Framing the purpose of a company as beyond making profits for shareholders alone is age-old, but the move to state corporate purpose explicitly is newer. Stating purpose is part of a deeper transformation of a growing number of companies–from being product-driven to becoming purpose-driven.

Data governance is now a well-established domain of knowledge systemizing the rules on how data flows over a data life cycle within organizations. In essence, the DPI approach is all about managing digital data in a safe, effective and principled way for public good. Therefore the governance of DPI is essentially the same as data governance, right? Wrong. The relationship between data governance and governance of DPI can be likened to that between hygiene practices and a hospital. The hospital needs to have hygiene practices in place at a very exacting level to function effectively and safely; but a hospital is much more than its hygiene practices alone. A hospital has to serve patients, manage billing, procure supplies, operate secure buildings–all sorts of functions which are part of operating essential social infrastructure. Governing DPI is similarly complex. It is true that governing DPI will include governing data , and as I have sought to understand the older domain of data governance, I have been struck by some parallels for DPI. Here’s one: just as hygiene practices and protocols have evolved over the decades, so too has data governance. We can only hope that governance of DPI will also evolve from today’s rudimentary understanding. If you read recent books like “Disrupting Data Governance” by Laura Madsen (2019), several more echos emerge: “Data governance is one of the keys to effective data management, yet there’s a lack of shared definition”—I have been on record arguing that it is unnecessary, and maybe even futile, at this early stage to have too precise a definition of DPI, yet some boundaries are needed if DPI is to avoid this same judgment as data governance in twenty years’ time. “Data governance is about trust”—so too, ultimately, is DPI even when citizens are required to use one. “Balancing the forces of protection and promotion (of the use of data) will take some effort, each needs to be well defined and managed to avoid losing focus on their respective needs”—indeed, balancing these forces in the operation of a DPI is a critical function, maybe the critical function, of DPI governance. All those similarities should not conceal one big difference between these two fields: data governance is about the usage of data as a valuable asset within an organization , while DPI is all about supporting flows of valuable data across organizations . This is obvious for payment systems, but even digital ID systems exist to provide forms of secure authentication or verification to relying parties. Optimizing the interoperability of data for public purposes is at the heart of the DPI approach. DPI governance can therefore be framed as a form of ‘meta-data governance’, where the DPIs are themselves stewards of sorts of types of data within digital data ecosystems. That makes the task of DPI governance more challenging, but also potentially more interesting and rewarding. How long will it be before we have textbooks for DPIs with sub-titles like the standard Data Governance text by doyen John Ladley: “How to design, deploy and sustain an effective [data] governance program.” ? I hope we can accelerate the learning cycle with DPI.

There is general agreement that good governance matters for Digital Public Infrastructure (DPI). There is much less agreement at this stage about what governance means in a DPI context. One way to explore building consensus is to explore whether existing widely accepted frameworks could be adapted to the DPI context. Since DPI at its heart is all about exchanging digital data for different purposes–from payment to identification– it seems appropriate to consider the original ‘by design’ framework which was developed for data privacy. This framework was built around the concept of Privacy by design. Since its first use in 1995, privacy commissioners and data protection authorities around the world have recognized privacy by design as an international standard which they intended to promote and incorporate in policy and law. It was originally articulated as seven principles which together signaled an intention to embed privacy considerations proactively throughout the data use cycle. While the privacy by design framework is agnostic about the organization handling the data, the operators of DPIs are types of institutions with a particular purpose which demands specific governance features. The comparison of data to DPI is somewhat akin to that between blood and the heart in the human body–blood, like data, is widely distributed but the heart is the ‘essential infrastructure’ responsible for pumping it. Privacy by design is about protecting the ‘blood chemistry’; governance by design for DPIs is about ensuring that the ‘heart’ functions well, including but not only protecting the unique blood chemistry. So, governance is really the means which connects to ends like this. With that contrast in mind, how well might the principles of privacy by design inform governance by design? The table below maps privacy by design principles in the first column to my suggestions of counterpart principles for governance of DPI in the second column. You will see that the majority of principles (those numbered 1,3,5 and 6) map across pretty easily to governance of DPI. This isn’t surprising, considering a concern for ways of using data is at the heart of both.

“How can we stop going faster while our ability to see further ahead is decreasing?” In today’s world of fast-evolving digital technology, it can be challenging to make informed decisions in complex fields like Digital Public Infrastructure (DPI). With the increasing speed of change, this question posed by Peter Senge and his co-authors in their 2008 book, Presence , remains relevant. The question is applicable in any complex field in which information is limited and the interaction of feedback loops unknown. But DPI has complexity associated with fast-evolving digital technology compounded by public and private sector decisions about its deployment. No wonder the discussion surrounding DPI is filled with both optimistic expectations and valid concerns, from the potential to reduce inequality to the potential to enable dystopian surveillance and state control. The air of recent G20 meetings and World Bank spring meetings was saturated with claims about the promise of DPI and its perils. How then are we to make sensible decisions in the midst of this complexity? The most useful approach I’ve found for navigating complexity is scenario thinking. Scenario thinking is a disciplined approach to building plausible stories of potential futures (note the use of the plural, because there are always multiple paths to the future). A large part of distilling complexity down to more manageable levels is isolating the swing factors, or ‘key uncertainties’ in scenario language. The different possible outcomes of these will interweave to create rich stories, which, like good fiction, will likely have some unexpected twists and turns. These stories, or scenarios, are the backdrop against which to test how different choices may turn out. A robust strategy is one which yields the best outcomes across the widest range of scenarios but also identifies early warning indicators of major scenario shifts so that, where needed, the strategy can shift too. An important aspect of the scenario process is the way in which it helps participants build shared language and understanding, leading to new collaborations and actions to prevent unwanted outcomes. The scenario-building process has now been applied in thousands of cases at the level of country and company strategies around the world. In many, it has led to remarkable shifts in perspective. For example, the complexity of climate change has launched a whole new range of scenario tools which unpack the possible range of implications for public and private strategists to build into their risk disclosures. So how might scenario building apply to the nascent field of DPI? Here’s one way. As I have discussed in other posts, DPI lacks a single accepted definition right now. I point out in the white paper, “Is DPI a useful category or a shiny new distraction?”, that the absence of a single monolithic definition may even be a good thing in the early stages of a field, as witnessed with the older acronym ‘ESG’. However, definitional choices carry consequences. Scenarios could help to answer a driving question like: “Which definitional parameters of DPI will most affect its developmental outcomes?” Layering the different choices about what type of DPI, and therefore whether to promote or protect or regulate it, on top of the fundamental forces driving digital and societal change would be a complex exercise to do well, to be sure. But, I believe, one worth doing. Because as Peter Senge reminds us, reaching actionable clarity is a worthwhile goal–but to get there, you need first to walk through the pit of complexity. Scenarios offer a path through the pit.

In a recent Devex post, Achim Steiner, head of UNDP, and Amitabh Kant, India’s G20 Presidency sherpa, join the growing calls for more investment in DPI as a means of driving growth, reducing poverty and increasing resilience in the face of crises. However, with government budgets already stretched, where will the additional funding come from? While donor funding may help, it cannot fill the gap alone. The field of physical infrastructure offers another way for cash-strapped governments to fund infrastructure projects: public-private partnerships (PPPs). Governments have long used various methods to raise funding or move the risk of providing essential services to the private sector. However, the modern push for infrastructure PPPs gathered momentum in the 1990s as countries like the UK and Australia explored new ways of financing essential infrastructure. Multilateral financiers became major promoters of PPPs, offering technical assistance to governments through specialist agencies like PPIAF , and co-funding designed to entice private funding to defined PPP projects. They even documented their approach in a comprehensive PPP guide directed at governments, together with associated training and certification . Could a PPP-like approach work for digital infrastructure as well? In principle, the answer has to be yes. Like physical infrastructure, digital infrastructure involves an upfront design and build process and requires subsequent operation and maintenance. Private sector providers can play a combination of different roles in PPPs at different stages, but the key difference from a pure service contract is whether in fact the main private partner assumes significant financial risk. One of the big arguments in favor of PPPs was that having private partners assume risk was the best way of managing it, rather than simply passing it over to governments who were often ill equipped to do so. However, ensuring delivery as specified and without unfair exploitation of either party over a long period required a complex web of contracts. Both parties needed the capacity and willingness to work within clear and fair contractual frameworks. But when they did, the state had clear oversight and control of infrastructure without having to build and manage it. The state often assumed full ownership of the underlying asset after the PPP contract period ended. Even if states have the financial capacity, most are highly unlikely to be able to build their own digital infrastructure in-house. They will rely on technology partners for this, even if their role is to deploy and modify open source applications in a specific context. Even when a government agency chooses to maintain a DPI once built, it will likely rely at least in part on external service providers to support it. In other words, the digital services environment is already rife with complex contracting and inter-dependencies between contractors and clients. Taking an explicit PPP approach may not reduce complexity, but it may enable it to be addressed in a more explicit and effective manner. A final question for now: was “the juice (of setting up PPPs for physical infrastructure) worth the squeeze”, particularly with regards to the end outcomes for the state? After all, PPPs in some places have generated controversies over the manner of their procurement, failed standards of service delivery, or the high price of their services. But the alternative—direct government procurement and delivery—has hardly been immune from criticism either. In 2015, the Independent Evaluation Group at the World Bank published its judgment based on evidence from the sizable number of PPPs supported by the World Bank Group. It concluded: “PPPs are largely successful in achieving their development outcomes.” There is ground to believe that PPPs can be successful in delivering public services. While the visibility of PPPs has faded slightly in recent years, in part because of association with privatization as a politically unpopular approach in many places, the call for blended finance options has risen. PPPs of course offer just that: a structured way to blend different types of finance, including donor and concessional funding. With eyes wide open from the past 30 years of experience of PPPs, I believe there is therefore a case to consider explicitly the circumstances in which digital infrastructure PPPs may work best for delivery and operation. It won’t be all cases, maybe not even a majority. But it may well be enough to make a substantial difference in the delivery of essential digital services. Read the Devex Post: Why digital public infrastructure matters more than you think

This paper explores the usefulness of the term Digital Public Infrastructure (DPI) as a new category descriptor. In order to reach any conclusion, I first reflect on whether there is yet sufficient clarity about its meaning. This question leads to an exploration of the space in which to locate the existing definitions of DPI; and then to the wider question of what is the appropriate combination of definitional openness and certainty at this early stage of the field’s development? The answer is linked to the purpose for which a definition is needed: such as championing a field or investing in it or regulating it. The relatively rapid take-off of the term DPI reflects in part deeply felt but diverse hopes and fears about the emerging digital future, such that reconciling all these will not be easy; DPI alone is no magical fix. However, it is possible to pursue an emergent definitional path which starts broad and over time, rules out certain options as evidence gathers. Definitional questions aside, there is already evidence of convergence in substance across different sectors that can make DPI a useful lens beyond the existing sectoral lenses alone. In addition, the DPI lens allows new questions to be asked, for example about whether the fragmented approach to regulatory architecture for data is adequate. The term DPI seems potentially useful therefore, but it will require some careful shepherding to avoid either the confinement of premature narrowness or the vacuousness of prolonged vagueness,

Could the dramatic failure of FTX have been avoided? What went wrong, and how can startups avoid making the same mistakes? Here a few of my thoughts: FTX's spectacular implosion has provided yet another demonstration of the tech law of amplification: namely, technology takes what works well and scales it; but it takes what works badly, and scales that too. Many circles of venture capital operate with the idea that a concern for governance should come later on in the life of a company. According to this view, governance at the early stage is restrictive and bureaucratic, and therefore antithetical to the capacity to move fast. FTX scaled superfast on this premise. At least Mark Zuckerberg recognized in Facebook's early motto that this could lead to breaking things. In the case of FTX, those things total $8 billion in claims to potentially up to a million creditors, apart from collateral reputational damage to the crypto sector as a whole.

 What can “Tank Man” teach us about governance? A few weeks back, I wrote about the distinction between authority and power, and how this plays out in the context of startup governance. But for many people, the distinction between authority and power is not very clear. So, here’s a very visual way of representing the difference. In this iconic picture taken 1989, we see an unidentified man standing in front of a line of tanks in front of Tiananmen Square, standing against the government's violent crackdown on the Tiananmen protests. It’s obvious at a glance that all the power sits with the column of large tanks, and some authority too–after all, the tanks were called in by the government to crush the student protests. By contrast, the lonely protestor has no power; he is physically small compared to the tanks, seemingly outmatched by the state's might. Despite this clear imbalance, the man holds a certain authority. He has the authority to bring a column of tanks to halt. Where does his authority come from? Remember the definition from Victor Lee Austen: “Authority is held by a person/s who lead humans to a fuller exercise of their freedom to accomplish human tasks.” Tank Man’s courage gave him a moral authority which both tank captains and their commanders recognized–for a while at least. This concept of authority is not limited to the realm of politics. Even though they have no tanks to command, leaders of companies may also accrue wider authority inside and even outside their organizations. Inside, authority will grow to the extent that leaders build the capacity of their employees to flourish. Outside, a company’s products and services, together with the way in which they are provided, can enable even customers and citizens to grow also in their relative freedom to accomplish tasks. This type of authority creates the capability to influence without coercion. It’s the power of demonstration and that’s why we have celebrated examples of companies which have had influence, like Ricardo Semler’s Semco Partners or those others mentioned in Good to Great . Read more on my Linkedin .

Governance in a Post-Authority Era In my many years of observing private and public organizations of all sizes, I’ve made one very critical observation: governance often lies behind their failure to achieve their purpose. But governance failure itself is only a symptom of what I feel is a bigger issue that organizations are facing globally. In today's "post-authority" era—alongside all the other “posts” which characterize it, like post-modern, and post-truth—there is a growing mistrust of institutions and leaders that hold authority. The notion that there can be rightful authority is not accepted. Authority is seen as a potential or actual violation of the freedom of the “sovereign individual.” There is a pervasive sense that our institutions which should have authority—in government, religion, civil society—are all failing us. The result of the decay of authority is that other forms of power, like the coercive power of authoritarian regimes and the persuasive power of digital media, are on the rise. And they don’t usually provide a path to human flourishing. But what if the problem is less with specific authorities and more with our understanding of authority? I like how Victor Lee Austen defines authority: “Authority is held by a person/s who lead humans to a fuller exercise of their freedom to accomplish human tasks.” The word ‘authority’, a close cousin in English to the generative word ‘author’, comes from the Latin word meaning to increase. Rightful authority leads to flourishing for both those wielding it and those under it. Most of us are in both situations: under some form of authority but also wielding it in some way—as a parent, for example. Rightful authority brings with it the power to change circumstances, but power does not necessarily lead to authority. Consider the example of a #startup founder. She has the authority of the one who originated the idea for the company and who guards it jealously; but she lacks the power to bring that vision to fruition alone. As a result, she likely turns to those who have one form of power (money), but who don’t necessarily carry authority over her company: venture capital funders. When these funders provide the necessary financial resources, they also gain a level of influence and decision-making power in the form of shareholder votes. The founder/CEO’s authority is no longer absolute, even if it remains paramount. As the startup raises more funding, and grows to become profitable, alongside authority, the founder/CEO acquires more power: that is, she has more control over more resources and people and more effect on the marketplace. However, if the #CEO acquires too much power without being accountable to some form of authority outside of herself, the risk of abuse and failure grows. A rebalancing of authority and power needs to take place over time so that power and authority are appropriately distributed across the organization. Not only will the nature of this rebalancing change over time, but it will look different in different organizations. I see this as the basic task of #governance : optimizing the distribution of authority and power in organizations. When this is done well, it should result in conditions for everyone involved—employees, shareholders, customers and the communities in which they live—to flourish. In a post-authority age, it may be harder to do well, but that does not make it any less important. Do you have any thoughts on how organizations can effectively balance and distribute authority and power in this 'post-authority' era?