Establishing Comfort with the Concept of DPI

First things first: I do not represent any organization or institution through this article; these are purely my personal views on my personal website (which is, quite literally, my name).

The objective of this article is not to make you a DPI expert (I’m not one either) but to help you get comfortable with the concept of DPI. I’m writing it specifically for those who know nothing about DPI but would like to know something. Or for those who know something but can’t quite explain it to someone else with confidence. And, of course, for the nerds who like to keep their neuroplasticity enhanced by actively learning new things every now and then.

Let’s begin.

I’ve been swimming in the deep end of DPI for quite some time now, and after close observation, I’ve realized that most people are just tossing the term from one document to another PPT without understanding what it truly means. This lack of clarity often results in mislabeling anything digital & popular as a DPI.

As far as I understand, this confusion stems from long definitions loaded with heavy technical principles (that most people don’t fully grasp). A string of complex words creates an even more convoluted sentence (definition), which becomes too overwhelming for people to wrestle with, so they drop it altogether.

To address this problem of overwhelm & establish comfort, we will first unpack the term DPI, explore its principles, build a lens to identify DPIs, and see what India is doing about it. 

So, what is Digital Public Infrastructure (DPI)?

If we remove the word ‘public’ from this term for a moment, we are left with just ‘Digital Infrastructure.’ But we embraced digital technology only about 50 years ago. So, what kind of infrastructure existed before that? Yes, you guessed the obvious right: physical infrastructure. And what would qualify as Physical Public Infrastructure? The infrastructure that can be used by the public (so, not your personal washroom) & is tangible (can be seen or touched), such as roads, bridges, water pipelines, etc. With this context, let’s imagine a story.

Fifty years ago, a woman lived in Goa, and she decided to go on a road trip to Pune in her car (a Chevy Impala 1967). She drove along lush green valleys, and when a police officer stopped her, she showed him her driving license card. She then felt hungry, bought an ice cream from a vendor by the road, and gave him a ₹1 note. Further along, she stopped at the toll, paid her tax in cash, reached Pune by the evening, showed her ID, checked into a resort, and relaxed by the pool.

Fast forward 50 years: Today, a woman living in Goa decides to go on a road trip to Pune in her car (a Defender by Land Rover). She drives through the valleys, and when a police officer stops her, she opens her DigiLocker and shows him her driving license. She then feels hungry, buys an ice cream from a vendor by the road, and pays him via UPI. Further along, she pays the toll via FASTag, reaches Pune by evening, shows her Aadhaar card, checks into the resort, and relaxes by the pool.

The difference between these two stories is the presence & absence of DPI.

To put it simply, DPI helps you live a digital life. You enter the digital realm by creating your digital identity (like Aadhaar). Next, you digitize other essential documents and store them securely in a digital locker (like DigiLocker). Finally, to make payments, buy or sell goods, or conduct transactions digitally, you use a digital payment interface (like UPI). I drew a little comparison table for more clarity. 

Just as good physical infrastructure supports cities by enabling the smooth movement of people and goods, DPI enables the internet ecosystem to flourish. It makes online services faster, safer, and more accessible to everyone, creating equal opportunities for people to learn, earn, and connect in a digital world.

What is ‘public’ in Digital Public Infrastructure?

The first implication of ‘public’ in DPI is that it is purpose-neutral and designed for the public, much like roads. Roads can be used by anyone—private cars, public trucks, individuals, cyclists, bikers, or auto-rickshaws—for any purpose, whether it’s commuting to the office, coming back from school, jogging, transporting goods, traveling, meeting friends, or attending meetings. Similarly, DPI can be used by anyone for various purposes.

DPI is designed to ensure that everyone—rich or poor, young or old—has equal access to the same services. You don’t need to build your own road; the infrastructure is already there for everyone to share. The term “public” in Digital Public Infrastructure (DPI) reflects its shared, inclusive, and accessible nature, emphasizing that it is built for the collective benefit of society.

Another meaning of ‘public’ relates to government involvement. Like physical infrastructure—roads, bridges, and water pipelines—DPI is primarily built, governed, and maintained by the government to ensure that the infrastructure serves the public interest and remains inclusive.

When the private sector builds something from scratch, the products are often innovative but are usually behind a paywall, excluding many people from accessing them. Can you stop someone from driving on a road because their car isn’t a BMW? Of course not. Extending the same logic, the government built the foundational components of DPI—such as Aadhaar, UPI, and DigiLocker—and has now opened the field for the private sector to innovate and build upon them. It’s like giving Lego pieces (Digital Public Goods, or DPGs, that constitute DPI) to kids in a park (the private sector) and letting them build anything imaginable.

What are the principles of DPI?

Under India’s G20 Presidency in 2023, the first-ever consensus on the definition of DPI was achieved. The definition, as outlined in the DEWG Outcome Document, states:

“DPI is a set of shared digital systems that should be secure and interoperable, and can be built on open standards and specifications to deliver and provide equitable access to public and/or private services at a societal scale. It is governed by applicable legal frameworks and enabling rules to drive development, inclusion, innovation, trust, and competition, while respecting human rights and fundamental freedoms.”

This definition is comprehensive and rests on a foundation of several key principles. Let’s explore them one by one (focus on the italics).

  1. Interoperability: 

Interoperability refers to the capability of two or more systems, software, or devices to exchange data and interpret it in a way that is usable by both parties. 

Interoperability is like being bilingual. Two people speaking different languages can communicate effectively using a shared translator, common grammar rules, and mutual trust.

Example: When you send money using a payment app like PayTM or Google Pay, it talks to your bank’s system to transfer funds. Even though PayTM and your bank are different systems, they understand each other because they use common rules (UPI protocol).

  1. Open standards:

As per ITU, “Open Standards” are standards made available to the general public and are developed (or approved) and maintained via a collaborative and consensus-driven process.

Imagine a universal recipe book that all chefs around the world use. The recipes (standards) are freely available to everyone and written in a way that any cook, anywhere, can follow them to create the same dish. Every restaurant (system) can offer the same meal (data or service), even if the kitchen tools (technology) are different

Example: If you visit a website, your browser knows how to show it correctly because it follows open standards like HTML.

  1. APIs:

As per ITU, an API is a set of rules and protocols that allows different software applications to communicate with each other.

Imagine you want to order pizza. Instead of going to the kitchen (backend) and figuring out how they prepare it, you just use a menu and place your order through a waiter (API). The waiter understands your request, takes it to the kitchen, and brings back your pizza (data or service). 

In DPI, APIs are like servers at a restaurant, who ensure smooth communication. So every time you get an OTP, make an online payment, or fetch a document from DigiLocker, you’re benefiting from APIs working behind the scenes.

  1. Security by Design:

“Security by Design” is an architectural philosophy and engineering approach emphasizing the proactive incorporation of security measures throughout the lifecycle of a system—design, development, deployment, and maintenance.

Imagine you’re building a fortress to protect your treasures. Then you will use strong materials that thieves can’t easily break (encrypted data storage), Make sure every door and window has locks (secure APIs). Test it! Pretend to be a thief and see if you can break in (penetration testing), Regularly inspect for cracks or weaknesses (monitoring and patching), and Always lock doors when you leave (secure configurations). 

‘Security by Design’ ensures that your digital services (like Aadhaar or UPI) are built to withstand cyberattacks from day one.

  1. Data Standard:

Data standards are agreed-upon formats, rules, and protocols for organizing, representing, and exchanging data in specific industries or domains. 

For example, FHIR (used by ABDM) is a set of international standards developed by HL7 (Health Level 7) for transferring clinical and administrative data in healthcare. 

Think of FHIR as a smart, universal language for hospitals and health apps. Imagine every lab test, prescription, or medical record being written in different “languages.” FHIR acts as a translator, ensuring all this information is stored, exchanged, and understood in a standardised way, so any hospital, clinic, or health app across the globe can use it seamlessly.

  1. Modularity:

Modularity is a system design principle that focuses on breaking down a complex system into smaller, independent, and interchangeable components called modules. Each module is responsible for a specific function and interacts with other modules through well-defined interfaces.

Think of a modular system as a set of tools in a Swiss Army knife. Each tool (module) has a specific function—like a blade, a screwdriver, or scissors. They all work together but can be used independently. If your screwdriver breaks, you only need to replace that part, not the entire knife. 

In a digital system, modularity works the same way: Imagine your phone’s apps. Each app is like a module. If your payment app (UPI) updates, it doesn’t impact your photo gallery app.

  1. Scalability:

In the DPI context, scalability means the ability of the infrastructure to support an increasing number of users, data volumes, and transactions, ensuring smooth functionality under all conditions. 

Think of scalability as running a massive restaurant that needs to handle more customers every day. Horizontal scaling would mean opening more branches as the number of customers increases, while vertical scaling would mean adding more chefs and bigger ovens in the same branch.

  1. Privacy by Design:

At its core, Privacy by Design (PbD) is a proactive framework ensuring that privacy considerations are embedded directly into the technological architecture and operational processes of systems. This contrasts with reactive privacy measures that are patched onto systems after they are developed or deployed.

Imagine a bank vault is designed to keep everything safe, even before the first dollar is deposited. Privacy by Design means that your data is protected before you even share it.

That’s enough for now; you’re good to go! These are the key principles that define what makes a DPI, a DPI. However, once you get comfortable with the basics here and want to dive deeper, then please raid the websites of Co-Develop, MOSIP, DPGA, DPG Charter, CDPI, DPI Map, DIAL, GovStack, GDPIR, IndiaStack, iSPIRT, etc., & become an expert lol, moving on.

What is a DPI, and what is not a DPI?

How do you determine if something qualifies as a DPI or not? Why do people keep on confusing digital solutions, websites, and portals as DPIs? I know the line looks thin & blurry, but it isn’t. Here are a few questions I ask myself before drawing the conclusion that something is a DPI or not:

  1. Is it foundational and widely useful?
  • DPI should act like a “digital road”—a base layer that many people, businesses, and organizations can use for different purposes. It should enable essential services like identity verification, digital payments, or data exchange.
  • Example: UPI (Unified Payments Interface) enables payments for all kinds of services, from buying groceries to paying bills.
  • Not DPI: A specific app for food delivery, because it serves a limited purpose and isn’t foundational.
  1. Is it open, inclusive, and accessible?
  • DPI is designed for everyone—rich or poor, urban or rural, young or old. It should not exclude people based on their social or economic background.
  • Example: Aadhaar provides digital identity for all Indians, including those in remote villages.
  • Not DPI: A premium-only software that is accessible only to those who can afford to pay.
  1. Is it public or community-driven?
  • DPI is often created, governed, or supported by public institutions, ensuring it benefits the larger population rather than just a single company or individual. Even if private companies build on it, the underlying system remains public.
  • Example: DigiLocker is a government-provided platform where citizens can store official documents digitally.
  • Not DPI: A cloud storage service owned and operated by a private company.
  1. Is it interoperable?
  • DPI can work with other systems, technologies, or platforms. It allows different services to connect and work together seamlessly.
  • Example: UPI works across banks, wallets, and apps, enabling anyone to send money to anyone else.
  • Not DPI: A system that only works within a single app or brand.
  1. Does it support innovation and scalability?
  • DPI creates opportunities for others to build new solutions on top of it. It should be flexible and scalable, allowing developers and organizations to innovate.
  • Example: UPI allows developers to create various apps (like Google Pay, PhonePe) that use the same infrastructure.
  • Not DPI: A fixed-purpose tool that doesn’t allow other developers to build on it. It cannot be scaled either. 
  1. Does it solve a public need or create societal value?
  • DPI should address broad societal needs, such as financial inclusion, access to education, or efficient delivery of public services.
  • Example: DigiLocker has made the process of issuing & storing documents so seamless, making digital copies at par with the physical copy. 
  • Not DPI: A luxury e-commerce platform targeting only a small segment of society.

The next two questions I read in a report titled ‘Responsible DPI for Improving Outcomes Beyond Inclusion’ by the Centre for Financial Inclusion (CFI), published in June 2024.

  1. Can it be used equally by multiple participants?
  • If not, it is likely to be considered as a service or application, not as infrastructure.
  1. Is there an operator responsible for making the solution function, either in part or in full?
  • If not, it may simply be a technology or a set of code or data.

By asking these questions, you can determine whether something qualifies as DPI or not. The more “yes” answers you get, the closer it is to being a true Digital Public Infrastructure!

What is India doing about it?

A 2019 report by the Bank for International Settlements highlighted that due to its robust DPI, India accomplished in seven years what would have otherwise taken 47 years in terms of financial inclusion and as of December 2024, India’s DPI achievements are nothing short of extraordinary:

  • Over 1.4 billion citizens now have a digital identity (Aadhaar).
  • 631 financial institutions are live on UPI, enabling more than 16 billion transactions per month.
  • DigiLocker has issued 7.76 billion documents to 376 million users.

These milestones highlight the transformative power of DPI in driving inclusion, efficiency, and accessibility. And yet, there is still a long way to go, especially from a global perspective, and India recognizes this very well. As a global leader in the DPI ecosystem and acknowledging the potential of DPI to address universal challenges, India is actively helping other countries build their own DPI ecosystems. As of now, India has signed IndiaStack Memorandums of Understanding (MoUs) with 17 countries and is helping them implement DPIs tailored to their cultural and societal needs.

Conclusion

DPI is more than just digital transactions or infrastructure—it’s a catalyst for societal empowerment, a bridge to opportunities, and a foundation for building a more inclusive and equitable world.

In the end, I sincerely hope this article helped you establish a bit of comfort with the concept of DPI. I hope the term DPI looks less alien to you now. I hope I was able to replace some of your apprehensions with curiosity. 

Thank you for engaging.

Until next time,

M. Dhariwal

2 thoughts on “Establishing Comfort with the Concept of DPI”

  1. Interesting and informative.
    Couple of things that come to my mind. When this terminology was first used and in which context ? Role played by some key leaders and institutions, like, Nandan Nilekani (Aadhaar, FastTag, UPI, CBDC etc), NPCI, etc., could be good background info to have.

  2. Very well explained with examples any digitally aware person can relate with. What is your thought about a foundational model (LLM) for public services for the citizens. Isn’t it time for Bharat to have its own Jan-AI, making GenAI accessible to every citizen. Will be interested in knowing your thoughts. Best Regards,

Leave a Comment

Your email address will not be published. Required fields are marked *