On 19 November 2025, the Policy Innovation Lab at Stellenbosch University convened a workshop titled Towards a Systematic Regulatory Approach to Enabling Digital Public Infrastructure in South Africa. The workshop brought together representatives from the Presidency, the Digital Services Unit (DSU), government departments, and academic experts. Its aim was to explore the contours of a structured model for governing Digital Public Infrastructure (DPI) in South Africa.
The problem with ad hoc reforms
DPI covers the foundational digital systems that underpin public services and includes digital identity, data exchange and digital payments. Building these systems requires navigating an extensive body of law spanning public finance, data protection, procurement, administrative law, and civil registration, among others. The temptation is to address each legal instrument as it becomes relevant. In practice, this produces inconsistent, uncoordinated reform that quickly becomes unmanageable.
What is needed instead is a regulatory model: a structured tool that maps the legal landscape logically, making it possible to identify gaps, understand interdependencies, and sequence reforms in a coherent way. As was noted at the workshop, a regulatory model is distinct from a regulatory framework. Whereas a regulatory framework is the full body of laws and institutions that govern a system, the model is a practical means of understanding and working with that framework.
Dimensions of a regulatory model
Various dimensions of a regulatory model for DPI emerged from the workshop. One dimension is a baseline set of governance principles that any legitimate DPI system must satisfy. DPI must be grounded, for example, in constitutional mandates and democratic accountability, not treated as a purely technical exercise. It must uphold all the rights contained in the Constitution and thus function as a public good, with design obligations that actively address systemic inequalities. Governance must recognise and mitigate collective harms such as mass surveillance or large-scale exclusion, not only individual complaints. The system requires multi-stakeholder participation, transparency, and independent oversight.
Beyond these governance principles, the a regulatory model should also make provision for the technical and economic architecture of DPI. A coherent regime for personal and non-personal data, for example, must serve as the central hub connecting the telecoms, finance, and civil registration components of the system. Open standards and modularity could prevent vendor lock-in. Regulation must ensure fair competition and prevent market dominance. Where private providers deliver public services, constitutional and social justice obligations must follow. Finally, success must be measured by social outcomes and distributional effects, not merely cost-efficiency or technical uptime.
Taken together, the workshop discussed how a regulatory model could be designed in terms of a functional taxonomy, proposing three layers. The cross-cutting layer contains the foundational principles and institutional mandates that apply across all DPI contexts. The operational layer governs the machinery through which DPI is built and maintained: procurement rules, public finance management, technical standards, and inter-agency data-sharing arrangements. The service layer addresses how citizens actually experience the system, and includes their rights, how they access services, how disputes are resolved, and what remedies are available when things go wrong.
What comes next
Building on the insights that emerged during this workshop, the Lab will arrange follow-up engagements with partners in government and beyond towards not only defining but also operationalising a regulatory model for DPI.
The post Building a regulatory model for Digital Public Infrastructure in South Africa appeared first on The Policy Innovation Lab.