The Universal DPI Safeguards Framework offers practical, rights-based guidance to ensure that Digital Public Infrastructure (DPI) is safe, inclusive, and effective. It addresses the governance, design, deployment, and use of DPI by identifying risks and proposing key safeguards across different stages of the DPI life cycle. This framework is adaptable to various contexts and builds on global consultations to promote trust, accountability, and human rights in digital transformation.
Learn more
Privacy vulnerability
Digital insecurity
Physical insecurity
Lack of recourse
Discrimination
Unequal access
Exclusion
Disempowerment
Digital distrust
Weak rule of law
Weak institutions
Technical shortcomings
Unsustainability
The Conception and Scoping stage of the DPI life cycle is crucial as it establishes and reviews the purpose, goals, constraints and boundaries of a DPI. These parameters guide subsequent decision-making and ensure alignment with strategic and operational objectives, as well as the needs of individuals. Typical activities include:
• Framing of the goals and objectives.
• Identifying core problems and challenges.
• Assessing impact potential.
• Analysing the enabling environment for barriers to DPI implementation, effectiveness and adoption, taking account of relevant risks.
• Anchoring rule of law and institutional capacity for safe, inclusive DPI implementation.
This is the stage where a comprehensive plan comprising DPI design or adjustments are formulated to translate functional and performance objectives into actionable steps, including scalability and sustainability, and planning for optimum service delivery. Typical activities include:
• Mapping and engaging with stakeholders to understand individual and societal needs.
• Identifying parties across responsible authorities and personas for collaboration.
• Raising awareness regarding the barriers to DPI implementation in the enabling environment and advocating for their removal.
• Establishing standards, protocols and metrics to assess adoption and societal impact.
• Setting design objectives and specifications according to best practices and principles with a focus on incremental improvements and resilient architecture, and employing evidence-based strategies to mitigate design-related risks.
In the development stage, a prototype DPI is built according to defined specifications, ensuring functionality, reliability and scalability. Existing technical building blocks are evaluated before further development. This phase ensures that solutions are refined and tested to minimize risk sand maximize the effectiveness of safeguards before widespread implementation. The mitigation of risks associated with implementation is critical at this stage, appropriate to the maturity of DPI implementation and the local context. This phase presents a valuable opportunity to empower local developers. Typical activities include:
• Evaluating and selecting existing building blocks, including technical stacks.
• Software coding to design specifications as necessary.
• Building open Application Programming Interfaces (APIs) and sandboxes.
• Analysing the enabling environment for barriers to DPI implementation, effectiveness and adoption, taking account of relevant risks.
• Running and iterating through pilot project/s, with an emphasis on practicality and the mitigation of risks related to security, privacy, and experience of people.
• Filling gaps in institutional structures, policies and regulations.
During the deployment stage, the DPI is implemented in its operational environment. Any outstanding organizational changes are made to deliver value to users and to protect safety and inclusion. Change management strategies are recommended. This stage is critical to ensure successful large-scale adoption of DPI. Typical activities include:
• Installing, configuring, activating and scaling of hardware, software and networking components.
• Capacity-building of relevant responsible authorities and personas.
• Refining based on evidence, relevant data and feedback.
• Activating a robust governance framework with monitoring and redress.
• Planned and gradual onboarding of people to carefully manage system scaling and integrity through the adoption timeframe.
Regular operations and maintenance ensures ongoing optimal performance, stability and efficiency of the DPI within the operational environment. Typical activities include:
• Continuous monitoring, management, maintenance, evaluation and upgrading to ensure safety and security through technical, organizational and normative means.
• Employing innovative methods for ongoing engagement across the ecosystem.
• Ensuring redressal mechanisms are fit for purpose.
• Continuously assessing readiness to leverage policy windows or opportunities to scale.
• Managing environmental impact.
• Learning and continuously improving.