Ensuring “Openness” in AI is a Beacon of Trust, Not a Slogan: Reflections from the India AI Impact Summit 2026

Returning from New Delhi after the India AI Impact Summit 2026, it is clear that the global AI conversation has reached a turning point. As the first major AI summit held in the Global South, the event centred on impact, democratisation, and the specific needs of developing economies. For the Digital Public Goods Alliance, the week provided a vital platform to discuss the foundational role of digital public goods in AI development and to connect with like-minded partners committed to supporting the open AI ecosystem for a more equitable digital future.Openness: A Foundation, Not a Finish LineAt a time when data from HuggingFace suggests that we are witnessing a collapse in transparency in AI development, openness emerged as a recurring theme at the AI Impact Summit and discussed as a fundamental building block of AI infrastructure for countries, the private sector and end users.At the DPGA, we believe openness is the necessary starting point for achieving transparency, trust, sovereignty, and the democratisation of AI resources. However, without integrated best practices, guardrails, and strong governance, "openness" remains a hollow term, leaving it open to use in ways that may not always advance the public good. Since its inception, the DPG Standard, as a community-driven benchmark, has addressed these aspects through specific indicators on "do no harm by design" and "adherence to privacy and applicable laws".The DPG Standard: Verifying Public BenefitThe DPG Standard is grounded in the UN Secretary-General’s definition: digital public goods are open-source software, open datasets, open AI systems, and open content collections that adhere to privacy laws, follow best practices, and help attain the Sustainable Development Goals (SDGs). With this, the DPG Standard moves the definition from “openness” as a standalone characteristic to “openness” as a feature complemented by other features, with a specific objective: making the world a better and more equitable place.The DPG Standard allows us to move beyond the "open source" label by providing a verifiable framework that ensures technology is not only technically accessible but also safe, inclusive, and designed for public benefit. As a meta-standard that also encourages adherence to other standards and best practices, as per Indicator 8, the DPG Standard ensures that AI safety best practices are incorporated through continuous consultation with the community and experts.The Threefold Intersection of DPGs and AIThe intersection of DPGs and AI is threefold:AI systems as a category of digital public goods.DPGs' use of AI to enhance and run their products.DPGs are trusted resources that can improve responsible AI development —such as open data, tooling, and software (DPG4AI).This third category includes resources such as compar:IA (a chatbot comparison arena developed by the French government to reduce cultural and linguistic biases in LLMs); simpleAudit (framework for AI safety testing); and the Mozilla Common Voice dataset (multi-lingual dataset for language technology).DPG4AI was also the topic of the DPGA Secretariat’s mainstage session, “Digital Public Goods for Global AI Equity,” at the Summit in India which included John Dickerson, CEO of mozilla.ai, Ayah Bdeir, CEO of CurrentAI, Chenai Chair, Director of the Masakhane African Languages Hub and Urvashi Aneja, Founder and Executive Director of Digital Futures Lab. There the discussion focused on persisting challenges such as the shortage of high-quality open data, market concentration, and the skills gap to develop and deploy AI in ways that benefit public interest. Panellists explored the role of openness in supporting the digital sovereignty of nations and people and raised questions about the fine balance between championing openness while avoiding corporate capture and ensuring that communities benefit from their own data collection work. Having CurrentAI, one of the main deliverables of last year’s French AI Action Summit, on the panel with Ayah Bdeir also enabled us to connect the dots between Paris and New Delhi, underscoring the essential role of open, global collaboration in advancing AI that serves the many, not the few. Trust and Safety in Local Open-source AI solutionsRepresenting the DPGA Secretariat, we also had the privilege of moderating a session titled "Harnessing Open Source AI for Inclusive Economic Development," hosted collaboratively by GIZ FAIR Forward, NASSCOM, and Digital Futures Lab. During this session, Yasha Khandelwal, CEO & Founder of Tech4Biz, shared that open-source initiatives are effectively reducing access barriers for local developers. However, the Indian startup founder also highlighted that significant resource constraints mean that large technology companies continue to benefit disproportionately from open resources. To truly localise AI development and address diverse local needs across different regions and contexts, fundamental changes are required, including investment in decentralised compute infrastructure and adopting a frugal AI approach—that means designing and deploying machine learning models that minimise computational costs, energy consumption, and data requirements without sacrificing essential performance. Another key discussion point was the need to simplify the deployment of open source models and enhance their safety by ensuring developers "ship the car with the seatbelts". These points closely align with the DPGA Secretariat's work. For instance, the DPG Standard mandates that AI systems prioritise safety in development and publicly license their full training data—requirements potentially more manageable for smaller, task-specific models.The session also featured the launch of a policy brief, “Advancing Open Source AI in India: Recommendations for Governments and Technology Developers”. This brief, which mirrors the efforts of the DPG Standard, encourages developers to provide high-quality, reusable core components. It emphasises avoiding "open washing" through clear documentation, use of safeguards, and a firm commitment to open source AI as the foundation for transparent, local collaboration.Collaboration for Impact: Climate, Health, and AgricultureThe DPGA Secretariat week was wrapped up by co-hosting a high-level event with the Royal Norwegian Embassy in New Delhi and Norad, focusing on “International Collaboration on AI and Digital Public Goods to Advance Progress on Climate, Health and Agriculture”. The event, which included opening remarks from Norwegian Minister of Digitalisation and Public Governance, Karianne Tung, and the Minister of Management and Innovation in Public Services of Brazil, Esther Dweck, provided practical examples of how AI intersects with digital public goods. This was followed by showcasing the updated requirements of the DPG Standard for AI systems to be recognised as digital public goods, highlighting the importance of data transparency in promoting responsible AI practices. Representatives from verified DPGs, including DHIS2, Rural Environmental Registry (RER), DiCRA, and ODK showcased how AI can be responsibly integrated into existing solutions. They also demonstrated how their solutions offer trusted data infrastructures essential for AI deployment.We concluded the discussion by highlighting the value of DPGs as platforms that demonstrate best practices in the era of AI-driven software development. A key point was the necessity of public investment in open datasets to overcome market failures, aggregate markets, and incentivise the private sector to solve social challenges. “How do we ensure that the digital world grows in ways that are fair, open, and beneficial for all? The answer lies in supporting digital public goods—through our policies, partnerships, and priorities. When digital resources are shared, everyone benefits. And when everyone can participate, innovation becomes not only faster, but also more just and more sustainable.” Karianne Tung, Minister of Digitalisation and Public Governance, Norway By positioning DPGs as an infrastructure of trust, they offer a value proposition that proprietary solutions cannot match. This is because the DPG Standard ensures that DPGs follow industry best practices, prevent “open-washing,” embed do-no-harm principles by design, and support the attainment of the Sustainable Development Goals. To this end, we were also happy to meet representatives of openFN, Syft and Care | Open Healthcare Network during the summit, which once more underlined the point that DPGs are relevant solutions in developing responsible AI and AI-mediated access to services and information. Reclaiming AI for the Public InterestThe summit reinforced a powerful truth: an open approach to AI, complemented by participatory governance, guardrails and a deep understanding of the prevalent power imbalances in the AI ecosystem, is the only way to ensure local relevance and agency for the Global Majority.As Prime Minister Modi noted in his opening remarks of the summit, India believes AI’s benefits must be shared—invoking the principle that "sunlight is the best disinfectant" to make AI safer and more effective. This call for open code and collaborative development aligns deeply with the DPGA’s work. However, to truly reclaim AI as a technology that serves the public interest, we must learn the lessons of open source software by pairing openness with deep, public-sector-led investments in research, safety, and trusted data infrastructures. Open data plays a fundamental role in trustworthy AI, and it was reassuring to hear the recurring call for more open data in AI development-an approach the DPGA Secretariat has championed with the update of the DPG Standard for AI systems last year. By maintaining this high bar and demanding a genuine plurality of models, visions, representations and stakeholders, we can move toward a global AI ecosystem that empowers everyone to build and own AI on their own terms. The Road Ahead: Our CommitmentThe DPGA Secretariat is committed to building the technical and policy foundations for a public-interest AI ecosystem. Our next steps include:Strengthening the DPG Standard for AI systems: Conducting a systemic review in the second half of 2026 to assess the open data requirement and continuing our engagement with experts and the community on AI trust and safety best practices. Building the DPG4AI Collection: Identifying and onboarding new DPGs that serve responsible AI development, from open data for training and benchmarking to tools and software for packaged, sovereign solutions.Making DPGs Future-proof: Providing case studies and insights into the responsible use of AI by established DPGs and positioning DPGs as a platform of best practices.Mobilising for Policy Change: Advocating for public sector investment in the open source AI ecosystem to ensure AI is developed with the public interest at its core.Supporting Discoverability and Global Collaboration: Feeding into initiatives like the Global AI Impact Commons to ensure everyone walks the talk, and partnering with like-minded organisations to build the public interest AI movement.

How the DPG Standard and the Universal DPI Safeguards Framework are Charting a Safe and Inclusive Digital Future

Digital systems are shaping how millions of people access essential services, from healthcare and education to financial inclusion. The stakes for getting these systems designed and implemented right from the outset have never been higher. This was evident during the recent Annual Members Meeting of the Digital Public Goods Alliance (DPGA) in Brazil, which highlighted how countries are increasingly leveraging open, interoperable building blocks to power their digital infrastructure.Digital public goods (DPGs) sit at the heart of this digital transformation. When integrated into the Digital Public Infrastructure (DPI) approach, these technologies can unlock unprecedented opportunities for inclusive development. But opportunity alone is not enough. The technologies and systems being built must be inherently safe and inclusive, and uphold fundamental human rights from the ground up. This article explores how recent updates to the DPG Standard and the Universal DPI Safeguards Framework are working in lockstep to nurture a cohesive ecosystem where technologies originating from the DPG community are designed to be safe and inclusive by default.The DPG Standard serves as the global benchmark for recognizing not only digital public goods, but technologies that can be safely adopted, adapted and scaled to advance sustainable development. To qualify as a DPG, a solution must be open source, contribute to advancing SDGs, and meet rigorous additional criteria outlined across nine indicators in areas such as licensing, documentation, privacy, security, and platform independence. Recent updates to the DPG Standard establish a stronger, more explicit safety-by-design foundation. The revised criteria clearly articulate expectations for privacy, security and responsible AI, ensuring these safeguards are integral to how DPGs are assessed. As a result, technologies recognized as DPGs demonstrate, from the outset, clear baseline commitments to user protection, data transparency and accountability.The Universal DPI Safeguards Framework, first released in 2024 by the DPI Safeguards initiative is the result of extensive global multi-stakeholder consultations involving 44 working group members, global convenings, consultations with international organizations, and local in-country engagement. The Framework was updated in 2025 following feedback from the ecosystem to ensure its continued relevance and practicality. It provides a comprehensive, rights-based approach for governing and ensuring responsible DPI implementation across the whole DPI lifecycle. The Framework is structured around 18 Foundational and Operational Principles that are designed to mitigate risks grouped into three core categories: safety, inclusion, and structural vulnerabilities.

DPGA Launches Strengthened Privacy and Data Security Framework for Digital Public Goods Standard

In an increasingly digital world where data has become a critical asset, privacy and data security have emerged as fundamental rights and essential safeguards for individuals and communities. From healthcare systems and financial services, to educational platforms and humanitarian aid delivery, digital solutions handle vast amounts of sensitive personal information that require appropriate protection and responsible handling. For users of digital solutions around the world, robust privacy measures are not just important but an essential part of preventing exploitation, and mitigating harm.The Digital Public Goods Standard is a set of specifications and guidelines designed to maximise consensus about whether a digital solution conforms to the definition of a digital public good (DPG) as defined in the UN Secretary General’s Roadmap for Digital Cooperation. As part of this, in order to be considered a digital public good, solutions must be designed and developed to comply with privacy and other applicable laws (Indicator 7 of the DPG Standard) as well as to anticipate, prevent, and do no harm by design (Indicator 9). Recognising the importance of privacy and data security to achieve these aims, the Digital Public Goods Alliance is pleased to announce these updates to the DPG Standard. The updates introduce six new requirements as well as an annexure of privacy and data security best practices, which serve as a practical guide for applicants seeking to improve their digital solutions. These changes are the result of a consultative process and will strengthen the design and development of open solutions seeking DPG recognition. The criteria will apply to all new solutions seeking certification in the DPG Registry and will be collected from existing DPGs during their annual review. Formation of Privacy Expert Group for driving DPG Standard EnhancementIn April 2024, the DPGA Secretariat, in collaboration with the Open Knowledge Foundation, assembled a distinguished Privacy Expert Group comprising neutral privacy professionals from legal, technical and multilateral sectors. This expert group was specifically tasked with addressing critical gaps in privacy compliance within the existing DPG Standard and aligning DPGs with global best privacy practices.The expert group, co-led by DPGA Secretariat’s Standards Lead, Amreen Taneja, and Open Knowledge Foundation representatives, Renata Avila (CEO) and Patricio Del Boca (Technical Lead), worked alongside Thomas Shone from the Netherlands, Godfrey Kutumela from South Africa, Clarissa Luz from Brazil, Marie C. Bonnet from France, Puneet Bhasin from India, Emma Day from the United Kingdom and Aparna Bhushan from the United States. This geographic diversity ensured that the updated requirements could accommodate local legislation and regional privacy ecosystems while maintaining global applicability.The expert group focused on three objectives:1. Conducting a gap analysis and risk assessment to identify shortcomings in privacy compliance within the DPG Standard; 2. Defining clear parameters for privacy compliance under Indicator 7 to be embedded in the assessment process, with the aim of ensuring fair criteria for both small scale and larger DPGs; and3. Proposing an annex to Indicators 7 and 9(a) that sets out recommended best practices for privacy and data security, strongly encouraged for applicants to adopt.Privacy Requirements for the DPG StandardThe Privacy Expert Group's recommendations were submitted to the DPG Standard Council as part of the Standard's governance process. The Standard Council reviewed and adapted these recommendations, ensuring they could be effectively incorporated into the DPG review process while maintaining accessibility for applicants.The updated requirements, now mandatory for all DPG applicants, are structured around six fundamental privacy concepts that are be addressed through specific questions in the application process. These questions are designed to extract critical information traditionally found in extensive documentation such as Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and Data Retention Policies that would be required by the DPG Review team for assessing the design and development aspects of the product, while ensuring the process remains accessible to applicants ranging from large organisations to small scale innovators.Six New Privacy Considerations for DPG Applicants1. Data Minimisation: Applicants must now answer: ‘Is this the minimum amount of PII data required for your solution to function properly?’ This question ensures alignment with global privacy regulations like GDPR (General Data Protection Regulation), by demonstrating that DPGs collect only the minimum amount of Personally Identifiable Information (PII) necessary for functionality, particularly important when serving vulnerable populations.2. User Consent Mechanisms: The application process now requires responses to: ‘How does your solution communicate to the user that you are collecting their PII data?’ This addresses the critical need for transparency in obtaining and managing user consent, ensuring compliance with frameworks such as GDPR and the California Consumer Privacy Act (CCPA) while empowering users to make informed choices about their data.3. Data Usage Transparency: Two key questions in the application process address this aspect: ‘Please provide your privacy policy or any relevant documentation that outlines consent management procedures, the reasons for collecting and processing PII data, and any processes in place for handling subject requests.’ and ‘Where in the solution is PII data being processed or used? And which components of the solution allow access to this data?’. These questions ensure that applicants clearly articulate their data practices, demonstrating compliance with the principle of purpose limitation and operational transparency.4. Adherence to Privacy-By-Design Principles: Applicants must answer the question: ‘Which mechanisms does your solution provide to delete PII data?’ This question evaluates applicants’ readiness to handle data retention and deletion responsibly, highlighting mechanisms for addressing user requests and preventing indefinite data storage. Solutions with strong privacy-by-design features reflect a commitment to ethical data practices and regulatory compliance.5. Transparency Around Data Retention: Using the same question as privacy-by-design, this requirement ensures that solutions have clear data retention and deletion procedures, demonstrating compliance with regulations that mandate minimising risks associated with prolonged data storage while fostering trust among users, particularly in solutions serving marginalised communities.6. Data Governance and Access Controls: The question ‘Where in the solution is PII data being processed or used? And which components of the solution allow access to this data?’ also addresses the need for secure data management, ensuring that PII is protected against breaches and misuse through robust governance mechanisms that align with principles of data isolation and segregation.Best Practices Annexure LaunchedAlongside the mandatory requirements, we have released a comprehensive annexure of privacy and data security best practices that, while not mandatory, are highly encouraged for all DPGs. This detailed guidance document provides a practical roadmap for both small and large-scale open solutions seeking to align with industry standards.This annexure encompasses four critical areas of privacy and data security practices. 1. Privacy Governance and Accountability establishes policy-level best practices, including comprehensive privacy policies that align with international standards, consideration of non-PII and group data risks, and governance accountability measures such as designating Data Protection Officers and establishing independent ethics review processes.2. Compliance Documentation and Proofs provides guidance on essential documentation, including Data Protection Impact Assessments, data flow mapping, retention and disposal policies, security issue communication protocols, training records, and third-party vendor management. These documentation requirements ensure that DPGs maintain comprehensive records of their privacy practices and can demonstrate compliance when required.3. Technical and organisational safeguards outline best practices for implementation requirements for minimum data protection controls, including robust authentication and access controls with role-based access and multi-factor authentication, comprehensive logging and auditing systems, state of the art encryption for data in transit and at rest, systematic vulnerability management, data isolation and localisation measures, and privacy enhancing technologies such as differential privacy and federated learning.4. Lifecycle Management and Oversight ensures that privacy considerations are embedded throughout the entire data lifecycle, including ongoing risk monitoring, audit readiness, and change management processes that assess privacy and security implications during product updates.How Privacy Enhancements Strengthen the Digital Public Goods EcosystemThese enhanced privacy requirements represent a significant advancement in ensuring that DPGs anticipate, prevent, and do no harm in the design and development of their solutions. By embedding effective privacy safeguards into the design and development stages of DPGs, these updates enable DPGs to better serve users and communities while upholding critical privacy rights. The privacy-focused approach is particularly crucial for DPGs serving vulnerable populations, who face heightened risks from data misuse or unethical practices. Aligned with global privacy standards, these updates aim to strengthen the credibility and long-term sustainability of digital public goods, making them more trustworthy to partners, funders, and international initiatives. They also establish privacy compliance as an integral part of DPG evaluation, reinforcing both operational efficiency and ethical practice across the ecosystem.As DPGs play an increasingly vital role in advancing the UN Sustainable Development Goals, these enhanced privacy protections ensure they can fulfill their mission while maintaining the trust and confidence of the communities they serve. Through these comprehensive updates to the DPG Standard, we aim to lead the way in establishing ethical frameworks for digital development, ensuring that DPGs create maximum positive impact while upholding fundamental principles of privacy and security essential for sustainable global progress.