Best Practices for the Governance of Digital Public Goods

Defines governance best practices for Digital Public Goods (DPGs) to ensure public value, legitimacy, and operational capacity.

Updated: Apr 3, 2025
article By David Eaves, Leonie Bolte, Omayra Chuquihuara, Surabhi Hodigere

This policy brief provides guidance for civil servants, technologists, and funders involved in creating and maintaining Digital Public Goods (DPGs). It addresses the critical governance questions that arise when sovereign entities jointly manage shared digital infrastructure, offering best practices to maximize the public value derived from DPGs. The practical value lies in offering actionable recommendations structured around key governance challenges faced by DPG initiatives.

Core Arguments & Findings

This report argues that as “digital government” becomes simply “government,” the shared development and maintenance of core digital infrastructure through DPGs offer significant benefits but also pose substantial governance challenges (p. 1). Effective governance is presented as essential for DPGs to succeed, enabling coordination, maintaining commonality, and ensuring long-term viability (p. 8).

Defining DPGs and the Need for Governance

  • DPGs Defined: The report adopts the Digital Public Goods Alliance (DPGA) definition: “open-source software, open data, open AI models, open standards, and open content that adhere to privacy and other applicable international and domestic laws, standards and best practices, and do no harm” (p. 7).
  • Governance is Essential, Governance is Expensive: While sharing DPGs can lower costs and speed adoption, the joint management requires coordination and restriction, enabled by effective governance, which itself requires resources (pp. 1, 7-8). Governance prevents the splintering of the code base into isolated bespoke solutions (p. 8).

DPGs vs. Traditional Open Source

DPGs have much to learn from open-source communities but differ significantly, requiring stronger assurances due to public sector accountability (p. 8):

  • Intentionality: DPGs are often created with a specific public purpose and target population in mind, unlike many organically grown OS projects (p. 9).
  • Equity: Public sector DPGs face a higher burden to ensure equitable representation and address potential biases than typical OS projects (p. 9).
  • Sustainability: Government involvement often implies a need for clearer sustainability models compared to many OS projects (p. 9).
  • Scale and Capacity: Governments often have weaker capacity to attract and retain developers compared to corporate-backed OS projects, relying more on external contributors and consultancies (p. 9).

Key Governance Frameworks

Two frameworks guide the analysis and recommendations:

  1. The Strategic Triangle (Moore): DPG governance must balance three elements to create net public value (pp. 3-4, 12):
    • Public Value: The conception of the public good being pursued.
    • Legitimacy and Support: The base of social legitimacy, public support, and funding.
    • Operational Capacity: The technical and organizational capacity required to deliver results.
  2. Maturity Mapping (influenced by Wardley): DPGs evolve through stages, requiring different governance approaches (pp. 5, 13):
    • Experimental: Early-stage, informal collaboration.
    • Bespoke: Solution for a small, specific group, often controlled by one entity, potentially emerging into a DPG.
    • Product: Shared by a larger group with somewhat institutionalized governance.
    • Standardized Infrastructure: Widely shared by many stakeholders with robust, institutionalized governance.

Core Governance Questions

Effective DPG governance must address key questions (p. 10):

  • Who makes decisions, and who decides who decides?
  • How is the strategic roadmap developed and managed?
  • How are funding and long-term sustainability ensured?
  • Who can participate in the DPG?
  • What community norms and rules exist, and how are they enforced?

Methodology

The findings are based on a three-stage research methodology (p. 2):

  1. Interviews: Over 20 interviews were conducted with experts from open-source communities, government (national and local, US and international), multilateral organizations, and NGOs.
  2. Case Studies: Several “mini case studies” (“Cases in Point”) illustrate specific recommendations. Two longer case studies (NIIS and CalSAWS) provide in-depth examples (Appendices 1 & 2).
  3. Literature Review: Analysis of academic papers, blog posts, and articles on open-source governance, public management (Moore’s strategic triangle, Wardley mapping), country governance, and corporate governance (pp. 3, 28-32).

Limitations acknowledged include the limited number of existing DPG governance examples and the difficulty in accessing and studying governance failures (p. 3).

Key Conclusions & Recommendations

The report proposes five core governance best practices, emphasizing that the first two (Vision/Mission/Values and Code of Conduct) represent a minimum viable governance model for any project aspiring to be a DPG (pp. viii, 11-12). The other recommendations should be adopted as a DPG matures.

  1. Codifying a Vision, Mission, and Values Statement (pp. 12-14):

    • Purpose: Establishes a foundational social contract and “north star,” articulating public value.
    • Function: Communicates purpose, informs strategy, sets measurable goals, shapes culture, and delineates effective contributions.
    • Implementation: Should be developed early to guide governance design. Relevant for all maturity stages.

  2. Drafting a Code of Conduct (pp. 15-17):

    • Purpose: Addresses potential inappropriate contributor behavior common in OS communities and fosters inclusivity and respect.
    • Function: Connects vision/values to behavior, makes norms explicit, serves as an enforcement tool.
    • Implementation: Should be adopted early, regardless of community size, and must be enforceable. Relevant for all maturity stages.

  3. Designing Governance Bodies (pp. 17-19):

    • Purpose: Institutionalizes authority and accountability, orchestrates stakeholders.
    • Function: Best practice involves separating strategy/community-wide decisions (Strategy Board) from technical/implementation/code-level decisions (Technology Board).
    • Implementation: May start minimally but should separate as DPG scales (product/infrastructure stages). Boards coordinate institutions, not just individuals. Relevant from Product stage onwards.

  4. Ensuring Stakeholder Voice and Representation (pp. 20-24):

    • Purpose: Maintains legitimacy and support while enabling effective decision-making.
    • Dilemmas: Adjusting structures as DPGs scale; avoiding paralysis from unanimous decision-making norms; weighting stakeholder voices appropriately (e.g., by contribution, need, capability, size).
    • Implementation: Requires careful design to balance pluralism, potentially uplifting resource-constrained voices or giving more weight based on capability/commitment. Relevant from Bespoke stage onwards.

  5. Engaging External Contributors (pp. 25-27):

    • Purpose: Leverages external capacity (especially private sector) to enhance operational capacity.
    • Options:
      • No formalized external governance (code public, minimum standard).
      • Formalized mechanisms for external contributions (comments, code suggestions).
      • Formalized access and path to membership in governance.
    • Implementation: Requires conscious decisions and resources (e.g., community managers). Clear rules are needed for how external contributions are governed. Relevant from Bespoke stage onwards.

Stated or Implied Applications

The principles and recommendations are intended for DPGs across various domains. Specific examples used to illustrate points include:

  • Infrastructure/Interoperability: NIIS (Nordic Institute for Interoperability Solutions) / X-Road (pp. 14, 22, 28, 33-36), MOSIP (Modular Open Source Identity Platform) (pp. 14, 17, 25, 27, 32), W3C (pp. 14, 16, 24, 32)
  • Government Services/Platforms: GOV.UK Notify (p. 14, 32), CalSAWS (California Statewide Automated Welfare System) (pp. 14, 28, 37-41)
  • Urban Transformation/Mobility: eGovernments Foundation (India) (pp. 14, 22), OMF (Open Mobility Foundation) (pp. 14, 16, 22, 27, 28, 35)
  • Education Sector: Kuali (pp. 14, 32, 40)
  • Automotive: GENIVI (now COVESA) (pp. 14, 22)
  • Finance: Mojaloop (pp. 14, 16, 17, 25)

Key Questions Addressed or Raised

Questions Addressed:

  • What are the core components of effective DPG governance? (Answered by the 5 recommendations)
  • How does DPG governance differ from traditional open-source governance? (pp. 8-9, 16-17)
  • How can DPG governance adapt to different stages of maturity? (Maturity Mapping framework, pp. 5, 13-14)
  • How should DPGs balance competing stakeholder needs (public value, legitimacy, capacity)? (Strategic Triangle framework, pp. 3-4, 12)
  • What are best practices for specific governance elements like vision statements, codes of conduct, board structures, stakeholder representation, and external contributions? (Sections under Playbook, pp. 12-27)

Questions Raised (for DPG implementers & future research):

  • How can DPGs effectively manage the transition between maturity stages and associated governance models? (p. 22)
  • What is the optimal way to weight stakeholder voices in diverse DPG contexts? (p. 23)
  • How can the tendency towards unanimous decision-making be managed to avoid stagnation without losing consensus? (p. 22)
  • How can governance failures be better studied to provide lessons learned? (p. 3)
  • What specific mechanisms work best for enforcing codes of conduct in public-sector DPGs? (p. 16)
  • How can DPGs ensure that the values encoded in their software align with broad public interest as they scale globally? (p. 14)

Key Points

  • Codifying a clear Vision, Mission, and Values statement is fundamental for DPG governance, serving as a social contract.
  • Drafting and enforcing a Code of Conduct is essential to manage contributor behavior, ensure inclusivity, and uphold public value.
  • Designing distinct Governance Bodies (e.g., strategy and technology boards) institutionalizes authority and separates strategic goals from operations, especially as DPGs mature.
  • Ensuring Stakeholder Voice and Representation requires balancing diverse needs and preventing decision-making paralysis, potentially weighting voices based on context or capability.
  • Engaging External Contributors, particularly from the private sector, can provide needed capacity but requires clear governance rules and pathways for involvement.
  • DPG governance must adapt based on the DPG's maturity level (Experimental, Bespoke, Product, Standardized Infrastructure).
  • DPG governance differs from traditional open-source governance due to higher public accountability needs, intentionality, equity considerations, and sustainability challenges.