The OpenID Foundation’s Strategy and Marketing Director, Elizabeth Garber, attended DPI (Digital Public Infrastructure) Day as a member of the 2025 DPI Safeguards Working Group, which operates within the United Nations Development Programme and the Office for Digital and Emerging Technologies.  Her extensive background with multi-stakeholder communities like SIDI Hub, which advances safe, interoperable identity infrastructure, and her role as co-editor of the Human Centric Identity for Government Officials whitepaper, brings valuable expertise to this critical work.  The Foundation is grateful to have her voice at the table, ensuring  open standards remain a critical part of the global DPI conversation. Here is her take on the day: 

Standards as Safeguards in Digital Public Infrastructure (DPI)

By Elizabeth Garber 

Standards play a critical role in our digital future. They are not merely technical specifications: they are essential safeguards that protect populations, enable innovation, and ensure digital infrastructure serves humanity.

As part of the UN’s Open Source Week, DPI Day showcased how DPI can address global challenges and advance the Sustainable Development Goals. The events, held last month (June 2025) at the UN Headquarters in New York, brought together UN Member States, technologists, and partners to drive collaborative action on DPI for sustainable development - a mission that the OpenID Foundation agrees is  fundamental to our collective digital future.

Understanding DPI

The World Bank defines Digital Public Infrastructure as "foundational, digital building blocks for the public benefit." These include digital identity, faster payments, government digital services, civil registry infrastructure, and data exchange technology. Beyond these core examples, DPI encompasses geospatial tools and other reusable building blocks that serve both public and private sectors.

The global landscape of DPI implementations, beautifully captured in the DPI map developed by Krisstina Rao at the University College London (UCL) , reveals both the promise and the challenges of building digital infrastructure at scale. This is where standards become indispensable.

Why standards matter in DPI

Preventing vendor lock-in

Vendor lock-in represents a universal threat to sustainable digital development. Major organizations, from the World Economic Forum to the World Bank's ID4D and the OECD, consistently identify this as a core concern for digital identity systems.

The pattern is familiar. Vendors implement systems using proprietary technologies, embedding themselves deeply into government operations. Once entrenched, they command high fees for upgrades, servicing, and integration, holding critical public services hostage. The resulting harms extend beyond financial waste, to include poor service delivery, insufficient data security, and limited innovation.

Open standards, like those developed by the OpenID Foundation, offer a proven solution. When governments implement robust, tested standards throughout their architecture, they maintain sovereignty over their digital infrastructure. They can hold vendors accountable, switch providers when necessary, and ensure continuous service delivery to the population. 

And, this isn't theoretical. In supporting 26 ecosystems in their open data and digital identity deployments, we've seen this play out across markets.

Standards enhance ecosystem security

The UN DPI Safeguards Framework correctly identifies security controls as non-negotiable for protecting individuals and society. Without these essential protections, digital systems become vulnerable to exploitation, leading to cascading harms that affect everyone from individual users to entire economies. And, with Cybersecurity Ventures projecting cybercrime costs of $10.5 trillion annually by 2025, equivalent to the world's third largest economy after only the United States and China, the stakes couldn't be higher.

This staggering figure represents more than just financial losses. It's a material ‘tax’ on global society that undermines trust in digital systems and slows economic growth. The ripple effects extend far beyond immediate victims, as cybercrime proceeds fuel illicit industries, including arms trafficking, drug cartels, and human trafficking networks, perpetuating cycles of harm that destabilize communities worldwide.

The OpenID Foundation's approach to security through standards creates a powerful multiplier effect. As more actors across domestic and international ecosystems adopt rigorous security standards and conformance measures, all digital infrastructure becomes exponentially more resilient. This collective security model operates on the principle that interconnected systems are only as strong as their weakest link. By raising the baseline security position across all participants, standards strengthen the entire ecosystem

Applied alongside other security best practices, this comprehensive approach protects businesses from operational disruptions and reputational damage while shielding individuals from the devastating personal impacts of fraud, scams, and identity theft. More critically, by hardening targets and reducing successful attacks, robust security standards disrupt the economic models of cybercriminals, cutting off funding streams that would otherwise flow to illicit industries and terrorist organizations.

Enabling true interoperability across sectors and borders

Perhaps nowhere is the importance of standards more evident than in enabling interoperability across sectors and borders. As highlighted by the DPI Safeguards Framework and explored in-depth by the OECD principles for Digital Identity, interoperability delivers transformative benefits to society that extend far beyond avoiding vendor lock-in.

At the heart of this lies Article 6 of the UK Convention on Human Rights, which recognizes the fundamental right of all people to be recognized as a person under the law, anywhere. This isn't merely a legal principle, it's the foundation upon which all other human rights depend. Healthcare, education, marriage, travel…each of these essential rights requires our ability to identify ourselves uniquely before the law, wherever we are in the world.

Standards transform this principle from aspiration to reality. They create the technical bridges that enable us to assert aspects of our identity seamlessly across sectors and borders. Through standardized protocols, an ID issued in one country can be read, verified, and trusted in another. Educational credentials earned in one institution can be validated by employers across the globe. Healthcare records can follow patients as they move, ensuring continuity of care regardless of geography.

This interoperability ensures that identity verification enhances rather than hinders access to essential services. Without standards, each system would operate in isolation, forcing individuals to repeatedly prove their identity through different, incompatible processes – their credentials sometimes unreadable and unusable to the people who need to verify them. This creates barriers that disproportionately affect the most vulnerable populations.

Through the work of  the DPI Safeguards Working Group, the OpenID Foundation hopes  that these interoperability capabilities are built into DPI implementations from the ground up, creating a world where digital identity empowers rather than excludes, and where the promise of Article 6 becomes a practical reality for everyone.

Embedding standards in DPI programs

Standards as dynamic policy

Experience shows that hardcoding specific technologies and standards into legislation creates dangerous rigidity, as technology evolves quickly and the threat landscape even faster. The European Union's Architectural Reference Framework offers a better model, pointing to governance structures that can adapt while maintaining security and interoperability.

For effective DPI implementation, detailed architectural reviews must accompany assessments of standards availability and maturity. These evaluations must consider ecosystem goals and inevitable trade-offs. Technologies tuned  to optimize fraud prevention may, for instance, enable unintended surveillance and significant privacy concerns if applied in the wrong context or not properly implemented and governed.

Certification and conformance requirements

Robust standards only deliver value when properly implemented. The OpenID Foundation provides free test suites enabling implementers to verify their conformance, democratizing access to security and interoperability. OpenID Foundation tests often include critical elements of liaison partner standards body specifications, such as OIDF’s current tests for OpenID for Verifiable Presentation that include tests for the W3C Digital Credentials API, the IETD SD-JWT, and the ISO/IEC SC17 18013-5 mdoc, a test suite that will support issuing jurisdiction requirements from the European Commission and others adopting these standards.

For governments, ecosystems, and funding partners that are committed to delivering safe, interoperable systems, mandatory conformance and certification requirements should be embedded into procurement processes, contracts, and ecosystem rules from the outset.

Engaging with standards bodies and mobilizing standards for digital public good

Governments should actively engage with international standards bodies to ensure public sector needs and citizen interests shape the technical frameworks governing our digital infrastructure. By participating in the work of organizations like the OpenID Foundation - where contributing is free, membership is straightforward and optional with a marginal cost ($250),  multilingual support is provided, and working groups welcome diverse perspectives - governments can embed critical use cases and principles directly into standards development. 

To accelerate this engagement, particularly for initiatives like the SIDI hub supporting African countries, we will create practical resources, such as reference architecture mapping key standards bodies to their focus areas and participation processes. This work will be published by the soon-to-launch Ecosystem Community Group as a freely available resource on how to layer standards (from OIDF and others) to deliver open data and digital identity ecosystems. Stay tuned for a blog post on the formation of this group, which will have its first meeting July 28th with no cost to contribute. 

Through our continued work with the DPI Safeguards Working Group, the OpenID Foundation remains committed to ensuring that sustained engagement in standards development, combined with updated procurement processes that incorporate conformance requirements, forms the foundation for building digital public infrastructure that is truly inclusive, secure, and serves the global public good.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.