The Datasphere Initiative convened a Global Sandboxes Forum (GSF) Insight Session to mark the official launch of its latest report, “Sandboxes for DPI: Co-creating the blocks of digital trust”. The event gathered policymakers, technologists, and civil society leaders to examine how structured experimentation can support the responsible development of Digital Public Infrastructure (DPI).
“The world has never been as connected as it is today, but also, it has never been as divided”. Lorrayne Porciuncula, Executive Director of the Datasphere Initiative, opened the session with this observation to establish the policy context of the event. She utilized this premise as the foundation for a discussion on how technology can support a more sustainable and inclusive digital world, specifically examining how sandboxes and Digital Public Infrastructure (DPI) can foster responsible and constructive digital ecosystems.
A sandbox, as defined by The Datasphere Initiative’s “Sandboxes for DPI” report, is a controlled learning environment designed for structured experimentation under defined governance frameworks, time frames, and built-in safeguards to support iterative, multi-actor collaboration and evidence-based decision-making.
Providing the first-ever global mapping of its kind, the newly launched report analyzes 16 sandbox initiatives worldwide and establishes the first formal definition for DPI sandboxes. The findings reveal that governments are increasingly utilizing hybrid sandboxes “upstream”, that is to stress-test foundational infrastructure before population-scale deployment. By treating these DPI sandboxes as “laboratories for trust,” the report argues that policymakers can proactively identify regulatory and technical gaps and prevent “silent failures”, situations where technically functional systems unintentionally harm or exclude marginalized groups.
Navigating DPI risks: global consensus and AI-powered implementations
The ensuing panel discussion centered on a core dilemma highlighted by Porciuncula: how nations can leverage DPI to participate in the global digital economy while maintaining the strategic autonomy necessary to protect their citizens. To move this conversation from theory to practice, a panel of international experts took the floor to share their firsthand experiences in governing rapid digital transformations and addressing the socio-technical realities of population-scale systems.
A live survey conducted during the session revealed that the majority of the participants believed sandboxes could help advance DPI by building trust through participation, collaboration and transparency. Risk identification is another benefit of DPI sandboxes highlighted by participants, which diminishes privacy concerns and prevents rights violations and exclusion.
The guest speakers expanded these ideas by sharing their views and experiences on how AI sandboxes are a pathway for building trustworthy DPI in a much faster and reliable way. During the session, participants had the chance to learn more about active DPI sandboxes around the world. Two examples were a sandbox for the development of corporate ID in Hong Kong, and another one supporting national digital identity and digital payments in India.
Replacing ‘move fast and break things’ with purpose-driven safeguards
Carolina Rossini, co-founder of The Datasphere Initiative, Public Interest Technology Initiative at University of Massachusetts Amherst, and Adjunct Professor of Law at Boston University, outlined the role of sandboxes as a transition from outdated, linear policymaking to “agile governance”. Rossini understands that traditional regulatory models are no longer sufficient, as they were built for slow-moving sectors.
The professor cautioned against the tech industry’s traditional “move fast and break things” mentality, arguing that rapid, unchecked deployment can actively harm public infrastructure. Reinforcing the concept of “laboratories for trust,” she emphasized that without systemic confidence, citizens will simply opt out of digital ecosystems like e-commerce and digital IDs. To secure this essential public trust, she argued that sandboxes must actively convene diverse stakeholders to address the specific socio-technical realities, fears, and challenges of the communities the technology will serve.
“[…] Government, policy makers and even the technology developers, which a lot of times come from outside the country, would have this space to understand better what are those social-technical realities of that community they are trying to attend.”
Rossini outlined three “non-negotiables” required for sandboxes to truly serve the public interest:
- Multi-stakeholder governance: governments must be accountable for bringing civil society, independent experts, and representatives of marginalized communities into the testing and design process;
- Privacy, data protection, and the use of “real data”: effectively testing AI often requires safe access to real data (via anonymization or remote access) rather than synthetic data;
- Independent oversight and time limits: Sandboxes must operate under clear timeframes, be subject to independent review, and establish strict pathways for documenting and sharing policy learnings.
Balancing cross-border interoperability with local inclusion
Adesh Khadka, Joint Secretary at the Ministry of Communication and Information Technology of Nepal, detailed the real-world challenges of governing rapid DPI transformations. Nepal has successfully rolled out, alongside a vibrant private digital payment system, a national digital ID to nearly 90% of its eligible citizens.
He drew attention to the challenges in the endeavor: on one side, there is a strong political and citizen mandate for rapid service delivery and digital transformation; on the other, there is an urgent need to maintain public trust. Since DPI and AI represent massive unknowns for government hierarchies, the speaker emphasized experimentation as the only viable way to safely introduce technology.
Khadka cautioned against a top-down approach to digital regulation, arguing that governments cannot simply dictate safeguards and that sandboxes must be collaboratively designed to be effective. This corroborates with the need for careful technological experimentation to ensure that barriers like language, connectivity, and terrain do not result in the exclusion of vulnerable citizens:
“For a nation like Nepal, where there are a lot of local languages, a lot of terrain problems, and connectivity problems, how do we make sure that a lot of citizens, especially in the rural and underserved areas, are not left out when we introduce this technology?”
To Khadka, when developing sandboxes for DPI, it is important to have this question in mind so the technology actually serves the people of his country. He concluded stressing the importance of using sandboxes to nurture local tech ecosystems rather than relying entirely on foreign vendors, ensuring that developing nations maintain control over their own critical infrastructure.
Transparency and attention to regulation details are key for sandboxes
Anthony Carmoy, Technical Director at the France Identité program for the European Digital Identity (EUDI) Wallet, emphasized the technical challenges of ensuring that a French digital wallet is recognized securely across all EU member states.
Carmoy believes this is a massive challenge for the EUDI Wallet, and this is why experimentation cannot happen in isolation. Through “interop events” (where wallets, credential issuers, and verifiers test against each other in real-time), regulators can catch subtle technical incompatibilities that could otherwise cause cross-border failures. The idea is to prevent even the smallest differences from emerging when two systems implement the same standards, since this would be enough to cause failures.
With those challenges in mind, he emphasized that having a regulation or a written standard is not enough to ensure a system works:
“Basically, the gap between different specifications and real-life implementation can be sometimes big, because standards are written on the paper, but when it comes to implementing it, that’s where you might face some issues, some differences in the interpretation of specific fields.”
This is why Carmoy views sandboxes as far more than just technical testing grounds, arguing that for a digital identity wallet to actually be useful, it needs buy-in from private sector actors (like banks and insurance companies) who will act as verifiers.
He concluded by stating that for sandboxes to help the entire public-private ecosystem mature together, it needs absolute transparency in government implementation choices. For Carmoy, this openness not only builds trust with citizens but also serves as a foundational example for other nations.
Sandboxes and safe development of DPI
By the end of the session, the participants agreed that sandboxes represent a shift toward agile governance, helping regulators spot “silent failures” (such as algorithmic bias and the exclusion of marginalized groups) early in the process of developing technology.
Nevertheless, ensuring meaningful engagement from all stakeholders, especially civil society, was named the major challenge for DPI sandboxes. To address these ongoing challenges, Lorrayne Porciuncula closed the session by announcing that the Datasphere Initiative’s next report will focus on understanding private sector incentives for participating in sandboxes.
Read the official Sandboxes for DPI report: https://www.thedatasphere.org/datasphere-publish/sandboxes-for-dpi/
