Digital Public Infrastructure: The Law Before the Code
- Ott Sarv
- Aug 27, 2025
- 4 min read
Updated: 6 days ago
The café opens at seven. The owner has her inspectors’ forms in a folder and a permit number on her phone. She paid the fee, passed the checklist, and watched a green tick appear. Three weeks later, a complaint lands in court and the number means nothing. The platform issued it, but the law never did. The interface delivered speed. It did not deliver authority.
This is the false choice that keeps resurfacing in modern state programmes: speed or law, automation or legitimacy. The truth is less forgiving. A digital act acquires public meaning only when legal authority creates it, a competent institution owns it, and people can challenge it. That is the control structure: legal sequence precedes code execution, and deployment begins with law, not software.
Why Digital Public Infrastructure begins in law
Digital Public Infrastructure is not a technical artefact. It is a legal institution whose legitimacy arises from statutory authority, institutional mandate, and procedural accountability. Each layer corresponds to a legal source, a named custodian, and an enforceable function. No layer may substitute for another. That is how you prevent premature deployment, and that is how you block shortcuts that would bypass statutory obligations.
When programmes invert this order, transactions occur without governance. Code begins to govern first and law arrives too late, so compliance statements cannot restore legitimacy to logic that was defined before the state assigned the function. A decision that cannot show its authorising law, its responsible institution, and its route to reversal is not governance. It is automation without law.
Tracing a decision: the full circuit from law to Oversight and Remedy
A lawful licensing decision begins when the legislature defines purpose and scope. The mandate then assigns the function to a named institution that accepts liability and sits within a supervisory chain. Eligibility is verified against Canonical Records designated in law, including who maintains them, how they are corrected, and how changes propagate. Only then does automation mirror the enacted procedure, with an auditable lineage from rules to legal texts. The competent authority issues a decision that is attributable and appealable. The public interface preserves legal effect, records receipt, and allows objection. Independent bodies can review the case and reverse it when necessary.
This sequence is not a performance ideal. It is a jurisdictional requirement. A system may not execute a service unless its purpose is defined in law, its custodian is appointed, and its data dependencies are registered. Sequencing protects rights and prevents institutional control drifting into platform defaults, a failure mode that becomes visible only when disputes begin.
The public interface carries legal meaning only when it preserves access to rights. Delivery channels must keep the legal effect of the decision intact and must allow contestation, objection, and appeal. A user-friendly service is not lawful unless it also upholds enforceable access.
The operational test: the artefacts that must exist before automation
Layer claim | What must exist in practice | What fails if it is missing |
Authorising law | Defined purpose, scope, decision powers, and effect | Outputs look official but cannot bind rights or obligations |
Institutional mandate | Named custodian, liability assignment, supervisory chain | Responsibility becomes diffuse and disputes become unresolvable |
Designated registers, stewardship rules, correction and propagation duties | Eligibility checks become unverifiable and stale | |
Service logic as lawful procedure | Versioned rule lineage, change control, auditability | Configuration becomes de facto policy, not enacted procedure |
Attributable decision | Identifiable decision-maker, rule version, time, basis | Appeals collapse into argument over screenshots |
Public interface preserving effect | Receipt, notification, timelines, objection route | Access to rights becomes decorative rather than enforceable |
Review authority, suspension powers, reversal propagation | Errors become permanent in practice even when acknowledged |
What fails when the sequence is skipped
When configuration stands in for law, power shifts from public institutions to software logic and interface defaults. The result is not efficiency. It is a simulation of governance that erases the legal context determining who may act, under what authority, and with what consequences. Interfaces cannot rescue the situation because delivery without admissibility does not activate rights.
The decisive hinge is attribution. If a decision cannot be attributed to an authorised custodian applying an authorised procedure, it cannot be defended. Once that breaks, every downstream safeguard becomes theatre: the green tick remains, but the state has no enforceable story to tell about why the tick exists.
This is where Governance Drift becomes more than a warning. It becomes the inevitable outcome of building systems as if they were a Product vs Project, with success measured by shipping features rather than sustaining legitimacy.
A mandate for donors and implementers: prove jurisdiction before funding
Acceleration is not capacity if it bypasses jurisdiction. Donor-driven deployments that introduce identity, consent, or eligibility before law and mandate displace public authorship with platform logic. Projects may appear efficient, but authority no longer rests with the state.
The minimum gating rule is simple to verify. Funding should activate only when the programme can prove legal origin, prove institutional control, and prove contestability. In practice, that means the function is authorised in law, the custodian is appointed, Lawful Capability is operational, registries are designated, orchestration follows authorised acts, decisions are attributable, delivery preserves entitlements, and Oversight and Remedy is available.
A short story of reversal
Return to the café owner. The dispute is resolved not because the system shows a green tick, but because the decision can be traced back to a law, to an institution with authority, to Canonical Records, to a lawful procedure, and to a public interface that preserved legal effect. When an error appears, a supervisor or a court can reverse it, and that reversal can propagate to the places where the decision was relied upon.
That capacity to reverse is the signature of sovereignty in Digital Public Infrastructure. It is also the practical definition of legitimacy: the state can not only decide, but correct; not only automate, but be held to account.
The control structure
Law Before Code is not rhetoric. It is the control structure that keeps Digital Public Infrastructure inside the public legal order. A system becomes lawful not because it performs a task, but because it performs that task under authorised conditions. Where the chain is complete, people remain rights holders, institutions remain accountable, and technology serves constitutional authority rather than replacing it.
