The DPI Debate Is Not About Platforms. It Is About Authority

Digital Public Infrastructure has become one of the defining policy ideas of modern digital government. It promises faster public services, reusable digital rails, cheaper integration, and new forms of public-private innovation. The global consensus has moved quickly. The G20 Framework for Systems of Digital Public Infrastructure describes DPI as shared digital systems that can be secure, interoperable, built on open standards and governed by applicable legal frameworks.

Yet the most important question is not whether a country can build a platform, adopt a toolkit, publish an API, or join the growing vocabulary of DPI. The harder question is whether digital public action remains lawful when it becomes automated, modular, reusable and distributed across multiple systems.

That is where the Seven Layer Model for Digital Public Infrastructure changes the conversation. It does not reject the mainstream DPI agenda. It challenges its sequence. The model argues that public digital systems should not begin with software architecture and later search for legitimacy. They should begin with legal authority, institutional mandate, canonical records, governed service logic, traceable execution, rights-preserving interfaces, and operable oversight and remedy.

The platform story has been too easy

Much of the DPI conversation has been built around a powerful and attractive idea: governments should stop rebuilding the same digital capabilities for every service. They should use shared systems for identity, payments, data exchange, registries, messaging, trust services and service delivery. Done well, this can reduce duplication, improve interoperability, and make public services easier to scale.

GovStack presents this approach through reusable, interoperable building blocks that can support whole-of-government digital services across sectors, ministries and departments. Its specifications define building blocks as software code, platforms and applications that provide reusable basic digital services at scale. This is a useful proposition, but it is incomplete.

A reusable platform can speed up delivery. It doesn’t decide who has legal authority to issue permits, update registers, suspend benefits, validate credentials, or reverse administrative decisions. A common API can transfer data but can’t determine which record is authoritative or set processes for institutions. Govstack simply doesn’t have the mandate for that.

The Seven Layer Model sharpens this distinction. It treats DPI as a legal institution delivered through governed technology, not merely as a shared technical asset. Systems do not gain legitimacy from performance, scale, openness, or configuration. They acquire public meaning through lawful origin, named institutional responsibility, evidentiary continuity, and contestability.

That distinction matters because digital systems increasingly produce outputs that people experience as public decisions. A green tick, a verified status, a payment eligibility result, or a registry update may feel final to the person affected. But if the output cannot be traced back to legal authority, institutional mandate, recognised records, authorised procedure, and effective remedy, the system has delivered speed without governance.

The Seven Layer Model changes the order of the conversation

The Seven Layer Model for DPI begins with legal authority because public power does not originate in code. It then moves to institutional mandate because authority must be assigned to a competent body that can be supervised and held responsible. It places canonical records before execution because digital services rely on records that must be recognised, stewarded, corrected and used as evidence.

Only after those foundations are in place does the model turn to service logic, execution and public interfaces. This is a crucial reversal of common delivery practice. Many programmes start with portals, platforms, prototypes and integration layers. The Seven Layer Model asks whether the rules being automated are authorised, whether the institution operating them has mandate, whether the records being consumed are canonical, and whether the person affected can understand, challenge and correct the outcome.

This is why the law before code argument matters. The point is not that law should slow every project. The point is that digital acts with public consequences need lawful origin, institutional ownership and contestability before reliance becomes widespread.

The final layer, oversight and remedy, is not decorative. It is the test of whether DPI remains public infrastructure rather than a private, vendor-shaped, or donor-shaped operating environment. A complaint form is not enough. A helpdesk is not enough. Remedy must be able to reach the evidence, identify the responsible institution, suspend or reverse the relevant outcome, and correct the record or process that caused the error.

This is where the model is most demanding. It does not treat safeguards as an external checklist added to a deployed system. It treats remedy as part of the architecture of public authority. The Universal DPI Safeguards Framework also recognises that safeguards must flow through law, regulation, institutions, people, processes and technology. The Seven Layer Model pushes that logic into the operational sequence of the system itself.

The disagreement is not about goals

The disagreement between the Seven Layer Model and mainstream DPI thinking should not be overstated. The broad DPI field already recognises governance, inclusion, legal frameworks, privacy, security, openness and human rights. The G20 framework includes governance as part of the DPI agenda, while the Universal DPI Safeguards Framework identifies risks including lack of recourse, weak rule of law, weak institutions, digital distrust and exclusion.

The conflict is therefore not about whether DPI should be safe, inclusive, interoperable, or reusable. It is about what must come first and what must remain controlling.

A platform-first view asks how shared systems can deliver services at scale. A building-block view asks which components can be reused across sectors. A protocol view asks how open networks can enable innovation. The Seven Layer Model asks a prior question: when a digital system acts, whose public authority is being exercised, on which records, under which procedure, with what evidence, and through which remedy?

That question does not weaken the DPI agenda. It protects it from becoming too thin.

Digital public goods are not digital public authority

One of the most important distinctions in this debate is between reusable digital artefacts and public authority. Digital public goods may include open-source software, open data, open AI models, open standards and open content that meet defined public-interest and safety criteria. GovStack also distinguishes digital public goods from building blocks, noting that building blocks may be open source or proprietary and can be combined into a country’s DPI.

These artefacts can be valuable. They can reduce cost, improve transparency, support reuse, and help countries avoid vendor lock-in. But they do not carry domestic legal authority by default. A digital public good can implement a workflow. It cannot, merely by being open or reusable, establish the competence of a ministry, determine the evidentiary status of a register, or create an enforceable remedy pathway.

The Seven Layer Model makes this distinction explicit by treating DPI as lawful digital public authority, not as a catalogue of reusable components. Legal validity and accountability arise from domestic governance and authorised procedure, not from the reusable artefact itself.

This is why the model is useful for countries adopting external toolkits, wallets, registries, or data exchange platforms. It asks whether the imported component has been domesticated into public authority. Has a competent institution been assigned? Are the records recognised? Are rules traceable to an authorised procedure? Can a person contest the outcome? Can supervision change the result?

Without those answers, a country may have functioning technology but incomplete governance.

The real risk is simulation

The most serious failure in DPI is not always technical failure. Sometimes the system works exactly as designed. The interface loads. The credential verifies. The payment routes. The registry responds. The dashboard reports success.

The failure appears later, when someone asks a legal question. Who made the decision? Which institution owns the error? Which record controlled the outcome? Which rule was applied? Which version of the rule was active at the time? Which evidence bundle can be reviewed? Who can order correction? What happens downstream after correction?

If those questions cannot be answered, the system has simulated public service delivery without preserving public governance.

The law before code framing captures this risk directly: public digital infrastructure should begin in public law, not in configuration.

That is a practical delivery standard, not an abstract legal preference. Countries do not build trust by declaring systems trustworthy. They build it by ensuring that digital decisions can be explained, challenged, corrected, audited and supervised.

Why this matters now

The DPI field is moving from advocacy to implementation. Shared systems are no longer only a development narrative. They are becoming the architecture through which states identify people, exchange data, deliver benefits, authenticate access, issue credentials, and recognise legal effects.

That makes governance sequencing urgent. The question is no longer whether a country has identity, payments, data exchange, registries, or trust services. The question is whether those capabilities can lawfully produce public outcomes.

The distinction matters for donors, governments, vendors, civil society, and supervisory bodies. Donors need to know whether funded systems strengthen state capacity or replace it with project architecture. Governments need to know whether public mandates survive modular implementation. Vendors need to know which legal and institutional boundaries their systems must respect. Civil society needs evidence pathways, not merely participation language. Supervisors need systems that can be inspected and corrected.

The DPI debate has matured enough to move beyond the question of whether shared systems are useful. They are. The next question is whether they remain public when they scale.

The stronger definition of success

A successful DPI programme should not be measured only by adoption, transactions, integrations, or platform reuse. Those measures matter, but they are not enough. The stronger test is whether the digital system can withstand a challenge from the person affected by it.

Can the person know what happened? Can the responsible institution be identified? Can the relevant record be inspected? Can the applied rule be traced? Can the evidence bundle be reconstructed? Can the outcome be suspended, corrected, or reversed? Can oversight compel change?

The Seven Layer Model makes those questions architectural. It says that authority, mandate, records, logic, execution, interface and remedy must remain connected. Break the sequence, and DPI becomes fragile. Preserve the sequence, and digital government becomes not only faster, but more lawful, reviewable and durable.

That is the central point. The argument is not against platforms. It is against platforms that quietly become government without carrying the obligations of government.

The future of DPI will not be decided by whether countries can assemble more building blocks. It will be decided by whether those building blocks operate inside a lawful public architecture. The platform may deliver the service. Authority must still govern the act.