Executive Summary
The recommendations for DHRUVA POLICY try to create a path that will strike a balance between enabling innovation and addressing gaps and risks associated with implementing the same nationally. The initiative is well-oriented with the Digital India Mission, including creating a national-level, precise location-based database. However, the outcomes of the proposed initiative depend on the awareness and digital infrastructural capabilities across the country. We recommend creating a comprehensive roadmap for a proper transition to DIGIPIN across the country, necessary grievance redressal entities, reducing ambiguity concerning data privacy, focusing on a bottom-up approach in implementation, and simplifying bureaucratic hurdles to ensure the integration of this initiative smoothly for all stakeholders.
Swathi Kalyani is a Research Analyst with the Geospatial Research Programme. She can be reached at swathikalyani106@outlook.com.
Dr Y Nithiyanandam is Professor and the Head of Geospatial Research programme He can be reached at nithiyanandam@takshashila.org.in.
The authors would like to acknowledge the contributions of their colleagues at the Takshashila Institution, who provided inputs in drafting these recommendations.
Projected Outcomes
This section examines the potential outcomes if the objectives outlined under the DHRUVA policy are enacted. This analysis aids in mitigating undesirable outcomes or enhancing desirable ones.
1. Enhanced Governance and Service Delivery
Context: Creating digital databases with granular precision will enable more effective governance and improved service delivery mechanisms. Government agencies can target welfare schemes, disaster relief operations, and infrastructure development with unprecedented spatial accuracy. The simplified digital addressing system will significantly reduce last-mile delivery challenges, particularly in rural and semi-urban areas where traditional addressing systems are inadequate or non-existent. Businesses will gain access to sophisticated location based analytics, enabling better market research, site selection, and customer targeting, potentially driving economic growth in under served regions.
2. Implementation Delays Due to Privacy Opposition
Context: The policy may face significant delays from growing concerns about data privacy and governmental data control. Public resistance and ongoing debates surrounding data protection regulations could substantially postpone the roll out timeline. The system may inadvertently enable excessive commercial surveillance and targeted marketing, raising concerns about user privacy and the commodification of personal location data.
3. Legal Ambiguities and Procedural Confusion
Context: The lack of clarity regarding essential terms and operational definitions may lead to ambiguities in grievance redressal mechanisms and legal procedures. This could result in inconsistent implementation across different states and administrative levels.
4. Digital Divide and Top-Down Approach Challenges
Context: The implementation may encounter substantial obstacles due to insufficient digital literacy rates, inadequate digital infrastructure in rural areas, and a shortage of skilled human resources. The top-down approach may fail to account for local, linguistic diversities, and community-specific needs. Over-reliance on digital systems could create vulnerabilities during network outages, cyber-attacks, or natural disasters, potentially disrupting essential services.
5. Perpetual Complementary Status Risk
Context: Without a definitive roadmap transition, DIGIPIN may remain permanently complementary to existing addressing systems, failing to achieve its goal of standardisation and potentially creating additional administrative burden.
Recommendations
1. Legal Framework and Implementation Timeline
Recommendation: Establish a comprehensive legal framework before rolling out and provide a clear implementation roadmap with defined milestones.
Rationale: The policy document does not provide a specific timeline for many entities to be in place before DIGIPIN can be functional. The governance entities responsible for operational management, standard-setting, and overall ecosystem governance must also be autonomous. A grievance redressal body is of the utmost priority before this is implemented.
Reference:
To complement these safeguards, a legal framework for address validation is also being envisaged, wherein legally authorised entities may validate the accuracy of address and location information. Importantly, such validation mechanisms are designed to establish the authenticity of the address itself, without revealing or linking the identity of the individual residing at the location, thereby upholding DHRUVA’s foundational commitment to privacy.
While the Post Office Act does not define the terms, the DIGIPIN and Digital Address are intended to serve as postcode and address identifier, respectively.
The definition of “address identifiers” in the Post Office Act must be clarified to explicitly include “Digital Address” to enable the Central Government to prescribe standards for both the DIGIPIN and Digital Address.
2. Data Privacy and User Consent Mechanisms
Recommendation: Develop a granular, user-friendly consent management system with transparent data usage policies beyond standard Terms & Conditions.
Rationale: The Digital Personal Data Protection Act (DPDPA) remains unimplemented and faces widespread criticism for its vague provisions and ambiguous terminology. These inherent deficiencies in the DPDPA framework will inevitably cascade into the DHRUVA system, creating compounded regulatory uncertainties. Furthermore, the diverse Indian population exhibits varying levels of digital literacy and awareness regarding consent mechanisms. This knowledge gap poses significant cyber security risks, as users may unknowingly grant excessive permissions or fall victim to fraudulent schemes exploiting their limited understanding of digital consent processes.
Reference:
Subject to applicable laws, users can also update or withdraw their consent to share such information.
Dhruva embodies a “privacy by design” ethos: only necessary data is collected, all transactions are contingent on user consent, and control over address data remains with the user.
Geo-Targeted Marketing for Local Retail Chains: A retail chain can leverage data from DHRUVA to map high-footfall localities and precisely target promotions for a new store launch, avoiding wasteful ad spends in non-priority zones.
The ecosystem’s operational standards will embed DPDPA-aligned principles such as purpose limitation, data minimisation, and storage limitation into the operational protocols for all ecosystem participants, who must be DPDPA-compliant in the relevant instances.
3. Simplified Authentication Architecture
Recommendation: A 3-entity model would suffice for the requirements. An already established organisation like India Post can take up the role of a Governance body. As the policy is already pushing towards better digitisation, a single body with technological infrastructure for approving and maintaining the Address registry would be ideal.
- Address Registry (generates/stores DIGIPINs)
- Service Providers (banks, e-commerce, etc.)
- Governance Body (oversight/standards)
Rationale: There is a clear overlap of responsibility and authority between the multiple bodies envisaged.
AIP + AIA overlap: Both handle user data and interfaces
AIA + AIU overlap: Both access address information
AAVA + AIP overlap: Both validate address accuracy
Governance Entity: Trying to oversee everything.
All of these are verified, registered, and licensed bodies. Creating hierarchical procedures will only add to Operational Chaos, including multiple handoffs slowing down simple address lookups, each entity adding latency and potential failure points, and user confusion about who to contact for issues. It can result in Security vulnerabilities as data passes through 4-5 different systems and unclear accountability when breaches occur. This will also lead to a Cost Explosion as each entity needs separate infrastructure, compliance, and auditing. It is a Regulatory Nightmare with overlapping jurisdictions between entities, disputes over responsibility boundaries and complex grievance redressal pathways.
Reference:
Address Information Provider (AIP): AIPs maintain the digital address registry, including core address data and associated validation details. They also track which AIA supports each Digital Address. Keeping the registry current and secure, AIPs guarantee that only authorised parties can access accurate and up-to-date address information.
Address Information User (AIU): AIUs directly interact with users, offering services - such as deliveries, location-based support, or logistics that rely on Digital Addresses. AIUs access address details through the Central Mapper and AIPs, ensuring they obtain and honour appropriate user consent.
Address Information Agent (AIA): AIAs oversee user consent processes and offer a straightforward, intuitive interface that allows citizens to create, update, and manage their Digital Addresses. Acting on a user’s behalf, AIAs work with AIPs to ensure that address information remains accurate and can be altered or revoked when necessary. They also deliver an authorisation framework granting AIUs access to address details solely under user consent.
Central Mapper (CM): The CM operated by the Governance Entity is responsible for managing suffixes used by AIPs, maintaining a comprehensive registry of all DHRUVA stakeholders (excluding the end users), and enabling efficient discovery among them. By standardising the structure of digital addresses and housing a complete stakeholder directory, the CM ensures interoperability and simplifies collaboration among various entities.
4. Governance Structure and Entity Independence
Recommendation: Clearly define Central Mapper governance structure and establish transparent criteria for AIP suffix allocation.
Rationale: The Central Mapper manages the DIGIPIN grid and suffix allocation (AIP suffixes). The documents refer to a multi-layered governance framework but lack specifics on decision making authority, transparency, and stakeholder engagement. Transparent, well-delineated governance is essential to ensure impartiality, avoid conflicts of interest, and maintain the system’s credibility. Suffix allocation criteria also need to be clear to prevent arbitrary code assignments.
Reference:
AIP Suffix Assignment: The Central Mapper allocates namespace suffixes to each AIP, creating an authoritative map of who is responsible for every Digital Address domain.
Central Mapper (CM): The CM operated by the Governance Entity is responsible for managing suffixes used by AIPs, maintaining a comprehensive registry of all DHRUVA stakeholders (excluding the end users), and enabling efficient discovery among them. By standardising the structure of digital addresses and housing a complete stakeholder directory, the CM ensures interoperability and simplifies collaboration among various entities.
5. Technical Design and Usability Improvements
Recommendation: Ensure there is a built-in system for identifying data duplication. The system should also remain adaptable to changes in foundational databases, including selected Datum of the geospatial layers used. Address vertical addressing challenges in multi-story buildings, digital literacy and ensure language inclusivity.
Rationale: Users may genuinely be unaware of the precise DIGIPIN to be used, which can complicate projected outcomes. With the National Geospatial Policy aiming to develop India’s own Datum, DIGIPIN’s algorithmic infrastructure should be capable of adapting to variations in primary databases. The DIGIPIN system assigns location codes based on 4m×4m grids on a flat plane, which may not distinguish floors within multi-story buildings since vertical differentiation is not inherently encoded. The alpha-numeric code may also face adoptability issues due to the lack of linguistic diversity within the portal or the system. Multiple digital initiatives in India are already stagnating due to a lack of awareness. Hence, there should be active integration to raise awareness regarding the application and usage of DIGIPIN through educational curricula, government sponsored ads, etc.
Reference: The official documents highlight the need to address “complex housing and vertical structures” to improve precision in vertical addresses. Given India’s linguistic diversity, language inclusivity is emphasised for widespread adoption, ensuring local language support in applications and portals to make the system user-friendly for all citizens.
6. Practical Implementation for Mixed-Use Scenarios
Recommendation: Develop clear protocols for DIGIPIN allocation in multi-tenant buildings, agricultural lands, and commercial complexes.
Rationale: The DIGIPIN system currently focuses on spatial grids but does not explicitly address the complexity of allocating unique codes within multi-tenant buildings or mixed land use areas like agricultural fields combined with commercial units. Clear, standardised protocols are necessary to avoid ambiguity, duplication, and effective mail/service delivery in diverse land use scenarios. The documents mention the need for “precise delineation of addressable units in complex layouts” to ensure the system’s practical utility, but don’t lay out the procedure to provide the same. Lack of awareness regarding this also needs to be resolved.
Reference: DIGIPIN is independent of the land use pattern and the structure built. Note that DIGIPIN is designed as a permanent digital infrastructure that does not change with changes in the names of states, cities, or localities or changes in the road network in an area. The arrival of a new building in a community, a new village or town in a district, or changes in the name of a road or locality will not affect the underlying DIGIPIN.
7. Integration and Inter-Operability Standards
Recommendation: Clarify data download capabilities for existing GIS applications.
Rationale: DIGIPIN’s success depends on seamless integration with existing GIS platforms and applications used by government and private stakeholders. While the documents mention that APIs and open data formats are part of the ecosystem, details on data download limits, data formats, and update frequencies need explicit clarification to facilitate easy adoption and integration with workflows already reliant on GIS data.
Reference: Incorporating DIGIPIN as an additional address attribute enables leveraging GIS capabilities, laying the foundation for future GIS-based digitalisation of service delivery across various organisations cost-effectively. A standardised geo-coded addressing system would enhance India’s geospatial ecosystem. It would add to the country’s geospatial knowledge stack in line with the National Geospatial Policy 2022, which seeks to strengthen the geospatial sector to support national development, economic prosperity, and a thriving information economy. The system is designed to be scalable, adaptable, and integrated with existing GIS applications.
8. Data Minimisation and Commercial Usage Controls
Recommendation: Implement strict data minimisation principles and regulate commercial exploitation of location intelligence before integrating this technology.
Rationale: The documents emphasise the importance of data privacy and user consent but do not comprehensively address steps to ensure data minimisation strategies or commercial usage limitations. With highly sensitive location data, controls are necessary to prevent unauthorised commercial exploitation while enabling legitimate use cases.
Reference: Principles such as data minimisation, retention, storage, purpose limitation, access, correction, and erasure manifest through DHRUVA’s features, which users can access through the interface. The ecosystem is also envisaged to facilitate adequate legal recourse and grievance redressal mechanisms for users. The ecosystem’s operational standards will embed DPDPA-aligned principles such as purpose limitation, data minimisation, and storage limitation into the operational protocols for all ecosystem participants, who must be DPDPA-compliant in the relevant instances.
9. Regional Coordination and Border Considerations
Recommendation: Proactively engage neighbouring countries (Nepal, Bhutan, Bangladesh, Sri Lanka) to prevent sovereignty disputes over cross-border grid extensions. Rationale: Given that DIGIPIN’s grid extends over geographic coordinates, potential complexities arise at international borders. International collaboration, or at least diplomatic engagement, must ensure the system respects international boundaries and addresses trans border geographic integration challenges.
Reference:
10. Ground-Truth Validation and Accuracy Assurance
Recommendation: Establish comprehensive ground survey protocols and accuracy benchmarks for additional location information integration in the initial stages. Build skilled human resources to complete the initial truthing of remotely sensed data.
Rationale: The documents underline that DIGIPIN’s initial grid is based on satellite and GIS data, but there is also a need for field validation before any location-based data is integrated into the system for accuracy, especially in complex urban, rural, and mixed environments. On ground validation is not generalised and is said to be done only for specific use cases. A systematic ground-truthing protocol ensures reliability, reduces errors, and builds user confidence in the system. Accuracy benchmarks and periodic audits are also needed for continuous improvements and updating cycles.
Reference: The users may also be allowed to provide self-declared addresses, which may be tagged with their confidence scores. For cases requiring higher assurance, empanelled agencies will conduct physical verification, ensuring on-ground validation and compliance with regulatory or sector-specific requirements.