MyMzansi

• Assess first: We begin by understanding the user and institutional needs, clearly defining the problem, and identifying existing demand before deciding what to create or procure.
• Adapt and reuse: Wherever possible, we adapt and reuse existing open-source, civic-tech, or government solutions that already meet part of the need.
• Build: We build new core capabilities only where sovereignty, standards, inclusion, or security require local control — or where no suitable solution exists.
• Buy: We buy solutions last, and only when they can be integrated using open standards, promote vendor diversity, and avoid lock-in. Tools like Wardley Mapping help this.
• Exception: Any deviation from this order must be justified through an assessment showing that reuse or local build is not feasible or cost-effective.
• All procurement related to DPI must comply with national procurement laws and open contracting standards (OCDS), publishing key deliverables, timelines, and IP arrangements for transparency and competition.

• DSU-managed and government-developed code, APIs, and tools are open source by default, reusable across government and society.
• DSU curates and maintains the official repositories, reviewing contributions to ensure compliance with open standards, security, and accessibility requirements.
• We enforce open standards (OAuth2, OpenID Connect, OpenAPI, JSON Schema, and others) to ensure true interoperability.
• Our governance promotes public ownership, transparency, and collaboration in how services are built and improved.

• Connected by default: Every product and service must work seamlessly across departments, spheres of government, and platforms.
• Common standards: APIs, data schemas, and authentication mechanisms conform to DSU’s open standards.
• Composable systems: Each new component strengthens, not fragments, the shared digital ecosystem.
• No new silos: If it can’t integrate, it doesn’t ship.
• Ecosystem first: Interoperability extends beyond government to include private, civic, and academic partners through secure and open interfaces.
• Where appropriate, DSU standards and APIs should align with regional and international DPI reference models to enable future cross-border interoperability.

• Start with users: Every service begins with research into real user needs, especially those of underserved communities.
• Accessible for all: Services are mobile-first, low-bandwidth, zero-rated, and available in South Africa's official languages.
• Design for context: Interfaces and processes reflect South Africa's geographic, cultural, and socio-economic diversity.
• Evidence over assumption: Continuous usability testing and feedback loops drive iteration and improvement.
• Inclusive by design: Accessibility and inclusion are non-negotiable — they are success metrics, not optional extras.
• Design, testing, and implementation must include representation across gender, disability, age, and regional diversity, ensuring no group is digitally excluded.

• Build in blocks: Systems are modular, reusable, and interoperable, enabling rapid delivery and independent scaling.
• Capability-driven design and architecture: Each building block represents a distinct capability, such as authentication, data exchange, or payments, that can be reused across services. Over time, this approach will reduce or eliminate overlap between systems and ensure government invests once in shared capabilities that serve many.
• Observable and secure: All infrastructure includes monitoring, logging, and incident response by design.
• Resilience through diversity: We avoid single points of failure through decentralisation, open APIs, and technology diversity.
• Cloud-neutral and portable: Platforms can run across multiple environments without dependency on any single vendor, with portability designed to be rapid and low-effort through containerisation and infrastructure-as-code.
• Iterate safely: Components (or vendors/partners) can be updated or replaced independently, without breaking the wider ecosystem.
• All components should adopt green computing principles, prioritising energy-efficient hosting, responsible procurement, and reuse to reduce environmental impact.

• Ownership and Stewardship: We know who is responsible for the data collected and managed and have clear policies for data owners on data retention and secure deletion.
• Quality and Integrity: We provide robust processes to help data owners maintain the accuracy, completeness, and validity of all data in our ecosystem.
• Algorithmic Transparency and Accountability: Where AI-powered services are used to know how algorithms operate have clear lines of accountability for their outputs.
• Responsible Technology Assessment: We conduct thorough assessments of the potential societal, economic, and ethical impacts of software before its deployment.

• Privacy built-in: Security and data protection are embedded in every stage of design and development, not retrofitted later.
• Ongoing Security Assurance: We conduct regular security testing, vulnerability assessments, and promptly remediate identified flaws.
• User agency: People can see, manage, and consent to how their data is used, shared, and stored. Individuals have the right to know how their data is used, request correction or deletion where appropriate, and seek redress for misuse. Departments must provide transparent, accessible complaint mechanisms for digital public services.
• Compliant and ethical: All systems adhere to POPIA and global best-practice safeguards such as DPI and privacy-preserving design.
• Open, peer-reviewed security: Use open-source, verifiable tooling and cryptographic standards wherever possible.
• Secure Development Ecosystem: Our development tools, pipelines, and the entire software supply chain are secured.
• Trust through transparency: Breach handling, consent flows, and data-sharing agreements are documented and published.

• Public code, public value: Core government platforms (MyMzansi, GOV.ZA, data exchange) are open source and publicly governed.
• Open governance: Design systems, APIs, and documentation are shared for reuse across government and society.
• Co-creation culture: Civil society, business, and academia participate in building, testing, and improving services.
• Accountable delivery: Public roadmaps, changelogs, and performance dashboards show what's being built and why.
• Shared stewardship: Ownership extends across government — the DSU convenes, coordinates, and enables, not controls.

• Transparent by default: Plans, code, designs, and progress are visible internally and externally unless restricted by law or security.
• Show the work: Roadmaps, metrics, and sprint outcomes are published regularly to build public trust and learning.
• Document and reuse: Every output — from design tokens to policy templates — is reusable and documented.
• Collaborate in public: Teams share updates, user research, and post-mortems openly to invite feedback and learning.
• Open loops, not closed rooms: Delivery happens through iteration, participation, and community contribution.

MyMzansi's Open Principles