Foundation laws for DPI: What needs to be regulated


            DPI typically comprises core systems such as digital ID, digital payments, data exchanges and
            interoperability layers. Each of these components operates at the intersection of multiple domains,
            technology, civil rights, commerce and public administration, and thus requires legal clarity. Data
            serves as a central role of DPI. In this case, core data protection must ensure lawfulness, fairness
            and transparency in data processing (World Bank, 2025, p.23).

            Key legal domains relevant to DPI include:

            1.  Data Protection and Privacy.

            2.  Digital Identity Laws.

            3.  Cybersecurity and Resilience Regulations.
            4.  Public Procurement and Standards.

            5.  Digital Inclusion Mandates.

            6.  Responsible Use of DPI Resources and Cost Recovery Policies.

            Harmonizing laws across levels of government

            In many countries, digital governance operates across multiple layers of government, national,
            regional and municipal. However, when laws at these different levels are misaligned, this can lead
            to regulatory gaps, overlaps, or contradictions that undermine the effective implementation of DPI.
            To address this, national legislation should provide overarching principles and frameworks, while
            granting sufficient flexibility for local adaptation and innovation. One practical mechanism for this




             36