The Universal Digital Public Infrastructure (DPI) Safeguards initiative is concerned with systems provided by, or on behalf of, government or through public–private partnerships at societal scale and which serve the public interest. The process of developing the Universal DPI Safeguards was launched in September 2023 by the Office of the UN Secretary-General’s Envoy on Technology (OSET) and the United Nations Development Programme (UNDP). The initiative stemmed from the UN Secretary-General's policy brief on the Global Digital Compact (GDC) and its call for the creation of common frameworks for DPI.

The Pact for the Future and its annex, the Global Digital Compact, were adopted on September 22, 2024, at the Summit for the Future. In the compact, Member States have recognized the potential of DPI in promoting inclusive digital transformation and achieving the Sustainable Development Goals (SDGs). This potential is tempered by risks. Accordingly, Member States have also recognized the role of adaptable safeguards for DPI in achieving these goals.

The Universal DPI Safeguards Framework reflects the role of DPI and its safeguards to ensure DPI implementations mitigate new risks and existing structural vulnerabilities of digital transformation at both the individual and societal level, advance the Sustainable Development Goals (SDGs) and foster trust and equity across all countries.

The Universal DPI Safeguards initiative is an evolving multi-stakeholder effort comprising three key pillars:

1. Universal DPI Safeguards Framework: Guiding principles and practices for safe and inclusive DPI, covering the entire life cycle of DPI development, from conceptualization to operations and maintenance, monitoring, and feedback. The Framework can be applied in practice using resources made available in an interactive knowledge library. The library includes an interactive component where users can generate scenarios tailored to their context and produce downloadable recommendations.

2. Universal DPI Safeguards Resource Hub: An online dynamic platform for community engagement offering safeguards-related resources, implementation guides, and emerging insights on DPI safeguards.

3. Country implementation: Refers to active engagement with stakeholders in countries to create or strengthen multi-stakeholder holding environments that enable spaces for sharing different viewpoints, inputs, collaboration and addressing challenges. This involves facilitating technical assistance, convenings and capacity development for countries, sectors and actors to generate dialogue, build consensus, and create opportunities to advance safe and inclusive implementations.

Together, these pillars support DPI implementation in a way that is not only safe, secure and inclusive, but also practical and adaptable to diverse contexts and needs.

The guide explains how to apply the Universal Digital Public Infrastructure (DPI) Safeguards Framework. The aim is to equip readers and DPI practitioners with a clear understanding of how the Framework can be applied to ensure safe and inclusive adoption of DPI.

Access the Guide

Share Your Comments

The Universal Safeguards for DPI initiative, launched in 2023 by the Office of the UN Secretary-General’s Envoy on Technology (OSET) and the United Nations Development Programme (UNDP), set out to co-create a pragmatic framework for countries implementing DPI. It is a multi-stakeholder initiative designed to ensure DPI implementations mitigate risks at both the individual and societal levels, advance the SDGs, and foster trust and equity across all countries.

Six working groups, comprising diverse experts and DPI practitioners from a broad range of stakeholders within the global digital ecosystem, led the development of the Framework. Insights, feedback, and recommendations from an International Organizations Consultative Group, as well as from convenings, country engagements and public consultations, have informed this guide.

In April 2024, the inductive phase of the initiative concluded with the release of anInterim Report, ‘Leveraging DPI for Safe and Inclusive Societies’ for public comments. The Interim Report provided an overview of the Framework’s components and proposed initial high-level principles.

In September 2024, the guide ‘The Universal Digital Public Infrastructure Safeguards Framework - A Guide to Building Safe and Inclusive DPI for Societies’ was released, along with the Universal DPI Safeguards Framework.

The Universal DPI Safeguards Framework comprises principles, process and practice recommendations to be employed by various responsible authorities within the DPI ecosystem to mitigate risks to safety and inclusivity. Risks are specified in relation to each stage of the DPI life cycle and are also addressed by upholding foundational and operational principles for safe and inclusive DPI. These principles were first introduced in the Interim Report.

To be universally applicable to all DPI and responsive to stakeholder needs, the Framework will continue to be developed through continuous feedback cycles with multi-stakeholder inputs.

The Universal DPI Safeguards Resource Hub serves as a dynamic online platform for community engagement, offering safeguards-related resources, implementation guides, and emerging insights on DPI safeguards.

Visit the sections below to make the most of the Hub:

Explore the Knowledge

• Dive into the safeguards, starting with the Guide to the Universal DPI Safeguards Framework.

• Navigate the Universal DPI Safeguards Framework which provides practical recommendations for ensuring safety and inclusivity.

• Explore the About the Initiative page to understand the journey so far and the roadmap for the future.

• Visit the Key Outputs section to access other essential knowledge.

Adopt the Framework

• Access country-specific experiences that showcase practices aimed at enhancing safety and inclusion.

• Find practical toolkits for implementation, key insights on emerging discourse.

• Seek support for your own DPI safeguards implementation efforts.

Get Involved

• Contribute to the Framework through our submission form.

• Join the community by sharing your stories, experiences, or case studies that highlight progress toward safety and inclusion goals.

• Participate in community convenings to provide feedback, share insights, and engage with others working on advancing DPI safeguards.

• Use the convening toolkit to organize your own events around these themes.

The rapidly evolving DPI landscape requires the Framework to be dynamic and adaptive. Just as the Framework has been created through an inductive–deductive co-creation process, its evolution will be guided by a continuous listening–learning updating process. This first release of the Framework (Version 1.0) lays the foundation through five components. It is important to note that the list of responsible authorities, practices, and processes is not exhaustive, and further feedback, insights, and information curated during its application will be synthesized and incorporated into the emergent knowledge base as the Framework evolves.

The initiative will use the channels below for listening, learning, and evolving the Framework:

1. Ecosystem engagement: The initiative will continue to curate feedback to build additional processes and practices, KPIs, and lessons learned through expert and practitioner contributions. The initiative will continue to engage the ecosystem by creating awareness through campaigns (success stories, testimonials, and case studies), workshops, and contribution calls. Public feedback will be sought through online forums and open webinars, with special emphasis on underrepresented groups. This feedback will be systematically reviewed and integrated to ensure the Framework addresses diverse perspectives and needs.

2. Country implementation: The initiative will, directly and through the ecosystem, actively engage with stakeholders in countries to support their DPI adoption journeys. This will include identifying projects, facilitating connections to technical assistance/funding, and providing support for monitoring or assessment to improve impact. The experiences learned from these country implementations will inform ongoing updates and enhancements to the Framework, ensuring it remains relevant and effective across diverse contexts.

3. International organizations: The initiative will continue to engage with international organizations to collaborate, advocate, and support the effective use of the Universal DPI Safeguards Framework across DPI life cycles. Feedback received from these engagements and any processes and practices used by these organizations will be employed to enhance the Framework.

Regular updates will be announced and documented with detailed release notes. These updates will be openly accessible through the interactive knowledge library on the Universal DPI Safeguards website and the Universal DPI Safeguards Resource Hub. The updates will be available for download in multiple formats, ensuring that everyone can easily access and remain up to date on the latest version of the Framework.

The Universal Digital Public Infrastructure (DPI) Safeguards Framework is a set of actionable guidelines for DPI design and implementation that serve the public interest. The Framework comprises principles, process and practice recommendations to be employed by various responsible authorities within the DPI ecosystem to mitigate risks to safety and inclusivity. Risks are specified in relation to each stage of the DPI life cycle and are also addressed by upholding foundational and operational principles for safe and inclusive DPI.

Explore the Universal DPI Safeguards Framework

Contribute to the Universal DPI Safeguards Framework

The Framework is an evolving and open public asset, subject to continuous updates through contributions from multi-stakeholder engagement and insights gained from country-level implementations.

Please share your contribution with us.

The section highlights the materials produced so far, offering insights into the development of the Universal DPI Safeguards Framework.

We welcome feedback and comments to continue refining and enhancing these resources. You may click here to contribute.

Typical DPI-related roles and responsibilities of 'Government' include:

• overall governance: from policymaking to public service delivery

• creating policies to set development goals

• guiding inclusive digitalization

• providing budgetary support for development purposes and DPI development

• providing proof of progress to constituents

• listening to feedback and improving legislative, executive and judicial administration

Click Next to explore the process recommendations in the Conception and Scoping stage of the DPI life cycle.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

The Interim Report provides an overview of the Framework’s components and proposed initial high-level principles.

Access the Interim Report

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

A functional group of stakeholders with assigned or assumed roles, responsibilities, and accountability for effective implementation and evolution of DPI safeguards.

Click on a Responsible Authority below to learn more about actionable processes and practices.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

The Universal DPI Safeguards Framework can be accessed through an interactive knowledge library or this DPI Safeguards Resource Hub.

Guidance to the..

Typical DPI-related roles and responsibilities of 'Regulators' include:

• setting appropriate and effective guardrails

• supervising and enforcing laws and regulations

Click Next to explore the process recommendations in the

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI lifecycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

Typical DPI-related roles and responsibilities of 'Technology Providers' include:

• providing a focal point for technical work, risk identification and mitigation strategies

• having influence over and advising on actual implementation through to maintenance and support of DPI

Click Next to explore the process recommendations in the

To know more about this phase of the DPI life cycle, click .

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click .

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click .

Click on any process listed below to learn about illustrative practices that can be implemented.

Typical DPI-related roles and responsibilities of 'Advocates' include:

• driving advocacy for DPI safeguards

• working to uphold human rights

• representing the interests of the marginalized and diverse sections of the society

• providing innovative ideas to make DPI more inclusive

• highlighting incongruence with existing laws and regulations

Click Next to explore Safeguards Processes in the stage of the DPI Lifecycle.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

The Universal DPI Safeguards Framework is designed as an open public asset to extend foundational and actionable recommendations that are adaptable to diverse contexts. It is not a static body of knowledge but will continue to evolve across all its elements with the active contribution of stakeholders such as governments, responsible authorities, seasoned practitioners, civil society organizations (CSOs), and international communities.

The Framework is made up of five components:

1. Risks to be mitigated:

Risk refers to the possibility of harm and involves uncertainty about the effects of an activity on people’s health, well-being, wealth, property or the environment. V1.0. of the Framework describes 13 interrelated risk areas.

2. Principles:

Principles, currently 18, are core propositions to mitigate risk which have been derived from the possible risks observed in the DPI ecosystem. These include new risks and existing structural vulnerabilities.

3. Responsible authorities:

A functional group of stakeholders with assigned or assumed roles, responsibilities and accountability for effective implementation and evolution of DPI safeguards.

4. Life cycle stages:

DPI has five life cycle stages, namely: Conception and Scoping, Strategy and Design, Development, Deployment, and Operations and Maintenance.

5. Recommendations:

These include ~ 300 processes and practices; built from existing experiences in countries.

• A process is a series of activities required to produce a result which may occur once, or be recurrent or periodic. In the Framework, principles are translated into processes relevant to responsible authorities at appropriate life cycle stages.

• Practices are related to processes and indicate what may or may not have been done in the past under normal circumstances. Practices are evolving and may not always indicate the best of practices in the context of the Framework.

Thus, the Framework offers multiple permutations of risks, principles, responsible authorities, life cycle stages and recommendations. It is designed as an open knowledge asset that allows any user to query it to identify actions they need to take.

Typical DPI-related roles and responsibilities of 'Donors' include:

• providing funding and financial support

• seeking proof of progress to meet development outcomes

Click Next to explore the process recommendations in the

To know more about this phase of the DPI life cycle, click .

Click on any process listed below to learn about illustrative practices that can be implemented.

The building blocks for safe and inclusive DPI:

• F1. Do no harm

• F2. Do not discriminate

• F3. Do not exclude

• F4. Reinforce transparency and accountability

• F5. Uphold the rule of law

• F6. Promote autonomy and agency

• F7. Foster community engagement

• F8. Ensure effective remedy and redress

• F9. Focus on future sustainability

Principles are core propositions that form the foundation of a flexible, universal framework that guides the effective functioning of a DPI. The purpose of DPI is to maximize participation, agency and trust for all individuals. This implies that the risks described in the previous sections need to be mitigated, and residual risks need to be managed in the context of each country’s sociopolitical environment. To achieve this, all responsible authorities should be guided by a set of principles to ensure trust and coordinated responses throughout the DPI life cycle. These principles form a common language that helps to build mutual understanding and support ongoing cooperation.

The principles listed in the Framework are shaped by various research methods, including consultations with diverse stakeholders, a review of secondary resources, case study analysis and discussions with country-based implementers. As the DPI landscape evolves, these principles should be periodically reviewed and updated.

The principles are divided into two categories: (1) foundational and (2) operational. The former refers to principles that should serve as the basis for any DPI, while the latter refers to principles that come into play at an operational level and may vary across contexts.

Harms to individuals may not be immediately obvious. A human rights-based framework should be integrated throughout the DPI life cycle to anticipate, assess, and effectively mitigate any potential human rights harms and power differentials.

All individuals should have a choice of channels (digital/non-digital) to access and benefit from services enabled by DPI based on their individual capacity and resources. Access should not be limiting, conditional or mandatory — explicitly or in practice.

All individuals, regardless of intersecting identities, should have unbiased access and equal opportunity. Risks due to the circumstances of all vulnerable communities, historically marginalized groups and those who opt-out should be mitigated.

All stages of the DPI life cycle should centre on the needs and interests of individuals and communities at risk. They should participate at critical junctures and provide feedback actively in an environment of transparency and trust.

DPI should be developed with democratic participation, have public oversight, promote fair market competition and avoid vendor lock-in. All partnerships should be transparent, accountable and publicly governed.

Complaint response and redress mechanisms, avenues for appeal without reprisal, supported by robust administrative and judicial review, should be accessible to all in a transparent and equitable manner during service delivery.

DPI should be introduced with a clear legal basis, with required legal and regulatory aspects embedded into its design, supported with capacity for sector specific tailoring (such as health), implementation, oversight and regulation by law.

Ensure that everyone (especially indigenous communities with sui generis rights), on their own or with assistance, can take control of their data, promote their agency, exercise choice, and contribute to their society’s well-being.

• Have strong and transparent security standards in place, ensure they are well communicated in procurements, and receive confirmation that they are addressed by service providers.

• DPI should embed technical rules that enforce core privacy principles (e.g. data minimization, provisions to delink, and the ability to limit observability by purpose and time) and governments should enact legal safeguards around them.

• DPI should foster an increasingly inclusive environment for public and private innovation such that market players compete and introduce diverse solutions that cater to the emerging needs of all participants in society.

To know more about this phase of the DPI life cycle - Click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle - Click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle - Click here

Click on any process listed below to learn about illustrative practices that can be implemented.

Conception & Scoping (L1)

The scoping stage of the DPI life cycle is crucial as it establishes the purpose, goals, constraints, and boundaries of a DPI. This then guides subsequent decision-making and ensures alignment with strategic and operational objectives as well as people’s needs.

Strategy and Design (L2)

At this stage, a comprehensive plan is formulated and the DPI design is conceptualized in order to translate objectives into actionable steps that meet functional and performance objectives. The most appropriate standards, designs, safeguards and implementable steps are thought of at this stage.

Development (L3)

In the development stage, a prototype DPI is built according to defined specifications, ensuring functionality, reliability, and scalability.

Deployment and Transformation (L4)

At this stage, the DPI is implemented in its operational environment, and any necessary organizational changes are made to maximize its impact and adoption.

Operations and Maintenance (L5)

Once DPI is commissioned, it is expected that individuals regularly interact with its services, and that government agencies rely on its systems for their operations.

To know more about this phase of the DPI life cycle - Click

Click on any process listed below to learn about illustrative practices that can be implemented.

• DPI should embed technical rules that enforce core privacy principles (e.g. data minimization, provisions to delink, and the ability to limit observability by purpose and time) and governments should enact legal safeguards around them.

Long-term effectiveness of DPI is contingent upon a robust legal, regulatory and institutional framework that promotes transparent and participatory governance focused on safety and inclusion.

• DPI should share and reuse open protocols, specifications, Digital Public Goods (DPGs) and other building blocks. This enhances flexibility and assures that proprietary systems do not limit the ability to improve safety and inclusion.

Driving continuous trust and adaptation:

O1. Leverage market dynamics

O2. Evolve with evidence

03. Ensure data privacy by design

O4. Assure data security by design

05. Ensure data protection during use

O6. Respond to gender , ability or age

O7. Practice inclusive governance

O8. Sustain financial viability

O9. Build and share open assets

Inculcating foresight is key to anticipating and limiting long term and inter-generational harms. For example, mitigating the environmental impact with a net-zero strategy or minimizing resource needs with reuse of software.

• Independent, transparent and continuous assessments (such as human rights due diligence and data protection) should engage with people, review evidence and rapidly cease or initiate activities that contain heightened risks or harms.

Practices

• Require the creation of detailed documentation for every architecture component.

• Allocate resources to develop user-friendly tools and platforms for generating and disseminating reports on system performance.

• Invest in the integration of continuous feedback loops and audit mechanisms within the system design.

Practices

• Advocate for pricing models that ensure DPI accessibility, drawing inspiration from the West African Economic and Monetary Union (WAEMU) to reduce transaction costs across 60 different payment types.

• Encourage governments to enforce subsidies, similar to India's model where citizens with digital identities and accounts receive government support, allowing the poorest individuals to access DPI services at no cost.

• Support technical assistance to implement affordability models effectively.

Not all individuals experience DPI in the same way, and some continue to face barriers and challenges related to their access or use. DPI should not exacerbate existing challenges or introduce new barriers and inequalities.

A process is a series of activities required to produce a result which may occur once or be recurrent or periodic. In the Framework, principles are translated into processes relevant to responsible authorities at appropriate life cycle stages.

Practices

• Require the creation of detailed documentation for key architecture components, balancing the need for transparency with protecting proprietary elements created by private sector participants.

• Allocate resources to develop user-friendly tools and platforms for generating and disseminating reports on system performance.

• Invest in the integration of continuous feedback loops and audit mechanisms within the system design.

Practices

• Encourage a mixed-financing approach for DPI, leveraging both public funds and contributions from private sector partners, as seen with Belgium’s Itsme platform. Promote the adoption of a not-for-loss revenue model, like India’s Unified Payments Interface (UPI), where sustainability is achieved through low transaction fees or data services.

• As DPI systems form the basis of a society’s infrastructure, they should be accompanied by a sustainable financing model. Governments can take lead in the build phase, and local digital ecosystems or the private sector can participate in operations and maintenance.

Practices

• Require the creation of detailed documentation for key architecture components, balancing the need for transparency with protecting proprietary elements created by private sector participants.

• Allocate resources to develop user-friendly tools and platforms for generating and disseminating reports on system performance.

• Invest in the integration of continuous feedback loops and audit mechanisms within the system design.

Practices

• Encourage the establishment of a pooled fund, where donors, governments, and ecosystem participants contribute financial resources specifically earmarked for supporting community engagement.

• Provide direct funding to grassroots and community-based organizations that represent affected groups, empowering them to lead engagement efforts.

Practices

• Provide grants and funding to local organizations that offer digital literacy training, particularly in underserved communities.

• Fund the creation of educational materials (e.g., online courses, video tutorials, and printed guides) that cater to different literacy levels and are available in multiple languages.

Practices

• Utilize strategic litigation to address cases where the DPI fails vulnerable and marginalized communities, bringing these issues to public and legal attention.

• Provide counseling and support for affected and marginalized communities to document their experiences and challenges with the DPI.

• Set the agenda based on the work of civil society organizations by using documented cases and findings to advocate for changes in the DPI and influence policy discussions.

Practices

F5.1.1 Require informed consent before using personal data for secondary, unrelated purposes, unless legally mandated or authorized (e.g. when necessary and proportionate).

F5.1.2 Implement an administrative error correction process to increase speed and reduce costs, avoiding judicial procedures where possible.

Resources

Practices

• Start by funding pilot projects that demonstrate cross-sector applicability, such as India's DigiLocker, which began as a digital storage solution for government-issued documents and has since expanded to health, education, and financial services.

• Encourage collaboration among developers and stakeholders to refine and adapt these components, ensuring they meet the specific needs of diverse sectors while maintaining interoperability and reducing development costs.

Practices

• Conduct public campaigns for all population to educate on the available legal remedies.

• Monitor remedial mechanisms to ensure they are inclusive and effective.

Resources

Practices

• Launch public awareness campaigns to educate communities about the importance of data privacy and the potential risks associated with DPI. Use tools like social media, webinars, and public forums.

• Develop and distribute easy-to-understand guides and resources on data privacy best practices for the general public.

F4.1.1 Plan for and produce detailed documentation and ensure it is available for every architecture component, covering design, implementation, and decision-making processes.

F4.1.2 Create accessible platforms where this information can be easily retrieved by stakeholders, ensuring transparency.

F4.1.3 Implement a process for regularly updating and reviewing architectural documentation to reflect system changes and maintain accountability.

Practices for Government

• Engage collectives and civil society organizations in the design process to ensure that solutions are co-created with the input of those who will benefit from them.

• Regularly test prototypes with gender-diverse users to gather feedback on functionality and accessibility.

• Continuously refine and improve prototypes based on the results of usability testing and feedback sessions.

Practices for Technology Providers

• Offer ongoing training for designers and developers on gender-inclusive design principles to enhance their understanding and implementation of these practices.

• Collaborate with women’s organizations and civil society groups to support continuous improvement in gender-inclusive design.

• Actively work to identify and resolve any negative effects uncovered during social audits and assessments.

Practices

• Develop and implement design protocols that recognize and respect the diverse identities of ethnic, religious, gender and other minority groups, ensuring these identities are accurately represented in DPI systems.

• Incorporate specific design measures that ensure accessibility for persons living with disabilities, including features like screen readers, voice commands, and easy-to-navigate interfaces.

• Develop legal guarantees that ensure the recognition of diverse identities in official identity documents.

Resources

Practices for Government

• Create and maintain active platforms, including digital tools and online spaces, where diverse stakeholders are engaged in DPI projects.

• Implement capacity building programs to enhance stakeholders' understanding and effective participation.

• Ensure participation from all groups (CSO, Government, Technology providers, Regulators, minorities, etc..)

Practices for Advocates

• Advocate for and facilitate platforms where all stakeholders are engaged on DPI projects.

• Ensure participation from all groups (CSO, Government, Technology Providers, Regulators, minorities, etc..).

Practices for Government

• Identify and engage key ministries and partners, such as the Ministry of Telecoms/ICT, CSOs, Ministry of Social Development, Ministry of Health, and Ministry of Women, based on the specific infrastructure being developed.

• Recognize and communicate from the outset that this is a collective effort, fostering cross-ministerial collaboration and shared ownership of the safeguards and their implementation.

Practices for Donors

• Identify and engage key ministries and partners, such as the Ministry of Telecoms/ICT, CSOs, Ministry of Social Development, Ministry of Health, and Ministry of Women based on the specific infrastructure being developed.

• Recognize and communicate from the outset that this is a collective effort, fostering cross-ministerial collaboration and shared ownership of the safeguards and their implementation.

Practices for Government

• Evaluate a mixed-financing approach, incorporating both government funding and external financial vendors, similar to Belgium's Itsme platform, which combines public and private sector resources.

• Consider adopting a not-for-loss revenue model like India’s Unified Payments Interface (UPI), where transaction fees or data services sustain operations without prioritizing profit.

Practices for Donors

• Encourage a mixed-financing approach for DPI, leveraging both public funds and contributions from private sector partners, as seen with Belgium’s Itsme platform. Promote the adoption of a not-for-loss revenue model, like India’s UPI, where sustainability is achieved through low transaction fees or data services.

Practices

• Delineate liability and recourse mechanisms within the legal framework, ensuring that individuals have clear protections against inappropriate data access, undue surveillance, and unlawful profiling.

• Empower independent regulatory bodies with specific powers and consistent funding to oversee the enforcement of these legal frameworks, fostering public trust.

• Balance regulatory and self-regulatory models to promote innovation and investment without compromising legal protections or stifling competition.

• Establish legal and regulatory frameworks that ensure cross-border interoperability and mutual recognition of identification systems (and other DPI systems).

Resources

This page contains the practices for Process F4.1 for Principle F4 to mitigate risks R9

Practices

F4.1.1 Plan for and produce detailed documentation and ensure it is available for every architecture component, covering design, implementation, and decision-making processes.

F4.1.2 Create accessible platforms where this information can be easily retrieved by stakeholders, ensuring transparency.

F4.1.3 Implement a process for regularly updating and reviewing architectural documentation to reflect system changes and maintain accountability.

F4.1.4 DPI operators must provide frequent, comprehensive reports on system performance, usage statistics, incident responses, and any significant changes or updates. These reports should be easily accessible to the public and presented in a format understandable to non-technical audiences.

Practices

• Mandate that the specific purpose for data collection and exchange is clearly defined, documented and communicated to the data owners.

• Initiate special audits or surveys to understand the operators' feedback on the operation and the impact of purpose limitation clauses.

Resources

Practices for Regulators

• Create an independent oversight body with the authority to investigate complaints and ensure fair treatment.

• Implement accessible reporting channels and support services to assist individuals in filing grievances.

Practices for Advocates

• Develop toolkits and resources to help individuals understand and access these remedies, and create platforms for reporting and documenting issues.

• Facilitate workshops and training sessions to empower individuals and advocate for their rights.

• Build alliances with legal experts to provide pro bono assistance and amplify voices calling for justice and accountability.

Practices

F8.1.1 Ensure DPI systems clearly display the responsible public authority and contact information for complaints and inquiries, especially when serviced by third-party providers.

F8.1.2 Advocate for the integration of secure grievance and redress mechanisms into DPI systems.

F8.1.3 Support initiatives that provide legal aid to help individuals navigate the redress process.

F8.1.4 Promote the need for independent judicial oversight.

Practices

F3.1.1 Establish physical locations to ensure accessibility in underserved areas.

F3.1.2 Train staff to provide consistent and respectful service, with language support and feedback mechanisms.

F3.1.3 Implement legal protections to access essential services and participate

Practices

• Engage in active advocacy for the inclusion of environmental impact assessments in DPI projects by organizing awareness campaigns and public forums.

• Collaborate with environmental experts to create guidelines that highlight the importance of aligning with NDCs and promoting carbon neutrality.

• Monitor and report on the adoption of green technologies and practices within DPI initiatives, and use this data to lobby for stronger regulations and incentives for sustainable practices.

This page explains the practices for the Process F6.1 and Principle F6 to minimize the risks R13

Practices

F6.1.1 Ensure all communications about data usage are clear, concise, and can be easily understood by non-technical audiences. Mandate sample and demonstrative tools for open and granular consent.

Practices

• Implement independent monitoring of DPI to ensure efficiency, transparency and compliance with applicable laws, while identifying issues such as exclusion, misuse, or system failures.

• Establish mechanisms for rapid, low-cost reviews of disputes related to DPI and personal data by independent administrative and judicial authorities. These authorities should have the power to provide suitable redress without adding barriers for individuals seeking resolution.

Resources

Practices

O6.1.1 Design systems to manage different language.

Practice

• Conduct baseline studies and contextual analyses to assess the feasibility, benefits and risks of DPI in specific settings.

• Compare DPI with alternative policy options, considering factors like inclusivity, scalability, cost-effectiveness, and potential for unintended consequences.

• Engage stakeholders, including civil society, industry experts and end-users in the evaluation process to gather diverse perspectives.

This page dives into practices for Process F9.1 and Principle F9 to mitigate risks R

Practices

F9.1.1 Example: For carbon neutrality, reference to NDC can be made.