Why Digital Public Infrastructure Matters More Than Startups

Africa’s tech narrative often centres on startups because startups are visible. They raise capital, ship products, and create employment. But that visibility can mislead policymakers and investors into thinking that digital progress is primarily about multiplying ventures.

In practice, startups do not create digital maturity by themselves. Digital maturity is created by infrastructure: identity assurance, payment interoperability, authentication standards, data exchange protocols, and dispute mechanisms. These are the rails that make private innovation cheaper, safer, and scalable.

If those rails are missing or unreliable, every startup ends up rebuilding the trust layer. That duplication wastes talent, raises operating costs, and creates systemic fragility. The ecosystem becomes a patchwork where the weakest link becomes the attacker’s entry point.

A model SMEs will respect: “DPI as shared trust primitives”

Digital Public Infrastructure (DPI) is best understood as shared primitives that reduce friction and increase trust across the economy. Not a single monolith. Not a government-owned mega-platform. A set of interoperable rails, with governance.

A practical DPI model has six primitives:

1. Identity and verification rails

2. Payment interoperability rails

3. Authentication and authorisation standards

4. Consent-driven data exchange rails

5. Dispute and redress mechanisms

6. Minimum security, auditability, and resilience baselines

When these exist, startups can build differentiated products instead of constantly reinventing basic trust.

Why DPI matters more than startups in practice

1) DPI reduces the cost of trust

Trust is expensive when each firm must solve identity, payments, and fraud alone. DPI reduces that cost by providing standardised mechanisms.

2) DPI increases interoperability and market velocity

Interoperability is what allows markets to scale. Without it, digital ecosystems become silos: users and merchants experience repeated onboarding friction, fragmented payment acceptance, and inconsistent verification.

3) DPI raises the floor for consumer protection

When rails are weak, users are exposed. Fraud scales, disputes linger, and legitimacy collapses. DPI creates a baseline of accountability and redress.

4) DPI improves investment attractiveness

Institutional capital values predictable systems: reliable identity, payments, and dispute resolution. DPI reduces systemic risk, which reduces the cost of capital.

The failure modes of weak DPI (what breaks first)

Subject matter experts will want this stated clearly: weak DPI produces predictable systemic failures.

1) Identity fragmentation becomes fraud arbitrage

If identity assurance standards differ widely across platforms, attackers exploit the weakest onboarding. Fraudsters migrate and reconstitute across services, and enforcement becomes reactive and inconsistent.

2) Payments friction pushes commerce back into informality

Where payment rails are costly, unreliable, or non-interoperable, people revert to cash, informal transfers, or workaround systems. That limits scale and increases fraud risk.

3) Data exchange becomes either unsafe or impossible

Without consent-based data exchange standards, data sharing becomes:

• unsafe (privacy breaches, misuse, repurposing), or

• impossible (innovation stalls due to legal and technical uncertainty)

4) No redress collapses legitimacy

When disputes cannot be resolved credibly, the digital economy is not trusted. Platforms become fragile, and regulators respond with blunt intervention.

5) Siloed fraud intelligence allows repeat attacks

Fraud patterns move across sectors quickly. If detection and reporting are siloed, attackers exploit systemic gaps repeatedly.

DPI done badly can be worse than no DPI

This is where serious critique matters. DPI can create risk if designed without safeguards.

1) Surveillance creep

A central identity rail can become a tracking rail. If the governance model encourages function creep, DPI becomes a tool of control rather than empowerment.

2) Monopoly choke points

If DPI is effectively owned or controlled by one actor, it becomes a gatekeeper. Innovation becomes permissioned. Competition dies.

3) Single point of failure

If national rails lack redundancy, an outage becomes a national crisis. DPI must be engineered like critical infrastructure.

4) Vendor lock-in

If standards are not open and portability is not designed, DPI becomes dependent on one vendor or contractor, creating strategic vulnerability.

DPI is not automatically good. Good DPI is governance plus architecture.

What “good DPI” looks like: design principles and governance controls

A serious DPI programme should be built around principles that are testable and enforceable.

1) Interoperability by default

• Open standards, public documentation, test suites

• Multiple providers should be able to plug in

• Avoid opaque integration requirements that become exclusionary

2) Privacy and agency by design

• Data minimisation and purpose limitation are mandatory

• Consent must be explicit, auditable, and revocable

• Access must be logged and subject to independent oversight

3) Multiple assurance levels (to prevent exclusion)

A one-size-fits-all identity regime can exclude vulnerable populations. DPI should allow tiered assurance so that access to basic services does not require invasive identity collection.

4) Resilience and redundancy (critical infrastructure posture)

• Multi-region resilience

• Defined incident response pathways

• Regular failover and disaster recovery tests

• Clear ownership of uptime and recovery targets

5) Independent oversight and transparency

• Governance structures that prevent abuse

• Audit rights, periodic reporting, and public accountability

• Clear redress paths for citizens when systems fail or misclassify

6) Clear exception policies and expiry

Real systems need exceptions. But exceptions must be governed:

• logged, approved, and time-bound

• reviewed regularly

• subject to enforcement

A pragmatic DPI blueprint for African realities

Africa’s DPI must be designed for the operating environment, not for perfect assumptions.

1) Identity rails that reflect informal economies

Identity assurance must not be built on the false assumption that everyone has stable documentation and addresses. DPI should support multiple identity signals and assurance tiers, while preventing exploitation.

2) Payments rails built for interoperability and scale

Payments are a utility. Interoperability reduces the cost of commerce and prevents concentration risk. Payment DPI should include standardised messaging and settlement mechanisms that reduce fragmentation.

3) Consent-based data exchange rails

If data sharing is necessary for innovation (credit, fraud prevention, public services), it must be consent-driven and auditable, not a free-for-all.

4) Dispute and redress mechanisms as a first-class rail

Redress must be part of DPI because it anchors trust. A digital economy cannot scale if disputes are resolved informally or inconsistently.

5) Cross-border readiness

Africa’s economic ambition includes cross-border trade. DPI should anticipate interoperability beyond national borders, at least in principle: standards and governance that allow regional alignment.

The operating model: how DPI should be run

A DPI programme is not “build once and celebrate.” It requires a control plane and a cadence:

• Monthly: operational metrics, incident reviews, provider performance checks

• Quarterly: independent audits, security and resilience tests, dispute performance review

• Yearly: architecture review, policy refresh, major stress tests, cross-sector coordination drills

DPI must be treated like a living system.

Metrics that demonstrate DPI maturity (not marketing)

Subject matter experts will care about a small set of measurable outcomes.

Interoperability and adoption

• coverage across banks, telcos, fintechs, government services

• integration time and friction for new participants

• percentage of transactions using interoperable rails

Reliability and resilience

• uptime and incident frequency

• mean time to restore (MTTR) for rail outages

• successful disaster recovery test rate

• proven RTO and RPO for critical rails

Trust and redress

• dispute volume per transaction volume

• dispute resolution time and correction success rate

• complaint rate and systemic issue recurrence rate

Security and fraud outcomes

• fraud loss rates across rails and trend

• time-to-detect and time-to-contain systemic fraud campaigns

• audit completion rate and remediation closure rate

Governance integrity

• number of exceptions granted, expiry compliance rate

• transparency report cadence and completeness

• access log completeness for sensitive data and privileged actions

Startups are the surface, DPI is the foundation

Startups build products. DPI builds the conditions under which products scale safely and cheaply. Africa’s digital future will not be determined by the number of startups, accelerators, or hackathons. It will be determined by whether the rails beneath the apps are interoperable, resilient, privacy-preserving, and governed.

If Africa wants a durable trust economy, it must invest in the boring things: rails, standards, and redress. Those “boring things” are what make digital systems last.