A bumpy road to becoming an open identity infrastructure: MOSIP Connect 2024 in retrospect

If you have been paying attention to digital transformation in the Global South in the past decade, you may have heard of Aadhaar, along with the Unique Identification Authority of India (UIDAI). Inspired by this system from which all residents of the world’s most populated country can obtain a 12-digit unique identity number, the Modular Open Source Identity Platform (MOSIP) was born in 2018 to provide governments with ‘open’ tools to build foundational ID systems.

As discussed in our earlier article, MOSIP was created with a motivation to break an entrenched pattern in the Global South where governments were often found susceptible to long-term exploitative contracts with vendors that offered proprietary software solutions to critical infrastructures. The impact of such vendor lock-in becomes particularly far-reaching when an infrastructure touches upon the most fundamental aspect of our existence - identity. 

Going into its sixth year, MOSIP has already gone beyond its initial scope of foundational ID and expanded into the digital credential stack and digital wallet. In March, it hosted the first edition of MOSIP Connect in Addis Ababa, Ethiopia, a gathering of implementers, partners, stakeholders, and friends, to discuss how to build open and collaborative identity ecosystems. This article covers our key takeaways from the event.

One is not destined to be small if it is aimed to enable governments to build Aadhaar-like foundational ID systems. By targeting countries in the Global South that are faced with similar challenges, such as a lack of modern IT infrastructure and a high percentage of impoverished population, MOSIP is creating a network effect among the low- and middle-income countries (LMICs) and becoming a top choice for many of them. Peru, which has a well-designed national ID system that is becoming outdated, was the most recent country that signed a Memorandum of Understanding with MOSIP (after they sent officials to MOSIP Connect).

MOSIP’s growing influence is not only achieved through the 10-plus countries that are at various stages of adoption but also through integrations with other open platforms, such as OpenCVRS and OpenG2P, which share the mission of freeing governments from proprietary software vendor lock-ins. MOSIP’s recent expansion into the digital credential stack and digital wallet has also signified its ambition to go beyond foundational ID and become an open identity infrastructure that provides end-to-end tooling from a national ID system to an individual’s use of a national ID for interacting with public and private sector services in their day-to-day life.

What’s worth noting is that MOSIP, according to its own statements, has adopted a standards-based approach to digital credentials and digital wallet by ‘adhering to the Verifiable Credentials (VC) Data Model’. Its participation in the OpenWallet Foundation as an Associate Member also signifies its intent to be in line with the global trend of building standards-based digital identity. However, as we would say about any other such effort, to what extent standards compliance is true as standards themselves are evolving fast, the market will put it to test when the time comes. Until then, all bets are off, and you may want to take self-proclaimed standard compliance with a grain of salt.

Digital identity has been under great scrutiny in recent years due to our growing activities in the digital realm since the COVID-19 pandemic and the potential consequences of its misuse for mass surveillance. On one hand, we are suffering from antiquated infrastructures, malfunctioning systems, and a growing power of AI that are putting us at serious risk of fraud and its associated financial loss, while on the other hand, we freak out about the idea of being tracked in every single aspect of our life as it gets exponentially digital. Both sides are not wrong, and there are no quick fixes to any of those problems.

However, what we do know is that people often take good infrastructures for granted until they start to receive real benefits that would not have existed without such infrastructures. MOSIP is doing a decent job demonstrating its value by supporting the delivery of tangible benefits to end users. Having integrated with OpenG2P, also hosted at IIIT (International Institute for Information Technology) Bangalore, MOSIP enables governments implementing MOSIP-based national ID systems to deliver benefits to intended individuals securely and promptly by leveraging the readily available OpenG2P registries and digital cash transfer delivery systems.

OpenG2P was initially created by the government of Sierra Leone to efficiently deliver payments to critical health workers, who were otherwise going on strike due to overdue payments, during the 2014-2016 Ebola outbreak. In response to the increased need for effective and efficient cash transfers to frontline workers and vulnerable groups during the COVID-19 pandemic, OpenG2P evolved to become a DPI (Digital Public Infrastructure) by providing a set of open-source building blocks for governments and humanitarian organisations to deliver benefits to people. MOSIP found a position in the OpenG2P ecosystem by becoming a critical identity management tool, which every sound payment delivery system needs.

MOSIP has been facing sustainability challenges as many other DPI projects do too. Yes, open standards and open-source projects normally mean that the standards and code bases are freely accessible by all. But the development, maintenance, and deployment of them are hardly free - someone has to pay for it. MOSIP can make the cost for countries to run a MOSIP pilot USD 0 because they have funding from big donors to support such efforts. Will they be able to do it forever? Anyone who has an idea of the harsh realities of money would not answer yes.

Many open technology projects shy away from even thinking about business models from day one due to the misconception that business = profit-seeking and open = free. Non-profits also require good business models so they can continue to do what they do and scale their impact. Open technology projects need sustainable financial resources to stay open and relevant to the market and audience they intend to serve. What makes the business and money problems more challenging for a DPI project is that the conventional corporate membership and sponsorship models may not work.

So what’s next? How about a proper market analysis of the open technology space and a deep dive into the business of MOSIP? What is often overlooked and under-discussed in the money conversations for open technology projects is the complexity of operating them, e.g. the governance, the code contribution, the community development, the stakeholder engagement, the public communications, and more. Without unravelling this complexity, the space as a whole will not come to an effective strategy to outcompete the covetous proprietary software vendors.

Last but not least, let’s talk about MOSIP vs. eIDAS. We are comparing apples to oranges but there is value to it.

MOSIP is essentially an open technology platform no matter how big it grows. The countries adopting MOSIP will have to apply their own governance and policies to it, and they are not legally bound by MOSIP to deliver any cross-border commitments among themselves (at least not according to our knowledge). So the nature of the MOSIP identity ecosystem is more technical.

eIDAS is first and foremost a regulation established by the European Union (EU) through its democratic processes. In line with the regulation, there is a suite of ‘procedural arrangements, technical specifications, and operational requirements for electronic identification and trust services’ across all EU member states. The ‘eIDAS identity ecosystem’, including the open technology infrastructure for it such as the EU Digital Identity Wallet, is more political in nature and faces very different challenges from MOSIP. However, both are confronted with very similar real-world adoption problems. Countries implementing MOSIP can draw from the regulatory experience of the EU and its Member States, particularly the lessons learned from the eIDAS 1.0 to 2.0 evolution, while the EU can also learn from successful MOSIP adoption stories where foundational ID systems bring about tremendous benefits for both public and private sector players as well as end users.

The comparison between MOSIP vs. eIDAS again speaks to the need to understand how critical open identity infrastructures in the world are being developed and rolled out. Identity is not a government only problem - finding effective approaches to building and maintaining identity infrastructures in an open, collaborative manner across sectors lies in the best interests of everyone.

About Lucy Yang

Lucy is the Managing Partner of Identity Woman in Business, a decentralised identity consultancy. She also independently consults with the United Nations Development Programme and leads the development of Regi-TRUST, a digital trust infrastructure project. Lucy holds an MBA from the University of Toronto and co-authored Getting Started with Self-Sovereign Identity (SSI).

About Kaliya Young

Kaliya Identity Woman is a leading expert in decentralised identity. She co-founded the Internet Identity Workshop and was named one of the most influential women in tech by Fast Company. Kaliya had a Master’s Degree in Identity Management and Security from the University of Texas at Austin. She wrote the Domains of Identity and co-authored Getting Started with SSI.

About Identity Woman in Business

Identity Woman in Business is a boutique consulting firm with a global reach. It specialises in the business strategy, standards development, and technical implementation of Decentralised Identity as well as facilitating cross-industry, cross-sector collaborations in identity ecosystem building. It is committed to helping governments, industry organisations and organisations of all sizes succeed in investing in the new generation of identity infrastructure and systems.