News & Events

Six ways countries are implementing safe, inclusive, and interoperable DPI with open source

Countries worldwide are building and strengthening their digital foundations to help improve public and private service delivery. In a recent roundtable discussion convened by the Digital Public Goods Alliance as part of the 50-in-5 campaign, participating country representatives came together to share best practices and insights on why they are increasingly turning to open-source and digital public goods to build their digital public infrastructure.

Author: Jon Lloyd, Director of 50-in-5 and Advocacy, Digital Public Goods Alliance Secretariat

The 50-in-5 campaign recognizes that countries often face similar challenges when developing their digital public infrastructure (DPI). As more countries initiate essential processes to establish fundamental DPI components—such as ID systems, payment platforms, and secure data exchanges—they frequently encounter similar obstacles. The campaign aims to ensure that these countries can learn from each other’s experiences and work together to overcome challenges.

For many countries, procurements of the digital components needed for their DPI have resulted in costly vendor lock-ins with rigid, long term contracts for solutions that are not interoperable, and that do not meet their needs. And while the financial cost of these vendor lock-ins has often gained the most attention, the price paid in terms of lost opportunities and loss of digital sovereignty is much higher.

Recently there has therefore been a sharp increase in the number of countries adopting digital public goods and other open-source technologies to build their DPI. By using digital public goods, countries have the opportunity to freely adopt and adapt technologies that have already been successfully deployed as DPI by other countries. 

While open-source can be freely adopted, it doesn’t mean that these adoption processes do not cost money. Digital public goods have to be adapted to meet contextual needs, and must thereafter be maintained and evolved over time to also meet future needs. This requires substantial skills and capacity. 

Here are six key takeaways shared by countries in our recent roundtable that can help foster the successful adoption of digital public goods for DPI and should matter to anyone interested in digital and international development:

1. Countries are debunking the myth that they don’t have in-house digital capacity

In fact, many 50-in-5 countries – at all income levels – are taking unique approaches that will allow them to maintain their core DPI. Here, we highlight a few examples:

  • Cambodia has created a dedicated internal team that supports the maintenance of all their open-source systems. Doing so allows them to provide ongoing support and maintenance while ensuring a security lens is always being applied.
  • In Ethiopia, as part of their digital transformation efforts, standard discussions are held to identify early on in a project what to do in house (building, adopting) versus what systems to procure. Developing strong in-house developer capabilities have helped ensure long-term sustainability and flexibility in evolving core DPI functionalities.
  • Estonia established the Nordic Institute for Interoperability Solutions (NIIS) in 2017 together with Finland to develop and strategically manage X-Road and other digital government solutions of joint interest. Since then, Iceland has also become a NIIS member.Ukraine, the Faroe Islands, and the Government of Åland are partners of NIIS.

2. It’s essential to take the time to to distinguish between foundational DPI and other systems when determining priorities

What a country defines as foundational DPI is context-specific. Countries should decide their DPI needs and define their most foundational DPI components based on their specific context and priorities.

  • A best practice shared is to never outsource the design and architecting process for foundational DPI. For example, countries have hired consultants to define and build core functionalities over several years. However, once the consultants left, the government teams struggled to manage and maintain the infrastructure they inherited, which makes it difficult to further evolve components. Learning from this experience, some countries have made sure to prioritise future interoperability and build in-house maintenance capacity in their subsequent plans.
  • Similarly, when building system architecture it is imperative to use open protocols. Doing so will ensure more flexibility to meet future needs.

3. Foster a culture of skills through open source

Implementing open-source is not only about technology. It’s about building a culture of skills and capabilities. A few ways countries are putting this into practice include:

  • By requiring the adoption of open source solutions where possible, countries have seen a cultural shift from only procuring proprietary tools, into in-house capacity and skills development to implement and maintain open-source solutions.
  • Cambodia is now exporting its document verification system, verify.gov.kh, within the region, their in-house capacity allows them more flexibility and they can work as a team within the region to support, enhance, and help maintain the system.

4. Build procurement policies and processes that can adapt to the needs of digital technology implementation

The reality is procurement processes that are designed for buying physical items do not lend themselves well to DPI implementation. For a start, it is impossible to fully specify your full long-term needs upfront. Furthermore, building DPI is normally not about purchasing a single system or program. Instead it typically involves integrating new components with existing solutions, while ensuring that the DPI can be further evolved with additional functionalities as new needs become clear. Piloting available open-source solutions can help countries try out approaches and refine needs. If the OS is seen as fit for purpose, they can then procure relevant integration and maintenance services.

  • A strong procurement policy starts with a strong vision and understanding of your initial needs. 
  • At times, traditional procurements may not even be needed – for example, some countries are building procurement frameworks that allow them to customise available digital public goods. Adopting systems that are technically free therefore don’t always require a procurement process. Instead a memorandum of understanding can be created to ensure countries can access the technical capacity while using in-house resources to build customizations. If a solution is built within the government, procurements may not be required or can be structured differently, because the process is considered innovation instead. Thus, one could change procurement approaches to build DPI based on in house capabilities and bring in external help when needed.

5. Consider developing an “open-source first” policy

Countries are not only adopting individual open source solutions, they are implementing open-source first policies – and several are sharing solutions as digital public goods. 

  • Brazil passed legislation in 2020 stating that software developed by, or for government organisations, should use open source licences.
  • Ethiopia’s National Digital Council, which focuses on DPI, has an open-source preference as one of its principles. This council gives recommendations to all government agencies on how they build their digital systems.
  • In Estonia all state developed software is open source in accordance with their “Vision 2030” (section 6). In that country, where X-Road was developed for public administration purposes, the law needed to be changed to allow for the open-sourcing of government technology – today the vast majority of government technologies are built and shared open source. The old law limited sharing software because it required asking for a market price. The law that replaced it allows for software that is developed in-house to be shared open source – there is even a government repository to learn about and use them all.

6. Establish design and configuration rules that embed security best-practices

It is critical that countries consider security risks and needs when building and implementing their DPI. And there is no grounds for saying that open source is less secure than proprietary technologies.

  • Hiding software code does NOT make it inherently more secure. In fact, security management is not about hiding code, it’s about analysing specific security threats and creating design rules to protect against them
  • Both proprietary and open source solutions can experience security breaches. Thus, the conversation needs to shift from which one is safer than the other to how countries can establish configuration and design rules that ensure a system is secure.

We warmly thank all participants for sharing their perspectives in this very robust discussion. All 50-in-5 countries are invited to regular learnings and best practice exchanges as part of the campaign.

If you are from country government and would like to participate in the 50-in-5 campaign, please send us an enquiry.