Governance can keep DPI working for people when other stakeholders turn against them

The promise of digital public infrastructure is in the scale and efficiency that allows governments to improve inclusion and service delivery. ID4Africa 2026 explored the risks that can come with this power in a cautionary presentation at the end of the first day’s proceedings.

World Bank Technical Advisor on Digital Public Infrastructure Tariq Malik examined the situations in China, India, the EU and UK, Pakistan and across Africa in his presentation on “DPI Under Siege.”

Centralized DPI can concentrate power, he warns, as platform operators, rather than governments or citizens, are positioned to make decisions. It concentrates risk to the point where a single failure can disadvantage millions at once, and control, as foreign corporate architecture can erode jurisdictional sovereignty.

“DPI doesn’t just digitize the state — it redistributes power within it,” Malik stresses. AI only complicates this picture of shifting control.

Seeds of DPI risk sown in success

China’s social credit system shows how a unified identity layer can become a control apparatus if it is not subject to judicial oversight.

The world’s largest biometric system, Aadhaar, has been associated with cases of welfare exclusion and breaches of sensitive personal data. The digital ID’s integration with India’s National Register of Citizens resulted in the exclusion of millions of Muslims and others in the state of Assam, and private sector organizations have been found using Aadhaar APIs to track the location of individuals without oversight.

In Pakistan, where Malik oversaw huge digital ID-driven gains in areas like financial inclusion and disaster relief, millions were temporarily thrown off of electoral rolls after being wrongly marked “deceased” and institutional changes have raised questions about NADRA’s independence.

Liberal democracies like the EU, the UK and Canada have had or are in the midst of debates about live facial recognition without a statutory framework, mass scanning of private chat messages, financial deplatforming and state access to encrypted internet traffic.

Africa’s digital transformation has come with more than 100 internet shutdowns since 2020, including an 18-month blackout in Ethiopia’s Tigray region.

The control of the cloud platforms DPI runs on by vendors also introduces the risk of foreign influence, Malik says.

Governing DPI to protect public interest

Malik emphasized to the main hall audience that the way to prevent DPI from being turned against the public is through strong governance safeguards.

DPI governance can safeguard against purpose usurpation and other problems specifically with mandatory federated architecture, offline fallback options for the poor and people in remote areas and judicial oversight over shutdowns of the internet, financial services or identity credentials. Malik argues that cloud contracts should set strict data sovereignty and residency rules, and calls for a prohibition on predictive policing and live facial recognition in public spaces.

Together these measures can make DPI resilient to short-term pressures that can undermine public trust, Malik says: “an identity authority that no single politician can appoint, capture, or militarize.”

No single framework of DPI safeguards can protect people’s rights comprehensively, but there are many major frameworks from groups like the UNDP and World Bank ID4D that provide a good starting point.

At the heart of concern is a conundrum Malik expresses as: “The better DPI works, the more catastrophic its failure becomes.”

This makes avoiding fragile architecture and weak governance paramount considerations for all stakeholders.

Article Topics

digital identity  |  digital inclusion  |  digital public infrastructure  |  ID4Africa  |  ID4Africa 2026  |  Tariq Malik