Three Ways to Reduce the Risk of Digital Public Infrastructures (DPIs)

David Porteous and William Frater • Dec 08, 2021

Stay up-to-date on trends shaping the future of governance.

David Porteous and William Frater


In a previous article, one of us drew lessons from the recent story of Open Banking in the UK about how to govern digital public infrastructure (DPI). In essence, the case showed how the governance of Open Banking Ltd, the not-for-profit company established to set up the scheme, largely achieved its purpose—namely, enhancing the wellbeing of UK consumers and small businesses--while failing in its oversight role. This latter failure triggered a whistle-blower complaint to the responsible regulator in 2020 and then an independent investigation, which has resulted in resignations and in the appointment of new directors in late 2021.


The investigation showed that members of one stakeholder group, people working for Open Banking, suffered in various ways, even if another, UK consumers, benefited from the scheme gaining traction overall. Failure in oversight usually results in a particular group of stakeholders being negatively impacted like this.  However, the opposite type of failure--where the purpose fails while oversight is upheld--is at least as great a risk for DPI. This type of failure results in ‘white elephant’ projects on which enormous amounts of resources are wasted without achieving the purpose set out. And of course, double failure--failure of purpose combined with failure of oversight resulting in corruption and loss--is all too common with large infrastructure projects. 


As a wave of momentum and funding builds towards promoting DPI around the world, what can be done to reduce the risk of either type of failure? In this article, we outline three governance pathways which may help. 


Organizational Purpose and DPI


Purpose has become the central feature of the new governance codes and in pronouncements from the largest global investors. For the sake of clarity, purpose is defined in the new ISO guidance on governance, ISO 37000, as being the reason for existence of an organization. An organization’s purpose embraces how it strategically contributes to the long-term wellbeing of all people and the planet. Purpose articulates the worth that the organization will generate for all its stakeholders, defining its activities and its values and guiding its performance objectives and providing a clear context for its day-to-day decisions. The governing body on the one hand is the custodian of an organization’s purpose, ensuring that it is defined, communicated and embedded. It is accountable to stakeholders for its fulfillment. On the other hand, the governing body has the role of providing oversight, which is the duty of care and skill that ensures that the organization is operated in an ethical and prudent manner such that the governing body’s stewardship responsibilities are met.     


Woman Leading a DPI (Digital Public Infrastructure) Board Meeting


How does this understanding affect the governance of DPI? Compared with standard tech products, the building of DPI carries risks and opportunities which mean that the needs of stakeholders matter even more. These include the aspiration to achieve usage and influence at national scale; as well as the likelihood that there are stronger conflicting interests among stakeholders since not all incumbents may be benefited equally by new infrastructure. Traditionally, the role of the state has been to step in to effectively ‘arbitrate’ this conflict through the direct provision of public infrastructure; however, the newer models of providing DPI are more likely to require public-private collaboration, which is achieved through the establishment of a corporate vehicle, as we have seen in the case of Open Banking.


The conventional oversight route may be necessary but is insufficient


The conventional route of ensuring that stakeholders play an oversight role over the purpose of an organization is to nominate representatives of groups of stakeholders to the governing body or board. This indeed is the approach proposed by the UK trade association, UK Finance, for the future board of Open Banking: representatives of consumers and SMEs, the two main target beneficiary groups, would each have one non-executive director seat (out of seven). There are some tricky issues to navigate here such as how best to select one person from each of those large, diverse constituencies: transparent call for nominations can help, but then some pre-existing group of people has to decide. Once appointed to the board, all directors are required by company law to prioritize the interests of the company over the specific interests that they may represent. This approach to constituting board representation is common in these cases, and may even be helpful overall, but we would argue it is insufficient. 

So what is needed to ensure that a DPI sustains its purpose over time? Here are three ways which we believe may reduce the risk of either type of failure in building a new DPI. These are all part of ‘Governance by Design’ in this new and important terrain. 

Woman Discussing Digital Governance with a Client

1) Undertake upfront stakeholder consultation about purpose


Purpose needs to be established for a new organization to have a clear view on its reason to exist and on how it will make a contribution to the long-term well being for all people and the planet. Necessarily this will involve discussions with stakeholders on what benefit it will deliver. Also on how to be accountable to them for both the positive and negative impacts and for the values that the organization espouses. Those charged with establishing the governance of any new organization which builds and operates DPI should identify likely stakeholders, consult with them and then seek to balance their interests when articulating the organization’s purpose. They then need to establish the channels to account to stakeholders on the fulfillment of this purpose in a manner that is both ethical and prudent. Having channels in place will contribute to ongoing reinforcement of the mandate of the governing body and ensure that the organization’s purpose remains relevant.   



Judge's Gavel Representing Governance Enforcement


2) Be aware of legal paths for enforcement of neglect of governance


The duty of oversight, or of acting with due care and in good faith, is core to the responsibilities that governing body members accept in holding their position. This is both a legal requirement and a stewardship obligation. The governing body should understand the risks that the organization faces and set parameters for the management of those risks. It should ensure that those to whom it delegates the responsibility of executing the strategy to deliver the purpose are provided with parameters within which to act. It should monitor the progress towards delivering on the purpose along with the adherence to the parameters that it has set. Necessarily these parameters should define the risk limits and ensure that the purpose is delivered within prudential and ethical boundaries that minimize the negative impacts on stakeholders, on broader society and on the environment. The governing body should also set clear policies for its own actions to ensure that oversight without conflict of interest can be maintained. Failure to apply oversight is a failure to operate in the best interests of the company and to apply care, skill and diligence that should be expected of  a person holding a position on a governing body. There is clear legal sanction for such neglect and failing to act in good faith across most legal systems.


Stakeholders and regulators have legal recourse when there has been a failure of oversight. In some instances, they are able to apply legal sanction directly against the governing body or some of its members. Furthermore, in some jurisdictions, they can launch a derivative case on behalf of the company against the governing body where there has been a clear instance of them acting in bad faith, negligently or against the interests of the company. It is even possible to initiate legal interventions that seek to avoid harm through seeking remedy where neglect is evident and the possibility of damage in the future is high.  However, this route is costly. It often requires that loss as a result of an action or inaction can be clearly identified and quantified, which can be hard to do. Rarely do such cases get to court. But the mere existence of this recourse path can be a clear spur for governing bodies to exercise oversight more effectively.




Woman Mediating a Conversation About Governance


3) Establish a ‘Protector’ function 


While there may be legal recourse for stakeholders where there is failure of oversight in a company, there is no such recourse for departure from the stated purpose. This is because adhesion to the stated purpose is not (yet) defined as a legal requirement for governing bodies. However, a stated purpose may become subverted to pressures from a select yet powerful group of stakeholders. This “purpose drift” or capture may result in harm to other stakeholders but may not manifest as a failure in oversight or due care. Courts are typically not willing to involve themselves in what they deem to be the internal affairs of a company; and may not anyway have an understanding of the specialized issues around DPI. The outcome is that purpose, the emerging core of governance, is effectively unenforceable. Therefore, we need to find another mechanism that can enable stakeholders to hold governing bodies to account for a failure to achieve and account for the stated purpose.


There is a helpful precedent from trust law. In certain jurisdictions that allow for trusts, the settlor appoints a protector to ensure that the trustees fulfill the purpose of the trust in relation to the beneficiaries. This protector plays a powerful “apex” oversight role which includes the power to intervene and apply sanctions when there has been a failure of oversight. These sanctions could go as far as changing the trust documents, removing trustees, terminating the trust or even removing certain beneficiaries. Having a protector helps avoid potential losses to the beneficiaries that would otherwise lead to extended and expensive court cases.


Applying this precedent to DPI, even if it is not operated by a trust, we believe that there would be merit in appointing a skilled protector for each important DPI. This role may equate to an Ombuds-like function in some countries. It gives stakeholders rapid access to a specialized channel for recourse on issues relating to purpose. Through approaching the protector at times of alleged oversight failure or purpose drift, stakeholders would be able to request remedy without the costs, disappointments and delays of operating through the courts. The protector, who would be a person with the skills and experience necessary for the DPI in question, would assess a complaint and require that remedy is applied by the governing body. In cases where the governing body refuses to do this, the protector could have the power to reconstitute it. This is in sharp contrast to a conventional governance situation, where the power to replace governing body members is often reserved for a select category of stakeholders who may be the reason for the drift in purpose. 


The costs of the protector function would have to be borne by the DPI under an independent budget line item. However, the standing costs need not be large relative to the scheme’s overall costs; although there must be provision to scale up to investigate and address material complaints if they arise. Costs like these may be seen as an investment in entrenching the purpose of a DPI. Alternatively, the protector costs may be seen as a form of ‘legal insurance’ which mitigates loss: stakeholders could seek recourse for the protector to intervene even before the organization has been damaged and they have suffered loss of wellbeing as a result of either lack of oversight or purpose drift. 


Digital Public Infrastructure calls for Good Governance


Governance by design matters for DPI



All three of the routes we have laid out here take time and effort: effective consultation upfront around purpose cannot be unduly accelerated; pursuing legal pathways always consumes resources; and establishing an effective protector function will require upfront attention in scheme design. However, we believe that they are proportional to what is at risk with national scale DPI: not to achieve its purpose will likely result in great waste; and to have the purpose subverted over time may cause worse harm to public interests. Measures like these are what we would call part of Governance by Design, where the measures taken are proportional to the risks and benefits for society as a whole. With DPI, we have to be careful of moving too fast and breaking important things in society; and we must guard too against not moving at all: building governance measures around the bulwark of purpose is a helpful step in this direction. Although our argument here is that the potential risks, opportunities and sheer scale of DPI merits exploring these routes, they may also apply beyond the realm of DPI and may help to enhance accountability in this age in which may profess to be purpose-driven entities.



David Porteous and William Frater are the founders of of Integral and Kutumikia respectively. 


At Integral, we provide ESG Consulting advice, evaluation, facilitation, mentoring and coaching services to develop governance systems that fit your organization’s purpose and stage of growth. To explore further how we can help you, read about our services, or set up a free consultation.

S H A R E

Four Characteristics of Purpose-Driven Companies

By David Porteous 29 Jun, 2023
Framing the purpose of a company as beyond making profits for shareholders alone is age-old, but the move to state corporate purpose explicitly is newer. Stating purpose is part of a deeper transformation of a growing number of companies–from being product-driven to becoming purpose-driven.

Data Governance and DPI: what’s the link?

By David Porteous 25 May, 2023
Data governance is now a well-established domain of knowledge systemizing the rules on how data flows over a data life cycle within organizations. In essence, the DPI approach is all about managing digital data in a safe, effective and principled way for public good. Therefore the governance of DPI is essentially the same as data governance, right? Wrong. The relationship between data governance and governance of DPI can be likened to that between hygiene practices and a hospital. The hospital needs to have hygiene practices in place at a very exacting level to function effectively and safely; but a hospital is much more than its hygiene practices alone. A hospital has to serve patients, manage billing, procure supplies, operate secure buildings–all sorts of functions which are part of operating essential social infrastructure. Governing DPI is similarly complex. It is true that governing DPI will include governing data , and as I have sought to understand the older domain of data governance, I have been struck by some parallels for DPI. Here’s one: just as hygiene practices and protocols have evolved over the decades, so too has data governance. We can only hope that governance of DPI will also evolve from today’s rudimentary understanding. If you read recent books like “Disrupting Data Governance” by Laura Madsen (2019), several more echos emerge: “Data governance is one of the keys to effective data management, yet there’s a lack of shared definition”—I have been on record arguing that it is unnecessary, and maybe even futile, at this early stage to have too precise a definition of DPI, yet some boundaries are needed if DPI is to avoid this same judgment as data governance in twenty years’ time. “Data governance is about trust”—so too, ultimately, is DPI even when citizens are required to use one. “Balancing the forces of protection and promotion (of the use of data) will take some effort, each needs to be well defined and managed to avoid losing focus on their respective needs”—indeed, balancing these forces in the operation of a DPI is a critical function, maybe the critical function, of DPI governance. All those similarities should not conceal one big difference between these two fields: data governance is about the usage of data as a valuable asset within an organization , while DPI is all about supporting flows of valuable data across organizations . This is obvious for payment systems, but even digital ID systems exist to provide forms of secure authentication or verification to relying parties. Optimizing the interoperability of data for public purposes is at the heart of the DPI approach. DPI governance can therefore be framed as a form of ‘meta-data governance’, where the DPIs are themselves stewards of sorts of types of data within digital data ecosystems. That makes the task of DPI governance more challenging, but also potentially more interesting and rewarding. How long will it be before we have textbooks for DPIs with sub-titles like the standard Data Governance text by doyen John Ladley: “How to design, deploy and sustain an effective [data] governance program.” ? I hope we can accelerate the learning cycle with DPI.

Connecting Frameworks: Privacy by Design and Governance by Design for DPI

By David Porteous 19 May, 2023
There is general agreement that good governance matters for Digital Public Infrastructure (DPI). There is much less agreement at this stage about what governance means in a DPI context. One way to explore building consensus is to explore whether existing widely accepted frameworks could be adapted to the DPI context. Since DPI at its heart is all about exchanging digital data for different purposes–from payment to identification– it seems appropriate to consider the original ‘by design’ framework which was developed for data privacy. This framework was built around the concept of Privacy by design. Since its first use in 1995, privacy commissioners and data protection authorities around the world have recognized privacy by design as an international standard which they intended to promote and incorporate in policy and law. It was originally articulated as seven principles which together signaled an intention to embed privacy considerations proactively throughout the data use cycle. While the privacy by design framework is agnostic about the organization handling the data, the operators of DPIs are types of institutions with a particular purpose which demands specific governance features. The comparison of data to DPI is somewhat akin to that between blood and the heart in the human body–blood, like data, is widely distributed but the heart is the ‘essential infrastructure’ responsible for pumping it. Privacy by design is about protecting the ‘blood chemistry’; governance by design for DPIs is about ensuring that the ‘heart’ functions well, including but not only protecting the unique blood chemistry. So, governance is really the means which connects to ends like this. With that contrast in mind, how well might the principles of privacy by design inform governance by design? The table below maps privacy by design principles in the first column to my suggestions of counterpart principles for governance of DPI in the second column. You will see that the majority of principles (those numbered 1,3,5 and 6) map across pretty easily to governance of DPI. This isn’t surprising, considering a concern for ways of using data is at the heart of both.

Navigating complexity through scenario thinking: imagining a future for DPI

By David Porteous 04 May, 2023
“How can we stop going faster while our ability to see further ahead is decreasing?” In today’s world of fast-evolving digital technology, it can be challenging to make informed decisions in complex fields like Digital Public Infrastructure (DPI). With the increasing speed of change, this question posed by Peter Senge and his co-authors in their 2008 book, Presence , remains relevant. The question is applicable in any complex field in which information is limited and the interaction of feedback loops unknown. But DPI has complexity associated with fast-evolving digital technology compounded by public and private sector decisions about its deployment. No wonder the discussion surrounding DPI is filled with both optimistic expectations and valid concerns, from the potential to reduce inequality to the potential to enable dystopian surveillance and state control. The air of recent G20 meetings and World Bank spring meetings was saturated with claims about the promise of DPI and its perils. How then are we to make sensible decisions in the midst of this complexity? The most useful approach I’ve found for navigating complexity is scenario thinking. Scenario thinking is a disciplined approach to building plausible stories of potential futures (note the use of the plural, because there are always multiple paths to the future). A large part of distilling complexity down to more manageable levels is isolating the swing factors, or ‘key uncertainties’ in scenario language. The different possible outcomes of these will interweave to create rich stories, which, like good fiction, will likely have some unexpected twists and turns. These stories, or scenarios, are the backdrop against which to test how different choices may turn out. A robust strategy is one which yields the best outcomes across the widest range of scenarios but also identifies early warning indicators of major scenario shifts so that, where needed, the strategy can shift too. An important aspect of the scenario process is the way in which it helps participants build shared language and understanding, leading to new collaborations and actions to prevent unwanted outcomes. The scenario-building process has now been applied in thousands of cases at the level of country and company strategies around the world. In many, it has led to remarkable shifts in perspective. For example, the complexity of climate change has launched a whole new range of scenario tools which unpack the possible range of implications for public and private strategists to build into their risk disclosures. So how might scenario building apply to the nascent field of DPI? Here’s one way. As I have discussed in other posts, DPI lacks a single accepted definition right now. I point out in the white paper, “Is DPI a useful category or a shiny new distraction?”, that the absence of a single monolithic definition may even be a good thing in the early stages of a field, as witnessed with the older acronym ‘ESG’. However, definitional choices carry consequences. Scenarios could help to answer a driving question like: “Which definitional parameters of DPI will most affect its developmental outcomes?” Layering the different choices about what type of DPI, and therefore whether to promote or protect or regulate it, on top of the fundamental forces driving digital and societal change would be a complex exercise to do well, to be sure. But, I believe, one worth doing. Because as Peter Senge reminds us, reaching actionable clarity is a worthwhile goal–but to get there, you need first to walk through the pit of complexity. Scenarios offer a path through the pit.

Why Digital Infrastructure Needs Public-Private Partnerships: Lessons from Physical Infrastructure

By David Porteous 20 Apr, 2023
In a recent Devex post, Achim Steiner, head of UNDP, and Amitabh Kant, India’s G20 Presidency sherpa, join the growing calls for more investment in DPI as a means of driving growth, reducing poverty and increasing resilience in the face of crises. However, with government budgets already stretched, where will the additional funding come from? While donor funding may help, it cannot fill the gap alone. The field of physical infrastructure offers another way for cash-strapped governments to fund infrastructure projects: public-private partnerships (PPPs). Governments have long used various methods to raise funding or move the risk of providing essential services to the private sector. However, the modern push for infrastructure PPPs gathered momentum in the 1990s as countries like the UK and Australia explored new ways of financing essential infrastructure. Multilateral financiers became major promoters of PPPs, offering technical assistance to governments through specialist agencies like PPIAF , and co-funding designed to entice private funding to defined PPP projects. They even documented their approach in a comprehensive PPP guide directed at governments, together with associated training and certification . Could a PPP-like approach work for digital infrastructure as well? In principle, the answer has to be yes. Like physical infrastructure, digital infrastructure involves an upfront design and build process and requires subsequent operation and maintenance. Private sector providers can play a combination of different roles in PPPs at different stages, but the key difference from a pure service contract is whether in fact the main private partner assumes significant financial risk. One of the big arguments in favor of PPPs was that having private partners assume risk was the best way of managing it, rather than simply passing it over to governments who were often ill equipped to do so. However, ensuring delivery as specified and without unfair exploitation of either party over a long period required a complex web of contracts. Both parties needed the capacity and willingness to work within clear and fair contractual frameworks. But when they did, the state had clear oversight and control of infrastructure without having to build and manage it. The state often assumed full ownership of the underlying asset after the PPP contract period ended. Even if states have the financial capacity, most are highly unlikely to be able to build their own digital infrastructure in-house. They will rely on technology partners for this, even if their role is to deploy and modify open source applications in a specific context. Even when a government agency chooses to maintain a DPI once built, it will likely rely at least in part on external service providers to support it. In other words, the digital services environment is already rife with complex contracting and inter-dependencies between contractors and clients. Taking an explicit PPP approach may not reduce complexity, but it may enable it to be addressed in a more explicit and effective manner. A final question for now: was “the juice (of setting up PPPs for physical infrastructure) worth the squeeze”, particularly with regards to the end outcomes for the state? After all, PPPs in some places have generated controversies over the manner of their procurement, failed standards of service delivery, or the high price of their services. But the alternative—direct government procurement and delivery—has hardly been immune from criticism either. In 2015, the Independent Evaluation Group at the World Bank published its judgment based on evidence from the sizable number of PPPs supported by the World Bank Group. It concluded: “PPPs are largely successful in achieving their development outcomes.” There is ground to believe that PPPs can be successful in delivering public services. While the visibility of PPPs has faded slightly in recent years, in part because of association with privatization as a politically unpopular approach in many places, the call for blended finance options has risen. PPPs of course offer just that: a structured way to blend different types of finance, including donor and concessional funding. With eyes wide open from the past 30 years of experience of PPPs, I believe there is therefore a case to consider explicitly the circumstances in which digital infrastructure PPPs may work best for delivery and operation. It won’t be all cases, maybe not even a majority. But it may well be enough to make a substantial difference in the delivery of essential digital services. Read the Devex Post: Why digital public infrastructure matters more than you think

Is DPI a useful category or a shiny new distraction? (Working Paper)

By David Porteous 29 Mar, 2023
This paper explores the usefulness of the term Digital Public Infrastructure (DPI) as a new category descriptor. In order to reach any conclusion, I first reflect on whether there is yet sufficient clarity about its meaning. This question leads to an exploration of the space in which to locate the existing definitions of DPI; and then to the wider question of what is the appropriate combination of definitional openness and certainty at this early stage of the field’s development? The answer is linked to the purpose for which a definition is needed: such as championing a field or investing in it or regulating it. The relatively rapid take-off of the term DPI reflects in part deeply felt but diverse hopes and fears about the emerging digital future, such that reconciling all these will not be easy; DPI alone is no magical fix. However, it is possible to pursue an emergent definitional path which starts broad and over time, rules out certain options as evidence gathers. Definitional questions aside, there is already evidence of convergence in substance across different sectors that can make DPI a useful lens beyond the existing sectoral lenses alone. In addition, the DPI lens allows new questions to be asked, for example about whether the fragmented approach to regulatory architecture for data is adequate. The term DPI seems potentially useful therefore, but it will require some careful shepherding to avoid either the confinement of premature narrowness or the vacuousness of prolonged vagueness,

Could the FTX Failure Have Been Avoided?

By David Porteous 07 Mar, 2023
Could the dramatic failure of FTX have been avoided? What went wrong, and how can startups avoid making the same mistakes? Here a few of my thoughts: FTX's spectacular implosion has provided yet another demonstration of the tech law of amplification: namely, technology takes what works well and scales it; but it takes what works badly, and scales that too. Many circles of venture capital operate with the idea that a concern for governance should come later on in the life of a company. According to this view, governance at the early stage is restrictive and bureaucratic, and therefore antithetical to the capacity to move fast. FTX scaled superfast on this premise. At least Mark Zuckerberg recognized in Facebook's early motto that this could lead to breaking things. In the case of FTX, those things total $8 billion in claims to potentially up to a million creditors, apart from collateral reputational damage to the crypto sector as a whole.

The Difference Between Power and Authority in Governance

By David Porteous 24 Feb, 2023
 What can “Tank Man” teach us about governance? A few weeks back, I wrote about the distinction between authority and power, and how this plays out in the context of startup governance. But for many people, the distinction between authority and power is not very clear. So, here’s a very visual way of representing the difference. In this iconic picture taken 1989, we see an unidentified man standing in front of a line of tanks in front of Tiananmen Square, standing against the government's violent crackdown on the Tiananmen protests. It’s obvious at a glance that all the power sits with the column of large tanks, and some authority too–after all, the tanks were called in by the government to crush the student protests. By contrast, the lonely protestor has no power; he is physically small compared to the tanks, seemingly outmatched by the state's might. Despite this clear imbalance, the man holds a certain authority. He has the authority to bring a column of tanks to halt. Where does his authority come from? Remember the definition from Victor Lee Austen: “Authority is held by a person/s who lead humans to a fuller exercise of their freedom to accomplish human tasks.” Tank Man’s courage gave him a moral authority which both tank captains and their commanders recognized–for a while at least. This concept of authority is not limited to the realm of politics. Even though they have no tanks to command, leaders of companies may also accrue wider authority inside and even outside their organizations. Inside, authority will grow to the extent that leaders build the capacity of their employees to flourish. Outside, a company’s products and services, together with the way in which they are provided, can enable even customers and citizens to grow also in their relative freedom to accomplish tasks. This type of authority creates the capability to influence without coercion. It’s the power of demonstration and that’s why we have celebrated examples of companies which have had influence, like Ricardo Semler’s Semco Partners or those others mentioned in Good to Great . Read more on my Linkedin .

Governance in a Post-Authority Era

By David Porteous 10 Feb, 2023
Governance in a Post-Authority Era In my many years of observing private and public organizations of all sizes, I’ve made one very critical observation: governance often lies behind their failure to achieve their purpose. But governance failure itself is only a symptom of what I feel is a bigger issue that organizations are facing globally. In today's "post-authority" era—alongside all the other “posts” which characterize it, like post-modern, and post-truth—there is a growing mistrust of institutions and leaders that hold authority. The notion that there can be rightful authority is not accepted. Authority is seen as a potential or actual violation of the freedom of the “sovereign individual.” There is a pervasive sense that our institutions which should have authority—in government, religion, civil society—are all failing us. The result of the decay of authority is that other forms of power, like the coercive power of authoritarian regimes and the persuasive power of digital media, are on the rise. And they don’t usually provide a path to human flourishing. But what if the problem is less with specific authorities and more with our understanding of authority? I like how Victor Lee Austen defines authority: “Authority is held by a person/s who lead humans to a fuller exercise of their freedom to accomplish human tasks.” The word ‘authority’, a close cousin in English to the generative word ‘author’, comes from the Latin word meaning to increase. Rightful authority leads to flourishing for both those wielding it and those under it. Most of us are in both situations: under some form of authority but also wielding it in some way—as a parent, for example. Rightful authority brings with it the power to change circumstances, but power does not necessarily lead to authority. Consider the example of a #startup founder. She has the authority of the one who originated the idea for the company and who guards it jealously; but she lacks the power to bring that vision to fruition alone. As a result, she likely turns to those who have one form of power (money), but who don’t necessarily carry authority over her company: venture capital funders. When these funders provide the necessary financial resources, they also gain a level of influence and decision-making power in the form of shareholder votes. The founder/CEO’s authority is no longer absolute, even if it remains paramount. As the startup raises more funding, and grows to become profitable, alongside authority, the founder/CEO acquires more power: that is, she has more control over more resources and people and more effect on the marketplace. However, if the #CEO acquires too much power without being accountable to some form of authority outside of herself, the risk of abuse and failure grows. A rebalancing of authority and power needs to take place over time so that power and authority are appropriately distributed across the organization. Not only will the nature of this rebalancing change over time, but it will look different in different organizations. I see this as the basic task of #governance : optimizing the distribution of authority and power in organizations. When this is done well, it should result in conditions for everyone involved—employees, shareholders, customers and the communities in which they live—to flourish. In a post-authority age, it may be harder to do well, but that does not make it any less important. Do you have any thoughts on how organizations can effectively balance and distribute authority and power in this 'post-authority' era?

How to Build Effective Digital Public Infrastructures

By David Porteous 02 Nov, 2022
Reducing the Risk of Ineffective Digital Public Infrastructures There are many risks associated with the rollout of Digital Public Infrastructures (DPIs). They can open the backdoor for governments to surveil and control their citizens. They can even fall into the hands of malicious actors and be used against the people they were designed to serve. Understandably, in the growing movement propagating DPIs, many people wish to reduce risks like these. However, in my view, a risk with less severity but perhaps higher probability is that many DPIs are simply not effective–meaning that they fail to fulfill the purpose set out by their creators or funders. As a result, they may become expensive ‘white elephant’ projects, like their counterparts in the world of physical infrastructure: “bridges to nowhere” or roads and dams built without real consideration of their use, but which are expensive to maintain. A world full of ‘white elephant’ DPIs may not seem as dark as other digital dystopias, but if the DPIs are indeed that important, the absence of well functioning DPIs carries costs. Of course, effective DPIs do not guarantee utopia either; but having more effective DPIs which achieve their purpose seems like a reasonable and attainable goal. Governance challenges for DPIs To achieve this goal, the question then becomes: how best to design, build and operate effective DPIs? I am convinced that a large part of the answer is by building sound governance structures which take into account both the specific and generic challenges faced by new DPIs. First, the specific challenges of DPIs . The envisaged large scale of deployment of most DPIs leads to heightened degrees of caution and oversight from the start in ways which typically do not constrain private startups. At the same time, DPIs often need the nimbleness to compete for take up against indirect competitors at least–for example, instant retail payment systems are a fast-growing category of DPI which rely on customers choosing to use them, rather than other available means of payment. In addition, many DPIs are built and managed as public-private partnerships. The ‘partnerships’ may take different forms: from build-own-operate contracts to service agreements; or indeed, using software provided by private open-source foundations. This aspect adds an additional layer of complexity on top of standard corporate governance.
More Posts
Share by: