# F5.4 Establish appropriate legal framework to govern DPI initiatives

{% tabs %}
{% tab title="Principle" %}
[F5 Uphold the rule of law](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/foundational-principles/f5-uphold-the-rule-of-law)
{% endtab %}

{% tab title="Risk" %}
[RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [SV2 Weak rule of law](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities)
{% endtab %}

{% tab title="Life Cycle Stage" %}
[L1 - Conception and Scoping](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r3-donor/l1-conception-and-scoping)
{% endtab %}
{% endtabs %}

## Practice

* Incorporate detailed provisions within the legal framework that specify permissible data collection, usage, and sharing practices, to name a few, particularly focusing on data protection, privacy, and user rights.
* Issue practice directions for the review of security services’ requests for data access, stipulating minimum evidentiary requirements for such approvals, which must be granted by properly constituted courts with requisite knowledge of the subject matter.
* Assess the legal framework regularly.