Liv Marte Nordhaug

Lucy Harris
Digital Public Goods Alliance

• Digital public goods are types of open-source software, models and standards that countries can use to operationalise their digital public infrastructure (e.g. payment and data exchange systems).

• While proprietary solutions dominate digital public infrastructure, concerns over contractual lock‑ins and lack of interoperability have led countries to turn to open-source solutions.

• Governments can adapt digital public goods with technical and financial support from development co-operation partners, and can contract support from the private sector where appropriate.

• Development partners can contribute by focusing on underlying challenges like co-ordinating multilateral efforts, improving public procurement, supporting financial and project continuity, and breaking down silos to enable co-development.

Digital public infrastructure (DPI) refers to platforms such as identification (ID), payment and data exchange systems that help countries deliver vital services to their people. Digital public goods (DPGs) are open‑source software, open data, AI models, standards and content that make DPI an operational reality (UN Secretary-General, 2020[1]). DPG’s open format can be freely adopted and adapted, offering countries cost savings and digital sovereignty – control over technology and data – in building out their DPI. Digital sovereignty maintains countries’ flexibility in decision making and unencumbers their efforts towards the Sustainable Development Goals (SDGs). The effects are reshaping traditional models for development co‑operation.

The COVID-19 pandemic showed how the presence of good DPI influenced countries’ responses. The pandemic also highlighted the need for comprehensive and co-ordinated support for reforms to public procurement frameworks, and for technical assistance, long-term capacity-building and sustainable funding for digital solutions. These are key to realising the transformative potential of digital sovereignty.

Digital sovereignty is the power and authority of a national government to make free decisions affecting citizens and businesses within the digital domain – covering data, software, standards and protocols, infrastructure, and public services (Gawen et al., 2021[2]). National-level digital technologies are often provided by private-sector companies with the ability to answer high volume, global requests with round-the-clock assistance, meet international quality standards, and build to scale resulting in savings on technology and software licenses (ID4D, 2020[3]; Burt, 2018[4]). This lets these companies influence the design, use and contractual obligations of systems, including the ability to discontinue or modify their product unilaterally (Behrends et al., 2021[5]), thereby threatening digital sovereignty and entrenching technological power imbalances.

Digital sovereignty is a growing priority for countries everywhere. Germany, Denmark, Estonia and Finland, are leading the call for the EU to become digitally independent (Fleming, 2021[6]). According to a survey by ID4Africa in 2018, vendor lock-in is the largest concern among national identity authorities in Africa (Burt, 2018[4]). Vendor lock-in can include: being locked into long-term contracts with limited flexibility and large, sometimes unexpected fees; proprietary knowledge for IT system operation and expansion (Sjoerdstra, 2016[7]) limiting data sovereignty by outsourcing the collection, use and storage of citizen data to foreign vendors; lack of customisation to local context; inability to integrate citizens into governance and decision making; and centralising the market around only a few companies (Behrends et al., 2021[5]).

Increased digital sovereignty also increases oversight as digital tools host and exchange increasingly sensitive and private information. US-owned servers store an estimated 92% of the West’s data, making it difficult for citizens of other countries to exercise individual recourse or achieve digital sovereignty (Fleming, 2021[6]). While a country need not store all its own data to be digitally sovereign, access to and control over that data is important. For example, Estonia created the world’s first ‘data embassy’ in Luxembourg, where they created a backup of their national data servers, addressing both data storage needs and the desire for digital sovereignty (e-Estonia, 2017[8]).

Low- and middle-income countries have less capacity and fewer resources to negotiate contracts around the implementation of proprietary technologies, making the challenge of digital sovereignty particularly acute. Furthermore, digitalisation initiatives are often driven by international development donors and donor-funded organisations. This approach results in silos, fragmentation and duplication as support is sector-specific, with relatively short-term funding, and underemphasises interoperability between technologies. For example, ID systems that are not interoperable deprive countries of the benefits from verification and data sharing between sectors (OECD, 2019[9]). Collectively, these shortcomings hamper the ability of governments to build out holistic DPIs that can evolve to meet future needs. They also hinder building out local vendor ecosystems around and on top of these platforms.

Low- and middle-income countries have less capacity and fewer resources to negotiate contracts around the implementation of proprietary technologies, making the challenge of digital sovereignty particularly acute.

However, a role remains for private enterprise in the need for systems integration, maintenance services, infrastructure such as cloud and data-centre services, and cybersecurity. Thus, rather than a model where proprietary vendors control the core, governments can adopt open-source technologies, control their platforms and ensure they are interoperable, and enable a more vibrant and diverse commercial ecosystem to be built on top.

DPGs are a subset of open-source technologies, which people can modify and share because their programming is publicly accessible (Opensource, n.d.[10]). Open-source technologies enable digital sovereignty and cultivate trust in technology through openness, direct involvement and preserving entities’ autonomy.

This allows countries to iterate for future needs and bring down costs over the long-term (Gawen et al., 2021[2]). Many municipalities in Brazil switched to open-source software in the early 2000s because “estimates at the time concluded that across the country, nearly USD 200 million per year was spent on licensing fees to Microsoft alone and, by switching, USD 120 million could be saved.” (Blind and Böhm, 2021[11]). In India, switching primary and secondary schools’ digital solutions to open-source software reduced costs by USD 1.3 billion (Blind and Böhm, 2021[11]).

Trust in technology is particularly pertinent for solutions that involve sensitive information, as in the case of digital public infrastructure. Over 70% of African identity authorities report wanting increased oversight of their own ID data (Burt, 2018[4]). Similarly, the Philippines implemented open-source options when building their GovStack.

Open source leaves the door open for solutions to be added, which reduces time and financial costs of scaling (Mukherjee and Maruwada, 2021[12]). Use and recognition of open source’s value have grown to where nearly all software has some open-source component. Open-source codebases are the majority in core sectors including FinTech (69%), HealthTech (82%) and EdTech (82%) (Synopsys, 2021[13]). These form part of a rising tide of open-source components in app development, which grew by 628% between 2014 and 2020 (Synopsys, 2021[13]). shows the growth between 2010 and 2020 of repositories on GitHub, a provider of Internet hosting for open-source software development.

Digital public goods can be freely adopted and adapted by governments and other users. Adapting DPGs that were successfully implemented at scale in other countries can save resources and enable faster piloting and roll-out. District Health Information Software version 2 (DHIS2) was first used in South Africa and became a global open-source project co-ordinated by the Health Information Systems Programme (HISP) at the University of Oslo. More than 73 countries use it to support the generation and analysis of national and regional health data. Implementing this solution at scale allows for training and resources to be utilised in other regions, while the DPG remains customisable to the local context.

Open-source licensing of DPGs means that their code base can be independently scrutinised and audited. This facilitates accountability and public discourse around issues such as incorporating best practices and designing DPGs with the aim of doing no harm. All DPGs are verified against the best-practice and do-no-harm by design indicators embedded in the DPG Standard stewarded by the Digital Public Goods Alliance (Digital Public Goods Alliance, 2021[15]). This can help identify shortcomings to address before a technology is adopted more widely.

Finally, DPGs allow interoperability for systems and digital solutions to function together regardless of their origin (Box 26.1). The European Union, a world leader in interoperable government systems, recognised the importance of this issue: “In 2004, the Pan-European eGovernment Programme (IDABC) in DG DIGIT issued their European Interoperability Framework (EIF 1.0) with a strict minimum definition of open standards and mandated their use in pan-European eGovernment services.” (Almeida, Oliveira and Cruz, 2011[16]) A 2019 study found that France’s Circulaire 5608 guidelines on the use of free software by the French administration created a 9-18% yearly increase in the number of IT-related start-ups as entrepreneurs built on top of open-source solutions (Blind and Böhm, 2021[11]).

The advent and dissemination of DPGs for government services may usher in a new paradigm for international development based on co-operation and co-development rather than traditional donor‑recipient models.

India stands out in this space for its IndiaStack (n.d.[18]) digital public infrastructure and an increasing number of DPGs, like the Digital Infrastructure for Vaccination Open Credentialing (eGov Foundation, n.d.[19])and the Modular and Open Source Identity Platform,1 now also being implemented by other countries. Likewise, Estonia leads the world in digital government and service provision – during the pandemic, 99% of government services in Estonia remained available online (Silaškova and Takahashi, 2020[20]) – and is a central partner in international initiatives like GovStack (GovStack, n.d.[21]), which aim to accelerate the digital transformation of government services.

Further examples question old assumptions about capacity in developing countries. Togo introduced a cash-transfer program leveraging its election database to deliver emergency relief payments to workers in the informal economy impacted by lockdown measures (The Rockefeller Foundation, 2021[22]). In contrast, insufficient, non-interoperable or outdated DPI in some developed countries limited their ability to respond to the pandemic. In the United States, fewer than 60% of eligible adults living below the poverty line received emergency cash transfers within one month of their disbursement (The Rockefeller Foundation, 2021[22]).

These examples signal a shift in the development co-operation status quo, with countries driving their own digitisation solutions to strengthen the public sector (known as GovTech). From 2014 to 2021, over 80 countries launched GovTech initiatives to modernise and digitise public services. Of these, approximately 50 are low- or middle-income (Dener et al., 2021[23]). For example, Sierra Leone’sNational Innovation and Digital Strategy (DSTI, n.d.[24]) seeks to ensure that institutions, markets, citizens and the government consider open-source technologies as an opportunity to digitise inclusively by bringing together regulators, learners and innovators. With partners, Sierra Leone also developedOpenG2P (n.d.[25]), a DPG that facilitates large-scale cash transfers.

From 2014 to 2021, over 80 countries launched GovTech initiatives to modernise and digitise public services. Of these, approximately 50 are low- or middle-income.

The trend will likely accelerate as more countries implement DPGs and share their experiences and technologies. Following Sierra Leone’s example, Ethiopia (Bankless Times staff, 2021[26]), Guinea (The World Bank, 2015[27]), East Timor (Government of the Timor-Leste, 2019[28]) and others show interest in collaborative investment and implementation of DPGs, for reasons ranging from greater country ownership to growing the local IT sector.

This new form of international digital development confirms the potential for a new development co-operation paradigm to supersede existing patterns of ‘donor’ and ‘recipient’ for one based more on openness and co-development. Despite the opportunities that implementing DPGs brings to facilitate community building, knowledge sharing and training across boundaries, challenges remain. There are hurdles in terms of project and financial sustainability, and continuity of service. DPGs require support throughout the lifecycle of the technology, from development to implementation, governance, maintenance and oversight (Behrends et al., 2021[5]). This requires a global approach to mobilising resources, and co‑ordination to unlock the potential of DPGs.

Therefore, efforts are underway in the bilateral and philanthropic donor community to redefine collaboration and support DPGs. For example, in August 2021, The Rockefeller Foundation partnered with the Norwegian Ministry of Foreign Affairs and the Digital Public Goods Alliance, and convened government representatives and philanthropist leaders to highlight the elements needed for stronger international co-operation to support DPGs. These elements include ensuring that government policies and procurement practices are conducive to open-source adoption, using co-development models to ensure cross-sectoral collaboration between public, private and academic institutions, mobilising more financing, and busting silos to disrupt the current approaches to development support (The Rockefeller Foundation, 2021[22]).

[16] Almeida, F., J. Oliveira and J. Cruz (2011), “OPEN STANDARDS AND OPEN SOURCE: ENABLING INTEROPERABILITY”, International Journal of Software Engineering & Applications (IJSEA), Vol. 2/1, http://dx.doi.org/10.5121/ijsea.2011.2101.

[26] Bankless Times staff (2021), “Ethiopia to Use IOHK Technology to Create ID, Recording Systems for Education”, Bankless Times, https://www.banklesstimes.com/2021/04/27/ethiopia-to-use-iohk-technology-to-create-id-recording-systems-for-education/ (accessed on 18 November 2021).

[5] Behrends, J. et al. (2021), “Digital Public Goods: Guidance for Development, Governance, and Stewardship”, https://ethics.harvard.edu/files/center-for-ethics/files/dpg_guidance_v2.pdf?m=1630420782 (accessed on 18 November 2021).

[11] Blind, K. and M. Böhm (2021), The Impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy, Final Study Report, European Commission, Brussels, https://digital-strategy.ec.europa.eu/en/library/study-about-impact-open-source-software-and-hardware-technological-independence-competitiveness-and (accessed on 18 November 2021).

[4] Burt, C. (2018), “Vendor lock-in hindering African identity projects”, Biometric Update, https://www.biometricupdate.com/201806/vendor-lock-in-hindering-african-identity-projects (accessed on 18 November 2021).

[23] Dener, C. et al. (2021), GovTech Maturity Index: The State of Public Sector Digital Transfromation,, World Bank Group, Washington, SC, http://dx.doi.org/10.1596/978-1-4648-1765-6.

[15] Digital Public Goods Alliance (2021), Digital Public Goods Standard website, https://digitalpublicgoods.net/standard/ (accessed on 18 November 2021).

[24] DSTI (n.d.), “Sierra Leone National Innovation & Digital Strategy (2019 – 2029)”, Government of Sierra Leone Directorate of Science, Technology and Innovtion, Freetown, https://www.dsti.gov.sl/sierra-leone-national-innovation-digital-strategy-2019-2029/ (accessed on 18 November 2021).

[8] e-Estonia (2017), “Estonia to open the world’s first data embassy in Luxembourg ”, e-Estonia, https://e-estonia.com/estonia-to-open-the-worlds-first-data-embassy-in-luxembourg/ (accessed on 18 November 2021).

[19] eGov Foundation (n.d.), Digital Infrastructure for Vaccination Open Credentialing website, https://divoc.egov.org.in/ (accessed on 18 November 2021).

[6] Fleming, S. (2021), Who owns data and who controls it?, https://www.weforum.org/agenda/2021/03/europe-digital-sovereignty/ (accessed on 18 November 2021).

[2] Gawen, E. et al. (2021), Open source in government: creating the conditions for success, Public Digital,London, https://public.digital/research (accessed on 18 November 2021).

[14] GitHub (2020), “The Rise of GitHub”, GitHub website, https://github.com/bugout-dev/mirror/blob/master/notebooks/rise-of-github.ipynb (accessed on 18 November 2021).

[28] Government of the Timor-Leste (2019), Unique Identity System:Strategic plan (2021 to 2025), Vol. I: Trusted digital identities to unlock services for all, http://idu.gov.tl/strategic-plan/.

[21] GovStack (n.d.), GovStack website, https://www.govstack.global/ (accessed on 18 November 2021).

[3] ID4D (2020), Open Source for Global Public Goods, World Bank Group, Washington, DC, https://documents1.worldbank.org/curated/en/672901582561140400/pdf/Open-Source-for-Global-Public-Goods.pdf (accessed on 18 November 2021).

[18] Indiastack (n.d.), IndiaStack website, https://www.indiastack.org/ (accessed on 18 November 2021).

[12] Mukherjee, A. and S. Maruwada (2021), “Fast-Tracking Development: A Building Blocks Approach for Digital Public Goods”, Center For Global Development, https://www.cgdev.org/publication/fast-tracking-development-building-blocks-approach-digital-public-goods (accessed on 18 November 2021).

[9] OECD (2019), Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies, OECD Publishing, Paris, https://dx.doi.org/10.1787/276aaca8-en.

[25] OpenG2P (n.d.), A digital public good digitizing large scale cash transfers with open source building blocks, https://openg2p.org/ (accessed on 18 November 2021).

[10] Opensource (n.d.), “What is open source software?”, Opensource website, https://opensource.com/resources/what-open-source (accessed on 18 November 2021).

[17] Philippines Department of Health (2021), VaxCertPH website, https://vaxcert.doh.gov.ph/ (accessed on 18 November 2021).

[20] Silaškova, J. and M. Takahashi (2020), ““Estonia build one of the world’s most advanced digital societies, During COVID-19, taht became a lifeline”, World Economic Forum website, https://www.weforum.org/agenda/2020/07/estonia-advanced-digital-society-here-s-how-that-helped-it-during-covid-19/ (accessed on 18 November 2021).

[7] Sjoerdstra, B. (2016), Dealing with Vendor Lock-in, https://essay.utwente.nl/70153/1/Sjoerdstra_BA_BMS.pdf (accessed on 3 December 2021).

[13] Synopsys (2021), 2021 Open Source Security and Analysis Report, Synopsys, Inc., Mountainview, CA, https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html (accessed on 18 November 2021).

[22] The Rockefeller Foundation (2021), Co-Develop Digital Public Infrastructure for an Equitable Recovery, The Rockefeller Foundation, New York, https://www.rockefellerfoundation.org/wp-content/uploads/2021/08/Co-Develop-Digital-Public-Infrastructure-for-an-Equitable-Recovery-Full-Report.pdf (accessed on 18 November 2021).

[27] The World Bank (2015), Guinea Implements a Biometric Identification System to Conduct a Census of Civil Servants, Who We Are website, https://www.worldbank.org/en/news/feature/2015/02/03/guinea-implements-a-biometric-identification-system-to-conduct-a-census-of-civil-servants (accessed on 18 November 2021).

[1] UN Secretary-General (2020), Road map for digital cooperation: implementation of the recommendations of the High-level Panel on Digital Cooperation, United Nations, New York, https://undocs.org/A/74/821 (accessed on 18 November 2021).