DPI or Digital Transformation? Three takeaways from a Caribou Digital — UNDP convening to identify DPI-specific risks
Caribou Digital and UNDP recently held a convening of practitioners and scholars to explore the distinction between digital public infrastructure (DPI) and mainstream digital transformation, and the specific risks and safeguarding requirements of DPI. As a ‘Chatham House’ style convening of practitioners, policy makers and academics, this blog contains three key takeaways from the discussion.
Digital public infrastructure (DPI) is, as defined by the G20 New Delhi Leaders Declaration, made up of ‘secure and interoperable digital systems that enable the delivery of public services, together with an enabling governance environment and public value goals.’ The UN Secretary General’s Office of the Special Envoy on Technology (OSET) and the UN Development Programme (UNDP) convened the DPI Safeguarding Initiative to support the development of a safe, inclusive, and rights-protecting DPI framework. The initiative includes the DPI Safeguarding Initiative Working Groups, convened by OSET and UNDP to support the development of the framework.
This convening brought together leading stakeholders from the digital development academic and practitioner communities to consider four scenarios that present DPI and ‘generic’ approaches to common aspects of digital transformation. Participants’ discussion was structured around two specific questions:
- What distinguishes a ‘digital public infrastructure approach’ from a ‘generic’ approach to digital transformation?
- What are the specific risk profiles of a ‘digital public infrastructure’ approach to digital transformation?
Takeaway 1: Countries don’t think of DPI; instead, they think of systems. So the distinction between DPI and ‘generic’ digital transformation is more of a ‘how’ difference rather than a ‘what’ difference.
One of the recurring themes throughout the conversation was that, from a purely technology perspective, there is not much difference between a DPI and generic approach to digital transformation. The various components or attributes of DPI are not in themselves new. It’s a policy perspective and implementation approach — the ‘how’ — where DPI’s distinction lies.
One of the main characteristics of a DPI perspective is the idea of ‘thinking horizontally, rather than vertically’ so that systems work across ministries or sectors, rather than vertically siloed in one — for example, enabling a single registration to verify identity and eligibility for multiple systems and services. One of the main attributes that characterize this is the interoperability necessary to enable the horizontal flow of data. Interoperability is of course not new, and there is a wealth of literature and knowledge around mitigating the risks of interoperability that the DPI Safeguarding Initiative Working Groups and wider DPI community can draw from.
Another dimension that participants flagged was that ‘how’ questions are also often normative questions; that is, they introduce considerations of rights and inclusion. Examples include the policy dimensions of identification systems and the rights and entitlements that identification brings: in other words, what legal rights does being identified grant holders of that identity?
Takeaway 2: The distinction of DPI is the implications for development pathways and choice.
The second takeaway was DPI’s significance for development pathways and choice, namely in two dimensions. First, some participants discussed how DPI could strengthen states to make sovereign choices about their digital transformation path. Once DPI reduces digital transformation, from a technical architecture-systems perspective, to minimal building blocks and their core functionality, it opens a conversation about the importance of control for those blocks, instead of a conversation about a pre-selected system and its features. Participants felt this was particularly significant in the context of countries in the Global South who often depend on external financing for their development trajectory and are often forced to adopt the path of their funders. This is particularly the case in the context of donors who provide financing or investment for specific sectors or silos such as health, education, or welfare. Focusing on a DPI approach instead can put power back in the hands of the government.
The second aspect of sovereignty and choice was focused on individuals. Some participants highlighted how in some cases making systems mandatory — such as identification systems — can force users, whether they want to or not, to adopt systems that may serve state interests before individual interests. This consideration introduced another way of thinking about DPI risk: the risk of doing it too well, which could enable authoritarianism and autocracy, or not well enough, which could lead to service failure and a loss of trust and confidence in the state.
Takeaway 3: DPI’s complex business models present risks to both owners and systems.
Another takeaway from the discussion was the significance of DPI’s business models. One of the challenges that participants flagged was around the ownership of systems. For example, if DPI is government led, this can have implications for the business case of systems — for example around the necessary internal capacity to build or buy systems, and manage technical development and procurement. Another challenge that participants flagged was around the scaling of business models. Scaling competitively, and thus justifying public investment, was as important to consider as the potential for scale that the system introduced.
The characteristics of DPI also lead to other dimensions of business model risk. For example, interoperability introduces challenges for commercial suppliers of systems, as interoperability (should) make DPI elements (identity, payments, data sharing) commodity services. This is significant because, historically, companies prefer to make profits rather than compete on price in a commodity service market.
Another risk of DPI that participants flagged is its emphasis on open source. A number of participants flagged the challenge of open source and ‘abandonware’ — systems and technologies that are developed by a community (or lone developer) and then abandoned. This is a key risk for critical infrastructure and requires governments to develop the relevant capacity to mitigate the risk of infrastructure failure.
Reflection: Evaluation is key. How do we know if an intervention is a DPI approach, and what difference does DPI make?
A more general reflection on this discussion is the importance of monitoring and learning: establishing the basis for evaluating impact and whether a particular initiative is actually DPI in nature. What are the distinctive aspects of a deployment that can tell us whether it is upholding the principles and values of DPI? If DPI is an approach and a policy shift, how can we measure whether an approach and policy agenda is DPI in nature?
At Caribou Digital, we have a particular focus on monitoring, evaluation, and learning. We’re often asked to assess the impact of interventions. So we find it striking that in the conversation around DPI there has been very little attention paid to the difference a DPI approach makes, compared to a generic approach to digital transformation. Being clear about that difference is important on its own terms, but also to justify investments and to support the case for a DPI approach to policymakers and decision-makers, especially elected representatives.
The work to unpack distinctions between DPI and generic digital transformation is critical to developing appropriate safeguards, and to the broader effort to advance the case for and understanding of DPI. The work of developing instructive scenarios to break down the differences will confirm, and there is an open invitation to provide feedback that helps refine the existing scenarios, and to suggest and contribute new ones.