No Digital Public Infrastructure Without Redress

David Porteous is the founder of Integral: Governance Solutions, a Boston-based advisory firm. This post represents his own views.

Digital public infrastructure (DPI) has become the organizing concept for national digital transformation. Across more than thirty countries, governments are now building interoperable systems for digital identity, instant payments, data exchange, and more. These systems are designed for scale: high-volume, low-friction, population-wide use.

But scale changes risk. When millions of transactions move in an instant, errors multiply instantly. When identity systems authenticate access to services, mistakes can exclude people from healthcare, banking, or welfare. When data flows across institutions, consent disputes and misuse follow. And when payments become real-time and irrevocable, scams and fraud can proliferate.

For instance, India’s Unified Payments Interface (UPI) and Brazil’s Pix have both grown at extraordinary rates. Both have also seen rising fraud complaints and scam losses. The lesson is not that DPI is flawed: it is that frictionless infrastructure generates disputes at scale.

The question is no longer whether DPI systems will produce grievances. It is whether governments will build systems capable of resolving them. Trust at scale requires redress at scale.

The missing layer in digital infrastructure

The UN’s 2024 Universal DPI Safeguards Framework identifies effective remedy as a foundational principle. But in practice, redress mechanisms are often an afterthought—handled through call centers, provider-level complaint inboxes, or fragmented regulatory processes.

That approach may suffice at a small scale. It does not hold when daily transaction volumes number in the hundreds of millions.

Large technology platforms learned this lesson decades ago. E-commerce marketplaces embedded online dispute resolution (ODR) systems because manual complaint handling could not keep pace with digital transactions. Automated intake, evidence submission, rule-based workflows, and appeals processes became part of platform architecture.

Yet DPI systems—despite being public infrastructure—rarely embed equivalent redress capabilities across providers.

There are some signs of progress. In India, UPI mandates in-app grievance reporting that can escalate to a platform-managed process. Brazil’s Pix has introduced a special refund mechanism for certain fraudulent transfers. These are welcome steps. But they remain bounded within specific transaction types and do not constitute interoperable, infrastructure-grade redress.

More broadly, most DPI initiatives treat dispute resolution as something to refine after launch. But by then, grievances have already accumulated, and the erosion of public trust has begun.

Detection Is not resolution

Governments and private sector coalitions have begun responding to digital fraud by establishing national anti-scam utilities. Singapore, Malaysia and others have built systems that trace funds rapidly, freeze suspicious accounts, and enable data sharing between financial institutions and law enforcement.

These utilities demonstrate what coordinated digital infrastructure can accomplish. They reduce loss. They improve intelligence. They shorten response times. But they also reveal a structural gap.

Detection and freezing are just the first act. Once funds are frozen, liability must be assigned. If an account is blocked, the account holder may dispute the action. If a transaction is reversed, one party benefits and another may contest it. Anti-scam systems inevitably generate disputes.

Without a structured resolution layer—clear rules, case management, appeal pathways, transparent timelines—intervention risks becoming arbitrary. Redress provides closure and accountability. It ensures that emergency action does not displace due process.

In short, anti-scam utilities are becoming critical infrastructure. They require equally robust dispute resolution infrastructure.

DPI already contains the building blocks

The irony is that DPI systems which can cause these problems themselves contain elements of the solution by making scalable redress more feasible than ever.

Digital identity systems can authenticate complainants securely. Payment rails can verify transaction records. Data exchange frameworks can allow controlled evidence sharing across institutions. Secure case files can store verified credentials. Privacy-preserving access controls can permit multi-party review.

Artificial intelligence tools now support multilingual intake across channels, automated triage, and structured evidence assembly. In rule-bound cases, decision-support systems can recommend remedies or escalate to human review when discretion is required.

The technical components exist: chat interfaces, case management workflows, rules engines, and reporting dashboards. What is missing is the architectural commitment to bring them together.

The problem is no longer technological feasibility. It is the governance priority they receive.

Redress as a launch condition

If DPI is foundational infrastructure, then redress must be foundational too.

No new national DPI system should go live without an operational online redress layer. 2027 will mark the high level review of the UN Global Digital Compact, of which the DPI safeguards form a key part. That seems an appropriate cutoff for this next-level step to take effect.

Operational redress means that each new DPI system should provide:

• Multi-channel complaint intake (in-app, web, phone, text)
• Secure case management with tracking and timelines
• Clearly defined liability allocation rules
• Structured decision-making with review and appeal
• Public reporting on resolution times and outcomes

This does not—and perhaps should not—require a single centralized authority to adjudicate every dispute. Frontline providers—such as banks in payment systems—may retain primary responsibility within defined timeframes. Escalation tiers can handle contested or unresolved cases. Federated models can distribute operational responsibilities while sharing standards and reporting.

What matters is that redress is embedded from day one—not retrofitted after a crisis.

Embedding redress at design stage is more coherent and less costly than layering fragmented complaint systems onto live infrastructure.

From feature to infrastructure layer

Embedding ODR in each DPI system is necessary. But it may not be sufficient.

As digital ecosystems expand to include things such as cross-border payments, interoperable identity credentials, and AI-mediated services, disputes increasingly span multiple schemes and providers. A citizen may experience a grievance that crosses payment rails, identity providers, and data-sharing networks simultaneously.

This raises a deeper architectural question: should online dispute resolution itself be treated as a layer of digital public infrastructure?

Conceiving ODR as a reusable infrastructure layer would mean:

• Standardized complaint data categories (which could aligned with transaction messaging standards like ISO20022)
• Interoperable case identifiers across systems
• Shared workflow components
• Consistent reporting metrics
• Reusable open-source case management modules

This does not imply a single national dispute authority. Just as data exchanges can be federated, ODR services could operate across multiple accredited entities. But interoperability would allow disputes to move across systems without fragmentation.

In this model, redress itself becomes shared digital public infrastructure—reducing duplication, lowering cost, and making it easier for new DPI systems to embed dispute capability from inception.

Legal reform may be required to give such processes enforceable status. Privacy frameworks may need carefully bounded provisions for controlled data sharing in dispute contexts. Appeals mechanisms must align with administrative and judicial review.

But these are governance design questions—not barriers.

A governance imperative

The first generation of DPI emphasized inclusion, speed, and scale. Those were appropriate priorities. The next generation must emphasize accountability, repair and resilience.

Without credible redress, DPI risks concentrating power without sufficient procedural safeguards. Automated systems can exclude, freeze, reverse, or deny at speed. Citizens must have equally rapid pathways to challenge and correct.

Public legitimacy depends not only on access, but on fairness.

For governments, this means requiring operational redress before launch, setting minimum service standards, and publishing resolution metrics. For development finance institutions and donors, it means treating embedded redress as an applied safeguards requirement—not an optional enhancement. For technologists, it means recognizing dispute workflows as core infrastructure rather than peripheral user support.

Five commitments would move the field forward:

1. No launch without redress. Require operational online redress before new DPI systems go live.
2. Standardize dispute data. Align complaint categories and case identifiers with appropriate standards.
3. Publish resolution metrics. Track and disclose resolution times and restitution outcomes.
4. Fund shared utilities. Support open-source case management systems as digital public goods.
5. Align anti-scam and redress initiatives. Ensure emergency intervention systems incorporate due process and appeal.

Digital public infrastructure is becoming the backbone of modern governance. As it expands, exposure to fraud, error, and administrative harm will expand with it. The choice is not whether disputes will occur. It is whether resolution will be systemic or improvised.

The first generation of DPI optimized for speed. The next must optimize for justice, because trust at scale requires redress at scale.