DPI and the Global Majority: A case for deeper community participation

Introduction 

In 2020, governments around the world were compelled to ramp up the use and development of digital technologies and communications to respond to the COVID-19 pandemic. Public facilities, notably health and medicine, underwent significant digitalisation to ensure remote access and inclusion, and bring a larger population under the umbrella of social protections and essential services. Though experiences with the pandemic varied vastly street to street, a shared journey transcending all borders towards digital transformation of public systems had already begun. As part of its G20 Presidency in 2023, India introduced its own public service digitalisation playbook to the world—which was locally known as ‘IndiaStack’ for some years within targeted circles—as a digital transformation tool designed to be shared across borders, setting off a global conversation on how open source systems and digital public goods can be leveraged to digitise service delivery and help meet socioeconomic development goals. By the end of 2023, the now ubiquitous term “digital public infrastructure” (“DPI”) had started appearing in regional policy lexicons. It quickly became linked with sustainable development goals (“SDGs”) and synonymous with socioeconomic growth for low and middle income countries (“LMIC”). 

DPIs, as many experts believe, are the technological rails that support digital products and services enabling public benefits at a large societal scale. They comprise reusable digital components which can take the form of digital IDs, payments systems, and/or data exchange platforms, and typically envision large-scale digital transformation by enabling both public and private actors to build systems and applications of broader societal utility. Globally, the United Nations Development Programme (UNDP), World Bank, the G20, and the Organization for Economic Co-operation and Development (OECD), have been leading several parallel conversations to define and govern DPI, alongside efforts to build multilateral agreement through the Global Digital Compact (GDC). UNDP’s Universal DPI Safeguards Framework, a recent multilateral effort to streamline standard setting and policy governance, defines DPI as infrastructures made up of “secure and interoperable digital systems that enable the delivery of public services”. The GDC proposes DPIs can close digital divides, accelerate actions, and progress towards the achievement of the SDGs. Universities and non-profit organizations, policy think-tanks, philanthropies, and funds have also participated in the adoption, governance, and mapping of DPI projects. Most have described the DPI approach using a combination of the terms open, reusable, and inclusive, or have emphasised on its public-private nature. Notably, global policymakers have not yet arrived at a unanimous definition of DPI, let alone policy consensus on how it must be governed. 

Since the pandemic, countries, especially in the Global Majority, have seen and supported a rapid proliferation of DPI systems as a tool for both digital transformation and concentrating state power. As with most technological advancements in the last decade, the adoption of DPI systems has far outpaced the speed of policy consensus and lawmaking. In the absence of global policy consensus, this has resulted in an interesting political moment where governments can be seen retrofitting old and existing digital public services and governance systems into the DPI vocabulary, or tweaking regional DPI lexicons themselves to include and showcase indigenous projects at global fora. India and Brazil, as early adopters of the model, have led the conversation globally but with distinctly different comprehensions of what DPI is and is not. India’s G20 presidency in 2023 set the stage for DPI adoption and proliferation from the lens of digitalising welfare entitlements—Brazil, taking on the presidency in 2024, defined it as transforming public administration through multisectoral collaboration and public-private participation. This specific framing of DPI, coupled with a grounding legislation (National Digital Government Strategy, Decree No. 12,069 of 21 June 2024), may have led to Brazilian DPI models such as Pix to gain popularity and be commonly seen as success stories. Countries like Estonia and South Africa are also fast embracing DPI. Estonia’s X-Road system is a complex, resilient gateway to over 3,000 public services orchestrated by over 450 public and private actors. South Africa, who holds the G20 presidency for 2025, is focusing on artificial intelligence and compute while rolling out a new digital ID system as part of its MyMzansi DPI blueprint. Interestingly, it seems difficult to gauge the progress or success of DPI adoption in the Global North, where well-established digitised public mechanisms may check all criteria of what a DPI ought to be but are still not labelled as one. 

No matter their name, nature, or form, the prominence of large-scale digital transformation projects has created the digital citizen, a person whose rights has become dependent on the success of highly complex and sophisticated technology stacks. Therefore, the governance of societal-scale public service technologies must be embedded not only in economic and foreign policy, but also international human rights and humanitarian law, and widely established good governance principles such as transparency, accountability, and redress. This whitepaper aims to bring focus to an essential guardrail for DPI implementation and governance—meaningful community participation which goes beyond existing multistakeholder frameworks. It also offers a framework of recommendations to empower domestic, regional, and international policymakers in designing tools for digital transformation that respect human rights and dignity of the people they are designing them for. It questions the trade-offs between good governance and data privacy that many governments make when it comes to large-scale data processing drives that form the foundation for most DPIs—asking if one must compromise the other, and exploring how both interests can be harmonised for rights-respecting pathways to digital transformation.

How DPI poses unique community risks and harms

• Exclusion harms and how DPI may widen the very thing it seeks to bridge: In local contexts and as interpreted by communities, DPI can have the effect of “locking people out”.  The vocabulary used at the level of systems implementation often tells people they “cannot use or access” services they may otherwise be entitled to unless they sign up for one or more digital identities. In India and Kenya, countries that have seen digital ID systems (now DPIs) penetrate communities, it is near impossible to talk about DPI without addressing its exclusion risks.
  

  India’s Aadhaar project has increasingly become the primary channel for citizens to access social security and welfare guarantees, either through its payment or its biometric identification layer. Attempts by the State to digitalise welfare benefit distribution pipelines like employment, food security, disability support, or pensions has received steady and informed pushback from local communities and Indian civil society. A widely iterated example comes from the Indian rural employment guarantee scheme, which has been integrated with Aadhaar-enabled Payment Systems (“AePS”)—a DPI. Scheme workers have sustained a massive campaign pushing back against this integration since 2023 when it was first introduced, claiming that up to 13% of total active workers do not receive guaranteed wage due to the poorly designed DPI. Infrastructural failures at various points of the AePS mechanism—from spelling errors and bank system failures to bureaucratic delays and lack of grievance redress—are widely reported across sectors. Such failures assume their worst form in the rural employment scheme, where timely payments to workers can make the difference between life and death. In fact, another digital ID system which authenticates and disburses pensions in India has been erroneously declaring old and disabled persons dead. These populations are too frail or unequipped to approach non-digital avenues to fight the decision, so they remain pensionless until their families or civil society intervene; and many die waiting for their rightful pension. Poorly maintained datasets, lack of clear accountability mechanisms, and minimal digital literacy in the affected populations has made this specific digital identification system disastrous for the very vulnerable groups it aims to serve.

  Government-to-people (“G2P”) payments—which target welfare benefit or cash transfer recipients belonging largely to socioeconomically marginalised groups—are usually transacted through digital IDs and require a basic level of digital literacy to navigate. The World Bank, in its recent assessment of G2P digital payments infrastructures targeting vulnerable populations in Bangladesh, Ecuador, Guatemala, Indonesia, Jordan, Kenya, Mozambique, and the Philippines noted that in all these countries, recipients who benefited from the system were mainly younger men with some prior knowledge technology—barring which, financial inclusion remained low across the board. In a welfare state, any permutation of low digital literacy rates, poor internet penetration or connection, accessibility issues like one-time-password authentications or non-disability friendly processes, andtechnological blips like point of sale machine failures or bank errors, can cause a high number of target beneficiaries to fall through the cracks. Exclusion, in this manner, can occur through design or deficiencies—likely leading to community disenfranchisement, which decelerates any movement towards achieving SDGs.

• Potential surveillance and data privacy risks: Owing to its inherently data-maximalist nature, DPIs must operate within an airtight data protection and governance framework for both personal and non-personal data. Unfortunately in some of the bigger adopters of DPIs and digital IDs in the Global Majority, a robust data regime is far from reality. For instance, with the exception of Indonesia, India, Sri Lanka, and the Philippines, South and Southeast Asian countries do not have specific data protection laws or policies (notified or in effect), but have been seeing a dramatic proliferation of digital IDs and e-governance systems. Even in countries where data governance conversations are slightly more advanced, like India, the data protection act is rife with issues like inadequate privacy protections and lack of checks on state processing of data, rendering it somewhat ineffective when it comes to DPI governance. In fact, the Aadhaar digital ID in India was rolled out in 2010 without a backing law or a personal data protection framework in place. The technological infrastructure for sensitive biometric data collection and processing was built and implemented well before the Aadhaar Act, 2016 came into effect, before any personal data protection law or policy was in place, and even before the watershed judgment by India’s apex court in KS Puttaswamy vs Union Of India (2017), where the right to privacy was reaffirmed as a fundamental right.DPIs are powered by massive volumes of personal, often beneficiary data belonging to communities needing social protections—in the absence of legal protections, this instantly brings up targeted surveillance and data privacy concerns. These concerns can persist and extend harm to the most marginalised and vulnerable groups even when addressed at a surface level—the national Unique Personal Identification project in Kenya is a good example of this. Even though Section 31 of the Kenyan Data Protection Act requires the government to perform a “data protection impact assessment” before introducing such systems, and the ID was challenged in court for not having done it in the initial stages—the result was a positive judgment which emphasised on individual privacy rights, but prescribed notably weak protections for minorities like the Nubians from arbitrary treatment and direct or indirect discrimination. This is further problematised in light of the recent push across Africa to streamline digital identity systems—Ghana and Nigeria are moving towards harmonising biometric databases across government agencies, which raises concerns in light of deepening State surveillance in these countries.

  While exclusion from DPI systems can lead to discrimination in public life, some digital ID systems can also cause harm through inclusion—false inclusion or coercive enrollment into criminal justice or disease surveillance systems can affect the enjoyment of public services and cause severe stigmatisation. Integration of facial recognition technologies in DPI systems in Peru and Azerbaijan, for instance, may start off as an authentication tool but end up perpetuating biases and implicating persons with certain physical markers. Facial recognition systems are not properly governed in most Global Majority jurisdictions, making the high instances of false positives associated with them a cause for concern, especially when used in the public domain. Finally, a high degree of participation from the private sector in DPI systems may also raise alarms for data privacy in jurisdictions with inadequate data protection frameworks. Any DPI system that hands private players the carte blanche to obtain and process personal citizen information is a cause for worry worldwide—even the General Data Protection Regulation of the European Union is not equipped with sufficient safeguards for such imaginations of a DPI.

• DPIs can perpetuate existing stigma and discrimination: In the Global Majority, there is a risk of DPIs causing collective or community harms alongside individualistic ones, especially noting that digitalisation in these countries influences community dynamics almost as drastically as personal rights. For one, choosing to not participate in DPI projects can lead to stigmatisation and discrimination against not only individuals, but their community by extension, especially when DPI takes the form of mandatory digital ID systems. Certain individuals or minority groups may have legitimate reasons to refuse enrolment into these projects for fear of surveillance, repression, or persecution by the State—in the absence of physical avenues to access public services, these groups or individuals may draw attention to their identities, further risking stigmatisation. 

  On the contrary, individuals and communities can also be denied digital identity or access to digitalised services based on discriminatory vetting practices by the State. ID blocking or suspensions, surveillance of vulnerable groups, and policing and persecution of human rights activists or political dissidents are some ways in which States profile and discriminate against certain identities. As DPIs are built on open and interoperable systems harbouring large volumes of data, there is a high risk of function creep between government agencies and 360-degree profiling which may circumvent consent and notice requirements of local legal regimes. Pointedly, vulnerable and marginalised groups—including refugees, asylum-seekers or migrants, stateless or displaced persons, activists or dissidents, ethnic, religious, racial or national minorities, persons with disabilities, queer persons or gender minorities, persons living with HIV, sex workers, drug users, and people living in poverty—may disproportionately bear surveillance harms of these systems and face greater barriers to access, harsher consequences for non-compliance, and targeted mistreatment throughout the process of engaging with any DPI system.

• DPI can disturb local power dynamics and decentralised governance structures:
  States can exert high degrees of coercion and control over its citizenry by digitalising core welfare entitlements and public services they depend on. Elements of the digital ID systems can be weaponised by freezing ID cards or profiles, limiting access to certain processes, spaces or services, or using personal information in algorithmic profiling. This control is also known to skew local power dynamics by making digitisation a mandate of a “higher power”, even when voluntary. For instance, in the early days of biometric authentication systems being integrated into food security in India, experts had reported high instances of corruption and leakages. Middlemen performing authentication in exchange for foodgrain would tell beneficiaries who often belonged to a low digital literacy strata that “it was the Prime Minister’s wish” that they tried scanning their fingerprints once without claiming the grain entitlements, allowing them to record thousands of bogus entries, defraud beneficiaries, and appropriate public funds. Not understanding the technologies one is forced to navigate to avail of public services, in itself, can become undignifying for citizens and turn them away from using DPI systems. Similarly, concentrating powers to disburse welfare entitlements in the hands of an “algorithm” can cause disintermediation and disturb carefully constructed decentralised governance structures. In case a citizen does not receive an entitlement, they are often able to approach a low-ranking bureaucrat or the officer responsible for distribution, using public accountability tools such as Right to Information laws to seek answers. When the task is digitalised, the officer may refuse to take responsibility for machine errors, rendering existing accountability mechanisms ineffective and leaving citizens in the lurch. 

  Another tension that arises due to the mixed provisioning model of most DPIs is at the identity layer—who decides the digital identity of a citizen? The World Bank describes digital ID systems as those that use technology throughout the identity lifecycle, from data collection, entity resolution, validation, storage, transfer, verification to authentication. This explanation suggests that digital identity can be provided by the government, in partnership or outsourced to the private sector—contradicting the common policy position that digital identity is built upon a person’s legal identity, which can only be recognised by the government. As a result, there is now a gap between legal identity and digital identity, with DPI being explored as a potential lynchpin to help more people access and establish their legal identity through their digital ones.

Why push for rigorous community participation in DPI conversations?

DPI systems pose dual risks to citizens and communities in the Global Majority—in addition to systemic harms outlined by existing policy instruments that apply to models across the world, DPIs are capable of causing unique and far-reaching harm to the existence of vulnerable groups, their local fabrics and societal frameworks, and their access to welfare entitlements necessary for survival. In most cases, DPIs mean the digitalisation of daily life for people not familiar with technologies. Hence, a higher standard of care and accountability must be instilled in DPI governance frameworks. There have been numerous attempts to establish DPI guardrails and checkpoints at international fora.Yet, the existing patchwork of policy instruments have room for improvement. 

Most UN-led efforts take a loose approach at drawing human rights redlines butmiss an opportunity to define clear accountability mechanisms.In most cases, these approaches have kept an arms-length distance from themes like executive overreach and securitisation, which are commonly embedded in DPI implementation in the Global Majority and cause active harm to at-risk populations. Other policy checklists, notably UNDP’s DPI Safeguards framework, reflect an appetite to govern these models through a rights-lens, but do not adequately center underserved communities and their needs in these discussions. Existing international policy also does not reflect learnings from failures of the past, such as the large-scale digital identity project in India, that have caused severe harm to many vulnerable groups. Domestic governments participating in these conversations, too, continue to avoid looking back and taking accountability for perpetrated harms by preferring a “forward-looking” vocabulary of socioeconomic developmental goals when discussing DPI. This has resulted in a mixed bag of policy instruments that have been diluted over the years for lack of consensus between countries and international regulators, and that do not center the lived experiences of communities and citizens who have interacted and became unwilling subjects of DPI projects over the years.

Current global conversations focus on the promotion, funding, and adoption of DPIs while lacking participatory governance mechanisms that empower populations to participate actively in shaping technologies that will mediate their interactions with a digital state, private actors, and each other. The Digital Public Goods Alliance, for instance, was an early attempt to bring civil society, private actors and governments into one room, but concerned itself mainly with the registration and listing of digital public goods, and ensuring rights-respecting data processes behind them. UNDP’s DPI Safeguards have emerged as a promising landscape of multilateral and multisectoral collaboration, with active efforts to have meaningful conversations with civil society. The DPI Safeguards working groups represent a mix of culturally and professionally diverse stakeholders—while representation from underserved communities currently seem insufficient, ongoing efforts may lead to more inclusive processes. More recently, Freedom Online Coalition’s Principles on Rights-Respecting DPI—engineered through a multi-stakeholder consultation process—advocate for resilient, safe, inclusive, interoperable, and rights-first DPI rooted in civic participation.

It is useful to note that participation, in this context, must be meaningful, periodic, and diverse. Grassroots groups, affected communities, civil society organizations, social audit organizations, activists, researchers, academics—a wide and diverse pool of stakeholders must be consulted at all stages of the DPI lifecycle. Technologists and human rights groups continue to work in silos on themes emerging from the same sociolegal realities—be it exclusion, digital divides, state control, or representation. However, learnings and lived experiences need to be at the forefront of all DPI design. This can be accompanied by standardised human rights impact assessments at developmental stages of DPI systems, and once in effect, they should undergo independent periodic audits on metrics that include human rights impact and harms. Each DPI system, at the minimum, must also be resourced to correct infrastructural deficiencies leading to such harm, and be able to redress aggrieved individuals and communities on priority. The system should absorb feedback, learn from past mistakes, and grow in directions dictated by local expectations and needs. The possibility that DPIs may be leveraged as sovereign instruments to assert control on populations should not be lost on us. Many parts of the world currently share difficult political environments where dissent is being stifled and marginalised groups invisibilised—in this context, it becomes even more pertinent to amplify unheard voices and move towards a truly participative and democratic DPI governance framework.

Bottom-up DPI governance: what participation can look like

1. States must first gauge social, legal, cultural, and infrastructural preparedness for DPIs
   Before embarking on DPI projects, governments need to assess, holistically and by engaging independent impact assessment actors, the preparedness of their digital infrastructures to support secure and accessible societal scale systems, and the suitability of such an endeavour to their social contexts. This includes conducting needs assessments with diverse stakeholders and population groups, and including their perspectives while ideating on projects. Additionally, given the high infrastructural costs associated with erecting and running DPIs, states must critically examine whether building the proposed DPI is the most optimal and efficient route for them to attain their SDGs and deliver public benefit at societal scale. The current exponential adoption of DPI in some states should not set the pace for its adoption by others.Preparedness, on the other hand, is far more complex to gauge. The state of cybersecurity and of centralised ledgers in a country must be airtight and robust before data-heavy DPIs are built on top of them. Given centralised databases pose grave surveillance risks, many policy instruments, including the DPI Safeguards framework, recommend federated databases to ensure better data protection. While sound on paper, decentralisation of infrastructure does not automatically entail decentralisation of power or accountability —and it is common in some parts of the world for decentralised databases to have weak security and weaker accountability mechanisms than the centre. For instance, all of the innumerable documented data breaches within the Aadhaar identity project in India have targeted state-level databases or connected sectoral portals, to the extent that experts believe the constitution of state resident data hubs in India is an ipso facto violation of citizen privacy rights. To this end, federated databases are only a useful policy solution if the overall data security and cyber hygiene of e-government systems in a country is in good shape.

   Strengthening domestic data protection regimes should be the first step towards ensuring DPI preparedness. DPI projects can take the form of massive data collection drives which need to be underpinned by bulletproof data protection legislations and redress mechanisms. Worryingly, as highlighted in earlier sections, DPI implementation has been prioritised over legislating for privacy in many parts of the world. A second step, along the same lines, would then be to strengthen non-personal data governance regimes. Non-personal data—including aggregated, anonymised/pseudonymised, or machine-generated data, is seen as an essential component to unlock the economic potential of DPI systems in particular. However, many LMICs not only lack governance mechanisms for non-personal data sharing, but also struggle with poor quality foundational datasets. Demographic information and anonymised datasets specifically can cause some trouble—either because they have not been updated in decades, or have not been properly anonymised and still pose risk of violating personal data rights.

2. Digital identity systems, as foundations for DPIs, must center community rights, dignity, and autonomy 

   Existing international instruments suggest that DPI implementation must be voluntary for citizens to participate in. While a reasonable expectation and a seemingly low threshold for governments to meet, we must question if systems tied into public services and entitlements can ever truly be voluntary.A further distinction is worth drawing here: the question of whether an identification system is mandatory is separate from the question of whether its digitisation is mandatory. A person may be required to hold an ID to access welfare entitlements or public services —a longstanding and often legitimate requirement— without that requirement extending to a specific digital form of that ID, or precluding the use of alternative, including analog, forms of identification. The concerns that follow apply specifically to the mandating of digital ID systems, not to identification requirements as such.Consent often becomes immaterial when citizens interact with welfare systems, because governments can assert a high degree of coercive power over them. Power asymmetries between the citizen and the state make the widely adopted privacy framework of informed consent near-redundant—especially when the citizen belongs to a vulnerable or marginalised social group.  This can happen covertly or without political intent, like digital IDs that promise faster delivery of a welfare entitlement or less paperwork than the physical process; or overtly, through the use of “voluntary-mandatory” models—systems voluntary on paper or by law, but effectively made mandatory over time in practice. Authoritarian regimes in the global majority are embracing voluntary-mandatory models for biometric and digital identification—ie, systems that are voluntary on paper but mandatory in practice, often marked by executive coercion, discrimination, and arm-twisting in local settings. This arrangement helps governments escape legal scrutiny, as the systems remain “consent-based” and rights-respecting on paper, while furthering discrimination, exclusion, and other digital ID-based harms in practice.

   Latin America and the Caribbeans, notably Argentina, Brazil, Chile, Colombia, Paraguay, Peru, St. Lucia, Trinidad and Tobago, and Uruguay, is home to some promising DPI models—commonly, they feature community participation and follow a fairly multistakeholder approach in designing and implementing these systems than in other parts of the Global Majority. While Brazil is slightly ahead in DPI adoption with the demonstrated success of Pix and services through Gov.br, countries like Colombia and Chile are catching on. In Chile, digital ID systems can be seen to enhance access to beneficiary records and make G2P payments more efficient. The region is also demonstrating crossborder collaboration, knowledge-sharing, and data exchange in secure mechanisms, and piloting cross border authentication methods for their citizens in collaboration with local groups.

   Simply advocating for voluntary DPIs will not remove these incumbrances but in effect give governments room to exert coercive control without fear of scrutiny. In South and Southeast Asia, a number of digital ID projects have been modelled after the Aadhaar project—Bangladesh, Cambodia, Indonesia, Maldives, Nepal, Sri Lanka currently deploy a form of biometric-based national IDs and Cambodia will be rolling one out shortly. However, failures of the Aadhaar project in inclusive governance are also widely documented. Since rollout, digital authentication systems associated with Aadhaar (both at the identification and the payment layer) have been marked with significant exclusion errors, executive arm-twisting, and rampant discrimination (see box 2). Yet, it remains immune to judicial scrutiny and pushback to some extent for the reason of being a ‘voluntary’ ID on paper. Arguably the largest DPI undertaking in the region, Aadhaar may have set an example for how ‘voluntary digital identification’ can become a misnomer in countries rapidly embracing digital transformation, as most are in the Global Majority. Policy solutions should address this and broaden the “voluntary DPI” vocabulary to deeply explore the power asymmetries between a digital citizen and a digital state, and move towards robust standards of transparency, accountability, and grievance redress. Assuming that most DPIs penetrating a welfare sector will be de facto mandatory, policymakers should focus energies on how to limit executive overreach in DPI implementation, and mitigate harms arising from a state exerting its coercive control and power.

3. Leveraging DPI for financial inclusion requires respect for community rights 

   A common argument made in favour of DPI adoption is its ability to support a digital economy with potential for economic growth. The World Bank contends in a recent report that DPI serves to benefit the most vulnerable by streamlining and expediting G2P payments and improving overall financial inclusion. It rightly points out that DPI implementation goes beyond just the technology and implicates a broader ecosystem of broadband connectivity, devices, data centers and cloud infrastructures. In the same vein, the success and outcomes of a DPI project are also tied to larger foundational infrastructures and enablers.Wider internet adoption does not translate into meaningful internet access. In 2024 alone, a total of 296 state-imposed internet shutdowns across 54 countries cut off millions of digital citizens from accessing the internet. The economic loss associated with internet shutdowns, especially among marginalised groups and welfare entitlement beneficiaries in a digital state, is well documented in reports by Human Rights Watch, Access Now, and Internet Society. As identified correctly by global regulators, DPI implementation cannot happen in isolation—which also means that a state’s increased reliance on authoritarian measures to territorialise the internet, control populations, and stifle their access to the internet on unreasoned grounds, will essentially neutralise or even overpower any positive economic outcome associated with DPIs.

   South Africa Though digitalised welfare benefit distribution pipelines have been in place for decades, the current DPI project, MyMzansi, promises better access and financial inclusion to South African citizens. However, experts report that newer systems have inherited core functional problems of its ancestors—beneficiaries keep getting blocked out of payments systems for errors beyond their control, erroneous population registers pass on wrong beneficiary information across the interoperable layers of DPI, leading to even more exclusions, and there has not been the success of these systems in achieving financial inclusion is yet to be proved. For instance, in 2024, nearly 2 million citizens recently grappled with their digital IDs being blocked by the government for little reason—a move declared unconstitutional by the Pretoria High Court. The court ordered the Home Affairs department to establish a “just and fair process” for digital identification, that is in line with the South African Constitution and the Promotion of Administrative Justice Act (PAJA), stating that “while the passive violation of human rights by a State that fails to take steps to promote and advance human rights is unacceptable in a constitutional dispensation, the active violation of human rights by a State that infringes constitutionally entrenched human rights violates public trust in the institution of the State and undermines the Constitution”. In 2025, in light of its G20 presidency, South Africa has announced a new centralised digital ID system—but it remains to be seen to what extent errors of the recent past will be addressed.

   This is one of the ways in which DPIs create a unique tension among policymakers. The promise of digital financial inclusion and empowerment of underserved communities attracts LMICs and private companies to invest in sophisticated digital infrastructures. But the public service sectors DPIs penetrate are marked by such socioeconomic precarity that the smallest infrastructural lapses can mean drastic repercussions for the affected populations. While the economic value of digital transformation can neither be denied nor substantively challenged at this stage, the ultimate trade off in some DPI use cases is between fundamental human rights and dignity, and economic growth. In these limited circumstances, policymaking must explicitly protect and champion human rights considerations.

4. DPIs can only earn community trust if flanked by transparent technology procurement and accountable public-private partnershipsDPIs have increasingly taken the form of joint enterprises between governments, philanthropies, transnational organizations, and the private sector. In the global North, such collaborations may be seen as shining examples of a good DPI. The 2024 OECD report on DPIs uses MitID, a public-private digital ID in Denmark, as an example to showcase how private actors like banks, with their experience in managing secure transactions and customer verification, and the state, with its policies, capital, and administrative mechanisms, can cooperatively build a secure and widely adopted DPI. This represents a theoretical ideal which may be difficult to replicate in LMICs, where citizens, private corporations, and the state all operate in a mutual trust deficit.

   A long-standing issue with public-private partnerships is how they can mutually enable opacity and facilitate evasion of responsibility. Private companies have been leaning into generous policy incentives from states under digital transformation schemes to erect DPIs—a collaboration which gives them state funds, public datasets, and under some data protection regimes, exemptions from data processing obligations. In turn, states can liaise with private institutions which are not subject to freedom of information instruments, thus evading public accountability mechanisms. In the absence of robust data protection frameworks and embedded structural transparency, DPIs can become institutions of opaque governance. Transparency, in this context, should not be limited to allowing citizens to see where their data is going—although that can be a tenet. Governments of Estonia and Brazil have been working on data flow transparency mechanisms within DPI governance, which is a starting point.

   Transparency, however, goes beyond disclosures to include clear administrative and governance structures, publication of contracting documents like tenders and MoUs, making policy decisions accessible to the public, updating government websites, strengthening freedom of information instruments, making proactive disclosures on implementational failures as much as success, and so on. Beyond institutional transparency, states must also commit to transparent technological procurement and transfer, which visibilises the various actors involved in the making of a DPI. Accountability mechanisms closely follow, and are closely tied with a citizen’s ability to seek redress for any inflicted harm. Clear pathways of redress must be established, which, at the minimum, state who among the public and the private collaborator will process complaints and grievances. DPIs’ interoperable and decentralised architecture is imagined in a way that inherently complicates accountability mechanisms within public-private structures as well as across government departments and levels of government sharing the same infrastructure. Therefore, clear redress mechanisms should also form the backbone of any public-private DPI collaboration.

5. States must sustain investments into alternate physical avenues 

   Governments may use digital infrastructures in place of physical ones as channels to meet their positive human rights obligations because they may be less laborious to erect and easier to shield from public scrutiny when compared to physical infrastructures. DPIs notably attract private sector investments and collaboration, which may overshadow physical avenues to access public services. For instance, the right to health for all through primary care centers is guaranteed in a number of constitutions across the world, but the poor state of first-response care centers in LMICs has slowed down their health outcomes. Instead of investing in repairing and staffing these physical spaces, governments have preferred to lean on telemedicine systems—which can cover a larger population than hospitals and progress digital health technologies, but can also cause disconnected populations to fall through the cracks.Policy instruments should push states not only into ensuring that alternative physical avenues to digitalised public services exist, but also into prioritising these physical infrastructures to eliminate risks of exclusion. Moreover, these alternative avenues must not be construed as analogue means to a digital end, but should be able to provide a wholly non-digital service delivery start to finish. For instance, in Bangladesh, an ‘access layer’ was introduced to DPIs to turn them into what is called a ‘phygital public infrastructure’. Simply put, this layer embeds relevant physical locations, call centres and over 9,000 digital one-stop shops into a DPI system to make the service more accessible and inclusive. Initiatives like these, though not immune from capacity constraints or deficiencies, at least attempt to tailor digital solutions to local needs.

Conclusion

Digital transformation through DPIs has been a shared goal among LMICs, which is now rapidly translating into reality. The economic potential of DPIs, coupled with an attractive opportunity to synergise public and private sectors for net public benefit, have cast these digital tools to the forefront of global technology governance and policymaking. Despite multiple international fora and countless conversations dedicated to the subject, the global community has struggled with arriving at a common, unanimous, and widely accepted governance framework on DPI, including how to define it. A combination of diverse regional perspectives, vested interests, geopolitics, market competition, documented harm, painful lived realities, and a lack of representation at policy and legislative tables has made this technological tool difficult to cooperatively govern. This heterogeneity creates tensions within the ecosystem and demands difficult trade-offs from states wanting to safely adopt DPIs. Human rights interests and economic growth have been pitted against each other in the path to DPI implementation—but truly safe and inclusive DPI can only be built at the intersection of both interests. One way to ensure this is by centering DPIs in community participation and representation. 

As is explored in this brief, DPIs pose unique collective harms in the Global Majority over and above widely recognised individual threats to rights and freedoms across the world. These can take the form of systemic exclusion, surveillance and privacy risks, exacerbated stigma and discrimination, or disruption of local community dynamics. What is currently absent from policy instruments is both specific articulations of these risks, and dedicated metrics for building safe DPI systems in this part of the world —to insulate especially vulnerable groups from the trickle-down harms of societal-scale digital systems. As DPIs begin to digitalise core public distribution pipelines and life as we know it for communities dependent on welfare benefits, investments must be made towards rigorous community consultations and citizen participation at all stages of the DPI lifecycle. There must be a global move to increasingly include underserved communities and their lived experiences in DPI design, implementation, and governance conversations, and platform their needs and expectations at various domestic, regional, and international fora.