As countries turn to Digital Public Infrastructure (DPI) to enhance governance and expand access to essential services, its potential to drive inclusive digital transformation and advance the Sustainable Development Goals (SDGs) has come into sharper focus. Yet, its scale also introduces inherent risks – raising concerns around individual rights, social inclusion, and the resilience of systems to withstand disruptions, recover quickly, and continue adapting to evolving needs.

To address these challenges, the Universal DPI Safeguards initiative was launched in 2023 by the UN Secretary-General’s Envoy on Technology (OSET) and UNDP. One year later, this global, multi-stakeholder collaboration produced the Universal DPI Safeguards Framework (v1.0) – a practical reference for governments designing and deploying DPI at scale.

Why do Safeguards in Digital Identity Matter?

As core elements of DPI, Digital ID systems have the potential to enhance service access and promote inclusive development – but this potential is only realised when systems are designed and implemented with appropriate protections in place. 

Operating at population scale, digital ID systems handle sensitive, personally identifiable information (PII), and require safeguards that can anticipate and address a wide range of risks. If these vulnerabilities are not addressed early, they can cascade through e-governance platforms, impacting interconnected processes and deepening systemic inequities. Therefore, robust safeguards are essential at both the individual and societal levels – whether related to exclusion, unequal access, privacy breaches, security threats, or loss of trust.

Without such protections, digital ID systems, that may be poorly designed or managed, risk causing unintended harm, eroding public confidence, and ultimately compromising the sustainability of digital ID initiatives.

MOSIP and Safeguards in Digital Identity
MOSIP's Commitment to Safety and Inclusion in Practice

Given MOSIP’s pivotal role in digital identity-led development – with over 132 million people registered across 25 countries – and a commitment to design and enable safe and inclusive digital ecosystems, the team at MOSIP conducted a preliminary study to evaluate MOSIP’s alignment with the Universal DPI Safeguards Framework. This study examined how MOSIP supports countries in implementing safeguard recommendations and identified areas for further enhancement. 

The findings reflect strong alignment with MOSIP meeting several key expectations for technology providers.

While the detailed mapping will be published in the coming weeks, here is an early look at how MOSIP’s practices are advancing safety and inclusion in accordance with the Framework’s principles:

01 Promoting Inclusion 
Do Not Discriminate & Respond to Gender, Ability, or Age 

MOSIP recognises that traditional requirements for identity documents can exclude vulnerable populations – particularly women, children, persons with disabilities, and older populations. To help bridge this gap, the platform supports several inclusive practices such as alternative verification methods, including the use of introducers (e.g., community leaders) to verify identities of those lacking documentation. 

To address connectivity challenges, MOSIP supports offline and low-bandwidth channels such as USSD, enabling broader access in digitally underserved areas. It also enables in-home registration for individuals unable to travel, and allows for modified biometric capture for children.

In keeping with a commitment to inclusive design, MOSIP has also collaborated with Oregon State University to apply the GenderMag framework – an established methodology for identifying and correcting gender biases in software – to assess and improve its user experience across diverse user groups.
 

02 Ensuring Privacy and Security 
Data Privacy by Design, Data Security by Design, Data Protection During Use

MOSIP is built on the fundamental principle of security and privacy by design, and the platform has been developed to ensure that personal data remains protected. Sensitive identity data is maintained in an encrypted form at rest, in transit, and while in use. To further strengthen security, the platform incorporates security-focussed features, such as differential privacy and zero-knowledge encryption.

Access to data is strictly controlled via APIs and typically requires user consent. The architecture uses federated and distributed data storage to prevent aggregation and profiling of individuals. Features like tokenised IDs and Virtual IDs protect users from tracking and profiling across transactions. 

Tools like Inji – MOSIP’s Credentialing Stack – give individuals control over their data, allowing for decentralised, consent-based, and selective disclosure during identity verification. Regular security audits and testing also help ensure that vulnerabilities are identified and addressed proactively.

03 Reinforcing Transparency and Accountability
Accountability through Records Controls, Comprehensive Reporting & Accessibility Protocols

MOSIP reinforces transparency and accountability through encrypted record storage and tamper-proof management. Every system and data update generates an audit trail, making any modification traceable and reducing the risk of hidden tampering.

Users have visibility into how their data is used, with the ability to track access and even lock authentication when needed. In MOSIP’s design, the identity system acts solely as a custodian of the resident’s data– any action (or inaction) involving that data requires the resident’s explicit participation.

04 Promoting Autonomy and Agency
Consent-Based Data Sharing, Secure Data Exchange

The platform design upholds user autonomy by mandating explicit consent before any personal data is shared for identity verification or service delivery. This ensures that individuals retain control over how their information is accessed and used.

MOSIP products such as Inji and eSignet place user consent at the forefront of data sharing. They incorporate built-in consent flows that require user consent to access to or share their personal information. This enables users to control their data but also enables selective disclosure – allowing individuals to share only the necessary information for a given transaction, enhancing both privacy and security.

05 Evolving with Evidence
Implement Rigorous Testing Protocols

To meet the complex and evolving needs of governments and users, MOSIP adopts a rigorous approach to testing and optimisation. This is essential for maintaining reliability, security, and performance across diverse deployments.

MOSIP employs comprehensive testing protocols, including Quality Test Reports and Security Test Reports, to identify and address design flaws and vulnerabilities. Each new release undergoes a strict go/no-go evaluation before deployment, ensuring only thoroughly vetted updates are implemented.

MOSIP gets certified through more than 20,000 test cases, including over 10,000 automated tests triggered daily, ensuring immediate notification and investigation when system issues arise.

By integrating robust quality assurance measures, early bug detection, and automation testing, MOSIP can evolve with the fast-moving technological landscape. This proactive approach not only reduces development costs by catching issues early but also ensures consistent, high-quality performance across varied use cases.

06 Building and Sharing Open Assets 
Ensure Semantic Interoperability, Assure Modularity & Reusability 

As a Digital Public Good, MOSIP adheres to the Digital Public Goods Standard. It is fully open source under the Mozilla Public License v2.0, but its modular, microservices-based architecture promotes interoperability and allows modules to be reused across sectors. The platform also relies on globally accepted open standards to ensure consistent data handling and processes across diverse systems.

MOSIP introduced the MOSIP Partner Programme to help stakeholders connect with MOSIP, and become part of an ecosystem invested in building foundational digital ID systems that are trustworthy, secure, efficient, and interoperable, while being customised to specific needs.

Safeguarding Digital Identity: A Shared Responsibility

While MOSIP provides the technology designed to embed safety and inclusion principles, the responsibility for implementation, governance, and ensuring full compliance rests with the implementing country and its technical partners. That said, MOSIP plays an active role in this process – offering the necessary tools and features, and by partnering closely with governments ensuring knowledge transfer, training, and ongoing support to effectively leverage the platform's potential. 

Frameworks such as the Universal DPI Safeguards serve as valuable guides – for Digital Public Good (DPG) providers like MOSIP, and also for authorities responsible for digital transformation, by establishing clear benchmarks to mitigate risks at every level.

Looking Ahead

MOSIP continues to evolve by exploring advancements such as quantum-safe cryptography to future-proof security, general-purpose biometric devices to improve inclusion, and tools enabling decentralised service access. Ongoing innovations include offline authentication using QR codes with embedded facial images and dynamic age verification within credentials.

The recent mapping exercise identified key focus areas we should work toward, including refining privacy requirements, conducting regular compliance audits, integrating zero-knowledge proof protocols, and developing customisable user data controls like consent dashboards.

Guided by the Universal Safeguards Framework’s strategic direction on safety and inclusion in DPI implementations, we remain committed to enhancing the platform and deepening collaboration to accelerate widespread adoption of these safeguards. Watch this space for a consolidated report and upcoming articles detailing our ongoing work in this area.