Task Force 2: Our Common Digital Future: Affordable, Accessible and Inclusive Digital Public Infrastructure.

---

Abstract

Digital Public Goods (DPGs) present a generational opportunity for states and their partners to work together to rewrite the rules on their citizens’ digital futures at the precise moment when discontent with digital service provision is reaching a boiling point.^[a]

Fears of runaway AI deployments, high-profile takeovers of widely-used digital services, private sector-centric policy and expenditure, decreasing transparency and interoperability, vendor lock-in, extractive data collection in support of advertising, and a collapse in monopoly service quality have left long-established models of technology provision at their lowest ebb. But building in the ruins, a new model is emerging, one designed to meet state and non-state requirements, and that is open, interoperable, low-cost, and secure.

DPGs are proving their infrastructural credentials. Whether in payment systems, biometric ID or in data transfer, countries worldwide are successfully piloting their deployment, bringing new routes for citizens to connect with governments and service providers. DPGs are accelerating economic growth, social inclusion, and the pursuit of the ambitious Sustainable Development Goals (SDGs).

New models of technology provision need new models of governance as states and their partners look to move beyond the habits of private procurement. Open Source (OS) DPGs demand a revolution in national and international governance if they are to reach their enormous potential. Establishing spaces, standards, and best practices for the state and cooperative governance of DPGs is a challenge that fits squarely within the G20’s remit. Success at this stage will unlock unprecedented progress in building a global digital ecosystem fit for purpose. This policy brief outlines a path forward. 

The Challenge

Growing interest and investment by governments worldwide in DPGs to meet core government and public service needs is potentially a generational shift in the shape, make-up, and oversight of digital society. Success is contingent on a national and international reassessment of the governance of these DPGs, and to ensure that governments have confidence in their deployment, their direction, and their security.^[b] This includes solvable sustainability challenges inherited from the OS ecosystem in which most DPGs are based, and new challenges around the governance of DPGs by governments and sovereign collectives.

First, DPGs underpinning identity systems, payment systems, and data-sharing solutions are OS solutions. Examples include MOSIP, Mojaloop, OpenMRS, DHIS2, and OpenCVRS.^[1] The Digital Public Goods Standard requires the use of an approved open licence.^[2] The ubiquity of OS solutions in today’s technology landscape—some 95 percent of technology is at least in part built on and dependent on OS—underscores the effectiveness of this approach and supports the notion that open solutions are no more inherently risky than proprietary solutions.

The majority of OS DPGs start life as small projects, and even major OS DPGs with millions of users often encounter the same sustainability pressures facing other OS projects. These frequently include questions of funding, governance, strategic direction, and non-code skills and contributions. Current models are mixed, with DPGs governed and funded by groups as diverse as governments, cities, philanthropic organisations, businesses, foundations, and end-user collectives. Significant learnings can be drawn from across these actors. However, forthcoming research suggests that even civic technology projects—a useful analogue for the kinds of spaces where nascent DPGs emerge—contribute just 15 percent of the work needed to sustain what they do.^[3]

The OS ecosystem faces different sustainability problems to proprietary software. These are sustainability problems that, in the context of DPGs, could be uniquely addressed by governments, including funding gaps, insufficient governance, barriers to non-technical contributions, unequal prestige for infrastructure, and difficult working conditions.^[4]

Increasing use of OS technologies in government presents an opportunity to mitigate existing OS ecosystem challenges through new models of governance and new funding sources. It also presents a risk—without clear governance standards, DPGs risk losing connection with the very entities looking to utilise them. They may remain underfunded, with consequences for code integrity and sustainability.

Without new governance models, value created by cooperating on the funding and oversight of DPGs by multiple actors will be lost in favour of forked software and maintainer fragmentation. A sustainable OS government technology ecosystem is a necessary condition for scalable, low-cost, and secure software DPGs. ^[5]

Second, and critically, no established principles or fora for bilateral and multistakeholder state cooperation on software development currently exist. The World Bank notes that “despite many processes being largely similar in various country contexts, each new project is typically built from scratch, as if there were no templates, code libraries or models, or lessons learned on which to base new implementations.”^[6] In the absence of joint principles for software governance or bilateral funding and procurement models for DPGs, value is lost as sovereign entities replicate codebases and, in doing so, replicate maintenance, upkeep, and development costs.

G20 member states should evaluate and report on their capacity to participate in DPG development aimed explicitly at closing the gap between current familiarity with private software procurement and unfamiliarity with OS software procurement. This supports a roadmap for developing DPGs that can meet the threshold of government adoption once that threshold is set.

Table 1: Key Stakeholders

Stakeholder	Role	Example Organisations
Government Digital Procurement	Budget holders; Risk evaluation; Requirement mapping
Foundations	Expertise in community and software collaboration management; Digital Governance Expertise	Linux Foundation, OASIS, NLnet Foundation
Internet Standards and Governance Bodies		IETF, ISOC, W3C, IRTF, IAB, IGF
Academic and Civil Society		DPGA, Co-Develop, Beeck Centre; Ash Center; OSPO++; DIAL, Foundation for Public Code and OSI
System Integrator and Local Implementation Partners	Deployment and maintenance of DPGs in-country; local expertise
Global Funding Organisations	Funding for implementation	World Bank, FCDO, GIZ, NORAD, USAID, Philanthropic foundations

 

The G20’S Role

The G20 member states can consider three options: no action for now; individual member state action; joint member state action.

Option 1: No Action

Under the status quo, most global DPGs continue to develop without significant or coordinated national input. In this case, the commissioning, governance, and funding of DPGs will continue to depend on a range of sources, including small groups of end users, universities, donations, and philanthropy. This passive role excludes governments from the stewardship and steering of DPG development, increases opacity around government requirements, and leaves the development and deployment of DPGs to businesses and institutions operating under primarily commercial mandates.

Joint stewardship of codebases underpinning state capacities will remain an exception, pursued on an ad hoc basis where opportunities and existing expertise exists.

• Pros: Government involvement in the provision of certain existing DPGs may be viewed as unwelcome.
• Cons: Under this model, governments do not effectively contribute a model fostering the development of DPGs, and miss out on the opportunity to set the direction and roadmap for projects to meet government requirements.

Option 2: Individual member state action

Under this model, states will look to boost the uptake and sustainability of DPGs, focusing either on those meeting national government requirements or the needs of citizens and non-governmental groups.

Historical examples of this approach include the Indian government’s funding of the Aadhaar biometric ID system, the UK government’s Government Digital Service work on gov.uk and grants made by the Local Digital Fund, or the development of OpenG2P by the Directorate of Science, Technology, and Innovation within the government of Sierra Leone.

National government support for open solutions that meet their own national requirements leads to emergent DPGs that may meet the needs of other governments, laying the foundations for future collaboration.

• Pros: The procurement and deployment of OS DPGs strengthen national government capacity in areas like open procurement, maintenance, and community building. National and local governments have experience in expressing requirements unique to them. Broader uptake of OS DPGs at a national level raises their profile and strengthens the concept, creating a locus for future collaboration.

• Cons: Success stories without models for cooperative governance may lead to countries forking and taking sovereign control over the rollout of an OS DPG. Despite a short-term gain, this creates long-term national maintenance requirements, and users of the DPG miss out on the force multiplication effect of collaborative software development.

Option 3: Coordinated international action

Government-led software cooperation may be an effective route towards developing and maintaining digital infrastructure.

Software cooperatives have been shown to be effective at multiple levels; for instance, library software collectives like Evergreen serve a single group of users across a country up to large-scale international and intergovernmental cooperation like those built around MOSIP and X-Road.

Meeting government and intergovernmental requirements through OS and OS DPGs still face barriers, but the above examples show this is a soluble problem.

• Pros: Cooperation on OS DPGs maximises the value of a shared resource by pooling skills and resources in its development, deployment, and maintenance. Establishing governance principles for OS DPGs by two or more sovereign entities lays the groundwork for future collaboration by existing partners and by sovereign entities looking for routes to share the burden of state capacity building.

• Cons: Irresolvable differences between countries in expectations of governance or in setting requirements may stifle the development of an OS DPG. Governance frameworks for software cooperation by states are largely untested.

Recommendations to the G20

There are risks and opportunities associated with any of the three directions presented above, and a blend of careful and selective state agency and international cooperation on critical DPGs is likely required. Given the G20 remit as the premier forum for international economic cooperation, the authors advise an approach most closely modelled on option 3. The authors outline two recommendations to strengthen G20 members’ capacities to collaborate on DPGs that are scalable, low-cost, and secure.

Steps to achieve greater international cooperation through like-minded G20 member state action are laid out below:

• G20 Working Group for Software DPG Collaboration

Establish a working group of G20 member states to foster software collaboration. This working group will prioritise relationship-building between member states’ digital and procurement teams, provide a dedicated forum for the identification of shared government software requirements, and foreground member-state investment in the open and DPG ecosystems.

The authors anticipate the forum to provide a gateway to great software cooperation between G20 member states, and pave the way for sharing first standards, then data, then software.

The forum will deliver three short-term outputs. First, developing a policy framework to support member states in articulating (1) minimum thresholds for implementing OS DPGs. Second, the publication of (2) draft principles for joint software governance, including working with global experts to develop a roadmap for sovereign entities joining software collaboratives. Third, the agreement of a (3) standard on Sustainable Open Software usage articulating the need for state and non-state actors to ensure their participation in the OS ecosystem is sustainable.

(1) Minimum thresholds for the procurement and use of OS DPGs

Member states should evaluate and report on their capacity to participate in OS DPG development, aimed explicitly at closing the gap between the current familiarity with private software procurement and unfamiliarity with OS software procurement. This reporting sets a roadmap for developing DPGs that can meet the threshold of government adoption once that threshold is set.

(2) Draft Principles for Joint Software Governance

The G20 should promote bilateral and multilateral statements from its member states outlining shared principles for joint software governance through which members set and adjust minimum standards for cooperation on DPGs. These principles will set out agreed governance, funding, licensing, and community standards and codify a vision, mission and values statement underpinning software cooperation by multiple sovereign entities.^[7]

(3) Standard on Sustainable OS Usage

G20 members should build on growing OS government technology development and existing commitments to the deployment of ‘software bills of materials’ to press for more sustainable participation in the OS ecosystem. Standards on sustainable OS usage tackle the shortfall in governance and funding facing OS DPGs, often masked by private software procurement. These standards could set the bar higher for non-governmental use of OS, boosting sustainability in the sector as a whole, and help avoid damaging the OS ecosystem as part of wider government attempts to regulate other aspects of the web, such as social media platform businesses.

• Sovereign and Collective Open Technology Funding

The G20 member states should prioritise creating high-impact funding for immature DPGs by establishing sovereign funds for developing DPGs, making small grants to experimental or bespoke digital solutions to national government, local government or community requirements.^[8] Models for this funding are wide-ranging, and include:

• National Technology Cooperative Funds
• Sovereign Technology Funds
• Local Digital Funds
• OS DPG Venture Funds and Accelerators
• OS DPG Prizes and Awards

---

Endnote

^[a] This policy brief is a result of collaboration between Chatham House, University College, London, the Digital Public Goods Alliance, and a team of discussants and contributors. The team welcomes any opportunity to discuss the note further. The views expressed in this document are the sole responsibility of the participants and do not necessarily reflect the view of our respective institutions, staff, associates or councils.

^[b] Throughout this brief, the authors ground the use of the term ‘DPG’ in the Digital Public Goods Alliance (DPGA) definition, which states that DPGs are “open-source software, open data, open AI models, open standards, and open content that adhere to privacy and other applicable international and domestic laws, standards and best practices, and do no harm.”

^[1] “Registry”, Digital Public Goods Alliance.

^[2] “Digital Public Goods Standard”, Digital Public Goods Alliance.

^[3] Ben Nickolls, “The Impact of Civic Tech on Open Source”, Medium.

^[4]  Alex Krasodomski-Jones and Josh Smith, “The Open Road”, Demos.

^[5] Anna Shipman, “The benefits of coding in the open”, UK Government Digital Service.

^[6] International Bank for Reconstruction and Development/World Bank, “Open Source for Global Public Goods”, World Bank Group, 2019.

^[7] David Eaves, Lauren Lombardo, and Nicolas Diaz, “Public-Sector Code-Sharing Communities”, Medium.

^[8] David Eaves and Leonie Bolte, “Best Practices for the Governance of Digital Public Goods”, Ash Center for Democratic Governance and Innovation, April 2022.