Prof. Samarajiva warns against ‘reinventing wheel’ for digital public infrastructure

• Criticises fixation on developing home-grown solutions, by home-grown companies
• Points to India’s Aadhaar successes, and mistakes that SL can learn from
• Digital economy transformation will not work without Govt. setting clear standards to ensure both security and usability

The Government should focus on adopting proven technologies rather than attempting to build its own digital public infrastructure (DPI) from scratch, LIRNEasia Founder and Sarvodaya Chairman Prof. Rohan Samarajiva said, warning that the country risks repeating avoidable mistakes if it tries to “reinvent the wheel.”

Speaking at the Asian Development Bank’s (ADB) Serendipity Knowledge Program (SKOP) on Digital Transformation: Cybersecurity and Data Protection for Digital Economy Development held in Colombo recently, he said Sri Lanka can learn from India’s experience with the Aadhaar system, which became a global model for DPI despite being launched before a data protection law was in place.

“The whole DPI concept is being pushed by India, and people are looking at Aadhaar as the exemplar,” Prof. Samarajiva said. “When Aadhaar was rolled out very rapidly, India didn’t have a data protection law, and that was seen as a great vulnerability. But they strengthened the design so that, for example, Government agencies could no longer download large chunks of personal data.They tokenised and improved the architecture so that when regulation came, it was really just the icing on the cake.”

Prof. Samarajiva said Sri Lanka has the advantage of learning from India’s early mistakes. “They’ve made the mistakes, they’ve paid the price. My son used to say, don’t ever buy anything on the first iteration because it will have glitches. Let somebody else do that, and then you come in later. We have that advantage,” he said. 

“But Sri Lankans don’t seem to get it. They have this fixation with, ‘why can’t we develop our own?’ You don’t need to reinvent the wheel. Take someone else’s wheel and do something interesting with it.”

“They just don’t get it. They have this fixation with, oh, why can’t we develop with other companies? You know, there’s a wheel, there’s something called the wheel somewhere. Why don’t we reinvent it? No, don’t reinvent the wheel. Take somebody else’s wheel and do something interesting with it,” Prof. Samarajiva said.

He added that Sri Lanka’s approach should prioritise trusted design, interoperability, and proven standards over an inward focus on developing isolated systems. “I have greater faith in the tech design and the practices developed around it than in regulation,” he said.

DPI forms the backbone of the Government’s Digital Sri Lanka 2030 Roadmap, which aims to build a $ 15 billion digital economy. 

The plan envisions an inclusive and resilient common DPI that integrates digital identification, payment gateways, and a national data exchange platform to improve efficiency and interoperability across Government agencies. It also includes a cloud-first policy, a Government-wide digital payment system, and a data-sharing platform to eliminate IT silos and improve citizen convenience.

Prof. Samarajiva said public trust would be the foundation for achieving these goals. “People must use these capabilities, and that depends on levels of trust and comfort, a sense of safety,” he said. “People want to know their personal data will not be taken out of their control—that it won’t be used to create another persona or cause harm. If we can’t give that assurance, development objectives will fall short.”

He warned that frequent data breaches and operational failures could erode public confidence in digital systems. 

“If you have too many data breaches and ransomware attacks, trust will erode. We’ve seen Government officials lose months of emails because of system failures. When that happens, people stop trusting and stop using,” he said.

Prof. Samarajiva said the Government must set clear standards to ensure both security and usability. 

“This is where regulation comes in—to give users and companies a clear sense of the rules and expectations, and to reassure Government officials themselves,” he said. “Many still think security means keeping a server locked in a room, which is actually one of the least secure ways to manage data. These are areas where the Government has to lead by establishing proper frameworks.”

He said a credible DPI could only be achieved through a balance of secure design, regulatory clarity, and user confidence. 

“Technology and governance must work hand in hand. Without trust, no digital transformation will deliver the results the country expects.”