Beyond Source Code: The Case for Government Open Source Program Offices in the Context of Digital Public Infrastructure

Abstract

Digital Public Infrastructure (DPI) promises to reshape societies by delivering vital services like identity and payments. However, history shows that simply deploying open source code is not enough to ensure DPI's long-term sustainability, trust, and scalability. Drawing on 25 years in enterprise open source, this article argues that governments must learn from the private sector's playbook: establishing Open Source Program Offices (OSPOs). These offices are strategic, acting as the essential connective tissue between government, citizens, and the global open source ecosystem to build DPI that truly endures as a public good.

Introduction

Digital Public Infrastructure (DPI) is the backbone of modern societies. Systems for identity, digital payments, and data exchange form the foundation for how citizens access services, businesses grow, and countries participate in global markets. When DPI works, it expands financial inclusion, lowers costs, and drives innovation. If it fails, nations risk vendor dependency, fractured ecosystems, and citizens locked out of essential services.

I’ve spent 25 years in enterprise open source, and I’ve seen this dynamic play out repeatedly. Companies that ignored open source ended up being over-committed to proprietary solutions, lost leverage, paid more as they scaled, and struggled to innovate. On the other hand, those who embraced open source gained flexibility, talent, influence, and growth. This lesson translates directly to the public sector, but the stakes are exponentially higher because failure affects entire populations.

In an earlier article, I argued that openness is the foundation for any successful DPI initiative. But openness alone is not enough. During a recent conversation with Sanjay Jain of the Gates Foundation , he raised a pivotal question: What role could Open Source Program Offices (OSPOs) play in advancing the adoption and contribution of open source building blocks for DPI? His question goes straight to the heart of the matter. Deploying open source software is not the same as sustaining it. What governments need is the institutional capacity to steward, adapt, and govern these systems. If governments want DPI to last, they need OSPOs at the center of their strategy. 

Why Openness Matters for DPI

To start with, we cannot regard DPI as another “IT modernization” project. It is a critical layer of national infrastructure. The World Bank’s G2Px initiative has shown how digitized payments can accelerate poverty reduction and empower citizens [1]. The MOSIP (Modular Open Source Identity Platform) project demonstrates how open source identity solutions can be adapted by multiple countries, like Morocco and the Philippines, rather than each nation building a proprietary system from scratch.

The risk is evident: if governments adopt proprietary platforms or tie themselves to a single vendor, they lose bargaining power, experience higher costs, risk interoperability, and a slowing innovation pipeline. An open source approach changes the game (as it did for every technology sector and industry since the early 2000s). It makes DPI transparent, flexible, and resilient. Citizens and businesses gain trust because systems can be audited, and governments retain leverage because they’re not dependent on a single vendor. However, there is a critical gap to be mindful of: openness does not govern itself.

The Sustainability Gap

The hardest part of DPI is keeping it alive. We've all seen it before: a government celebrates a flashy pilot, only for the project to stumble at scale due to shifting politics, lost funding, or a lack of in-house talent to maintain it. Open source mitigates this risk by spreading costs and innovation across countries and vendors. Sustainability isn’t automatic in that sense and requires intentional investment in local developer ecosystems, career pathways for public sector technologists, and open source requirements embedded into procurement contracts. This is the exact capability an OSPO is designed to provide. OSPOs did precisely that in enterprises, and we can replicate their success in government. 

The Enterprise OSPO Playbook

Enterprises have already developed a tested playbook for this challenge. The lesson isn’t that government should copy-paste or replicate corporate structures, but that the model is proven and must be adapted in a new environment (ie, Governments and DPI). OSPOs emerged as the function that helps organizations navigate the open source ecosystem, ensuring compliance, encouraging contributions, and aligning strategy with community work. This is now a standard practice: The Linux Foundation 's and the TODO (OSPO) Group 2023 State of the OSPO report found that over 70% of Fortune 200 companies have an OSPO or equivalent function, primarily to mitigate risk and drive strategic value. They didn't do this because it was trendy; they did it because open source became mission-critical to their competitiveness.

Let's look at the patterns:

• Trust through transparency: Google open sourced Kubernetes and hosted the project in the Cloud Native Computing Foundation to open the development roadmap and invite collaboration. This transparency built the trust that made Kubernetes the de facto global standard for container orchestration. DPI projects require the same trust, which must be earned through open governance, open collaboration, and auditable systems. [A brief post on Google’s open source leadership: https://lnkd.in/dT9PM_zi]
• Scalability and impact through contribution: Intel’s influence in the Linux kernel comes from decades of consistent engineering contributions since the early 2000s, when Intel established the Open Source Technology Group to focus on open source (the equivalent of the modern-day OSPO). OSTG ensured its hardware was well-supported, benefiting the entire ecosystem. For DPI, tapping into national and regional developer talent through clear contribution pathways creates resilience beyond any single vendor.  [A brief post on Intel Corporation’s OSPO: Driving Innovation and Ecosystem Growth https://lnkd.in/dN2wTF5s]
• Longevity through ecosystem building: IBM’s significant investment in Linux in the early 2000s, managed through its Linux Technology Center (LTC), was sustained by community participation and open source foundation support. This ensured its longevity far beyond any single product cycle. DPI needs similar institutional scaffolding to ensure continuity beyond political cycles. [A brief post on IBM’s Open Source Strategy: Powering the Enterprise with Hybrid Cloud and AI: https://lnkd.in/dmhdNbBr]

With such (OSPO) structures, DPI becomes a living infrastructure that evolves with society’s needs.

Enter the Government OSPO! 

The Government OSPO: A Strategic Enabler & Trust Builder

A government OSPO is the nerve center for managing open source strategy and execution. It evolves from a compliance function into a strategic powerhouse.

Imagine a government OSPO that:

• Defines open source policies across ministries, preventing each department from reinventing the wheel on licensing or security. It builds local talent and ensures continuity long after external consultants move on, breaking the cycle of vendor dependency.
• Ensures a country can collectively contribute to global DPI platforms like MOSIP or Mojaloop, avoiding fragmented, duplicative efforts. It creates clear on-ramps for local developers, startups, and NGOs to improve building blocks rather than just forking them.
• Institutionalizes trust as part of its core mission. Transparency isn’t the same as trust. Simply publishing code doesn't guarantee credible governance. An OSPO makes transparency systematic. It provides a permanent channel for dialogue with civil society, academia, and global partners, ensuring accountability is durable and not dependent on individual leaders. It is the institutional home for building the public's trust.

Call to Action

The case for open source in DPI is strong. What’s missing is institutional commitment. Governments cannot afford to treat open source as an “implementation choice” that ends at launch when the systems are up and running. Governments need structures to maintain, expand, and grow systems built on top of open source software, and OSPOs are that structure. We have several proof points already: 

• MOSIP demonstrates global adaptability. 
• Mojaloop shows how open payments platforms can scale financial inclusion. 
• Campaigns like 50-in-5 are mobilizing to help 50 countries build DPI by 2028. 

If countries want their DPI to endure, they must go beyond adoption. They must create the institutional scaffolding to sustain it.

The lesson from the enterprise world is clear: the companies that invested in OSPOs became leaders in the ecosystems that powered their growth. They saved costs, reduced risk, raised the bar with every interaction and contribution, and drove innovation.

The question Sanjay Jain asked captures the crux of the issue. The answer is straightforward: OSPOs are how governments move from being consumers of open source DPI to being stewards and co-creators of it.

Without OSPOs, DPI risks becoming another round of pilots and vendor contracts. With OSPOs, it becomes a durable public good. If your government is serious about building a lasting DPI, it’s time to invest in the institutions that govern the technology. An OSPO is a combination of a technical office, a strategic enabler, a sustainability engine, and a trust-building institution. If governments get this right, DPI will serve citizens today and adapt to create public value for decades to come.

Who said OSPOs are boring? :-)

About the Author

Dr. Ibrahim Haddad is Head of Infotainment at Volvo Cars. He previously served as Vice President of Strategic Programs at the Linux Foundation, where he was Executive Director of LF AI & Data and the founding Executive Director of the PyTorch Foundation. In these roles, he led global open source AI initiatives, scaling ecosystems, strengthening governance, and driving cross-industry collaboration among leading technology companies. Earlier, Dr. Haddad served as Vice President of R&D and Distinguished Engineer at Samsung Research. Throughout his career, he has held technical and leadership positions at Ericsson Research, Motorola, Palm, HP, and the Open Source Development Labs. He earned a Ph.D. in Computer Science from Concordia University (Montreal, Canada) and has lived and worked across North America, Europe, and Asia. (LinkedIn, Website)