Digital Public Infrastructure (DPI) has become a critical component for countries aiming to drive sustainable development and deliver inclusive public services. Yet, as governments around the world increasingly adopt DPI, they encounter complex challenges that hinder the full potential of these systems. These challenges are not only technical but also systemic, influencing how governments serve their residents:
01 Technology availability and Future-Readiness: Dependency on proprietary vendor technology limits governments' flexibility and future innovation, making it hard to adapt systems as technology advances.1
02 Data Security and Privacy: The collection and use of data presents significant security and privacy concerns. Without strict regulations, DPI systems risk exposing sensitive data, leading to denial of essential services to vulnerable populations who rely on welfare programmes.2
03 Technical Skill-Set Availability: A lack of in-house expertise makes DPI projects harder to main, more expensive and inefficient, increasing dependence on vendors and causing issues with interoperability and maintenance.3
04 Contractual Provisions that Undermine User Interests: Proprietary technology vendors managing national digital infrastructures often have significant control over system design, usage terms, and contracts. This can enable unilateral changes or discontinuation, limiting digital sovereignty and locking governments into rigid frameworks.4
In response to challenges of this nature, the ‘public’, in Digital Public Infrastructure, refers to common benefit, not government ownership5. It recognises that there are multiple ways of operationalising these values. DPIs have also been explicitly connected to the advancement of Sustainable Development Goals6, making values-driven government technology adoption a core tenet of DPI creation and implementation. At the 2023 G-20 Summit, world leaders reached a significant multilateral consensus on the description of Digital Public Infrastructure (DPI), establishing key guiding principles. The outcome recognises digital ID, digital payments, and data sharing as fundamental components of DPI, while acknowledging that each country will have its own approach to implementation. Although these principles mark an important step forward, they remain part of an evolving conversation.
Accordingly, not every instance of government technology can be characterised as a DPI. The UNDP, for example, mentions interoperability, open standards, societal scale and robust governance frameworks8 as essential conditions for an effort to be considered a DPI. While the UNDP limits itself to mentioning open standards, the Digital Public Goods Alliance, in its definition of digital public goods, explains why it thinks open source is an essential requirement9 for an effort to be considered a DPG10.
Although not an explicit part of every DPI definition, we argue that open source software development embodies a well-established set of principles that go a long way towards addressing DPI values in actual implementations.
What Constitutes Open Source Software (OSS)?
At its core, OSS is a set of rights guaranteed to the user, that go beyond merely ‘availability of the code’. These have evolved over time into a set of detailed requirements, but are not always familiar to the wider community. The Open Source Institute articulates this as follows:
01 Free Redistribution: The licence shall not restrict anyone from selling or giving away the software, and shall not require fees or royalties from such sales.
02 Source Code: The programme must allow distribution in source code, or there must be a well-publicised means of obtaining the source code in a form where a programmer can modify the programme.
03 Derived Works: The licence must allow modifications and derived works, and must allow them to be distributed under the same terms as original software.
04 Integrity of The Author’s Source Code: The licence must explicitly permit distribution of software built from modified source code.
05 No Discrimination Against Persons or Groups: The licence must not discriminate against any person or group of persons.
06 No Discrimination Against Fields of Endeavour: The licence must not restrict anyone from making use of the programme in a specific field of endeavour.
07 Distribution of Licence: The rights attached to the programme must apply to all to whom the programme is redistributed without the need for execution of an additional licence by those parties.
08 Licence Must Not Be Specific to a Product: The rights attached to the programme must not depend on the programme’s being part of a particular software distribution.
09 Licence Must Not Restrict Other Software: The licence must not place restrictions on other software that is distributed along with the licenced software. For example, the licence must not insist that all other programmes distributed on the same medium must be open source software.
10 Licence Must Be Technology-Neutral: No provision of the licence may be predicated on any individual technology or style of interface.
[Edited for length]
These conditions have evolved to make sure that code remains free, in the sense of freedom, for all users to access and reuse as they want. Certain standard open source licences are already determined to meet all the conditions articulated by the OSI, and the open source community therefore strongly recommends using one of these standard licences, and not customising it to any particular project. MOSIP, for example, uses the approved Mozilla Public License 2.0, and our reasons for choosing this licence are articulated here.
Beyond the minimum requirements for code to be considered open source, there are broader community values that are also of relevance to our discussion. Values like collaboration, participation, knowledge sharing, interoperability, and community-driven development are cherished and actively practised. Open source communities have not only articulated these values, but maintained and evolved them through decades of new challenges and new technological innovations.
It is apparent from a discussion of open-source criteria that they hold enormous relevance for emerging DPI principles, and can be understood as measurable ways in which broader principles are implemented and practised. For example, it is important that DPIs can be adapted to different country contexts around the world. OSS guarantees the right of the adopter to modify the software (3. Derived Works), allowing governments to build the technology according to their requirements, rather than buying something unsuited to local contexts and then facing expensive customisations. Because source code must be made available to users (2. Source Code), and knowledge sharing is a well-developed practice, much of the friction in local collaboration and capacity building is removed. As a result, countries such as Sri Lanka and Bangladesh are planning on building DPIs leveraging and implementing existing open source DPGs such as X-Road, DHIS2 and Sunbird RC11.
Interoperability is another important DPI principle that open source conditions are critical in operationalising. Many of the essential conditions of OSS (for example 1. Free Redistribution and 4. Integrity of the Source Code) work effectively against restrictive and proprietary conditions that may be introduced through contractual terms. The Mozilla Public License 2.0 used by MOSIP, for example, requires any modifications made to the author’s code to also be released in open source. If any proprietary changes are made to MOSIP’s code by a third party in an attempt to reduce interoperability and lock-in a user, the licence conditions require such changes to be open sourced. Enforcing such licence conditions, therefore, can address attempts at lock-in. Even more permissive licences like the Apache licence require the original source code to be redistributed, and any modifications to be prominently labelled as such. Further, OSS also often work as demonstrable and auditable implementations of open standards, allowing for verification and improvement of interoperable systems.
Trust and transparency, other commonly articulated DPI principles, increase greatly in OSS DPI implementations that can be assessed and audited at any time (2. Source Code). The Alan Turing Institute’s project on Trustworthy Digital Infrastructure for Identity Systems, for example, highlights the role of open source in inviting and enabling scrutiny on systems like MOSIP12 to build trusted, secure systems for critical infrastructure like national identity.
Preventing any restrictions on the nature of use or the kind of user (5. and 6. No Discrimination) permits more inclusive adoption of DPIs, in the sense that anyone can download and run the code without gatekeeping by its funders or creators. It is to be noted, however, that this principle may sometimes be at odds with other DPI principles. For example, even if a potential user of DPI code wishes to use it against public benefit, open source principles would not allow licence modifications to prevent such kinds of use - it is agnostic to the use that the software is put to. These are dilemmas that open source DPI creators must grapple with in the particular contexts they face.
--
These are just some instances of open source conditionalities that help operationalise DPI values. As some of these examples show, however, merely applying an approved licence to a codebase is rarely sufficient to keep either open source or DPI principles alive: as systems are adopted around the world, new challenges emerge that must be addressed in accordance with these standards. Learning from open source communities, in the ways they have grappled with these questions, will help accelerate values-driven DPI adoption.
References
1. Digital Impact Alliance, DPG Charter: Key takeaways on deploying digital public goods as infrastructure, 2022
2. Aapti Institute, The Governance of Digital Public Infrastructure, 2024
3. Artha Global, Building the Foundations: Strengthening the Technical Capacity for Digital Public Infrastructure in Government, 2022
4. OECD, Development Co‑operation Report, 2021
5. World Bank, Digital Progress and Trends Report, 2023
6. United Nations Development Programme, Leveraging DPI for Safe and Inclusive Societies, 2024
7. World Bank, Digital Progress and Trends Report, 2023
8. United Nations Development Programme, Accelerating The SDGs Through Digital Public Infrastructure, 2023
9. Digital Public Goods Alliance, Why Open Source?, 2020
10. The DPGA goes on to describe DPIs as ‘SDG-relevant DPGs’
11. Digital Public Goods Alliance, State of the Digital Public Goods Ecosystem, 2023
12. The Alan Turing Institute, Openness in the digital identity context, 2021