Data Centralization risk arises due to aggregation of personal data from multiple sources into a single database, increasing the chance of its misuse or replicating errors due to its poor quality.

Key drivers:

• Creation of a single point of failure.
• Reliance on poor quality data as a 'single source of truth'.
• Inadequate privacy and security safeguards to protect access to sensitive personal data.

Potential consequences:

• Misuse of personal data by public and / or private sector actors potentially for unauthorised profiling, surveillance and behavioral manipulation, etc.
• Increased cost of reliance on incomplete or incorrect (poor quality) data, leading to incorrect targeting of individuals or wrongful exclusion of beneficiaries.

Key risk mitigation strategies have been discussed below.

Digital platform design

• Incorporate 'Privacy by Design' (PbD) principles and appropriate security measures into the platform design, e.g. E2E data encryption, purpose specification, data minimization, electronic consent and authorization frameworks, etc.
• Adopt a federated architecture when building data registries to avoid consolidation of the data into a single database, with clear standards on privacy. This allows data to be stored across multiple databases rather than creating a single point of failure.

Community engagement processes

• Run initiatives such as penetration testing or bug bounty programs to identify and address security vulnerabilities in the platform.
• Establish responsive (and legally backed and/ or enforceable) grievance redressal mechanisms at the ODE and national level. Define the accountable entity, processes, recourse measures to flag data-privacy and security related concerns, etc.

Governing rules & institutions

• Set up a NODE Council with committees on 'Technology and Data' and 'Risk and Ethics', to:
• Develop trusted frameworks on data collection, sharing and usage.
• Publish a 'Code of Ethics': Standards on ethical design and delivery of solutions (including personal and community data usage, data sharing and monetization).
• Outline and publish data governance policies and standards to incorporate transparency, accountability, and fairness.
• Establish mechanisms (touch-points, processes, etc.) for users to exercise their ability to correct, complete, and update misleading, incorrect, and out-of-date personal data to ensure data quality.
• Conduct a risk-benefit analysis to ensure proportionate use of individual data (i.e. societal benefit from data vs. risk exposure to individuals) (Refer Section 5.3).

Builder adoption risk arises if the builder community is unable or unwilling to adequately leverage the technology infrastructure to build new and innovative solutions on top.

Key drivers:

• Lack of awareness of the availability, usage and impact potential of the digital platform.
• Poor quality of the digital platform (including data).
• Lack of incentives or funding to build new solutions on top of the digital platform.

Potential consequences:

• Curbing private sector innovation.
• Limited economic, societal and governance impact potential of ODEs.

Key risk mitigation strategies have been discussed below.

Digital platform design

• Use and/ or build open standards, licenses, databases, APIs etc., to facilitate interoperability.
• Build reference user-facing applications on top of the ODE to demonstrate its use and encourage builders to create relevant solutions e.g. Bharat Interface for Money (BHIM) was built on top of UPI.

Community engagement processes

• Facilitate participatory design of ODEs, including co-creation and feedback loops via public consultations, workshops, forums, etc., to enhance platform builder-centricity .
• Organize hackathons and incentive-based challenges to encourage the creation of digital platforms or innovative solutions on top of the platform.
• Provide ongoing support (Frequently Asked Questions (FAQs), guidelines, usage documentation, user service desk, etc.) to facilitate the effective use of platforms.
• Define and monitor Key Performance Indicators (KPIs) related to user adoption, e.g. number of solutions built on top, ODE adoption and to identify steps to be undertaken to enhance builder-centricity and performance.
• Nurture a vibrant open source developer community that can contribute to building the technology infrastructure as well as create user-facing services and solutions on top.

Governing rules & institutions

• Ensure transparent data governance, i.e. clear publication of data sources, ownership, policies for data collection, etc., to ensure good data quality and integrity.
• Define and use common standards that are published by government agencies.

Exclusion arises due to technological or socio-economic barriers, preventing certain segments of the population from accessing services.

Key drivers:

• Lack of access to technology infrastructure, i.e. internet connectivity, smartphones and/ or poor digital literacy.
• Non-inclusion of the informal sector.
• Disintermediation of the public sector by private players.

Potential consequences:

• Adverse impact on livelihoods and quality of living.
• Reduced public trust in government.

Key risk mitigation strategies have been discussed below.

Digital platform design

• Design user-friendly (including disability-friendly), vernacular interfaces, i.e. User Interface/ User Experience (UI/ UX) for ease of access.
• Enable omni-channel access (mobile, web, Interactive Voice Response System (IVRS), etc.) including offline channels to accommodate all levels of technological know-how.
• Design a default public sector provision option for the delivery of essential services (e.g. BHIM for mobile payments).

Community engagement processes

• Provide last mile access and engagement for rural and marginalized groups, via both online and offline channels, e.g. Common Service Centres (CSCs) to facilitate last-mile reach of services.
• Facilitate participatory design and ensure feedback loops through public consultations, beta-testing user groups, etc.

Governing rules & institutions

• Set up a NODE Council with a committee on 'Risk and Ethics' to:
• Publish a 'Code of Ethics': Standards on ethical design and delivery of solutions (including digital and socio-economic inclusion)
• Adopt a sustainable funding model that is mindful of intended user propensity to pay as well as price elasticity of demand, to ensure universal access.
• Incentivize private entities that build end-user facing apps to serve the non-profitable segments of the society as well.
• Encourage participatory governance via end-user collectives and CSOs that monitor social impact KPIs e.g. social audits .
• Release source code to enable entities to check for exclusionary biases in algorithms.

Operational management risk, associated with government ICT builds, arises due to challenges with procurement and contracting, talent management, and funding.

Key drivers:

• Lack of expertise in procurement and contracting.
• Lack of required talent for digital development and inadequate talent management.
• Paucity of financing options for technology interventions.

Potential consequences:

• Lack of adoption of the ODE approach and improper implementation.
• Failure to sustain the ODE approach in the longer-term .

Key risk mitigation strategies have been discussed below.

Community engagement processes

• Create mechanisms to enable improvements in the platform’s performance or rectify bottlenecks in operations, for example, through bug bounty programs to identify errors in the code or by appointing expert groups.
• Enable responsive grievance redressal processes to address operational challenges.

Governing rules & institutions

• Ensure the right capabilities and expertise by instituting processes and practices to attract and retain the relevant talent.
• Adopt a sustainable funding model that not only supports the build and operations of the platform, but also ensures long-term planning and appropriate allocation of public funds for new ODEs.