing Risks and Potential Harms with DPI Implementation

Return to the main collections page