EU Regulation, Brazil’s Open Health, and the India Stack: A Common Platform Approach to Integrated Digital Public Infrastructure

Task Force 2: Our Common Digital Future: Affordable, Accessible and Inclusive Digital Public Infrastructure


Abstract

Digital Public Infrastructure (DPI) aims to reform and advance productivity in a multitude of policy areas. India operationalised DPI through its own India Stack, which includes digital identity, fast payments, and data empowerment infrastructure. Similarly, Brazil is developing an open health programme to provide access to currently fragmented health records, while the European Union has introduced novel regulatory rules for certain digital platforms that may be considered equivalent to DPI. Competition reviews in digital markets since 2019 have found that markets in core platform services (such as messaging and social networking) are subject to ‘winner-takes-all’ effects, reducing contestability for public infrastructure. The reviews recommended the largest platforms to make elements of their services interoperable with competitors, thus increasing contestability. Against this background, this Policy Brief offers policy recommendations towards the convergence of obligations that should create a solid ground for G20 DPIs and contribute to an inclusive digital future.

1. The Challenge

Digital Public Infrastructure (DPI) refers to services such as identification (ID), payment, and data exchange systems that help governments deliver vital services to citizens. DPI has much in common with services of general economic interest, such as transport, communications, or post. DPI similarly aims to unlock, reform, and advance productivity in a multitude of areas. According to the UN, Digital Public Goods are open-source software, open data, AI models, standards, and content that make DPI an operational reality.[1]

The private sector operates some of this infrastructure in most countries. Competition reviews in digital markets since 2019 in a number of G20 countries (including EU member states, India, US, Australia, and the UK) have found that markets in core platform services (such as messaging and social networking) are subject to ‘winner-takes-all’ effects, reducing contestability for public infrastructure. These reviews required the largest platforms to make elements of their services interoperable with those of competitors, thus increasing contestability. Similarly, open banking initiatives in the UK and elsewhere have required large banks to make their accounts accessible (with the explicit instruction of customers) via open Application Programming Interfaces (API), thus increasing opportunities for innovation based on transaction data and new payment options.

Based on the experiences of several key jurisdictions, most notably the EU, India, and Brazil, this Policy Brief analyses the opportunities for G20 members to work together to identify a common approach for developing interoperable DPI and to increase the contestability of DPI such as communications and banking (the ability for new firms to enter and contest these markets). For example, India operationalised DPI through its own India Stack, which includes digital identity, fast payments, and data empowerment infrastructure. Following the Central Bank of Brazil’s introduction of an Open Banking programme, the Brazilian government is developing an open health programme to provide access to currently fragmented health records.

In 2022, an Indian parliamentary committee recommended that the government should seek to harmonise digital regulations globally to reduce costs for business, integrate India’s digital ecosystem, and enable its businesses to “compete successfully around the world.”[2]

The importance of DPI

A number of innovative digital services and solutions have been developed to increase efficiency and address problems in economies and societies. However, few digital players are vertically integrated and able to effectively rely on scale economies and very strong network effects. Such platform undertakings, which act at a global level, create significant dependence for both business-users and end-users and produce strong lock-in effects. Thus, market processes are often incapable of ensuring fair economic outcomes with regard to core platform services.

The COVID-19 pandemic demonstrated how vulnerable societies lack the services of major digital platforms. During the pandemic, the complete flow of information and communications, as well as a significant portion of commerce, were dependent on services under the control of major platforms. In many instances, consumers did not receive the best or most innovative solutions. This is because these ‘gatekeeper’ platforms largely decided who and under what conditions there was access to the market.

In 2004, the European Commission fined Microsoft for abusing its market power by deliberately restricting interoperability between Windows PCs and non-Microsoft workgroup servers and by tying its Windows Media Player—a product where it faced competition—with its ubiquitous Windows operating system.[3] Survey responses submitted by Microsoft in the investigation confirmed the link between the interoperability advantage that Microsoft reserved for itself and its growing market shares. There has been considerable progress since then, but it appears that many of the challenges[4] of the digital economy are not as different now than they were 25 years ago, when the European Commission began its investigation.

The magnitude of the problems becomes evident when private digital platform services rapidly become public infrastructure and begin to impact socioeconomic conditions.  This is reflected in platforms such as Facebook, WhatsApp, YouTube, and TikTok, as well as more recently in the developments following Elon Musk’s acquisition of Twitter—a platform where operations became an essential part of many aspects of global communications.[5] Twitter’s importance for journalism, political communication, and crisis management, among others, has made it an indispensable public infrastructure. The public expects stable and reliable infrastructure, and the reality is that Twitter, despite its provision of critical services, is a for-profit entity in a constant state of emergency.[6]

In the wake of several antitrust cases against Google, the same could be said of its role as a DPI. With its supra-dominance in the search market, the company leveraged its position in ancillary areas with unchallengeable bargaining power vis-à-vis the rest of the economy, i.e., publishers, marketers, the mobile sector, and e-commerce. The core global search, like a library or telephone book, has become a service that cannot be substituted or challenged by any competitor or public service provider.

The designation of such services as infrastructure requires a regulatory regime equivalent or similar to those of services with general economic interests. It should further guarantee vital functioning of the economy and the dispersion of market power in society.

The European Union’s Digital Markets Act

The adoption of the European Union’s Digital Markets Act (DMA) of 2022 was the result of an in-depth screening of market developments over the past decades and the societal impact of dominant market players in a range of core platform services. The legislation is a reaction to systematic abuses of market power. One of its key requirements is to make certain services operated by the largest gatekeeper platforms interoperable with those of competitors in order to restore market contestability. The DMA defines ‘interoperability’ as the ability to exchange information and mutually use information, which has been exchanged through interfaces or other solutions, so that all elements of the hardware or software work with other hardware and software as well as with users in all the ways in which they are intended to function.[7]

The DMA contains various provisions that address the interoperability of core platform services that are considered to be DPI. This Policy Brief highlights the following two vital areas—messaging services and operating systems.

Substantially, the DMA’s most high-profile interoperability rule will apply to ‘number-independent’ interpersonal communication services (NIICS) that are part of gatekeeper platforms. Pursuant to Article 7 of the DMA, the gatekeeper shall make the basic functionalities of its NIICS interoperable with those of another provider upon request.[8] This means that people who are dissatisfied with the gatekeeper service can change providers without fear of being separated from the communities to which they previously belonged.

The DMA redefines the rules of app stores and ensures that independent app developers may compete on fair terms. Gatekeeper operating systems (such as iOS or Android) must also allow the installation and effective use of third-party software applications or software application stores. Additionally, gatekeepers may not force users to make use of gatekeepers’ identification services when using services provided by alternative providers that are dependant on the gatekeepers’ core platform services. Further, gatekeepers will not be able to extract above-market fees and favour their own apps.

Open Health Brazil

Open health as a system to stimulate competition in the private health sector is inspired by open banking, which has already been introduced in the banking sector in Brazil following rule-making by the country’s central bank. Open health will develop as an ecosystem of open health data in which the user will have the choice to share their information across different parts of the health sector. This will help increase competition between health operators, streamline processes, and bring more transparency to the sector.[9]

The project, which seeks to provide better quality services to more than 49 million beneficiaries in the country, has two pillars—consumer assistance, with a focus on sharing health data to create a single record or electronic health record, and financial, which aims to stimulate competition in the health insurance market by improving portability.

The Brazilian National Health Data Network operates as a DPI. Based on the guidelines of the Digital Health Strategy for Brazil 2020-28, the National Health Data Network (RNDS) was enacted as the national health data interoperability platform.[10] Brazil’s Ministry of Health makes available an API that allows different software platforms used by healthcare facilities to integrate their Electronic Health Records systems with the National Health Data Network.[11] Implementing an open ecosystem of health data sharing is intended to have a direct and positive impact on clinical decisions, generate a wide variability of products and services with different cost models, and provide care that will be designed with a high degree of personalisation for each patient.[12]

The Brazilian policymaker understood that having a universal standardised and interoperable health database as a public infrastructure could make a significant contribution to better functioning of the health system. It addresses one of the problems associated with the sharing of highly decentralised health data, with many types of players operating in the system. For example, this makes it possible for a hospital to have a patient’s full history when data sharing is authorised and justified and to speed up the decision-making process when a patient needs emergency facilities.

Part of the initiative is the portability between health insurance plans. The National Regulatory Agency for Health Insurance (ANS) centralises the information of patients and insurance plans as well as portability procedures.[13] The portability regime according to the final report of the Brazilian working group[14] consists of the following steps:

  1. The consumer authorises the sharing of their data;
  2. The regulatory agency (ANS) will automatically notify the origin operator and the destination operator to send the relevant portability information to the system;
  • The destination operator accesses the system to obtain the relevant data and complete the portability;
  1. ANS notifies the origin operator about the cancellation of the plan;
  2. If the contracting or portability is carried out, ANS communicates to the beneficiary and the operators;
  3. If portability is not carried out, the ANS analyses whether the beneficiary really did not meet the established criteria.

Stimulating competition by the reduction of transaction costs is intended to reduce the prices of health insurance services to the consumer. Moreover, the envisaged system eliminates mediation in the contracting of health insurance plans. The user themselves could apply for the insurance plan and compare the best options.

The India Stack 

The India Stack[15] is a comprehensive digital identity, payment, and data-management system developed by departments and agencies of the Indian government, with a unique foundational approach that is based on the provision of extensive public infrastructure and standards. The stack comprises three layers:

  1. Identity layer, giving every resident a unique ID. The centralised identity layer (Aadhaar) is based on a 12-digit identification number and a state biometric identification database. It can be used to authenticate individuals for various public and private services. The registration for digital ID does not require previous physical identification. Aadhaar is governed by a separate, independent governmental body with a mandate to manage identity as separate from the other interests of the state. An interesting feature of the Indian digital identity is that self-declaration suffices to establish identity. The recognised ID is interoperable and enables all institutions, organisations, and companies to verify a new customer immediately.
  2. Payments layer, allowing anyone to make payments to anyone. The Unified Payments Interface (UPI) is a system of open APIs facilitating interoperability in payments. The open API standard has been developed by the public sector[16] and the UPI defined a payments mark-up language that standardised instructions for sending and receiving money. All participants in the system must accept to be regulated as financial entities by the financial regulator—a central feature of the Indian approach. The UPI model data sharing is symmetric by design, i.e., to get data, participants must be willing to allow others access to their customers’ data.[17] Thanks to interoperability, it is possible for a user to instantaneously transfer funds across accounts in different providers—such as from a wallet issued by one provider to a wallet issued by another provider. However, although the idea with UPI was to prevent monopolies, according to some reports, PhonePe and Google Pay account for 80 percent of UPI transactions.[18]
  • Data empowerment layer, for the management of individual data through regulated intermediaries (data trusts). India’s approach to a data-driven economy, Data Empowerment and Protection Architecture (DEPA), aims to unlock the power of people’s data contained within the walled gardens of banks, telcos, and regulators, among others. This notion is similar to the objectives of the Digital Governance Act in the EU. Account aggregators (AA) as data trusts provide authentication on demand. They are interfaces through which users provide the consent required to authorise the sharing of private data, for instance, from a financial information provider to another user. AAs collect and consolidate information from all financial institution providers into a single view.[19] This is certainly replicable in other areas, such as health.

A part of the third data layer that could also be considered is DigiLocker, a   documents-on-demand system which could serve as a paperless layer that allows for the verification of digital documents. These kinds of fiduciaries or custodians use the Stack’s API as an open access software standard that allows different applications to communicate with one another and certify the veracity of digital documents. While aggregators elsewhere typically offer services in exchange for access to data, which they can use to sell other services, the Indian approach relies on trust in real terms. Fiduciaries may not access or store data that has been shared, but they can charge for their services.[20] In other words, India Stack offers economic incentives for establishing account aggregators—something that is missing in other approaches.

2. The G20’s Role

Providers of DPIs have a special responsibility towards the unrestricted and efficient provision of services. Core digital platforms have a character of digital public infrastructure in all G20 countries. In the last decade, privately supplied digital platforms have rapidly become public infrastructure, affecting socioeconomic conditions.

Keeping in mind the experiences that have led to the EU Digital Markets Act, regulation has become a tool to safeguard infrastructural service provision in an open ecosystem. Interoperable digital public infrastructure ensures market contestability and empowers citizens. Therefore, interoperability obligations should be a central strategy for G20 policymakers whenever they address the functioning of core digital platforms in their countries.

The Brazilian Open Health case demonstrates that even very fragmented public infrastructure systems can be remedied and simultaneously triggered for better socioeconomic results. Strategic decisions in establishing digital public infrastructure can integrate vital areas like health systems. Interoperability as a constitutional part of the open health project in Brazil induces competition that stimulates innovation and offers better consumer choices, which can be a compelling blueprint for the G20.

Similarly, the India Stack case demonstrates that good interoperability platform foundations made by public authorities are a way forward to transform the country, safeguarding vital system functioning and empowering a wide range of actors in the economy and society. An upgrade of the India Stack with an interoperable ecommerce scheme is a further ambitious development.

3. Recommendations to the G20

In establishing DPIs, effective interoperability obligations within the G20 are necessary for three reasons.

First, to tackle challenges for the effective functioning of markets posed by the conduct of gatekeeper undertakings that are not necessarily dominant in competition law terms but are able to block important gateways for alternative solutions in areas that have a public infrastructural character.

Second, effective interoperability eliminates obstacles to freely providing and receiving services by smaller competitors. Where private undertakings control the functionality or the delivery of vital services, interoperability catalyses inclusiveness without the necessity of breaking up those monopolies. Thus, it has been called a ‘super tool’ for digital platform governance.[21]

Third, divergent regulatory solutions result in the fragmentation of markets, thus raising the risk of increased compliance costs due to different sets of national regulatory requirements. Interoperability addressed at the G20 level could make services considered to be digital public infrastructure functional across jurisdictions and reduce costs for both digital gatekeeper platforms and their smaller competitors.


Attribution: Pencho Kuzev and Ian Brown, “EU Regulation, Brazil’s Open Health, and the India Stack: A Common Platform Approach to Integrated Digital Public Infrastructure,” T20 Policy Brief, May 2023.


[1] Liv Marte Nordhaug and Lucy Harris, “Digital Public Goods: Enablers of Digital Sovereignty,” OECD iLibrary.

[2] Standing Committee on Finance, India, 2022-2023.

[3] Case T-201/04, Microsoft v. Commission, Judgment of the Grand Chamber of the Court of First Instance of 17 September 2007.

[4] European Commission, “Commission Concludes on Microsoft Investigation, Imposes Conduct Remedies and a Fine,” March 24, 2004.

[5] Centre for International Governance Innovation, “Digital Infrastructure is Essential to Modern Life: So is its Regulation”

[6] Centre for International Governance Innovation, “Digital Infrastructure is Essential to Modern Life: So is its Regulation”

[7] Regulation (EU) 2022/1923 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act), Article 2, Recital 29

[8] Regulation (EU) 2022/1923, Article 7(1)

[9] Wellbe, “Open Health nos planos de saúde: como vai funcionar?” 2023.

[10] A RNDS – Rede Nacional de Dados em Saúde, Ministério da Saúde, 2021.

[11] OECD, “The Digital Transformation of Primary Health Care in Brazil, Primary Health Care in Brazil”.

[12] Joana França, “From Interoperability to Open Health: How Open Ecosystem Transformations Can Revolutionise the Healthcare Industry”.

[13] Daniel Pereira, “The User Will Be Able to do in a Few Clicks what Today Takes at Least 30 Days to Happen,” Valor, 2022.

[14] Relatório Final do Grupo de Trabalho.

[15] The India Stack.

[16] The National Payments Corporation of India is an umbrella organisation for operating retail payments and settlement systems in India. It is an initiative of the Reserve Bank of India (RBI).

[17] Yan Carriere-Swallow, Yikram Haksar, and Manasa Patnam, “India’s Approach to Open Banking: Some Implications for Financial Inlusion,” IMF Working Paper, WP/21/52

[18] Financial Times, “The India Stack: Opening the Digital Marketplace to the Masses”.

[19] Pradeep Mohan Das, “Account Aggregators (AA) in India: Hyper-Personalization Meets Scale”.

[20] Yan Carriere-Swallow, Yikram Haksar, and Manasa Patnam, “Stacking Up Financial Inclusion Gains in India,” July 2021.

[21] Digital Regulation Project, “Equitable Interoperability: The “Super Tool” of Digital Platform Governance”.

The views expressed above belong to the author(s).