Open Principles

Foundational principles that guide how we design and deliver digital public services.

Adapt, Build, Buy

• Assess first: We begin by understanding the user and institutional needs, clearly defining the problem, and identifying existing demand before deciding what to create or procure.
• Adapt and reuse: Wherever possible, we adapt and reuse existing open-source, civic-tech, or government solutions that already meet part of the need.
• Build: We build new core capabilities only where sovereignty, standards, inclusion, or security require local control — or where no suitable solution exists.
• Buy: We buy solutions last, and only when they can be integrated using open standards, promote vendor diversity, and avoid lock-in. Tools like Wardley Mapping help this.
• Exception: Any deviation from this order must be justified through an assessment showing that reuse or local build is not feasible or cost-effective.
• All procurement related to DPI must comply with national procurement laws and open contracting standards (OCDS), publishing key deliverables, timelines, and IP arrangements for transparency and competition.

Open Source, Open Standards, Open Governance

• DSU-managed and government-developed code, APIs, and tools are open source by default, reusable across government and society.
• DSU curates and maintains the official repositories, reviewing contributions to ensure compliance with open standards, security, and accessibility requirements.
• We enforce open standards (OAuth2, OpenID Connect, OpenAPI, JSON Schema, and others) to ensure true interoperability.
• Our governance promotes public ownership, transparency, and collaboration in how services are built and improved.

Interoperability by Design

• Connected by default: Every product and service must work seamlessly across departments, spheres of government, and platforms.
• Common standards: APIs, data schemas, and authentication mechanisms conform to DSU’s open standards.
• Composable systems: Each new component strengthens, not fragments, the shared digital ecosystem.
• No new silos: If it can’t integrate, it doesn’t ship.
• Ecosystem first: Interoperability extends beyond government to include private, civic, and academic partners through secure and open interfaces.
• Where appropriate, DSU standards and APIs should align with regional and international DPI reference models to enable future cross-border interoperability.

User-Centricity and Inclusion

• Start with users: Every service begins with research into real user needs, especially those of underserved communities.
• Accessible for all: Services are mobile-first, low-bandwidth, zero-rated, and available in South Africa's official languages.
• Design for context: Interfaces and processes reflect South Africa's geographic, cultural, and socio-economic diversity.
• Evidence over assumption: Continuous usability testing and feedback loops drive iteration and improvement.
• Inclusive by design: Accessibility and inclusion are non-negotiable — they are success metrics, not optional extras.
• Design, testing, and implementation must include representation across gender, disability, age, and regional diversity, ensuring no group is digitally excluded.

Modular, Scalable, and Resilient Architecture

• Build in blocks: Systems are modular, reusable, and interoperable, enabling rapid delivery and independent scaling.
• Capability-driven design and architecture: Each building block represents a distinct reusable capability such as authentication, data exchange, or payments.
• Observable and secure: All infrastructure includes monitoring, logging, and incident response by design.
• Resilience through diversity: Avoid single points of failure through decentralisation, open APIs, and technology diversity.
• Cloud-neutral and portable: Platforms can run across multiple environments without dependency on any single vendor.
• Iterate safely: Components can be updated or replaced independently without breaking the wider ecosystem.
• All components should adopt green computing principles to reduce environmental impact.

Responsible Data Stewardship and Innovation

• Ownership and Stewardship: Clear responsibility for data collection, retention, and secure deletion.
• Quality and Integrity: Processes ensure accuracy, completeness, and validity of all data.
• Algorithmic Transparency and Accountability: Clear accountability for AI-powered services and their outputs.
• Responsible Technology Assessment: Assess societal, economic, and ethical impacts of software before deployment.

Data Protection and Privacy by Default

• Privacy built-in: Security and data protection are integrated at every stage of design and development.
• Ongoing Security Assurance: Regular security testing and timely remediation of identified flaws.
• User agency: People can see, manage, and consent to how their data is used and stored.
• Compliant and ethical: Adheres to POPIA and global best-practice safeguards.
• Open, peer-reviewed security: Open-source tooling and verifiable cryptographic standards.
• Secure Development Ecosystem: Secure tools, pipelines, and supply chain.
• Trust through transparency: Breach handling, consent flows, and data-sharing agreements are documented and published.

Public Ownership, Transparency, and Community Collaboration

• Public code, public value: Core government platforms are open source and publicly governed.
• Open governance: Design systems, APIs, and documentation are shared for reuse.
• Co-creation culture: Civil society, business, and academia contribute to services.
• Accountable delivery: Public roadmaps, changelogs, and dashboards show progress.
• Shared stewardship: Ownership is distributed across government.

Working in the Open

• Transparent by default: Plans, code, designs, and progress are visible unless restricted by law or security.
• Show the work: Roadmaps, metrics, and sprint outcomes are published regularly.
• Document and reuse: All assets (design tokens, templates, policy docs) are reusable.
• Collaborate in public: Updates, research, and post-mortems shared openly.
• Open loops, not closed rooms: Delivery through iteration, participation, and community contribution.