Hiring a DPI Policy Consultant Is Not a Procurement Task. It Is a Sovereignty Decision.
- Ott Sarv
- Feb 27
- 5 min read
Updated: 6 days ago
Governments do not usually lose control of the state because they lack software. They lose it because they delegate authority to systems that cannot be defended when challenged, corrected when wrong, or reversed when harm occurs. That is why selecting a DPI policy consultant is not a matter of desktop research, glossy frameworks, or imported maturity models. It is a decision about whether a country retains operational control over its own public power in the age of automation.
The contemporary vocabulary makes it easy to sound serious while doing shallow work. The harder test is whether the consultant has built and operated lawful capability on site, inside institutions, under real constraints, and through conflict.
This piece sets out how to proceed.
The starting rule: treat DPI as a legal institution, not a technology programme
The consultant you want is the one who understands, and can operationalise, a simple ordering constraint: Law Before Code.
Not as a slogan. As a control structure.
A system becomes public infrastructure only when the chain is complete: authority is defined, institutional mandate is assigned, canonical records are designated, procedures are mirrored into service logic, decisions are attributable, delivery preserves legal effect, and DPI Guidance and Enforcement exists to suspend, correct, and reverse outcomes.
Where the chain is incomplete, you do not have a state capability. You have automation that may look efficient until the first contested case lands.
How to proceed: a selection process that favours field experience over desktop confidence
You should proceed as if you are hiring someone to help you run critical infrastructure during dispute conditions, not someone to write a report that pleases a donor or a procurement committee.
A credible selection process therefore starts by killing three illusions.
Illusion to remove early | Why it is dangerous | What replaces it |
DPI as religion | Belief systems reward diagrams, not enforceability, and they collapse under scrutiny | Evidence-grade operating artefacts and reversible decision circuits |
Global North as exporter of correctness | Imported templates routinely bypass domestic authority and shift liability to local institutions | Domestic legal origin, custodian liability, and contestability as gating conditions |
Desktop DPI as equivalent to field DPI | Desktop work rarely faces institutional conflict, service counter realities, court scrutiny, or outage pressure | On-site operating experience that has survived disputes, reversals, and institutional escalation |
The purpose of the process is not to punish theory. It is to ensure that theory is subordinated to operational reality.
The real dividing line: has the DPI policy consultant built lawful capability that survives dispute?
A serious consultant can describe, in concrete terms, how to take a national function from intent to enforceable operation. This is not abstract. It is a circuit that begins in law and ends in remedy.
That circuit is exactly what donor-driven programmes and platform-first programmes often skip, producing GovStack Failure patterns: output without authority, interfaces without admissibility, and compliance statements that arrive after the fact.
The selection process must therefore test for delivered Lawful Capability, not rhetorical capability.
Field tests: the questions that separate operators from presenters
A strong hiring panel does not ask about methodology. It asks for lived sequences, failure modes, and reversals.
Field test | What you ask in the interview | What a credible answer contains |
Authority chain test | Explain a time a system output was challenged and had to be defended | Named authority basis, named custodian, rule lineage, evidence trail, and what changed afterward |
Mandate conflict test | Describe a conflict between two institutions over who owns a function | How mandate boundaries were settled, how liability was assigned, how escalation worked |
Canonical record reality test | What did you do when the record source was incomplete, inconsistent, or politically sensitive | How Data Exchange Platform Legal Authority was established, and how correction propagation was designed |
Remedy test | Walk through how a wrong automated decision is reversed end to end | Suspension, correction, propagation, and what DPI Guidance and Enforcement looks like operationally |
Governance drift test | What controls prevent platform defaults from becoming policy | How Governance Drift is prevented through change control, supervision access, and mandate-aware gating |
Acceptance and entitlement test | How do you prevent interoperability from becoming entitlement | How Mandate Gating and Data Exchange Safeguards constrain disclosure and reliance |
A consultant who cannot answer these with concrete operational steps is not ready for national DPI.
Money is not the problem. Misaligned incentives are.
A country should pay very well for the right person, because failure costs are not consultant costs. Failure costs are legitimacy costs, litigation costs, programme reset costs, and the political cost of losing control of public functions.
The threat is not high pay. The threat is a market where:
Incentive pattern | What it produces | Why it fails a country |
Donor-pleasing outputs | Reports, workshops, launch events, and dashboards | Authority remains externalised, liability remains local, remedy remains absent |
Desktop-first consulting | Beautiful policy language without operational control structures | Systems ship fast and break under scrutiny |
Platform-first delivery | Features without jurisdictional grounding | Technology becomes policy by default, which is how states lose control |
Monetisation of trust events | Tolls on verification and compliance artefacts | This becomes Priced Trust Transactions that ration trust and suppress adoption |
A serious consultant is expensive because they reduce risk. A bad consultant is expensive because they produce theatre.
Global North and Global South is not geography. It is risk transfer.
The uncomfortable reality in many deployments is that imported DPI packages shift risk:
The exporter gains reputational upside from launch. The country inherits liability for contested decisions, institutional conflict, and citizen harm.
The right consultant makes that dynamic explicit and then reverses it. The consultant’s loyalty is to domestic legitimacy, not external optics. That is the practical meaning of Digital Sovereignty in DPI.
Procurement discipline: the gating conditions that should unlock funding and scope
If you want a process that works in real life, put hard gates into contracts and donor agreements. Do not fund scaling until the authority chain is complete.
Contract gate | Evidence required to pass the gate | What it prevents |
Legal origin gate | Authorising basis and defined legal effect of outputs | Interface decisions that cannot bind rights |
Custodian and liability gate | Named institutional owner, supervisory chain, escalation authority | Diffuse accountability and institutional blame loops |
Canonical record gate | Designation of records, stewardship, correction propagation rules | Eligibility checks that cannot be defended |
Procedure-to-service logic gate | Versioned rule lineage and change control | Configuration substituting for law |
Remedy gate | Operational reversal and correction workflow with propagation | Governance that exists only in policy text |
Safeguards gate | Demonstrable Mandate Gating and enforceable Data Exchange Safeguards | Entitlement drift and unreviewable disclosure |
These gates are how you stop Product vs Project logic from capturing the programme.
What you should ask for as deliverables
Do not accept deliverables that only describe principles. Demand artefacts that operators will actually use after the consultant leaves, aligned with Trust Frameworks at Scale.
Deliverable | What it must enable | How you know it is real |
Control matrix for authority and mandate | Who can do what, under which basis, with which liability | It is used in onboarding, change approvals, and incident response |
Decision evidence profile | What evidence is created per decision and how it is retained | It supports replay under dispute |
Remedy and reversal playbook | How errors suspend, correct, and propagate | It is exercised in drills and incident reviews |
Change control protocol | How rule changes remain attributable and lawful | It produces a clear lineage from rule version to authority |
Supervision interface requirements | How oversight bodies inspect behaviour | It exists as operational access, not a PDF |
---
A DPI policy consultant is useful only if they can protect the state from mistaking a working interface for lawful authority.
Proceed by selecting for on-site experience in contested environments, insist on gates that prove legality before scale, and pay for capability rather than theatre. The alternative is predictable: a fast launch followed by slow collapse, where institutions discover too late that the system can neither be defended nor reversed.
If you want, I can now convert this into a publication-ready article with a stronger opening vignette and tighter pacing, while keeping the same selection tests and linked doctrinal anchors.
