Country x DPG MOU /LoI FAQs
Please see the MOU template here and the LOI template here
Q. What’s the overall legal framework of DaaS?
A. There are 4 parties involved in DaaS:
DaaS Country Partner - the Country department which is executing the DaaS package
DaaS DPG Partner - the DPG which is providing the DaaS product to be deployed in the country
Service Provider(s) - the entity(ies) that will deploy, maintain and provide the technical support during the pilot of DaaS
Advisor - the partner covering all advisory ( managerial, technical, legal etc)related to DaaS. For the first cohort, this will be the Centre for DPI.
These parties interact with each other in the following ways:
LoI or MOU between DaaS Country Partner and DaaS DPG Partner
MOU between the DaaS DPG Partner and the Service Provider
MOU or LoI between the DaaS Country Partner and the Advisor
Q. Why have we standardised a DaaS MoU at all for DPI Pilots across multiple countries and across multiple DPGs? Can’t we use an existing MoU template that may be country-specific or DPG specific?
A. The way DaaS pilots will scale in a safe and orderly manner across countries and various building blocks is via standardisation of both technical products as well as the legal and governance framework. The key advantages exist of leveraging a standard MoU are:
Accelerated Funding for Countries: The MoUs have been crafted in a manner that builds comfort for funders and DPGs on various topics, such as data governance; institutional ownership; timelines, etc. We can only guarantee speed of funding approval with the standard DaaS MoU.
Timely kick off of pilot: Existing MOUs or agreements may contain custom formats or clauses that are different from the standard MOU language provided. This customisation could delay the approval cycles for the DPG counterpart and disrupt the fundamental target of DaaS which is rapid deployments of DPI pilots.
Multi-DPI Scale Up Potential for Countries: Once a DaaS MOU is signed, annexes to same MOU can be reused by the country for additional DPI blocks offered by the same DPG in the future. Once an MoU draft is approved, it becomes a precedent for other departments in the country to use the same draft to deploy DPI blocks offered by different DPGs in the future.
However this is only a recommended option. In case a country, due to its legal and administrative contexts, require a different MOU, that can be considered by adding a country specific annexe
Q. How is this MoU designed to scale up to multiple countries with different contexts; different types of DPI products, etc?
A. Typically, the negotiation process for MOUs can act as roadblocks that delay rapid deployment. This is why in DaaS, we have created a standard MOU template that all parties can use to get swift approval from the legal teams and immediately trigger approval and execution cycles. The MOUs are designed keeping the best interests of the country at the forefront whilst allowing for an acceptable framework for DPGs housed in various institutional contexts. It allows for a range of DPGs and SPs to participate in the program, giving countries the optionality and agency to choose their partners without being locked in to a particular vendor. Depending on the specific DaaS product being deployed and the type of implementation (cloud-based, on-prem etc), a standardised annex can be added into the MOUs to reflect the details of the execution.
Q. Does this MoU change if I choose an on-cloud vs an on-prem locally hosted DPI?
A. No, it doesn’t. The choice of hosting the DPI (private cloud, public cloud, on-prem) is a choice for countries when deploying DaaS. A standardised annex is available for both options that can be incorporated into the MOU depending on the country’s choice.
Q. Does the MoU mention the specific Service Provider that will be deployed by the DPG in the country, along with their roles and responsibilities?
A: No, the MOU between the country and the DPG only lays a framework for DPGs to engage a service provider(s) to provide technical capacity and support for deployment in the local country context. The MoU is service provider agnostic. Please note that the selection of the Service Provider may happen after this Country-DPG MoU is signed and the SP may be adjusted/augmented if the execution cycles of the SP do not meet the benchmarks set by the DPG. The roles and responsibilities of the SPs are mentioned in a separate standardised MOU between the SP and the DPG.
Q. Will the Country-DPG MoU be available in a language other than English for countries for whom English is not the native language?
A: Since DaaS is a program offered globally, we have had to standardise the language in order to help in scale. Due to this, the standard language for MOU is English. However, the MOU can be translated into any language by the DaaS implementer for their own records and reference. Since it is difficult for us to check the accuracy of translated MOU, in case of a dispute, the English language MOU will be considered as the legal basis for the DaaS engagement and be the version of the MOU that is valid in the court of law.
Q: Why have an MOU between a country and a DPG, when it is not the DPG who will ultimately implement the product in the country, but rather the DPG will outsource it to a third party (service provider)?
A: The DPG is the ‘DaaS DPG Partner’ which means that it is the responsibility of the DPG to support implementation of the DaaS package in the country. To do so, it may utilise the support of a SP or multiple SPs to help with capacity building and technical execution through a separate MOU. Since the DaaS product is owned by the DPG, they will be responsible for training the SPs and ensuring that the deployment adheres to best practices.
There are multiple reasons for this:
1. Countries are assured to get long term support on the open source software like communications on sunset versions, backward compatibility upgrades on support community versions, community connects, etc. that can help ensure that the product is always adhering to the latest technology standards and industry best practices.
2. In the current DaaS design funders can’t directly fund countries and the money shall be routed through the DPGs to DPG trained and implementing svc partners. In future, there can be other models to route funds and similar MoU templates will emerge.
3. In this model, countries don’t have to go through time consuming RFP routes to pick implementation partners. They can quickly deploy DPI pilots to demonstrate proof of concept and proof of success for the products in their own contexts. Post the pilot, countries are expected to find long term svc partners as per countries processes.
4. DaaS is about packaging policy, procurement, core product software, pre-built / configured solutions, training etc. This MoU is a template to expedite roll out with equal balance of speed and of ensuring that a country's independence and sovereignty is protected.
5. In the current design, Svc Providers have a back to back MoU agreement with DPGs to ensure all obligations are delivered through them. This keeps all 3 parties (country + DPG + svc) aligned on the same track and moving efficiently.
Q. How does this MoU ensure data protection and privacy, along with cybersecurity in my DaaS DPI implementation?
The country owns the implementation. The data resides in servers , either on prem or on cloud, which are directly and totally controlled by the government. The data is encrypted at all levels. Neither the DPG nor the Service providers will have access to data , unless the country allows for a specific purpose for a specific time and that too under the watchful eyes of a country administrator
Q. How does this MoU protect against exogenous shocks, like a political or economic crisis that may prevent the progress of the pilot?
A. This MOU allows parties to pause or terminate the engagement in the event of political unrest, a breakdown in public order, natural disasters, natural, health or political emergencies, war or civil disorder or any governmental action that renders the performance of the terms of this MoU impossible. This allows all parties to safely pause or exit the engagement with least collateral damage, and perhaps, re engage when the situation warrants.
Q: What does CDPI/ EkStep get from this?
A: Nothing, in monetary terms. CDPI is a philanthropically funded organisation, and can thus, provide pro-bono support to countries to build their own DPI. DaaS is an easier path for countries to securely, efficiently deploy DPI which aligns with our mandate and mission of driving countries’ digitisation journeys. EkStep is a non-profit organisation that builds DPGs that contribute to DPI, such as AI Assistant which is a part of DaaS. They have a relationship with cloud providers and hyperscalers, as well as experience in high-scale ecosystem technological deployments to guide on design of standard artefacts, thus aligning with their mandate. The only request we frame for countries to ‘give us in return’ is their commitment to engage their best people and resources in order to help make this a successful project for themselves, and associated third parties who are putting a lot of effort into this.
Last updated