When people stop trusting their government, the consequences don’t arrive in headlines. They show up gently, when mothers skip applying for child benefits, when young adults give up on registering to vote, when farmers in rural districts walk away from services that were supposed to help them. Trust isn’t just a nice-to-have in public infrastructure, it’s the bedrock. That’s where Safe DPI comes in. It’s not a branding exercise and not about choosing open-source over proprietary software, or vice versa. It’s about building systems that are secure, functional, and capable of serving people in the real world over the long haul. Anything less becomes a liability.
This is why the conversation around digital public infrastructure (DPI), and particularly digital identity systems, must begin with trust. Not with tech specifications, procurement models, or architecture diagrams, but with the simple question: will people believe in it?
Right now, across many countries, the answer is still no. And the cost of getting it wrong is far higher than many realize. Governments everywhere are pouring time and money into digital ID systems. Some work. Many don’t. And the ones that fail don’t just fade into irrelevance; they chip away at the credibility of the entire state.
5 Key Takeaways
1. Trust Is Not a Feature, It’s the System: Digital identity isn’t just about issuing cards or building platforms. It’s about building a relationship. If people don’t believe that their ID will help them access services, or worse, fear it might be misused, they’ll simply stop using it. And when trust slips away, so does the legitimacy of the entire system.
2. Open Source Isn’t Free When You Count Everything That Matters: There’s a difference between downloading code and running a national identity system. Governments jumping into open-source projects without budgeting for integration, maintenance, and security are setting themselves up for failure. The cost doesn’t vanish just because the license fee does.
3. Technology Doesn’t Fail, Governance Does: Whether in Ghana or the Philippines, the story is the same: systems collapse not because of poor code, but because of poor planning, missing accountability, and lack of local capacity. Success comes when public institutions take ownership, understand what’s being built, and can adapt when the unexpected hits.
4. Standards Make the Invisible Work: When digital IDs fail to deliver services, it’s often because the systems behind them were never designed to talk to each other. Standards aren’t exciting, but they’re what make an ID card useful instead of ornamental. If a credential doesn’t work across services, it becomes a bureaucratic prop, not infrastructure.
5. Safe DPI Isn’t Just Technical, It’s Political: You can have the best tech stack in the world, but if laws are vague, oversight is missing, or roles aren’t defined, the whole project can go sideways. Regulation isn’t an extra, it’s the spine of any digital public infrastructure built to last. Without it, you’re not building a system. You’re placing a bet.
The Hidden Cost of “Free” Technology
One of the most popular narratives in the world of digital ID today is that open-source technology is the answer to everything. No license fees, community-driven development, sovereign control. But that story leaves out a few important realities.
Chahine Hamila, UNDP’s Senior e-Government Technologist, has spent years working with countries on digital infrastructure projects. He put it plainly: “The point is not just whether it’s a DPG or not, the point is how you take those bricks, those pillars, and build your DPI.”
The open-source label doesn’t automatically mean something is cost-effective or secure. Hamila shared a five-year cost model for a basic open-source project in a mid-sized country: $21.5 million to $45.5 million. That includes support, integration, maintenance, and security. Not exactly the free lunch many assume.
Then there’s the security problem. Open-source systems can benefit from transparency, if helpful developers are the ones finding the flaws. But that same transparency can expose the software to actors with less noble intentions. “If it is a malicious actor, rather than a benevolent developer who spots a bug, the result could be a zero-day vulnerability,” Hamila warned.
So, while open source has its place, it’s not a silver bullet. In fact, it can be dangerous when its limitations are ignored or misunderstood.
What Works and What Fails
There are real examples of governments trying, and failing, to roll out digital ID systems that meet expectations. Ghana’s first attempt to launch a national ID card project ended in near-collapse. Millions were spent, but fewer than a million cards were delivered out of a target of four million. The fallout damaged credibility.
It took a restructured public-private partnership to salvage the effort. Andrew Asamoah of Margins ID Group explained how the government and private sector shared financial risks in the second round. This time, the ID authority wasn’t a cost center, it generated revenue. And in one year, they distributed 15.7 million ID cards. Not because they used better tech, but because the governance and structure were finally right.
The Philippines faced a different issue. Physical cards were delayed, leaving citizens without access to services. But instead of letting the project stall, the government introduced the ePhilID, a digital workaround that gave people immediate functionality. According to Ramesh Narayanan, CTO of MOSIP, the country’s success came from learning by doing. They had built a sandbox environment to test real-world challenges before going live.
Both examples point to a simple truth: capacity matters as much as code. If public sector teams don’t know how to build, adapt, and maintain their systems, no technology, open or proprietary, will save them.
What Safe DPI Actually Looks Like
At The RegTech, we’ve seen these challenges up close. Our work with governments and regulators often begins after someone else has already made the wrong call: a rushed procurement, a platform no one understands, a rollout that stalls because no one trained the local IT team.
We take a different approach. Safe DPI isn’t about sparkly tools. It’s about building infrastructure that is stable, secure, and realistic. We’re focused on digital identity systems that can really serve the public over the long term, not just through pilot phases or donor cycles, but across administrations and budget seasons.
A secure digital ID should work offline. It should continue functioning when the internet goes down or devices fail. It should be compatible with other systems without requiring five different middleware platforms to glue it together. And most importantly, it should be clear who owns it, who maintains it, and how people can trust it. That kind of design doesn’t come from rushing toward the newest solution. It comes from listening to local teams, investing in governance structures, and choosing standards that support integration over the long haul.
Standards First, Hype Later
Too often, the excitement of new technologies pushes standards into the background. But when systems fall apart, it’s usually because the right standards weren’t in place from the beginning. Gail Hodges of the OpenID Foundation stressed the importance of testing, because real-world failures tend to happen in areas that were never tested thoroughly in the first place. Anita Mittal of GIZ described how communities can come together to build shared digital standards. It’s time-consuming. It requires negotiation. But it results in clarity.
Yann Bouan from iDAKTO shared Morocco’s story. The country had issued high-quality contactless ID cards with fingerprint biometric matching. For years, those cards were barely used. Only when they began using international standards, like OpenID Connect, did the cards become useful for accessing public services. The technology hadn’t changed. The standards had.
Stephanie De Labriolle from the Secure Identity Alliance pointed out another common trap: layers upon layers of APIs that make systems harder to integrate. “It’s a bit silly to have to develop APIs of an API for an integrator,” she said. Simplicity, not complexity, is the real innovation.
No Safe DPI Without Clear Regulation
Even the best digital identity system can go wrong if the regulatory structure isn’t strong. Godfrey Kutumela of the Mifos Initiative put it plainly: everyone involved in building DPI needs to “speak the same language.”
Without shared definitions, roles, and expectations, even the most expensive project can drift off course. And once trust is lost, rebuilding it is far harder than getting it right the first time. That’s why Safe DPI requires not only good code and good design, but good laws, good oversight, and clear responsibilities.
A digital identity card that sits in a citizen’s pocket but doesn’t open access to healthcare, welfare, or voting is more than useless. It’s a broken promise. People don’t just forget those failures. They stop participating. Safe DPI isn’t a luxury. It’s the way forward for any society that expects technology to serve its people. And we believe the most powerful technology in any public system is trust.
We are here to help governments, financial institutions, and businesses to effectively comply with growing regulatory requirements through technology.
