> For the complete documentation index, see [llms.txt](https://safedpi.gitbook.io/safeguards/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r1-government/l2-strategy-and-design.md).

# L2 - Strategy and Design

To know more about this phase of the DPI life cycle, click [here](/safeguards/universal-dpi-safeguards-framework/life-cycle-stages.md)

**Click on any process listed below to learn about illustrative practices that can be implemented.**

<table><thead><tr><th width="255">Process</th><th width="233">Principle </th><th>Risk</th></tr></thead><tbody><tr><td><a href="/pages/xT7ppbnaJJI3CxNqBVTM">F3.3 Identify and address end user/citizen needs</a></td><td><a href="/pages/adfJH6JbZNY47KrdRu6q">F3 Do not exclude </a></td><td><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusion</a></td></tr><tr><td><a href="/pages/Ve5jGEcGrfRuF46N1Lwv">F1.3 Establish monitoring and mitigation teams</a></td><td><a href="/pages/gApkHMlgeGyeOQE6Qr0s">F1 Do no harm </a></td><td><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV 1 Digital distrust, </a></p><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a></p></td></tr><tr><td><a href="/pages/cMYCVHh3IL3FKz5VX0CH">F2.1 Implement alternative enrollment measures</a></td><td><a href="/pages/hWE45Ygj0NvUyRKYOJSu">F2 Do not discriminate </a></td><td><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusion</a></td></tr><tr><td><a href="/pages/exn14hhNfzLjhtDTpo9y">F3.3 Assess the interoperability system</a></td><td><a href="/pages/adfJH6JbZNY47KrdRu6q">F3 Do not exclude </a></td><td><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV3 Weak institutions, </a></p><p></p><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a></p></td></tr><tr><td><a href="/pages/XutPRf4PE1FnVbCrui0X">F3.4 Develop alternative processes to allow access to services without requiring subscription to a DPI system</a></td><td><a href="/pages/adfJH6JbZNY47KrdRu6q">F3 Do not exclude </a></td><td><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusion</a></p><p></p><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI2 Unequal access</a></p></td></tr><tr><td><a href="/pages/WkFONwz8DmjOks408pvd">F3.5 Implement affirmative design measures</a></td><td><a href="/pages/adfJH6JbZNY47KrdRu6q">F3 Do not exclude</a></td><td><p></p><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV2 Weak rule of law</a></p><p></p><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusio</a></p></td></tr><tr><td><a href="/pages/BXQxwwShQkdCKarqo05d">F4.5 Establish comprehensive auditing mechanisms</a></td><td><a href="/pages/bGGW0Ilo6gnkth3GdiwH">F4 Reinforce transparency and accountability</a></td><td><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV3 Weak institutions, </a></td></tr><tr><td><a href="/pages/FSogmkgabTBolX5ZDya7">F4.6 Create stakeholder participation systems</a></td><td><a href="/pages/bGGW0Ilo6gnkth3GdiwH">F4 Reinforce transparency and accountability</a></td><td><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusio</a>n</p><p></p><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV 1 Digital distrust, </a></p></td></tr><tr><td><a href="/pages/A9eYYjMRraHimkjkxNZF">F4.7 Ensure an auditable data trail for dispute redressal</a></td><td><a href="/pages/bGGW0Ilo6gnkth3GdiwH">F4 Reinforce transparency and accountability</a></td><td><p><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS2 Digital insecurity</a></p><p></p><p><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS4 Lack of recourse</a></p></td></tr><tr><td><a href="/pages/29ApiYDLonXggjVPxIL2">F4.8 Provide clear definitions for key human rights terms so basic understanding of harms is inter-operable and can be benchmarked across systems.</a></td><td><a href="/pages/bGGW0Ilo6gnkth3GdiwH">F4 Reinforce transparency and accountability</a></td><td><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI4 Disempowerment</a></p><p></p><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI2 Unequal access</a></p></td></tr><tr><td><a href="/pages/27Hbf2i2I4QSLFXFqHlp">F6.3 Incorporate user choice mechanisms to participate</a></td><td><a href="/pages/K8VznhaGShVKQ3aBCzg2">F6 Promote autonomy and agency</a></td><td><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI4 Disempowerment</a></p><p></p><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a></p></td></tr><tr><td><a href="/pages/DUkbjgmMvzlNNhX67cFy">F6.4 Design user interfaces that empower data subjects with clear and continuous control over their data.</a></td><td><a href="/pages/K8VznhaGShVKQ3aBCzg2">F6 Promote autonomy and agency</a></td><td><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI4 Disempowerment</a></td></tr><tr><td><a href="/pages/z3gS94c1obefIdDPcm8N">F7.3 Forward relevant stakeholder inputs to the DPI implementors.</a></td><td><a href="/pages/SuOSyrps7a4ttNsPnEeB">F7 Foster community engagement</a></td><td><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV3 Weak institutions</a></p><p></p><p><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI4 Disempowerment</a></p></td></tr><tr><td><a href="/pages/ueHVJTAuUWfaHOaBqVGH">F7.4 Sustain the participation of affected communities in the process by providing funding for the total cost of community engagment</a></td><td><a href="/pages/SuOSyrps7a4ttNsPnEeB">F7 Foster community engagement</a></td><td><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI2 Unequal access</a> <a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusion</a></td></tr><tr><td><a href="/pages/G6YdmVombeQMomajyo8D">F8.3 Ensure that the DPI interface indicates the responsible public authority and their contact information for complaints and inquiries.</a></td><td><a href="/pages/BjnG3rmXH3jj8wt6KOBq">F8 Ensure effective remedy and redress</a></td><td><p></p><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV1 Digital distrust</a></p></td></tr><tr><td><a href="/pages/Z4vvVVITNO7DknUqctai">F9.4 Adopt common standards, conduct regular system integration tests, and ensure that redundant system operations are removed</a></td><td><a href="/pages/4lFXQs0iD4Jy8R1F2tjn">F9 Focus on future sustainability</a></td><td><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV5 Unsustainability</a></p><p></p><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV3 Weak institutions</a></p></td></tr><tr><td><a href="/pages/5Us1QuUbVe5UMRC1UNYI">F9.5 Conduct stringent security checks and vendor assessments</a></td><td><a href="/pages/4lFXQs0iD4Jy8R1F2tjn">F9 Focus on future sustainability</a></td><td><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV3 Weak institutions</a> <a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV5 Unsustainability</a></td></tr><tr><td><a href="/pages/LaWNCL1uZGxIkiIYpuLg">F9.6 Encourage modular system design and support for multiple technologies.</a></td><td><a href="/pages/4lFXQs0iD4Jy8R1F2tjn">F9 Focus on future sustainability</a></td><td><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV3 Weak institutions</a> <a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV5 Unsustainability</a></td></tr><tr><td><a href="/pages/ucR5upDDoLGfXh0X7W6k">F9.7 Adopt comprehensive procurement processes that prevent vendor lock in</a></td><td><a href="/pages/4lFXQs0iD4Jy8R1F2tjn">F9 Focus on future sustainability</a></td><td><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV2 Weak rule of law</a></td></tr><tr><td><a href="/pages/lABe5QajeKglgiP5MlGw">O1.4 Provide tools and support to enable integration and scalability</a></td><td><a href="/pages/jyu7EAI7JBuvsedO87Cy">O1 Leverage market dynamics</a></td><td><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV5 Unsustainability</a></td></tr><tr><td><a href="/pages/xA9RDK9h87giuyhIQY4n">O1.5 Develop an open access system with APIs, accountability, and fraud protections</a></td><td><a href="/pages/jyu7EAI7JBuvsedO87Cy">O1 Leverage market dynamics</a></td><td><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusion</a><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS2 Digital insecurity</a></td></tr><tr><td><a href="/pages/N9JLRsQRTV4AkVl4jxZO">O2.2 Implement regular public consultations and review mechanisms.</a></td><td><a href="/pages/2vZ2g5GmAUDAzO81NYIO">O2 Evolve with evidence</a></td><td><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusion</a> <a href="/pages/Lbn5wDykErUjbKkv7h1P">RI4 Disempowerment</a></td></tr><tr><td><a href="/pages/rBXiwhPKJF1WC6VqNCcL">O2.3 Design mechanisms to generate relevant data</a></td><td><a href="/pages/2vZ2g5GmAUDAzO81NYIO">O2 Evolve with evidence</a></td><td>  <a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV3 Weak institutions</a> <a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a></td></tr><tr><td><a href="/pages/73EloySRg8YPRkq5IBUL">O2.4 Design feedback loops to address data inaccuracies and enable community reporting</a></td><td><a href="/pages/2vZ2g5GmAUDAzO81NYIO">O2 Evolve with evidence</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS2 Digital insecurity</a><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV 1 Digital distrust</a></td></tr><tr><td><a href="/pages/L1vo3PC4KA2lbJF7zVNc">O3.5 Integrate strict data minimization protocols into design</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><p><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV 1 Digital distrust</a> </p><p><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a></p></td></tr><tr><td><a href="/pages/9CJPtR4xOc7WWWr9kw6X">O3.6 Establish multi-layered security controls to protect data throughout its lifecycle</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI4 Disempowerment</a></td></tr><tr><td><a href="/pages/UAHwMzLoA0SkJXcUkcx7">O3.7 Undertake a Data Protection Impact assessments and legislative reforms prior to DPI roll out</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV2 Weak rule of law</a></td></tr><tr><td><a href="/pages/ZvF63OaliSZuIQwDBte1">O3.8 Enable third party audits</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a></td></tr><tr><td><a href="/pages/E2b9GD3PDGW2tKjZNXJ5">O3.9 Establish Robust Data Delinking Mechanisms once the purpose of the processing of personal information has been served</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS2 Digital insecurity</a></td></tr><tr><td><a href="/pages/Uhovj2JHZSHZODZYLmt3">O3.10 Enable different levels of privacy between payer and payee, where appropriate.</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS2 Digital insecurity</a><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a></td></tr><tr><td><a href="/pages/t3QRFg5vEfNnfTXBOu7K">O3.11 Implement symmetrical identification so users know the identity of the other party in a transaction.</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV1 Digital distrust</a></td></tr><tr><td><a href="/pages/dh1Is2V1sxeWDZl6js0F">O3.12 Implement and protect the right to pseudonymity within DPI systems, when applicable.</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV1 Digital distrust</a></td></tr><tr><td><a href="/pages/wSydaWyiPiFXX4HGj9oj">O3.13 Ensure that biometric authentication is not mandatory</a></td><td><a href="/pages/qqVUVBIyoRg7wMdBFK7N">O3 Ensure data privacy by design</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a><a href="/pages/BGsdcQ372xY7vG3ijCSJ">SV4 Technical shortcomings</a><a href="/pages/Lbn5wDykErUjbKkv7h1P">RI3 Exclusion</a> </td></tr><tr><td><a href="/pages/NB9xJrILSB7MNZsmIMsD">O4.8 Design specific security features to protect against unauthorized access and data breaches</a></td><td><a href="/pages/c4hSRuERBbMziYUHYU7a">O4 Assure data security by design</a></td><td><a href="/pages/3hsKoF7Y1JdVPVWm98th">RS1 Privacy Vulnerability </a></td></tr><tr><td></td><td></td><td></td></tr></tbody></table>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r1-government/l2-strategy-and-design.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
