ICLE White Paper

The Governance of Digital Public Infrastructure: Case Studies

I. Introduction

The concept of digital public infrastructure (DPI) has gained cultural currency in recent years as a key component in strategies to reduce poverty and promote sustainable economic development. The concept appears to have been inspired by the so-called “India Stack,” the set of systems and rules developed by the Indian government that comprises:

• A digital identity system;
• An interoperable real-time digital-payment system; and
• A set of mandatory standards for data sharing.

The Gates Foundation, which committed in 2022 to spend $200 million to promote DPI,[1] describes it as “a set of digital systems that enables countries to safely and efficiently provide economic opportunities and deliver social services.”[2] The hope is that “[s]afe and inclusive DPI can ultimately help advance progress toward the Sustainable Development Goals and ensure that everyone can prosper, especially women and people with the lowest incomes.”[3]

The Gates Foundation notes that “DPI spans the entire economy, connecting people, data, and money in much the same way that roads and railways connect people and goods.”[4] In many respects, this is a useful analogy: just as roads and railways are supplied and regulated in different ways in different jurisdictions, the optimum delivery of DPI will also likely vary from place to place and from time to time.

This study considers some of the main ways that DPI is currently supplied and regulated, with the aim of adducing lessons for improving DPI implementation, with a particular focus on the role of government. Broadly speaking, while we find that government can play a constructive role, it is important to ensure that state involvement avoids crowding out the private sector, impeding competition and innovation, or improperly sharing sensitive information.

A. Ownership, Operation and Regulation

The Gates Foundation warns that:

Countries that allow a laissez-faire market approach to digital services risk becoming dominated by monopolies that charge high fees or having multiple systems that don’t interact. People, businesses, and the government itself will be exposed to risks that include fraud, cyberattacks, and illicit financial flows if well-governed, high-quality safeguards are not put in place.[5]

While these are legitimate concerns, it is important to consider them within the context of broader governance challenges, as there is also clearly a risk that government-run and/or controlled DPI systems may suffer from the same problems. Indeed, public-choice theory suggests that government-run systems will generally be less responsive to consumers, less dynamic, and more susceptible to political interference.[6] Moreover, they will likely reflect the priorities of whichever government is in power.[7]

The governance of DPI can be categorized according to who owns and operates the core systems, the internal operational rules, and the external regulatory framework.

1. The structure of ownership and operation

There are three models of ownership and operation: private, governmental, and hybrid or public-private-partnership (PPP). Considering each in turn:

• Privately owned and operated: In this model, private firms or industry consortia develop and operate the infrastructure, with the state’s role limited to regulatory oversight and setting the legal framework. Examples include mobile-money networks led by the telecommunications industry, such as M-Pesa; independent payment networks, such as Mastercard and Visa; and bank consortia, such as The Clearing House’s real-time-payments (RTP) system in the United States and EBA Clearing’s RT1 in Europe.
• Government-owned and operated: Under this model, a state or a state agency (such as the central bank) builds and runs the infrastructure and sets the rules directly. Examples include national digital-ID systems, such as India’s Aadhaar and Estonia’s e-ID; and central-bank-operated payment systems, such as Brazil’s Pix and the U.S. Federal Reserve’s FedNow.
• Public-private partnerships (hybrids): Hybrid (PPPs) comprise a wide range of mixed systems. In general, the government sets requirements, while the infrastructure is built and operated by private entities. Examples include Thailand’s PromptPay system, developed by the Thai Bankers Association and ITMX with backing from the central bank;[8] and India’s Unified Payments Interface (UPI), developed by the National Payments Corporation of India (NPCI), a not-for-profit company owned by a consortium of banks and the central bank, the Reserve Bank of India (RBI).[9]

2. Internal rules and external regulation

While DPI systems’ ownership and operational structures matter, an arguably more important determinant of their respective performance is the mix of internal governing structures, processes, rules, and relationships, and the nature of external regulation. Together, these factors determine how the DPI is directed, controlled, and held to account. The sections below delve more deeply into the interplay among ownership, control, regulation, and broader governance issues in the context of specific aspects of DPI.

B. Overview

The study proceeds as follows. Section II considers ID systems in more detail, comparing and contrasting two of the leading government-created ID systems, India’s Aadhaar and Estonia’s e-ID, as well as private alternatives. Section III looks at real-time digital payment systems, comparing systems in India, Brazil, Thailand, the United Kingdom, Europe, and the United States. Section IV considers which DPI models lead to more rapid adoption of bank accounts and digital payments, but cautions against drawing conclusions. Finally, Section v offers policy conclusions—arguing that, while digital infrastructure can clearly be transformative, its governance should minimize direct government involvement in competitive markets. We recommend that governments focus instead on enabling frameworks, and caution against viewing India’s UPI or Brazil’s Pix as one-size-fits-all models for other countries.

II. Digital-Identity Systems

One of the major costs that banks and other financial-services firms face when onboarding new clients relates to know-your-customer (KYC) requirements. Specifically, firms must verify the identity of customers to avoid impersonation (identity theft), fraud, and money laundering.[10]

But identity verification—proving that a person is who they say they are—can be challenging. In the United States, banks typically use multifactor authentication, requiring customers furnish some combination of their:

• Social Security Number (SSN);
• Driver’s license or passport; or
• Credit or debit card and/or a credit check.

Each of these factors can be checked against a set of separate registries, some run by the federal government (SSN, passports); others by state governments (driver’s licenses); and others still by private companies (banks, credit agencies). In principle, this combination of factors provides a powerful system for confirming identity. It is, however, still quite easy to spoof the system or create synthetic identities,[11] and the advent of generative artificial intelligence (AI) may potentially make the problem significantly worse.[12]

Over the past two decades, many jurisdictions have introduced digital IDs that rely on centralized registries—typically accessed via public-key infrastructure (PKI)—to verify the identity of citizens and other residents. In principle, such digital-identity systems offer a secure and effective means to verify a customer’s identity for KYC purposes, while requiring fewer pieces of information than multifactor authentication.

A. Estonia’s e-ID

Estonia pioneered a national digital ID in the early 2000s as part of its e-government strategy. Each citizen is allocated a unique identifier (UID) and receives a digital ID card (and now, a mobile-ID), which embeds the UID and connects securely to the government registry. The e-ID can be used for online authentication and legally binding digital signatures. While the system relies on a government-issued UID, it is implemented through cooperation with private technology firms and Estonia’s banking association. This governance model emphasizes security (each ID has certificates and uses PKI encryption) and universal acceptance: one ID to access virtually all services, from banking to voting.

The success of Estonia’s model is evident in the fact that 98% of citizens have the ID and use it frequently to interact with both public and private services.[13] Because the government provided a secure and trusted backbone, private companies don’t each need to develop their own login or KYC solutions; they rely instead on the national-ID infrastructure. This has saved costs and contributed to a thriving digital ecosystem. Concerns about independence are mitigated by the fact that, while the state runs the identity system, its use is nondiscriminatory and open to all providers equally.

Moreover, development and maintenance of the interoperable system used to access the registry, the X-Road, has been devolved to the Nordic Institute for Interoperability Solutions (NIIS), a joint initiative originally established by Estonia and Finland and now involving many partner governments. Meanwhile, the X-Road software itself is open source, and many private companies and individuals contribute to its ongoing development.

B. India’s Aadhaar

Aadhaar is a government-run universal-digital-ID program launched in 2009, through which each resident is issued a unique 12-digit identity number linked to their biometrics (fingerprint and/or face ID).[14] It is the world’s largest biometric-ID system, covering more than 1.4 billion people, or roughly 96% of India’s population.[15] Developed by the Unique Identification Authority of India (UIDAI), Aadhaar was designed with an open API (application programming interface) that allows both government agencies and private companies to authenticate identities online (with user consent).[16]

A recent survey found that Aadhaar has reduced the cost of undertaking KYC from around $12 per-person to just $0.06 per-person.[17] As such, Aadhaar has been one of the primary drivers of the recent dramatic increase in the proportion of Indian adults who hold bank accounts.

But Aadhaar has also faced notable privacy concerns stemming from reported security breaches and seeming abuse. One state government is alleged to have used the system to “clean up” voter-registration rolls, and while misuse by a political party has been alleged in another state.[18] Aadhaar has also faced challenges relating to biometric-identification failure. This, somewhat ironically, has most adversely affected the elderly and the poor, many of whom have been unable to receive food and other benefits when the system failed to recognize their fingerprint.[19] The closed-source nature of Aadhaar’s data-sharing layer also mean that it is not open to public scrutiny or improvement in the ways that X-Road.

C. Privacy-Preserving Systems for Verifying Identity

Most government-run digital-ID systems proceed from the premise that verification requires direct sharing of personally identifiable information (PII). By contrast, many private systems rely on proof points that do not necessarily entail sharing such information. For example, when connecting to a website using transfer-layer security (TLS), a web browser will share information about “you” (such as your IP address and a temporary public key generated during the “handshake”) that enables it to verify various relevant characteristics; these do not, however, usually include a user’s name or much of anything in the way of PII.[20]

A new generation of digital IDs developed in the past decade enable identity information to be confirmed via verifiable credentials without directly sharing PII (e.g., using zero-knowledge proofs to confirm, rather than share information).[21] This is likely to improve the speed and efficiency with which people are able to open and update their accounts with new, verified information, thereby reducing friction in the system.

Systems with an open-source data-sharing layer, such as X-Road, could easily be adapted to facilitate identify verification though zero-knowledge proofs (ZKPs)—i.e., with the registry acting as an oracle.[22] By contrast, the data-sharing layer of closed-source government-run systems like Aadhaar—currently built around sharing PII and/or confirming a user’s biometric identity—would have to be completely rebuilt to facilitate ZKP-based identity verification.[23]

D. Comparing ID Systems

The experience with Aadhaar and Estonia’s eID suggest that centralized digital-ID systems can be rolled out quickly, facilitating rapid expansion of access to financial and other services that necessitate identity verification, especially when the systems are mandatory and/or the incentives to adopt them (such as the availability of government benefits) are strong. But when such systems rely on sharing PII, and where the infrastructure employs inadequate security measures, they are open to misuse.

Moreover, centralized government-run ID systems with closed-source data-sharing layers are likely to suffer from technological lock-in due to the relatively slow rate at which governments respond to changes. As such, limiting the purpose of any government-ID system to a registry; requiring that registry to facilitate ID checks with the maximum degree of privacy protection; and imposing fines on the registry’s directors for breaches (or otherwise holding those directors liable) is likely to create the best incentives (on the part of the registry’s operators) to ensure the ID system maintains appropriate security protocols and data-minimization frameworks (including, e.g., limiting verification to ZKP systems).

Nonetheless, some critics have raised concerns that relying on a single authority for identity (underpinned by a UID), even if shared or “wrapped” using a ZKP, poses security risks and could weaken speech protections by undermining pseudonymity. For instance, even with a ZKP wrapper, a person’s unique identity will be traceable. [24] Ethereum founder Vitalik Buterin has suggested that pluralistic identities, requiring verification via multiple unrelated certificate authorities, offer a better solution. Such a system would effectively combine the multifactor authentication used in jurisdictions like the United States with the security of digital IDs and the privacy-preserving features of ZKPs.[25]

III. The Governance of Real-Time Payments

For consumers, perhaps the most visible aspect of DPI is the ability to send and receive money instantly by electronic means. In recent years, many countries have implemented real-time payment (RTP) systems that allow immediate credit-push fund transfers 24 hours a day. Broadly speaking, governance of RTP systems can be classified into three buckets: privately owned and operated, central-bank owned and operated, and hybrid public-private-partnerships (PPPs). But as with any taxonomy, bright lines can be challenging: some systems, such as the UK’s Faster Payments, are privately owned and operated but so heavily regulated that we have put them in the PPP category.

A. Private RTPs

Privately owned and operated systems emerge through a process of dynamic competition in response to perceived market demand. This is reflected in their internal governance structures; while these vary considerably, those that succeed typically adopt private-sector best practices.

In 2017, The Clearing House (TCH), the oldest banking association and payments company in the United States, launched its RTP network.[26] TCH is owned by about two dozen of the largest U.S. banks, meaning that RTP is a privately owned and operated network, although the Federal Reserve does play a supervisory role (and now, also, serves a competitor via FedNow). Despite having no government mandate or subsidy, RTP directly reaches about 70% of demand-deposit accounts (DDAs) and can reach up to 90% of DDAs via third parties.[27] RTP charges a flat $0.045 per-transaction fee for usage “with no volume discounts, no volume commitments and no monthly minimums to ensure that all financial institutions participate on the same terms.”[28] It also charges $0.01 for “request for payment” (rfp) messages, and a success fee of $0.10 if the rfp results in a credit transfer.

That same year, EBA Clearing (which is owned by major European banks) established RT1, a privately owned and operated pan-European RTP system. RT1 was launched Nov. 21, 2017—the same date the European Payments Council (EPC) introduced the SEPA Instant Credit Transfer (SCT Inst) scheme. RT1 is funded by a combination of joining fees (€30,000 per-participant); annual fees (€30,000 per-participant); and transaction fees (including a minimum quarterly fee of €2,500 for up to 5,000 daily transactions, and €0.002 per-transaction thereafter).[29]

These open and transparent systems are undergirded by rigorously established governance systems. TCH describes the governance of its RTP as follows:

Day-to-day management and operation of the network falls to The Clearing House’s management. Management’s performance is overseen, in turn, by The Clearing House’s two boards of directors, which are responsible for managing and overseeing the company’s business and affairs. To assist them in these responsibilities, the boards have established a number of committees, including an RTP Business Committee that advises management on many facets of the network, an Enterprise Risk Committee that exercises companywide oversight over risk management, and an Audit Committee that helps the boards ensure, among other things, reviewing the company’s financial statements and system of internal controls, the qualifications and independence of the company’s external auditor, and the company’s internal audit function.

The RTP Business Committee includes representatives from both financial institutions that have an ownership interest in The Clearing House and those that do not.

The Clearing House’s managing board of directors or the RTP Business Committee is responsible for approving changes to the network’s participation and operating rules.

In addition to the RTP Business Committee, The Clearing House has established a number of other bodies to ensure relevant stakeholder interests are considered in the governance of the RTP network. To that same end, it also participates in the Faster Payments Council, periodically solicits input on the RTP rules, and actively engages with regulatory agencies charged with responsibility for consumer protection and the safety and soundness of the financial sector.[30]

Such robust and inclusive governance structures, with clear accountability, enable private DPI systems to be innovative, as well as responsive to changes in market conditions. In addition, TCH’s RTP is subject to substantial oversight from U.S. government agencies, as it notes:

The Clearing House is highly-regulated, falling under the FFIEC’s Significant Service Provider (SSP) program with respect to its operation of the RTP System, as well as the EPN and Image Exchange Network services. Under the FFIEC framework, TCH is examined each year by a multi-agency team. SSP exams include a broad range of activities including governance, risk management, internal controls, information security, and financial condition. Additionally, TCH, as the operator of CHIPS, has been designated under Title VIII of the Dodd Frank Act as a systemically important financial market utility (SIFMU). Under this designation TCH is subject to continuous supervision by full-time, dedicated Federal Reserve examiners and CHIPS must meet Regulation HH’s enhanced requirements for SIFMUs. As all TCH payment services utilize a common infrastructure and fall under a common governance structure, TCH’s Title VIII supervision and standards benefit all TCH services.[31]

B. Government Owned-and-Operated RTPs

In government-owned and operated RTP systems, the broad governance framework is typically set via legislation, but the ministry or agency tasked with oversight and/or implementation often has considerable discretion to determine details. This may pose concerns when the agency responsible for implementation also regulates other payment systems. In such cases, conflicts of interest can result in regulations that inhibit competition and innovation.

Pix and FedNow are both run by the same entity that regulates payments. But there are important differences between them, both at a macro governance level and in the way that the potential conflicts of interest affect governance in practice. At the macro level, Pix was developed and is run by the same department of the Central Bank of Brazil (Bacen) that sets the regulatory framework for payment networks. By contrast, FedNow is run by the 12 regional Federal Reserve Banks under the oversight of the Federal Reserve Board of Governors. The board is tasked with ensuring the FedNow service operates in accordance with the Federal Reserve’s public-policy objectives and monitors FedNow for compliance with federal regulations and the Fed’s own internal standards. The implications of these differences for operational independence are explored below.

1. Pix

In the case of Pix, Bacen:

• mandated that all major banks and e-money providers must connect to Pix;
• set the fees for person-to-person transactions at zero; and
• set the fee for merchants at a minimal level.

Bacen’s stated rationale for these actions is that banks faced a collective-action problem and had little incentive to jointly build an inexpensive, interoperable RTP system, as Bacen claiming that they profited from card fees and proprietary transfers.[32] Such claims are difficult to reconcile with the U.S. experience with TCH’s RTP, which was built entirely voluntarily by a consortium of America’s largest banks (which are also the largest four-party payment-card issuers).

It also seems contrary to Pix’s primary intended purpose, which was to replace cash and increase financial inclusion.[33] Moreover, Pix’s success in achieving that objective has actually increased the use of other electronic-payment systems, such as credit cards.[34] If Brazilian banks actually opposed creating an interoperable faster payments system in order to maintain profits on existing revenue streams, they were being short-sighted.

Another possible explanation is that, in 2018, Bacen capped interchange fees on debit cards, setting a maximum rate of 0.8% and an average rate of 0.5%.[35] Since average rates had previously been approximately 1.4%, this reduced revenue to issuers by between $400 million and $1 billion.[36] It also created uncertainty: if Bacen was willing to impose price controls on debit-card payments, how would it respond to a new private RTP network? Would it also impose price controls on RTP transactions, thereby making it more difficult for the banks to recoup their investment?

The likely answer to that question materialized shortly before Pix’s rollout. In June 2020, Facebook announced a pilot version of WhatsApp Pay, which would enable anyone with a WhatsApp account and an account with one of four partner banks (Cielo, Banco do Brasil, Sicredi, Nubank) to make instant free account-to-account transfers using their debit card. Instead of embracing this interoperable solution, Bacen shut it down. It did so by issuing a new rule requiring any new payment scheme that “poses risk to the normal operation of retail payment transactions” to be approved by Bacen before it could be marketed.[37] Bacen issued that rule just a week after the new WhatsApp payment service was announced, and then immediately used it to suspend the new service, claiming that it was necessary to “preserve an adequate competitive environment” for mobile payments and to ensure the “functioning of a payment system that’s interchangeable [presumably this means interoperable], fast, secure, transparent, open and cheap.”[38]

Forcibly removing a competitor would appear an odd way to preserve “an adequate competitive environment.” Moreover, it is not clear that the WhatsApp system violated the obligations created by the new rule. While the service initially would have been available only to users with accounts at the four banking partners, it would almost certainly have been expanded; indeed, by the time it was permitted to launch in 2021, the partnership had already grown to nine banks.[39] It is difficult to escape the conclusion that Bacen created the new rule specifically to prevent WhatsApp from launching its payments system prior to the launch of Pix—at the expense of competition, innovation, and financial inclusion.

In sum, while Pix has expanded financial inclusion in Brazil and gained widespread adoption, it has done so, in part, by mandating participation and impeding competition. As such, it is likely less accountable and responsive than might otherwise be the case. One way to reduce these problems would be to transfer Pix’s ownership, control, and direct oversight to a separate operating entity that is not run by the same division of Bacen that regulates payment networks.

2. FedNow

Like other Federal Reserve services (e.g., Fedwire, FedACH), the FedNow service is priced according to the Monetary Control Act (MCA), which requires the Federal Reserve to recover the costs of providing payment services over the long run, rather than operating at a profit. FedNow charges the following fees (except for so-called “on-us” transactions, which are free because they are made within the same bank):[40]

• A monthly participation fee (currently $25) charged to each routing number (or endpoint) that participates in the service;
• Per-transaction fees (currently $0.045 per-credit-push transaction);
• Request for payment fees (currently $0.01); and
• Return ($1).

As a result, FedNow operates more like a private-sector competitor to TCH, identifying and seeking to fill niches, such as the long tail of financial institutions and the (potentially enormous) opportunity for business-to-business (B2B) payments.[41]

Nonetheless, FedNow’s $540 million development costs and $245 million annual operational costs are both probably higher than they would have been had the system been contracted out to the private sector.[42] In contrast, Bacen claims the cost of developing Pix was only $4 million, and that it costs about $8 million annually to run—both of which are surprisingly low.[43]

C. Hybrid (PPP) Systems

Governance frameworks vary considerably among hybrid PPPs. For example, Thailand’s PromptPay system—developed by the Thai Bankers’ Association and ITMX with backing from the central bank—has been granted considerable independence. While the Bank of Thailand sets default fees, individual participant banks are permitted to vary these.[44] One advantage of having the central bank as a sponsor is that PromptPay has been able to leverage both the Bank of Thailand’s international connections and the private sector’s international network to achieve unprecedented international interoperability.[45]

At the other end of the scale, state actors may be granted a seat on the PPP’s board and such expansive regulatory authority that it has effective control. For example, India’s UPI was developed by the National Payments Corporation of India (NPCI), a not-for-profit company owned by a consortium of banks, but the Reserve Bank of India (RBI)—which was not only the driving force behind UPI—has de-facto control.[46]

1. Thailand’s PromptPay

Thailand’s PromptPay is a PPP initiated by the Ministry of Finance (MOF) as part of its National e-Payment Master Plan. In part, the MOF’s objective was to digitize government-to-person (G2P) transactions—such as tax returns and social-welfare payments—in order to increase transparency and reduce costs. The key partners in PromptPay’s implementation were:

• Bank of Thailand (BOT), Thailand’s central bank and primary regulator for payment systems, which set the policy framework, regulatory standards, and guidelines for PromptPay. BOT also oversees the broader national payment landscape and ensures alignment with monetary-policy and financial-stability objectives.
• The Thai Bankers’ Association (commercial banks) and the Government Financial Institutions’ Council (government-owned banks) provided the infrastructure to link millions of customer accounts to PromptPay and manage real-time transaction volumes.
• National ITMX (Interbank Transaction Management and Exchange) developed and maintains the core technology that enables real-time transfers between different banks, acting as the central switching and clearing infrastructure for PromptPay.

Practically all Thai commercial banks and several non-bank payment-service providers now offer PromptPay services to their customers. They build user-facing apps and services (e.g., mobile banking) that integrate the PromptPay “proxy” feature, allowing individuals to link a mobile number or national ID to their bank account.

Banks pay National ITMX a setup fee to integrate with PromptPay, plus ongoing maintenance fees that vary by usage.[47] Transactions between accountholders at different banks also entail an interchange fee that is set by a committee comprising representatives of member banks.[48] Banks initially charged users a small per-transaction fee for person-to-person and small-business transfers, but most have now eliminated those fees (recovering the wholesale fees from other charges), while high-volume merchants pay a modest fee, such as 15 Baht/transaction.[49]

2. UK Faster Payments Service

The UK’s Faster Payments Service (FPS) was developed through collaboration among several key players in the banking and payments industry, with government playing a facilitating role. The primary organizations involved in establishing and launching Faster Payments include:

• The Payment Systems Task Force (PSTF)—led by the Office of Fair Trading (OFT), a government body—recognized the need to speed electronic payments in the UK and played a central role in pushing the banking industry to develop a faster, more efficient clearing system.
• A consortium of the largest UK retail banks provided the funding and governance to implement Faster Payments, including Barclays, HSBC, Lloyds TSB, Royal Bank of Scotland (RBS), and several others.
• VocaLink was tasked with designing and building the technical infrastructure for Faster Payments.
• The Association for Payment Clearing Services (APACS) was the industry body that oversaw UK payment systems in the early stages.

Today, FPS is essentially private: it is overseen by Pay.UK, a private (non-profit) organization with board representation from banks, fintechs, and other payment-service providers.[50] Pay.UK owns and manages FPS’ rulebook, standards, and governance. The FPS is regulated by both the Payment System Regulator, which has a mandate to ensure fair access and promote competition and innovation, and by the Bank of England, which has a mandate to maintain financial stability.

Meanwhile, VocaLink (now owned by Mastercard) continues to operate the core platform that processes real-time transactions. Major banks continue to have direct access to the system, while smaller banks and fintechs can connect indirectly via sponsors.

The advantage of this governance structure is that the operator is not the regulator; banks and third-party payment firms have access if they meet objective criteria, and no single provider is forced to use the services (although in practical terms, any bank not offering Faster Payments would be uncompetitive). The UK regulators have also mandated interoperability—e.g., requiring that fintech payment firms be permitted access to FPS via sponsor banks, and promoting “open banking” APIs that let third-party apps initiate FPS transfers on their customers’ behalf.

3. India’s UPI

India’s Unified Payments Interface (UPI) is operated by NPCI, a non-profit company established in 2008 by the Reserve Bank of India (RBI) and the Indian Bankers Association (IBA).[51] In addition to UPI, the NPCI also operates the country’s two other major retail-payment systems: IMPS and Rupay.[52] Despite being notionally independent, NPCI is substantially controlled by the RBI, which maintains special oversight and has “last word” authority under India’s Payment &?Settlement Systems Act of?2007.[53] As a result, RBI effectively has veto authority over any NPCI decision, leading observers to describe its governance power as a “golden share.”[54]

Launched in 2016, UPI provides an interoperability framework that allows any bank or approved third-party app to plug in, and allows users to send money instantly to any other bank or app. UPI was strongly promoted by the government and the RBI as a public-good infrastructure—part of the so-called “India Stack.” As such, UPI is treated as a public utility subject to aggressive regulation regarding pricing and participation.

In fact, the RBI and government have treated UPI as a free public service. In 2020, they directed that UPI must have zero charges to users and merchants, effectively banning merchant-discount fees (MDR) for the service?.[55] This decision represents a gratuitous regulatory distortion that favors those participants that are able to monetize UPI without relying on MDR, while penalizing other payment systems—such as international payment cards—that use interchange fees to cover the costs and balance the two-sided market (e.g., enabling card issuers to offer fraud protection, rewards, and other benefits to cardholders, thereby encouraging participation).

The consequences have been profound. Google Pay and PhonePe (owned by Walmart) have thrived in the zero-MDR environment, as they are able to monetize the service via other means (such as the sale of data, advertising, and e-commerce). This has enabled the two services to acquire roughly 85% of both the volume and value of transactions on UPI?.[56] By contrast, banks and smaller fintechs that do not have the scale to generate revenue from alternative streams have struggled to gain market share. Even Paytm, the early market leader in mobile wallets pre-UPI, has only 6.8% of the UPI market share by volume and 5.4% by value.[57]

More generally, zero MDR on UPI has inhibited more diverse and innovative payment solutions from flourishing in India?.[58] While many entrepreneurial payment options exist, they are unable to gain traction as pure payment apps and must find additional sources of revenue, such as interest on loans, spreads on stock trading, and insurance.

RBI also imposed a series of restrictions on WhatsApp Pay. In 2018, NPCI permitted WhatsApp to undertake a trial of its payment service, with participation limited to 1 million users.[59] While that may appear superficially reasonable, given that WhatsApp had around 200 million users in India at the time, it meant the company could only offer the service to 0.5% of its users. To make matters worse, RBI imposed data-localization rules on UPI participants, requiring them to store customer data locally in India as of Oct. 18, 2018.[60] Because Facebook/WhatsApp’s technical infrastructure was then still partially reliant on servers outside the country, it was prohibited from expanding its payment services beyond the initial trial.[61]

WhatsApp sought to address RBI’s concerns, and NPCI issued a letter in June 2020 declaring the company to be in compliance.[62] Alas, a nonprofit group then brought a public-interest litigation (PIL) case seeking to block WhatsApp from providing payments, claiming that it remained in violation of the data-localization rules. Whether in response to this PIL or otherwise, NPCI did not increase WhatsApp Pay’s permitted number of users until 2022, when it was allowed to rise to 100 million. By that time, however, WhatsApp had squandered four years of market development and was well behind the market leaders. Indeed, WhatsApp ranked between 10^th and 20^th in monthly volume and value of transactions in 2022 among apps on UPI.

By 2024, WhatsApp had gradually improved its position, but still ranked only 11^th, with just 0.34% of total volume and 0.18% of total value on UPI. RBI finally removed the participant restriction in December 2024, enabling WhatsApp to make payments available to all of its members in India, who now numbering over 600 million—about half of all adults in the country.[63] Nonetheless, as of March 2025, WhatsApp remained 11^th among UPI apps, with volume of 0.37% and value of 0.2%.

D. RTP Governance Lessons

A key issue with RTP systems is how their governance structures manage conflicts of interest and ensure regulators’ neutrality and impartiality. When the central bank or government is a direct participant in the market, there is a risk that regulations will be designed in that system’s favor. In Brazil, for example, the central bank’s decision to mandate Pix connectivity and make it free for most uses gave Pix a built-in advantage over competing private networks. Meanwhile, in India, RBI’s golden share in NPCI enabled it to prohibit MDR on UPI, resulting in losses for banking partners and effectively subsidizing the two fintechs able to leverage their ecosystems to dominate UPI payments.

By contrast, the European Union, United Kingdom, and Thailand—and, until recently, the United States—avoided conflicts by separating ownership from regulation. Regulators then set standards (e.g., requiring that payments be interoperable, or that incumbents open up access), while leaving product development and implementation to private entities. For example, the EU’s PSD2 (Revised Payment Services Directive) mandates that banks open their APIs for third-party payment initiation (an interoperability rule). The EU, however, did not build its own payment app—it relies on industry to create services on top of that framework. Similarly, the UK’s Payment Systems Regulator does not run a payment network; it is charged with ensuring that networks operate fairly and that new players can enter. This separation avoids self-preferencing. The regulator isn’t tempted to steer transactions to “its” network, since it has none.

The United States followed that model for years: the Fed provided backbone settlement services (FedWire, ACH) but allowed private networks (Visa, Mastercard, PayPal, Zelle) to flourish on top of that backbone. Only recently, with FedNow, has the U.S. central bank extended into retail instant payments. For its part, the Fed has been careful to promise an “even playing field” between FedNow and the private TCH RTP network. Time will tell how that dual-operator situation plays out in the United States, but the Fed is at least required to recoup costs and has set pricing for FedNow at a level similar to TCH’s RTP, thereby avoiding undercutting the private sector unfairly.

IV. DPI Adoption and Financial Inclusion

Proponents of government-run DPI systems often boldly assert that such systems achieve near-miraculous levels of financial inclusion. This typically involves unsophisticated before/after comparisons, along with the implicit assumption that post hoc ergo propter hoc. Understanding the actual role of DPIs, and determining which DPI model is most effective at delivering expanded access to finance, requires us to disentangle many other factors and consider counterfactuals.

A. Adoption

In the case of India, the digital-identity layer (Aadhaar) appears to have facilitated a dramatic increase in the proportion of adults with bank accounts (see Figure 1). While digital IDs have lowered banks’ onboarding costs, and interoperable RTPs have facilitated low-cost person-to-person transfers, other factors have also contributed to the rise in RTP use. Specifically, wider smartphone adoption and cheaper mobile data has facilitated the adoption and use of digital services in general. For instance, the cost of mobile data in India plummeted by more than 95% from 2014 to 2021, from Rs 269 (about $5) per GB to Rs 9.5 (about $0.20).[64] The number of smartphone users also soared to 659 million in 2022, and is expected to reach about 1 billion by 2026?.[65] Such factors have dramatically lowered barriers for consumers to use payment apps.

FIGURE 1: Indian Population with Aadhaar Number and Indian Adults with Bank Account, 2011-2024

SOURCE: UIDAI, World Bank Findex Report[66]

Government subsidy programs have also played a role in both India and Brazil. In India, a financial-inclusion program called Pradhan Mantri Jan Dhan Yojana created incentives to banks to open accounts for previously unbanked individuals by paying a small transaction fee when direct benefit transfers (DBTs) are made into the account, and by subsidizing insurance offered to “Jan Dhan” account holders.[67] As a result, between 2014 and 2022, banks onboarded 462 million “Jan Dhan” accounts using Aadhaar-based e-KYC.[68] Meanwhile, Brazil’s COVID-relief program Auxílio Emergencial delivered payments to between 30 and 38 million Brazilians via newly created “Poupança Social Digital” (digital savings) accounts at government-run CAIXA?.^[69] These initiatives leveraged DPI to channel transfers, giving recipients a reason to open and use accounts. Also important has been the adoption of smartphones, without which most P2P digital transactions would not be possible using the technologies implemented during the past decade.[70] Relatedly, the falling cost of mobile data has almost certainly been a factor driving adoption.

B. Payments

Meanwhile, UPI has seen explosive growth since its launch in 2016, leading some to ascribe to it almost magical powers. But Thailand’s PromptPay and Brazil’s Pix have grown faster both on a per-capita transactions basis (Figure 2) and on a value-of-transactions per-capita basis (Figure 3).

FIGURE 2: Annual Transactions Per-Capita on Various RTPs

SOURCE: BCB, UPI, PromptPay[71]

Indeed, going merely by the increase in the rate of adoption, one might be tempted to think that, of the three systems, Pix is clearly superior. That would be a mistake. As noted in Section IV, Pix has grown in no small part because of self-preferencing by Bacen. Looking only at the numbers for the RTP is misleading, as it ignores other types of payments, each of which have their own characteristics. For example, as noted in the introduction, RTPs lack an embedded credit function. Consumers would therefore be expected to spend less at stores if they only use an RTP-based P2P payment system, as they will be limited to the funds they have in their bank accounts (and any overdraft facilities). By contrast, if consumers also had access to credit cards, they would likely spend more, benefiting merchants.[72]

FIGURE 3: Annual Per-Capita Value of Transactions on Various RTPs (US$)

SOURCE: BCB, UPI, PromptPay[73]

V. Conclusions

The series of case studies presented here demonstrate that, while centralized, state-led DPI governance can rapidly achieve extremely broad reach, it also results in politicized choices and sidelines competitive forces—ultimately impeding innovation. By contrast, decentralized governance harnesses competition and innovation, which may result in somewhat slower expansion of financial-services access, but leads to greater responsiveness and dynamism—and, crucially, reduces the risk of technological lock-in.

The presumption that governments should provide digital public infrastructure is belied by the evidence, which shows that the private sector is perfectly capable of providing most such infrastructure. Identity verification may be an exception, due to decades—and, in some cases, centuries—of state involvement in registries, passports, and other forms of ID, as well as rules relating to KYC and AML that states have deemed to be their purview. But even digital identity benefits from decentralization and competition, as evidenced by the evolution of Estonia’s e-ID and acknowledged by the EU in its recent eID regulation.

The case studies presented here highlight several concerns with DPI initiatives in general, and government-led RTP systems in particular.

A. Governance Concerns

DPI initiatives have raised concerns about governance and security. On the one hand, private-sector initiatives that have benefited from government licenses have raised concerns about inadequate competition.[74] On the other hand, government-led systems that are not subject to appropriate controls can end up dominating markets and restricting competition, especially if regulators favor them over private alternatives.

1. Self-preferencing

Indeed, self-preferencing is a major problem with many government-run payment systems. As we have documented, Brazil’s Bacen initially prohibited the operation of WhatsApp Pay, which had partnered with banks and private-payment networks Visa and Mastercard, and was due to launch five months before the launch of Bacen’s own RTP system, Pix. WhatsApp Pay was eventually permitted nine months later, four months after Pix’s launch of Pix, but Bacen continued to prohibit the use of credit cards on WhatsApp Pay until April 2023.[75]

The Reserve Bank of India has also engaged in widespread and blatant self-preferencing by creating rules that favor its own payment card, RuPay, and its RTP system, UPI.[76]

2. Market distortions

Central banks also typically impose rules that distort markets. RBI effectively blocked WhatsApp Pay’s development by capping the number of users who could send and receive funds.[77] RBI also imposes price controls on the fees that merchants can be charged for accepting a payment on UPI, with the fee capped at zero for most transactions. This means that payment-service providers cannot generate revenue directly from transactions and thus must find it elsewhere, such as through product sponsorship, advertising, and ancillary services. This has so distorted the system that UPI is now almost completely dominated by two companies, Google (through Google Pay) and Walmart (through its Phone Pe subsidiary), which are able to monetize their app-based payment systems without charging merchant-transaction fees. Ironically, a system founded on the premise that it would enable wide interoperability has instead ended up creating a duopoly.

3. Security and fraud

Government-controlled digital IDs can pose major security and fraud risks, especially if appropriate checks are not in place. For example, a bank manager in Bihar, India, was able to access Aadhaar records to open fake accounts in the names of various bank customers, subsequently using those accounts to defraud the government.[78] These and other concerns have led some critics to question the value of Aadhaar.[79]

New fraud and security risks are also emerging as RTPs gain mass adoption. The UK’s Faster Payment network, for instance, has seen a sharp rise in authorized push payment (APP) fraud, in which scammers tricking users into sending money. Losses from APP scams reached £485 million in 2022, but have since fallen following the implementation of additional security measures.[80]

In Brazil, large banks’ mandatory adoption of Pix gave rise to “Pix gangs,” who exploit instant, irrevocable transfers through such tactics as phone scams, phishing, and even on-the-spot kidnappings (so-called “lightning kidnappings”) to coerce victims into sending money?.[81]

These various concerns highlight the importance of ensuring that DPI is well-governed and that it is owned, controlled and regulated in ways that facilitate competition, inclusion, and innovation, while limiting and mitigating new risks.

B. Other Concerns

The push for government-created DPI has also raised a host of related concerns, including replicability, the ability to incorporate external innovations, and the implications for both consumers and merchants.

1. Contingent replicability

While the governance of a DPI system is critical, the circumstances under which it is implemented will have a considerable bearing on its success. In Mexico, the central bank’s Cobro Digital (CoDi) payments system, launched in 2019, achieved only about 8% adoption in its first 1.5 years.[82] Banco de Mexico (Banxico) launched a second payment system in 2023 called Dinero Movil (DiMo), a mobile wallet that can settle on either CoDi or on the older (but better connected) interbank settlement system (SPEI).[83] While DiMo perhaps stands a better chance of achieving widespread adoption than CoDi, it is not clear why it was needed, given the popularity and widespread use of wallets built by private banks and fintechs.[84] Such challenges call into question the presumption that an India Stack-style DPI or a Pix-style RTP should or even could be replicated.

2. Ability to incorporate external innovations

Fintech innovations, such as stablecoins, present competitive alternatives to RTPs. Stablecoins can be used with an increasingly wide range of wallets and can settle quickly and with finality, just like RTPs, but do not require any centra;-bank infrastructure and are very low cost without any subsidy.[85] Moreover, private payment-service providers, such as PayPal and global payment networks Visa and Mastercard, are already building stablecoin solutions in collaboration with banks and fintechs to facilitate global interoperability.[86] Some DPI initiatives could potentially impede the development and rollout of these innovative solutions.

3. Absence of credit function

RTP systems lack an embedded credit function: they move money that people already have but, unlike credit cards, they don’t offer credit lines to buyers. This absence of built-in credit limits the utility of systems like UPI and Pix for consumers and merchants. Since the ability to utilize short-term credit for purchases demonstrably increases ticket sizes, with benefits to merchants, the lack of a credit function is a distinct disadvantage for merchants and the economy as a whole.[87] Unless banks or fintechs are able to add such features on top of the RTP rails in a cost-effective manner, the push by governments to shift payments away from cards and toward RTP-based systems will have net-negative economic effects.

4. Limited protection for consumers

The finality of RTP-based payments means that, once a payment has been initiated, it cannot be stopped or, in most cases, reversed. This is advantageous for sellers, since it reduces counterparty risk, but it has the opposite effect for buyers. If the goods or services purchased using an RTP system are not supplied or do not meet the payor’s expectations, the payor cannot easily initiate a reversal or chargeback, as they could if they paid with a credit card. The payor could send a request-for-payment to the recipient, but the recipient has no obligation to comply. (Pix has introduced procedures designed to recover funds in the case of fraud, but these will seem to work only if the fraudster keeps fraudulently obtained funds in the account into which it was received or perhaps a connected account at the same bank.[88])

C. Avoiding Governance Failure

Underpinning the most serious concerns are governance issues. For example, as demonstrated in the cases of UPI and Pix, where conflicts of interest are not adequately addressed, central banks typically favor their own payment systems over private alternatives. This has the effect of increasing adoption of their system, which may make it seem effective. If banks and fintechs have little alternative but to use the government system, then they will do so regardless of its merits. But high levels of adoption do not necessarily translate into sustainable financial inclusion; such mandates instead end up locking out competitors and undermining innovation.

One way to reduce these conflicts of interest is by implementing rules that require separation between the departments that operate payment systems and the departments that regulate them. Another is to mandate full cost recovery for government-run payments systems. Pix, for example, is implemented and overseen by the same team responsible for regulating payments. It has used that power to create and enforce rules, including arbitrary prices, which give preferential treatment to its own payment system. In contract, FedNow, which is implemented by the 12 regional Federal Reserve Banks and overseen by the Federal Reserve Board, has instituted transparent pricing based on cost recovery.

Such protections are important, not least because systems run by central banks that lack private competitors generally have little incentive to respond to competitive pressures through innovation and the adoption of new technologies. As a result, countries with such systems will become locked into outmoded technologies that are less efficient and more costly (although such costs are often hidden from the public).

An analogy may be helpful. Private competition was generally prohibited in communist countries, with dire consequences. For example, the main passenger car produced in East Germany from 1964 onwards was the Trabant 601, which was based on a pre-war design that changed little from the day it was first produced until the last car rolled off the production line in 1990.[89] Trabants rapidly declined in popularity after the fall of the Berlin Wall because people could purchase modern vehicles that were faster, cleaner, and safer. Many of those vehicles came from West Germany, where companies such as BMW, Mercedes, Audi, VW, and Porsche had engaged in fierce competition—not only with each other, but also with overseas companies such as Ford, General Motors, Saab, Volvo, Toyota, and Honda. The result was that they had strong incentives to identify and implement improvements. In other words, countries that permitted competition benefitted from innovation; those that didn’t, didn’t.[90]

Likewise, centralized government-run DPI systems are likely to become expensive, lumbering monopolists—the very thing that the Gates Foundation ascribes to “laissez faire” systems. By contrast, as the case studies in this paper show, when governance is decentralized and the systems are provided by market actors, they tend to be responsive to competitive pressures, developing and adopting innovative solutions.

While governments can help to set the broad legal framework for digital infrastructure, they should not get involved in such questions as which protocol to use for sharing data, where data is stored, how much payment-service providers may charge merchants, how much may be retained by payment-service providers acting for consumers, and many other features best determined by the private sector. Moreover, to the extent that governments do provide digital infrastructure, they should ensure that they do not create rules that favor their system over others or that favor one or more players over other players.

D. Lessons Learned

RTPs clearly contribute to financial inclusion. In many cases, they facilitate a dramatic shift from cash to electronic payments. But where government regulators are also involved in the RTP’s operation, it is important to limit the potential for conflicts of interest. If not properly managed, such conflicts can lead to distorted prices and the crowding out of private competitors, forcing users onto the central banks’ preferred rails (as happened in India and Brazil with UPI and Pix, respectively) and forcing banks to subsidize those rails (for example, by limiting banks’ ability to charge fees that cover their costs). Restrictions on MDR and/or interchange fees also impede competition among both merchant- and consumer-oriented payment facilitators (apps), resulting in distortions to that downstream market. In the case of UPI, this has created something close to a duopoly, crowding out innovative local competitors.

By contrast, the central banks in Thailand, UK, Europe, and the United States have been more neutral and impartial, enabling the RTPs (regardless of the notional governance model) to implement more sustainable market-based pricing, thereby avoiding the distortions created by UPI and Pix.

The effects on innovation are likely significant, but difficult to quantify in the short term, as counterfactuals cannot be known. As new payment technologies like stablecoins gain importance, the lock-in to government-favored RTPs could become increasingly problematic in countries where potential conflicts of interest have not been addressed through appropriate governance structures.

The key lesson from all of this is that, while there is no “one size fits all” solution to the ownership, control, and regulation of digital payments infrastructure, it is important for the governance of whichever entity is in control to be structured in ways that limit opportunities for conflicts of interest and, where they might arise, to have clear procedures to address them.

[1] See Press Release, Gates Foundations Announces $1.27 B in Health and Development Commitments to Advance Progress Toward the Global Goals, Gates Found., (Sep. 21, 2022), https://www.gatesfoundation.org/ideas/media-center/press-releases/2022/09/gates-foundation-unga-global-fund-replenishment-commitment.

[2] Digital Public Infrastructure, Gates Found., https://www.gatesfoundation.org/our-work/programs/global-growth-and-opportunity/digital-public-infrastructure (last visited Jul. 12, 2025).

[3] Id.

[4] Id.

[5] Id.

[6] See David J. Teece, Understanding Dynamic Competition: New Perspectives on Potential Competition, “Monopoly,” and Market Power, Competition Lab, Geo. Wash. U. (Jul. 17, 2024), available at https://competitionlab.gwu.edu/sites/g/files/zaxdzs6711/files/2024-07/understanding-dynamic-competition.pdf.

[7] James M. Buchanan & Gordon Tullock, The Calculus of Consent: Logical Foundations of Constitutional Democracy (U. Mich. Press, 1962), http://www.econlib.org/library/Buchanan/buchCv3.html.

[8] See Foo Boon Ping, Thailand’s National ITMX-PromptPay Could Have the Most Real-time Cross-border Payment Linkages in the World, The Asian Banker (Jul. 12, 2025), https://www.theasianbanker.com/updates-and-articles/thailands-national-itmx-promptpay-could-have-the-most-real-time-cross-border-linkages-in-the-world.

[9] See Unified Payments Interface (UPI), Nat’l Payments Corps. of India, https://www.npci.org.in/what-we-do/upi/product-overview (last visited Jul. 12, 2025).

[10] See 5 Essential Steps for KYC/AML Onboarding and Compliance, Thomson Reuters (Jun. 24, 2025), https://legal.thomsonreuters.com/blog/5-essential-steps-for-kyc-aml-onboarding-and-compliance.

[11] Identity theft typically involves the acquisition of enough personal details (e.g., Social Security number, date of birth, driver’s license info) to pass automated checks. A criminal might even forge physical ID documents if an in-person branch visit is required. Alternatively, criminals sometimes combine real stolen data (an SSN) with a fictitious name or birthdate to create a “synthetic” identity, which they use to open accounts and cultivate a credit file over time. The use of a synthetic identity avoids direct impersonation of a specific real person but still uses someone else’s SSN—creating problems for the holder of that SSN (and for all the other parties who are defrauded).

[12] Generative Artificial Intelligence Increases Synthetic Identity Fraud Threats, FedPayments Improvement, https://fedpaymentsimprovement.org/wp-content/uploads/sif-toolkit-genai.pdf (last visited Jul. 12, 2025).

[13] Estonia Introduced a New ID Card, e-Estonia (Jan. 23, 2019), https://e-estonia.com/estonia-introduced-a-new-id-card.

[14] See A Unique Identity for the People, Unique Identification Auth. of India, Gov’t of India, available at https://www.uidai.gov.in/images/Aadhaar_Brochure_July_22.pdf (last visited Jul. 12, 2025).

[15] See Aadhaar Authentication API Specification- Version 2.5 (Revision-1), Unique Identification Auth. of India (2022), https://uidai.gov.in/aadhaar_dashboard/india.php.

[16] Id.

[17] See Ajinkya Kawale, Economic Survey: DPI Brings Down KYC Costs to Rs 6 from about Rs 1,000, Bus. Standard (Jul. 22, 2024), https://www.business-standard.com/economy/news/economic-survey-dpi-brings-down-kyc-costs-to-rs-6-from-about-rs-1-000-124072201118_1.html.

[18] Yogesh Sapkale, Aadhaar Data Breach Largest in the World, Says WEF’s Global Risk Report and Avast, MoneyLife Found. (Feb. 19, 2019), https://www.moneylife.in/article/aadhaar-data-breach-largest-in-the-world-says-wefs-global-risk-report-and-avast/56384.html; Gopi Dara, TDP Govt Mined Personal Data, Tried to Misuse it: Andhra Pradesh Assembly Committee, Times of India (Sep. 21, 2022), https://timesofindia.indiatimes.com/city/vijayawada/tdp-govt-mined-personal-data-tried-to-misuse-it-andhra-panel/articleshow/94337425.cms (A 2018 data breach allegedly resulted in the entire database—which then contained about 1 billion names, addresses, email addresses, and phone numbers—being made available for about $8. The same year, the state of Talangana was accused of using Aadhaar to “clean up” voter-registration rolls to remove “undesirable” names. Meanwhile, there have been persistent allegations that the Andra Pradesh political party TDP misused Aadhaar data when it was in power from 2016 to 2019).

[19] See Anumeha Yadav, Digital Exclusive: Poor, Elderly Face the Brunt of Aadhaar-Based Authentication Errors, The Wire (Dec. 22, 2024), https://thewire.in/rights/digital-exclusion-poor-elderly-face-the-brunt-of-aadhaar-based-authentication-errors.

[20] See TLS Basics, Internet Soc’y, https://www.internetsociety.org/deploy360/tls/basics (last visited Jul. 12, 2025).

[21] See Lu Zhou et al., Leveraging Zero Knowledge Proofs for Blockchain-based Identity Sharing. A Survey of Advancements, Challenges and Opportunities, 80 J. Info. Sec. Application (Feb. 2024), https://www.sciencedirect.com/science/article/pii/S2214212623002624.

[22] X-Road Data Exchange, X-Road, https://x-road.global/data-exchange (last visited Jul. 12, 2025).

[23] Nojan Sheybani et al., Zero-Knowledge Proof Frameworks: A Survey, Cornell U. (Feb. 10, 2025), https://arxiv.org/html/2502.07063v1.

[24] See Anthony Ha, Vitalik Buterin Has Reservations About Sam Altman’s World Project, TechCrunch (Jun. 28, 2025), https://techcrunch.com/2025/06/28/vitalik-buterin-has-reservations-about-sam-altmans-world-project.

[25] Does Digital ID Have Risks Even if it’s ZK-Wrapped, Vitalik Buterin’s Website (Jun. 28, 2025), https://vitalik.eth.limo/general/2025/06/28/zkid.html.

[26] See Frequently Asked Questions, The Clearing House, https://www.theclearinghouse.org/payment-systems/rtp/institution (last visited Jul. 12, 2025).

[27] Id.

[28] RTP Participant Fee Schedule, The Clearing House, available at https://www.theclearinghouse.org/-/media/New/TCH/Documents/Payment-Systems/RTP/RTP_Pricing_01-01-2025.pdf?rev=7f805ed190e64ca0abe76d7694f1153b&hash=12EC40D45290074281670FD2A9CCE42A (last visited Jul. 12, 2025).

[29] See RT1 System Pricing, EBA Clearing, https://www.ebaclearing.eu/services-instant-payments/rt1/pricing (last visited Jul. 14, 2025).

[30] The Clearing House, supra note 26.

[31] Id.

[32] Pix Management Report, Conception and First Years of Operation, Banco Cent. do Brasil (2022), available at https://www.bcb.gov.br/content/estabilidadefinanceira/pix/relatorio_de_gestao_pix/pix_management_report_2023.pdf.

[33] See Angelo Duarte et al., Central Banks, the Monetary System and Public Payment Infrastructures: Lessons from Brazil’s Pix, BIS Bull. No. 52, at 1 (Mar. 23, 2022), https://www.bis.org/publ/bisbull52.htm.

[34] Matheus Sampaio & Jose Renato Haas Ornelas, Payment Technology Complementarities and their Consequences on the Banking Sector, (May 27, 2025), SSRN, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5002235.

[35] See Fumiko Hayashi & Jesse Leigh Maniff, Public Authority Involvement in Payment Card Markets: Various Countries, Fed. Rsrv. Bank of Kan. City (2023), available at https://www.kansascityfed.org/documents/8287/PublicAuthorityInvolvementPaymentCardMarkets_VariousCountries_August2021Update.pdf.

[36] Id.

[37] See Circular BACEN/DC Nº 4031 DE 23/06/2020, Legisweb (Jun. 24, 2020), https://www.legisweb.com.br/legislacao/?id=397401.

[38] Manish Singh, Brazil Suspends WhatsApp’s Payments Service, TechCrunch (Jun. 23, 2020), https://techcrunch.com/2020/06/23/brazil-orders-to-suspend-whatsapp-pay-week-after-rollout.

[39] See WhatsApp Payments Launches in Brazil with Nine Partner Banks, Leaders League (May 20, 2021), https://www.leadersleague.com/en/news/whatsapp-payments-launches-in-brazil-with-nine-partner-banks.

[40] FedNow Service 2025 Fee Schedule, Fed. Rsrv., https://www.frbservices.org/resources/fees/fednow-2025 (last visited Jul. 14, 2025).

[41] Miriam Sheril, FedNow at Two: Building Real-Time Rails That Work for the U.S., Form3 (Jul. 2025), https://www.form3.tech/news/payment-insights/fednow-at-two-building-real-time-rails-that-work-for-the-us (last visited Jul. 24, 2025).

[42] See Frequently Asked Questions, Bd. of Governors of the Fed. Rsrv., https://www.federalreserve.gov/paymentsystems/fednow_faq.htm#:~:text=To%20provide%20new%20services%20for,decide%20to%20adopt%20instant%20payments (last visited Jul. 14, 2025).

[43] Michael Pooler, Brazil Counts Success with Pix Payments Tool, Fin. Times (Sep. 18, 2023), https://www.ft.com/content/e1c7b0e7-4c17-40c4-8e03-16c698674efa; Lynne Marek, FedNow Racks Up Nearly $246M in Annual Expenses, Payments Dive (Dec. 4, 2024), https://www.paymentsdive.com/news/federal-reserve-fednow-payments-system-annual-expense-quarterly-statistics/734577 (This number, which appears suspiciously low, has been bandied around by journalists, including in the Financial Times, but I could not find a reliable source. The FT piece simply says “according to the BCB.” See Michael Pooler, Brazil Counts Success with Pix Payments Tool, Financial Times (Sep. 17, 2023)).

[44] See World Bank Fast Payments Toolkit Case Study: Thailand, World Bank (2016), available at https://fastpayments.worldbank.org/sites/default/files/2021-09/World_Bank_FPS_Thailand_PromptPay_Case_Study.pdf.

[45] Ping, supra note 8.

[46] See Aditi Routh, The Role of Nonbanks and Fintechs in Boosting India’s UPI Person-to-Merchant Transactions, Fed. Rsrv. Bank of Kan. City (2024), https://www.kansascityfed.org/research/payments-system-research-briefings/the-role-of-nonbanks-and-fintechs-in-boosting-indias-upi-person-to-merchant-transactions.

[47] World Bank, supra note 44 at 19.

[48] Id. (This is the Joint Steering Committee of the Payment Systems Office (PSO), constituted under the Thai Bankers Association).

[49] See Convenient and Safe! With PromptPay for Business, KBank, https://www.kasikornbank.com/en/business/promptpay/pages/promptpay-for-business.aspx (last visited Jul. 14, 2025).

[50] See Board Members, Pay.UK, https://www.wearepay.uk/who-we-are/our-organisation/board (last visited Jul. 14, 2025).

[51] See NPCI Profile, Nat’l Payments Corp. of India, https://www.npci.org.in/npci-profile (last visited July 14, 2025).

[52] Id.

[53] See The Payment and Settlement Systems Act, 2007, India Code, https://www.indiacode.nic.in/bitstream/123456789/2082/4/a2007-51.pdf (last visited July 15, 2025).

[54] See PFMI Disclosure Report March 2024, Nat’l Payments Corp. of India, https://www.npci.org.in/who-we-are/risk-management/pfmi-disclosure-report-march-2024 (last visited Jul. 15, 2025); Ashwin Manikandan, RBI to Regulate NPCI, Retail Payment Systems with Increased Oversight, Econ. Times (Jun. 13, 2020), https://economictimes.indiatimes.com/industry/banking/finance/rbi-to-regulate-npci-retail-payment-systems-with-increased-oversight/articleshow/76361543.cms?from=mdr.

[55] Discussion Paper on Charges in Payment Systems, Rsrv. Bank of India, https://www.rbi.org.in/Scripts/PublicationsView.aspx?id=21082#:~:text=in%20the%20transaction.-,iii.,%2C%20effective%20January%201%2C%202020 (last visited Jul. 16, 2025).

[56] See Julian Morris, Digital Payments and Financial Inclusion, Int’l Ctr. L. & Econ. (Sep. 24, 2024), https://laweconcenter.org/resources/digital-payments-and-financial-inclusion.

[57] Id.

[58] Id.

[59] See PTI, WhatsApp Allowed Beta Test with Limited User base, Low Transaction Limit: NPCI, Indian Express (Feb. 17, 2018), https://indianexpress.com/article/technology/tech-news-technology/whatsapp-allowed-beta-test-with-limited-user-base-low-transaction-limit-npci-5067368.

[60] See Geetha Nandikotkur, WhatsApp Pay Faces One More Hurdle, BankInfoSecurity (Jun. 21, 2019), https://www.bankinfosecurity.asia/whatsapp-pay-faces-one-more-hurdle-a-12674.

[61] WhatsApp Payments Rollout Delayed in India, PYMNTS (Jul. 20, 2018), https://www.pymnts.com/news/payments-innovation/2018/whatsapp-payments-rollout-delay-india-facebook.

[62] Digbijay Mishra, NPCI Confirms WhatsApp Pay’s Data Localisation, Times of India (Jul. 29, 2020), https://timesofindia.indiatimes.com/business/india-business/npci-confirms-whatsapp-pays-data-localisation/articleshow/77228456.cms.

[63] See WhatsApp Pay Can Now Extend UPI Services to all Users in India, Nat’l Payments Corps. of India (Dec. 31, 2024), available at https://www.npci.org.in/PDF/npci/press-releases/2024/NPCI-Press-Release-WhatsApp-Pay-Can-Now-Extend-UPI-Services-To-All-Users-in-India.pdf.

[64] See Nidhi Jacob, Fact Check: Internet Has Become Cheaper in India – but Not as Much as the Coal Ministry Claims, Scroll.In (Jul. 7, 2022), https://scroll.in/article/1027718/fact-check-internet-has-become-cheaper-in-india-but-not-as-much-as-the-coal-ministry-claims.

[65] See Sunil Gill, How Many People Own Smartphones in the World?, Priori Data (Jan. 1, 2025), https://prioridata.com/data/smartphone-stats; India Calling: Decoding the Country’s Electronics Manufacturing Journey and the Way Forward, PWC (2023), available at https://www.pwc.in/assets/pdfs/india-calling-decoding-the-countrys-electronics-manufacturing-journey-and-the-way-forward/india-calling-decoding-the-countrys-electronics-manufacturing-journey-and-the-way-forward.pdf.

[66] UIDAI Annual Report 2022-23, available at https://uidai.gov.in/images/UIDAI_Annual_Report-2022-23_English.pdf; Global Findex Database 2025, World Bank, https://www.worldbank.org/en/publication/globalfindex/download-data (last visited Jul. 14, 2025).

[67] See Nidhi Agarwala et al., Efficiency of Indian Banks in Fostering Financial Inclusion: An Emerging Economy Perspective, Nat’l Libr. Med., https://pmc.ncbi.nlm.nih.gov/articles/PMC9817463 (last visited Jul. 14, 2025).

[68] Pradhan Mantri Jan Dhan Yojana (PMJDY) – National Mission for Financial Inclusion, Completes Eight Years of Successful Implementation, Press Info. Bureau, https://www.pib.gov.in/PressReleasePage.aspx?PRID=1854909 (last visited Jul. 17, 2025).

[69] Auxilio Emergencial: Lessons from the Brazilian Experience Responding to COVID-19, World Bank (2021), available at https://documents1.worldbank.org/curated/en/099255012142121495/pdf/P1748361b302ee5718913146b11956610692e4faf5bc.pdf; Enrollment and Eligibility Process of Brazil’s Auxilio Emergencial, World Bank (2021), available at https://documents1.worldbank.org/curated/en/099255012142136232/pdf/P1748360d7131402e086730fbce1d687fa1.pdf.

[70] SMS-based transactions, as M-Pesa began implementing in 2005, would have been possible.

[71] Pix Statistics, Banco Cent. Do Brasil, https://www.bcb.gov.br/en/financialstability/pixstatistics (last visited Jul. 17, 2025); PromptPay Statistics, Bank of Thailand, https://app.bot.or.th/BTWS_STAT/statistics/BOTWEBSTAT.aspx?reportID=921&language=ENG (last visited Jul. 18, 20o25); UPI Product Statistics, Nat. Payments Corp. of India, https://www.npci.org.in/what-we-do/upi/product-statistics (last visited Jul. 18, 2025); Population Estimates and Projections, World Bank, https://databank.worldbank.org/source/population-estimates-and-projections (last visited Jul. 18, 2025).

[72] See Julian Morris & Ben Sperry, The Cost of Payments: A Review, Int’l Ctr. L. & Econ. (Aug. 28, 2024), https://laweconcenter.org/resources/the-cost-of-payments-a-review.

[73] Id.

[74] Njuguna S. Ndung’u, A Digital Financial Services Revolution in Kenya: The M-Pesa Case Study, Afr. Econ. Rsch. Consortium, available at https://aercafrica.org/old-website/wp-content/uploads/2021/03/AERC-MPesa-Case-Study.pdf  (last visited Jul. 17, 2025).

[75] Marcel Van Oost, The Success Story of WhatsApp Payments in Brazil, Connecting the Dots in FinTech (Aug. 2, 2024), https://www.connectingthedotsinfin.tech/the-success-story-of-whatsapp-payments-in-brazil.

[76] See Saloni Shukla, RBI Allows RuPay Credit Card Transactions on UPI, Econ. Times (Jun. 9, 2022), https://economictimes.indiatimes.com/tech/technology/rbi-allows-rupay-credit-card-transactions-on-upi/articleshow/92090548.cms?from=mdr; Adriana Nunez, RuPay and UPI Get Multimillion-Dollar Support from Indian Government, EMarketer (Jan. 12, 2023), https://www.emarketer.com/content/rupay-upi-multimillion-dollar-support-indian-government.

[77] As documented above, the number of permitted users was initially below 1%, meaning that WhatsApp could not benefit from its own scale.

[78] Neelanjit Das, Kotak Mahindra Bank Branch Manager Siphoned Off Rs 31 Crore of Public Money to Gamble; Know How he Misused Customer’s KYC Details, Econ. Times (Jul. 5, 2025), https://economictimes.indiatimes.com/wealth/legal/will/kotak-mahindra-bank-branch-manager-looted-rs-31-crore-of-public-money-to-gamble-know-how-he-misused-customers-kyc-details/articleshow/122249626.cms.

[79] See Pam Dixon, A Failure to “Do No Harm” – India’s Aadhaar Biometric ID Program and its Inability to Protect Privacy in Relation to Measures in Europe and the U.S., Nat’l Libr. Med. (2017), https://pmc.ncbi.nlm.nih.gov/articles/PMC5741784; Nicolas Belorgey & Christophe Jaffrelot, Identifying 1.4 Billion Indians Biometrically? Corporate World, State, and Civil Society, Portail HAL Scis. Po (2024), available at https://sciencespo.hal.science/hal-04845547/file/identifying_1.4_billion_indians_biometrically.pdf.

[80] See Over € 1.2 Billion Stolen Through Fraud in 2022, With Nearly 80 Per Cent of APP Fraud Cases Starting Online, U.K. Fin., https://www.ukfinance.org.uk/news-and-insight/press-release/over-ps12-billion-stolen-through-fraud-in-2022-nearly-80-cent-app (last visited Jul. 17, 2025); Over € 570 Million Stolen by Fraudsters in the First Half of 2024, U.K. Fin., https://www.ukfinance.org.uk/news-and-insight/press-release/over-ps570-million-stolen-fraudsters-in-first-half-2024 (last visited Jul. 17, 2025).

[81] David Feliba, Feature- ‘Pix Gangs’ Cash in on Brazil’s Mobile Payments Boom, Reuters (Jun. 14, 2023), https://www.reuters.com/article/markets/feature-pix-gangs-cash-in-on-brazils-mobile-payments-boom-idUSL8N37Z4E1.

[82] Behind the Struggle of Mexico’s CoDi, Vixio (Aug. 18, 2022), https://www.vixio.com/insights/pc-behind-struggle-mexicos-codi#:~:text=Launched%20in%202019%2C%20CoDi%20processed,of%20existence%2C%20moving%20around%20BRL5.

[83] Can DiMo Promote Financial Inclusion in Mexico?, PCMI, https://paymentscmi.com/insights/dimo-financial-inclusion-mexico/#:~:text=Launched%20in%20March%202023%20by,only%20a%20recipient’s%20phone%20number (last visited Jul. 17, 2025).

[84] Mexico’s E-Commerce and Digital Payments Growth Era: A Strategic Opportunity for Global Merchants, PPRO (Apr. 11, 2025), https://www.ppro.com/insights/mexicos-e-commerce-and-digital-payments-growth-era.

[85] Average Transaction Fee, Polygon P0L, https://tokenterminal.com/explorer/projects/polygon/metrics/transaction-fee-average (last visited Jul. 17, 2025), (A typical USDT or USDC transaction on a fast layer 1 chain, such as Solana, or an Ethereum layer 2 chain, such as Polygon, costs fractions of a cent).

[86] Visa Expands Stablecoin Settlement Capabilities to Merchant Acquirers, Visa (Sep. 5, 2023), https://investor.visa.com/news/news-details/2023/Visa-Expands-Stablecoin-Settlement-Capabilities-to-Merchant-Acquirers/default.aspx; Marek, supra note 42.

[87] Morris & Sperry, supra note 71.

[88] Pix Frequently Asked Questions, Banco Cent. Do Brasil, https://www.bcb.gov.br/en/financialstability/pixfaqen, at 14 (last visited Jul. 17, 2025).

[89] Trabant, Cult Classics, https://www.howandwhy.com/world/the-trabant-is-why-socialism-failed (last visited Jul. 17, 2025), (This comparison between the Trabant and Subaru is opposite).

[90] See A Drive in the World’s Worst Car, How and Why (Nov. 4, 2022), https://www.howandwhy.com/world/the-trabant-is-why-socialism-failed. (This comparison between the Trabant and Subaru is opposite).