Typical DPI-related roles and responsibilities of 'Government' include:

• overall governance: from policymaking to public service delivery

• creating policies to set development goals

• guiding inclusive digitalization

• providing budgetary support for development purposes and DPI development

• providing proof of progress to constituents

• listening to feedback and improving legislative, executive and judicial administration

Click Next to explore the process recommendations in the

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

A functional group of stakeholders with assigned or assumed roles, responsibilities, and accountability for effective implementation and evolution of DPI safeguards.

Click on a Responsible Authority below to learn more about actionable processes and practices.

The Universal DPI Safeguards Framework can be accessed through an interactive knowledge library or this DPI Safeguards Resource Hub.

Guidance to the..

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI lifecycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click .

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click .

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click .

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click

Click on any process listed below to learn about illustrative practices that can be implemented.

Harms to individuals may not be immediately obvious. A human rights-based framework should be integrated throughout the DPI life cycle to anticipate, assess, and effectively mitigate any potential human rights harms and power differentials.

All stages of the DPI life cycle should centre on the needs and interests of individuals and communities at risk. They should participate at critical junctures and provide feedback actively in an environment of transparency and trust.

Ensure that everyone (especially indigenous communities with sui generis rights), on their own or with assistance, can take control of their data, promote their agency, exercise choice, and contribute to their society’s well-being.

Inculcating foresight is key to anticipating and limiting long term and inter-generational harms. For example, mitigating the environmental impact with a net-zero strategy or minimizing resource needs with reuse of software.

To know more about this phase of the DPI life cycle - Click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle, click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle - Click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle - Click here

Click on any process listed below to learn about illustrative practices that can be implemented.

To know more about this phase of the DPI life cycle - Click here

Click on any process listed below to learn about illustrative practices that can be implemented.

Typical DPI-related roles and responsibilities of 'Regulators' include:

• setting appropriate and effective guardrails

• supervising and enforcing laws and regulations

Click Next to explore the process recommendations in the

Typical DPI-related roles and responsibilities of 'Technology Providers' include:

• providing a focal point for technical work, risk identification and mitigation strategies

• having influence over and advising on actual implementation through to maintenance and support of DPI

Click Next to explore the process recommendations in the

Typical DPI-related roles and responsibilities of 'Donors' include:

• providing funding and financial support

• seeking proof of progress to meet development outcomes

Click Next to explore the process recommendations in the

Typical DPI-related roles and responsibilities of 'Advocates' include:

• driving advocacy for DPI safeguards

• working to uphold human rights

• representing the interests of the marginalized and diverse sections of the society

• providing innovative ideas to make DPI more inclusive

• highlighting incongruence with existing laws and regulations

Click Next to explore Safeguards Processes in the stage of the DPI Lifecycle.

To know more about this phase of the DPI life cycle, click here.

Click on any process listed below to learn about illustrative practices that can be implemented.

The building blocks for safe and inclusive DPI:

• F1. Do no harm

• F2. Do not discriminate

• F3. Do not exclude

• Have strong and transparent security standards in place, ensure they are well communicated in procurements, and receive confirmation that they are addressed by service providers.

Not all individuals experience DPI in the same way, and some continue to face barriers and challenges related to their access or use. DPI should not exacerbate existing challenges or introduce new barriers and inequalities.

Complaint response and redress mechanisms, avenues for appeal without reprisal, supported by robust administrative and judicial review, should be accessible to all in a transparent and equitable manner during service delivery.

• DPI should foster an increasingly inclusive environment for public and private innovation such that market players compete and introduce diverse solutions that cater to the emerging needs of all participants in society.

• DPI should share and reuse open protocols, specifications, Digital Public Goods (DPGs) and other building blocks. This enhances flexibility and assures that proprietary systems do not limit the ability to improve safety and inclusion.

Practices

• Advocate for pricing models that ensure DPI accessibility, drawing inspiration from the West African Economic and Monetary Union (WAEMU) to reduce transaction costs across 60 different payment types.

• Encourage governments to enforce subsidies, similar to India's model where citizens with digital identities and accounts receive government support, allowing the poorest individuals to access DPI services at no cost.

• Support technical assistance to implement affordability models effectively.

• DPI should embed technical rules that enforce core privacy principles (e.g. data minimization, provisions to delink, and the ability to limit observability by purpose and time) and governments should enact legal safeguards around them.

Practices

• Require the creation of detailed documentation for every architecture component.

• Allocate resources to develop user-friendly tools and platforms for generating and disseminating reports on system performance.

• Invest in the integration of continuous feedback loops and audit mechanisms within the system design.

Principles are core propositions that form the foundation of a flexible, universal framework that guides the effective functioning of a DPI. The purpose of DPI is to maximize participation, agency and trust for all individuals. This implies that the risks described in the previous sections need to be mitigated, and residual risks need to be managed in the context of each country’s sociopolitical environment. To achieve this, all responsible authorities should be guided by a set of principles to ensure trust and coordinated responses throughout the DPI life cycle. These principles form a common language that helps to build mutual understanding and support ongoing cooperation.

The principles listed in the Framework are shaped by various research methods, including consultations with diverse stakeholders, a review of secondary resources, case study analysis and discussions with country-based implementers. As the DPI landscape evolves, these principles should be periodically reviewed and updated.

The principles are divided into two categories: (1) foundational and (2) operational. The former refers to principles that should serve as the basis for any DPI, while the latter refers to principles that come into play at an operational level and may vary across contexts.

All individuals should have a choice of channels (digital/non-digital) to access and benefit from services enabled by DPI based on their individual capacity and resources. Access should not be limiting, conditional or mandatory — explicitly or in practice.

DPI should be developed with democratic participation, have public oversight, promote fair market competition and avoid vendor lock-in. All partnerships should be transparent, accountable and publicly governed.

All individuals, regardless of intersecting identities, should have unbiased access and equal opportunity. Risks due to the circumstances of all vulnerable communities, historically marginalized groups and those who opt-out should be mitigated.

• Independent, transparent and continuous assessments (such as human rights due diligence and data protection) should engage with people, review evidence and rapidly cease or initiate activities that contain heightened risks or harms.

DPI should be introduced with a clear legal basis, with required legal and regulatory aspects embedded into its design, supported with capacity for sector specific tailoring (such as health), implementation, oversight and regulation by law.

Long-term effectiveness of DPI is contingent upon a robust legal, regulatory and institutional framework that promotes transparent and participatory governance focused on safety and inclusion.

Conception & Scoping (L1)

The scoping stage of the DPI life cycle is crucial as it establishes the purpose, goals, constraints, and boundaries of a DPI. This then guides subsequent decision-making and ensures alignment with strategic and operational objectives as well as people’s needs.

Strategy and Design (L2)

At this stage, a comprehensive plan is formulated and the DPI design is conceptualized in order to translate objectives into actionable steps that meet functional and performance objectives. The most appropriate standards, designs, safeguards and implementable steps are thought of at this stage.

Development (L3)

In the development stage, a prototype DPI is built according to defined specifications, ensuring functionality, reliability, and scalability.

Deployment and Transformation (L4)

At this stage, the DPI is implemented in its operational environment, and any necessary organizational changes are made to maximize its impact and adoption.

Operations and Maintenance (L5)

Once DPI is commissioned, it is expected that individuals regularly interact with its services, and that government agencies rely on its systems for their operations.

Practices

• Require the creation of detailed documentation for key architecture components, balancing the need for transparency with protecting proprietary elements created by private sector participants.

• Allocate resources to develop user-friendly tools and platforms for generating and disseminating reports on system performance.

• Invest in the integration of continuous feedback loops and audit mechanisms within the system design.

Practices

• Conduct public campaigns for all population to educate on the available legal remedies.

• Monitor remedial mechanisms to ensure they are inclusive and effective.

Resources

Practices

• Utilize strategic litigation to address cases where the DPI fails vulnerable and marginalized communities, bringing these issues to public and legal attention.

• Provide counseling and support for affected and marginalized communities to document their experiences and challenges with the DPI.

• Set the agenda based on the work of civil society organizations by using documented cases and findings to advocate for changes in the DPI and influence policy discussions.

Practices for Government

• Engage collectives and civil society organizations in the design process to ensure that solutions are co-created with the input of those who will benefit from them.

• Regularly test prototypes with gender-diverse users to gather feedback on functionality and accessibility.

• Continuously refine and improve prototypes based on the results of usability testing and feedback sessions.

Practices for Technology Providers

• Offer ongoing training for designers and developers on gender-inclusive design principles to enhance their understanding and implementation of these practices.

• Collaborate with women’s organizations and civil society groups to support continuous improvement in gender-inclusive design.

• Actively work to identify and resolve any negative effects uncovered during social audits and assessments.

Practices

• Delineate liability and recourse mechanisms within the legal framework, ensuring that individuals have clear protections against inappropriate data access, undue surveillance, and unlawful profiling.

• Empower independent regulatory bodies with specific powers and consistent funding to oversee the enforcement of these legal frameworks, fostering public trust.

• Balance regulatory and self-regulatory models to promote innovation and investment without compromising legal protections or stifling competition.

Resources

Practices

• Mandate that the specific purpose for data collection and exchange is clearly defined, documented and communicated to the data owners.

• Initiate special audits or surveys to understand the operators' feedback on the operation and the impact of purpose limitation clauses.

Resources

F4.1.1 Plan for and produce detailed documentation and ensure it is available for every architecture component, covering design, implementation, and decision-making processes.

F4.1.2 Create accessible platforms where this information can be easily retrieved by stakeholders, ensuring transparency.

F4.1.3 Implement a process for regularly updating and reviewing architectural documentation to reflect system changes and maintain accountability.

Practices for Government

• Create and maintain active platforms, including digital tools and online spaces, where diverse stakeholders are engaged in DPI projects.

• Implement capacity building programs to enhance stakeholders' understanding and effective participation.

• Ensure participation from all groups (CSO, Government, Technology providers, Regulators, minorities, etc..)

Practices for Advocates

• Advocate for and facilitate platforms where all stakeholders are engaged on DPI projects.

• Ensure participation from all groups (CSO, Government, Technology Providers, Regulators, minorities, etc..).

Practices for Government

• Evaluate a mixed-financing approach, incorporating both government funding and external financial vendors, similar to Belgium's Itsme platform, which combines public and private sector resources.

• Consider adopting a not-for-loss revenue model like India’s Unified Payments Interface (UPI), where transaction fees or data services sustain operations without prioritizing profit.

Practices for Donors

• Encourage a mixed-financing approach for DPI, leveraging both public funds and contributions from private sector partners, as seen with Belgium’s Itsme platform. Promote the adoption of a not-for-loss revenue model, like India’s UPI, where sustainability is achieved through low transaction fees or data services.

This page explains the practices for the Process F6.1 and Principle F6 to minimize the risks R13

Practices

F6.1.1 Ensure all communications about data usage are clear, concise, and can be easily understood by non-technical audiences. Mandate sample and demonstrative tools for open and granular consent.

Practices

O6.1.1 Design systems to manage different language.

Practices

• Engage in active advocacy for the inclusion of environmental impact assessments in DPI projects by organizing awareness campaigns and public forums.

• Collaborate with environmental experts to create guidelines that highlight the importance of aligning with NDCs and promoting carbon neutrality.

• Monitor and report on the adoption of green technologies and practices within DPI initiatives, and use this data to lobby for stronger regulations and incentives for sustainable practices.

Practice

• Incorporate detailed provisions within the legal framework that specify permissible data collection, usage, and sharing practices, to name a few, particularly focusing on data protection, privacy, and user rights.

• Issue practice directions for the review of security services’ requests for data access, stipulating minimum evidentiary requirements for such approvals, which must be granted by properly constituted courts with requisite knowledge of the subject matter.

• Assess the legal framework regularly.

Practices

• Conduct data protection impact assessments (DPIAs) using frameworks like GDPR or OECD guidelines to identify and mitigate privacy risks before DPI implementation.

• Hold public consultations on DPIA findings, involving stakeholders such as civil society, the private sector, and affected communities to gather feedback and build consensus.

• Publish the DPIA results and ensure transparency by creating public reports.

Resources

Practices

• Deploy a legal cybersecurity framework that governs DPI and identify critical infrastructure needs.

• Design effective safeguards against unauthorized access, tampering (alteration or other unauthorized changes to data or credentials), identity theft, misuse of data, cybercrime, and other threats occurring throughout the DPI life cycle.

Resources

This page contains the practices for for to mitigate

• As DPI systems form the basis of a society’s infrastructure, they should be accompanied by a sustainable financing model. Governments can take lead in the build phase, and local digital ecosystems or the private sector can participate in operations and maintenance.

Practices

• Provide grants and funding to local organizations that offer digital literacy training, particularly in underserved communities.

• Fund the creation of educational materials (e.g., online courses, video tutorials, and printed guides) that cater to different literacy levels and are available in multiple languages.

Driving continuous trust and adaptation:

O1. Leverage market dynamics

O2. Evolve with evidence

03. Ensure data privacy by design

O4. Assure data security by design

05. Ensure data protection during use

O6. Respond to gender , ability or age

O7. Practice inclusive governance

Practices

• Start by funding pilot projects that demonstrate cross-sector applicability, such as India's DigiLocker, which began as a digital storage solution for government-issued documents and has since expanded to health, education, and financial services.

• Encourage collaboration among developers and stakeholders to refine and adapt these components, ensuring they meet the specific needs of diverse sectors while maintaining interoperability and reducing development costs.

Practices

• Require the creation of detailed documentation for key architecture components, balancing the need for transparency with protecting proprietary elements created by private sector participants.

• Allocate resources to develop user-friendly tools and platforms for generating and disseminating reports on system performance.

• Invest in the integration of continuous feedback loops and audit mechanisms within the system design.

Practices

F3.1.1 Establish physical locations to ensure accessibility in underserved areas.

F3.1.2 Train staff to provide consistent and respectful service, with language support and feedback mechanisms.

F3.1.3 Implement legal protections to access essential services and participate

This page dives into practices for Process F9.1 and Principle F9 to mitigate risks R

Practices

F9.1.1 Example: For carbon neutrality, reference to NDC can be made.