Part II - Techno-economic Structurings of Digital Sovereignty

5 Digital Sovereignty and Payments A Case Study of the National Payments Corporation of India

Venkatesh Hariharan and Sarayu Natarajan

5.1 Introduction

In early 2014, the United States imposed economic sanctions prohibiting the export of American goods to Russia (Borger, Lewis, & Mason, 2014). MasterCard and Visa, credit card providers, rushed to comply, leaving millions of Russians without access to their credit accounts and several hundred billion dollars of assets frozen (BBC, 2014). At the time, these two American corporations controlled over 90% of the Russian credit card market. While services were restored within days, the situation prompted Russia to issue an alternative credit card – MIR. Since payments are the lifeblood of an economy, Russia also contemplated a law that will require payments providers to register in-country within a stipulated time or exit the country (Dettmer, 2019).

This incident in Russia and the US consideration in prohibiting Visa and MasterCard from operating in Venezuela as financial sanctions (Mason, 2019) raise questions about the value of sovereignty over fundamental digital infrastructures and the need to reclaim these in the public interest (Stanford PACS, 2020). In this chapter, we examine the intersection of India’s indigenous payments system, the Unified Payment Interface (UPI) and the National Payments Corporation of India (NPCI), a special purpose vehicle set up to manage payments and strengthen India’s digital sovereignty.

With this chapter, we wish to add to the growing literature on digital sovereignty. A non-Western view of sovereignty may add to the growing voices on policy and design around digital infrastructures in the Global South, applicable to digital infrastructures in other domains of state activity (e.g., technology used to access judicial services). We hope to inform policymakers, think tanks, and citizens of the trade-offs in building digital infrastructures for payments. Our chapter aims to highlight, through the study of the NPCI and analysis, the key parameters and choices that policymakers, designers, and researchers might consider in evaluating investments in digital infrastructure. We do not aim to prescribe any course of action but merely demonstrate the choices available.

We find that, in India, the NPCI and the UPI are instruments that advance digital sovereignty. Following Pohle & Thiel (2020), we interpret digital sovereignty as combining the protection of infrastructure, enablement of market competition, and the enhancement of individual self-determination. We argue that technological, institutional, regulatory, and programmatic efforts are needed to enhance digital sovereignty, and these are the approaches policymakers globally may consider examining. The idea that digital infrastructures advance sovereignty finds articulation in the New Delhi Leaders’ Declaration (2023, p. 22).

For this chapter, we select the UPI and the NPCI for analysis. The case study method allows us to surface structural characteristics that are worthy of study (Tillin, 2013). In this case, we explore those characteristics and approaches that have been important in the trajectory of the NPCI. We chose the NPCI because it speaks to emerging concerns around digital economies, payments, and sovereignty. This is additionally contextualized in the growing conversations around Digital Public Infrastructure (DPI) and Digital Public Goods (DPGs).¹ The NPCI’s existence for nearly a decade now as well as India’s experience with indigenous DPI development and governance have useful lessons to offer in terms of building flexibility and resilience into a country’s digital ecosystems.

Methodologically, we combine a theoretical treatment of sovereignty with an empirical and practical understanding of the experiences and concerns of lawmakers and practitioners globally along with the performance of the NPCI itself. This effort looks at both the NPCI and the underlying technological architecture, the UPI. This empirical approach allows us to have a real sense of the efforts and trade-offs involved in building, deploying, and managing digital infrastructures while protecting citizens’ interests. For this study, in addition to desk research, we conducted ten interviews with policymakers, practitioners, and experts in India and globally. Interviews were analyzed interpretatively by the researchers together.

We believe our work and approach and this analysis are significant for two reasons. First, we build on the emerging literature on digital sovereignty to emphasize the concerns and constraints of price-taker states, which have lesser bargaining power in negotiations. These states far outnumber powerful states but may lack similar bargaining power due to a host of economic and historical reasons. Understanding the parameters for consideration in building out digital infrastructures is significant for such states. Second, we examine the implications of sovereignty in the context of digital infrastructure guaranteed by the state (payments). Unlike sovereignty debates in the context of creative services (e.g., applications, software) that may concern issues such as monopoly, data protection, or abuse of power, payments are intimately linked to state function. Thus, interpretations of sovereignty need to additionally engage with the denial-of-service issues and their catastrophic implications for the economy.

This chapter is structured as follows: Section 5.2, following the introduction, builds a working definition of sovereignty. This definition relies on a broad interpretation of sovereignty and considers some of the critiques of such expansion. Section 5.3 describes the structure and operations of the NPCI in brief. Section 5.4 explores the workings of the NPCI through the framework and approach described in Section 5.2 and examines its successes and failures. Section 5.5 conducts a broad assessment of the working of the NPCI. A concluding section follows Section 5.6, providing possible avenues to address some of the concerns described in earlier sections, and explores some meta issues in the context of payments.

5.2 Bringing the State Back into Digital: Building a Working Understanding of Sovereignty

In this section, we take a brief look at digital sovereignty and arrive at an operational frame for analysis. We follow Pohle and Thiel (2020) to unpack sovereignty as control over critical infrastructure, economic freedom, and individual agency. We then examine the threats to sovereignty and the mechanisms available to exercise sovereignty. Our analysis is underpinned by Floridi’s approach of seeing power as control (Floridi, 2020). We argue that a sovereign state needs to control and protect digital infrastructures against state and nonstate and domestic and foreign threats through legitimate means available to it.

Sovereignty is the ability of a nation to make not only its own laws but also the ability to protect itself and its citizens from harm, achieve policy objectives, and enhance citizen well-being. The core meaning – sovereignty as the supreme authority over territory – emerges from the Westphalian notion of sovereignty, which bases state sovereignty on territoriality and the absence of a role for external agents in domestic structures. This definition of sovereignty places the state, whether liberal democratic or not, and its physical territory at the center of the imagination (Philpott, 2020).

In the digital realm, two main challenges to territorial notions of sovereignty have arisen: the ideas of cyber exceptionalism and multi-stakeholder governance (Pohle & Thiel, 2020). Cyber-exceptionalism sees cyberspace as exceptional and therefore contends that traditional frames of reference are not adequate (Pohle & Thiel, 2020). This has been articulated in multiple ways, starting with John Perry Barlow’s 1996 declaration:

“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.”

(Barlow, 1996)

Cyber exceptionalism is based on the premise that the rise of the internet implies the demise of state sovereignty and that national borders are rendered irrelevant. Multi-stakeholder governance is closely related to the ideas of cyber exceptionalism, which focuses on the roles played by various actors toward the development of shared norms and rules in the regulation and development of the internet. The ideas of multi-stakeholder governance emphasize open, consultative, and bottom-up decision making, involving those who are affected by decisions (Hoffman, 2016; Raymond & DeNardis, 2015).

Both cyber exceptionalism and multi-stakeholder governance are not a part of prominent narratives of digital governance. Instead, nations across the world are increasingly using the vocabulary of digital sovereignty to assert control over digital infrastructures within their borders. The term has become a way to bring back the state, as well as ideas of nationhood, economy, and citizenship, into debates around governance of digital infrastructures (Pohle & Thiel, 2020). There is a robust literature in the context of the European Union (EU) as the EU and its member states grapple with the emergence of technology giants who possess significant amounts of data as well as well as vast networks from which to mine data (Couture & Toupin, 2019; Gueham, 2017; Pohle & Thiel, 2020; Ruohonen, 2020).

In a context of increasing datafication of our lives, it is critical to examine conceptions of sovereignty and the role of the state. The state is relevant to examine for two reasons. First, individuals are increasingly engaging with the state through digital means across many arenas and domains. Several aspects of state functions such as welfare and government services are increasingly digitally mediated. Additionally, as Marianna Mazzucato (2018) has demonstrated, the state is central in framing and enabling the digital world. Her book, The Entrepreneurial State, demonstrates how the state does so through policies, subsidies, and infrastructure, playing a role in “making” the digital (Mazzucato, 2013). In that sense, the digital and the state cannot be parsed from each other. Importantly, digital goods and services are deeply connected with conceptions of liberty, rights, and norms, many of which are articulated through constitutional and legal frameworks at a national level. Accordingly, it is critical to center the state.

Second, the state is important in the imagination of digital infrastructures for the public. Many critical digital infrastructures are built using public funds and offer public services that emerge from statute or law, to which the principles of nondiscrimination and equal access apply. Nondiscrimination and access are enforceable in that citizens may bring claims in a court of law. Accordingly, the role of the state in ensuring this access for all necessitates an examination of state sovereignty and a deeper engagement with the state.

To analyze relationships between the state and digital infrastructure and the functioning of the NPCI, we adopt the framing in Pohle and Thiel (2020). Their paper suggests that the reemergence of sovereignty in digital debates is founded in three strands of thinking: (1) state autonomy and the security of national infrastructures; (2) economic autonomy and competition for market actors within the territory, and (3) autonomy and individual self-determination for citizens. Of these three, only the first argument refers to a territorial sense of the state and the need to protect infrastructure. This is akin to the need for the state to protect digital infrastructures such as physical infrastructure. The other two aspects of sovereignty relate to state goals of protecting indigenous market actors to enable a fair and free market economy to flourish and supporting citizens’ aspirations of self-determination (Pohle & Thiel, 2020). The second strand also speaks to emergent literature in the context of the EU that frames sovereignty as the need for the state to protect the interests of citizens and the ideals of a free and fair internet and to enable a free market and level playing field (Gueham, 2017).

Understanding sovereignty as autonomy and individual self-determination requires some thought to operationalize. We use the language of agency to unpack autonomy and individual self-determination. The work of Sharma and Natarajan (2020) suggests that agency is fundamental to individual self-determination. However, agency is a complex concept and needs to be seen near ideas of inclusion and equal access. Sharma and Natarajan argue that for technologies that arise from one’s rights under constitutional or legal frameworks, the onus is placed on the state to ensure that all individuals have access, and therefore agency. Agency can be dimensionalized to include concepts such as choice (among alternatives) and ability (to make choices and bargain). Agency must additionally be framed within a language of rights, aspects of access that relate to individuals’ rights under the constitution (specifically, Articles 19(1)(g) and 21²) (Sharma & Natarajan, 2020).

In our exploration in this chapter, we consider challenges to sovereignty from both state and nonstate actors. First, we consider state actors. States are sovereign entities themselves, subject to international law, agreements, and norms. Second, we consider nonstate actors. While nonstate actors may include legally established and recognized entities (e.g., corporations, both domestic and foreign) and unrecognized entities, we focus on the former category. We exclude bad actors such as hackers from the scope of this chapter. Indeed, all our interviewees concurred with the view that sovereignty must consider state and nonstate actors as oppositional forces that might undermine sovereignty.

We also need to address the question of how sovereignty is exercised, that is, what modes and mechanisms are available to the state and what the ultimate outcome of this exercise must be. Floridi (2019) articulates the latter through the language of “control,” that is, that power is control. Fioridi describes power as being both poietic (creative control, vesting with companies) and cybernetic (the ability to regulate or steer, vesting with the state). This framing and the delineation between creative control and cybernetic/regulatory control offer a way to think about the goals of the sovereign exercise of power, and the means available to the state. The goal of cybernetic control is attained through regulation and policies (Floridi, 2020). The cybernetic power is the control we attempt to assess through this chapter.

In this assessment, we must be careful not to depoliticize the idea of sovereignty and grant it only a functional and utilitarian character. A widened interpretation of digital sovereignty comes with simultaneous concerns about the expanded role of the state in business (Kelkar & Shah, 2019) and the enablement of a surveillance state (Srnicek, 2016). The availability of vast data to the state can enable large-scale violations of individual privacy. When combined with state power sans adequate data protection frameworks or procedural safeguards, individual liberties are at risk.

Sovereignty must not be seen as a frame to empower an already powerful state. Particularly, they must not enable ways to erode judicial and legislative checks and balances over executive power. The inadequacies of legal frameworks in the face of authoritarian governments’ inclination to override them cannot be ignored. Equally, choices and practices of defending and defining sovereignty, particularly the ways in which questions relating to the individual are handled, are political in themselves as they are likely to privilege certain viewpoints and identities.

5.3 Understanding the NPCI and UPI

NPCI, a nonprofit company regulated by the Reserve Bank of India (RBI), was set up as a DPI that manages the payment backbone of India. NPCI’s majority shareholding is held by public sector banks and offers utility pricing for its services. For this chapter and analysis alone, we define DPIs as technology infrastructures built/managed by the state for universal use and availability, and upon which innovation can occur.

NPCI operates India’s ATM networks, National Automated Clearing House to facilitate interbank transactions, the RuPay credit and debit card network and other payments infrastructures. In 2016, NPCI launched a new generation payment network called the Unified Payments Network (UPI), a mobile-first, open API-based, instantaneous payment network. While card networks have been around in India for decades, their penetration has been low. UPI enabled India to leapfrog to a mobile-first era of digital payments, similar to how countries leapfrogged the landline era and went straight to the mobile phone era. Countries that do not have card networks but have growing telecom and smartphone penetration have the potential to leapfrog the cards era straight into a mobile-first, UPI-like ecosystem.

5.3.1 Understanding the UPI

India has built three key digital infrastructures: Aadhaar, UPI, and the Data Empowerment and Protection Architecture (DEPA). These three layers come together to form India Stack (n.d.) and provide identity, payments, and data as services. The payments layer of India Stack, which forms the subject of this chapter, has been housed within the NPCI, which is an umbrella organization for operating retail payments and settlement systems in India. It is an initiative of the RBI and Indian Banks’ Association (IBA) under the provisions of the Payment and Settlement Systems Act, 2007, for creating a payment and settlement infrastructure in India (NPCI, n.d. -a). The NPCI has been set up as a non-for-profit company, with the goal of providing physical and electronic payment and settlement systems in India. Six public sectors, two private sectors, and two foreign banks were the ten core promoters. In 2016, the shareholding contained 56 members.

NPCI operates an array of infrastructures such as the RuPay debit, credit, and prepaid cards; the UPI, which is a mobile-first, interoperable payments network; and the Immediate Payment Service (IMPS). Launched in April 2016, the UPI has been the biggest success in NPCI’s portfolio, achieving 2.5 billion transactions in January 2021 (NPCI, n.d. -b). UPI enables anyone with a mobile app from one of the 224 participating banks, or Third-Party Service Providers (TPSPs) such as Google Pay or PhonePe to make payments within the UPI network using QR codes or virtual Payment Addresses like abc@xyzbank.

Worldwide, payment networks have evolved as monopolies or duopolies, due to network effects. Consumers flock to the networks that have the widest acceptance, while merchants flock to the networks that have the most customers. In contrast, NPCI built UPI as a relatively open payment rails upon which banks can become payment service providers (PSPs), to their own customers, and to third-party apps such as Google Pay, PhonePe, and WhatsApp. The design of UPI and the institutional architecture of NPCI have many implications for digital sovereignty. This chapter will take a deeper look into them. Figures 5.1 and 5.2 explain the difference between card networks and the UPI network.

Figure 5.1 Schematic description of card systems³

Source: iSPIRT, Sanjay Swamy

Figure 5.2 Schematic depiction of UPI⁴

Source: iSPIRT, Sanjay Swamy

5.3.2 Cards, UPI, and NPCI

Traditional card networks are a three-party model with transactions routed from the payer’s card to the switch, which sends the money to the payee’s bank account. The switch is at the heart of the network, which is why when sanctions were imposed on Russia with which MasterCard and Visa complied, the lifeblood of payments came to a halt. Since 90% of card payments in Russia were routed through MasterCard and Visa, this had a very disruptive impact, leading Russia to create an indigenous payment system MIR.

In India, NPCI operates its own card network called RuPay, which has 60% share of the cards issued. In terms of value, MasterCard and Visa cards have a higher share because of incentives and cash backs. All three networks operate in parallel, and the existence of RuPay means that if MasterCard and Visa were to stop working, Indians have another network to switch over to.

RuPay also has a lower cost structure. Therefore, the Indian government has issued RuPay cards along with its financial inclusion initiative, the Jan-Dhan bank accounts. Over 424 million bank accounts were opened as part of an initiative to provide minimum balance bank accounts to the poor, so that money from welfare schemes can be transferred directly into the recipients’ Jan-Dhan accounts. Of these 424 million accounts, 310 million users were issued RuPay cards (PMJDY, 2023).

5.3.3 UPI

In contrast to the card networks, UPI has been set up as a four-party model. The payer uses an app, which could belong to a bank or a TPSP. The key innovation in UPI was decoupling permissions from the payment instruments such as online banking. The UPI app acts as a permission collector and the user approves a payment through the app. This approval is sent to the payer’s bank account through the UPI switch controlled by NPCI and the payer’s account is debited and the payee’s account is credited.

Since the UPI switch is housed within NPCI, which is run as DPI and all UPI players have to connect to this switch, it is difficult for network monopolies to emerge. Interviewees suggested that TPSPs such as Google Pay and PhonePe have acquired a sizable market share of UPI transactions because of the incentives and cashbacks they offer, but not through network effects.

5.3.4 Understanding the Structure of the NPCI

The NPCI is the institution that houses the payments protocol, the UPI. Marianna Mazzucato (2013) has argued against the idea of the state as a collection of static bureaucratic organizations needed only to “fix” market failures, leaving dynamic entrepreneurship and innovation to the private sector. She has instead worked to reshape the narrative of the state’s role in the economy to one of creating and shaping new markets.

In their working paper on the NPCI, William Cook and Anand Raman of the Consultative Group to Assist the Poor (CGAP) sketch out the history of NPCI where Indian regulators actively shaped its formation (Cook & Raman, 2019). In 1996, Y. V. Reddy (the then deputy governor of the RBI and later its governor) asked, “How far are we from global standards?” In the early 2000s when India’s GDP grew at 7.3%, the country’s payment systems were not keeping pace. The RBI’s Vision Document for 2005–2008 scanned fourteen leading markets and found that very few central banks operate retail payment systems. In the Vision Document, RBI stated:

The primary goal of any national payment system is to enable the circulation of money in its economy. It is recognised worldwide that an efficient and secure payment system is an enabler of economic activity. It provides the conduit essential for effecting payments and transmission of monetary policy. Payment systems have encountered many challenges and are constantly adapting to the rapidly changing payments landscape. More recently, the proliferation of electronic payment mechanisms, the increase in the number of players in the financial arena and the payment crises in quite a few countries and regions in the 1990s have focused attention on public policy issues related to the organization and operation of payment systems. Three main areas of public policy have guided payments system development and reform: protecting the rights of users of payment systems, enhancing efficiency and competition, and ensuring a safe, secure and sound payments system.

(Reserve Bank of India, 2005)

The Payment and Settlement Systems Act in 2007 allowed the RBI to authorize a company or a corporation to operate or regulate the clearing houses of banks, provided that at least 51% shares of such an organization are held by public sector banks.

All of this paved the way for the creation of NPCI. The body was set up as a nonprofit company that would answer to the RBI, but was operationally independent. The decision to structure as a nonprofit underscored the NPCI’s utility nature from the outset. NPCI follows the principle of cost-plus pricing, and this enables financial inclusion and penetration across the country. Furthermore, NPCI is not driven by considerations of valuation and going public as are private corporations (Ramesh, Jangid, Sivamalai, & Rebelly, 2020). The nonprofit company status also allows the NPCI to be an agile organization that could hire the best talent available in the market.

Globally, payment systems have been privately owned duopolies because of the very nature of the business. Due to network effects, merchants and customers gravitate to the largest payment platforms, resulting in a few large players dominating the market. UPI was set up as a comparatively open, interoperable payment platform. Any bank can plug into the NPCI’s backend system and offer UPI as a service to their own customers or to Third-Party App Providers (TPAPs) such as Google Pay and PhonePe. For customers, this means that they have a choice of more than a hundred UPI apps to choose from.

As of June 5, 2021, more than 224 banks were providing UPI transactions as a service by plugging into NPCI’s UPI backend (NPCI, n.d. -c). Sixteen TPAPs such as Google Pay, the Walmart-owned PhonePe, and WhatsApp ride on top of banks who offer UPI services as registered PSPs of NPCI (NPCI, n.d. -d). These TPAPs collectively account for more than 90% of total UPI transactions by offering cashbacks and incentives with PhonePe accounting for 48.73% and Google Pay accounting for 37.31% of total UPI volumes in May 2021 (NCPI, n.d. -e). Since banking is a highly regulated sector, these TPAPs have to have an arrangement with one or multiple banks that provide UPI as a service.

UPI is also a policy innovation because it was designed to be interoperable from the start. In many countries, payment networks have grown rapidly, and regulators have tried to enable interoperability in hindsight. For example, it is only after the rapid growth of Alipay and WeChat that China made them connect to Nets Union Clearing Corporation (NUCC), a public clearing and settlement institution for online payments.

The interoperability of the UPI platform means that, once a user has downloaded and signed up on UPI, they can instantaneously send money to anyone else on the UPI system. It must be noted that very few countries, including the US, have a mobile-first, interoperable national payment network that enables instant settlement. Enabling interoperability post-facto is often hard because the dominant players will always resist opening up their networks to other players.

5.4 NPCI and Sovereignty

In this section, we explore the workings of the NPCI and the UPI (NPCI, n.d. -b) through the framework proposed in Section 5.2. We attempt to uncover the functioning and the performance of the UPI with respect to the three elements of sovereignty and then examine what states might do to respond to nonstate and other state actors. In doing so, we look at both technological approaches and institutional mechanisms.

5.4.1 State Autonomy and Security of Digital Infrastructure

The security of digital services from denial of technology remains the primary articulation of state sovereignty. As discussed earlier, situations such as the MasterCard, Visa, and SWIFT sanctions of Russia can be a threat to a given nation-state and the primary entry point for framing inquiries into state sovereignty. Policy shifts in other nations and insidious and criminal threats from malicious nonstate actors can heavily undermine the functioning of elements of the digital economy such as payments in this case.

This is articulated in two ways. First, the effects of geopolitical actions such as economic sanctions or war may result in private service providers having to comply with orders. This was demonstrated in the case of Visa and Mastercard in suspending their operations in Russia (Dettmer, 2019). Second, nations might want greater control over the payments infrastructure to achieve policy goals such as financial inclusion and regulatory oversight to accelerate a shift from cash to digital transactions, encourage competition and innovation, and prevent monopolies or duopolies.

Introduced in 2016, UPI has become the fastest growing payment network in India, achieving 2.5 billion transactions in May 2021 (NPCI, n.d. -b). Since the UPI switch is controlled by NPCI, which is an organization incorporated in India, UPI is relatively immune to sanctions. In the case of card networks, if sanctions cut off access to MasterCard and Visa networks in India, customers will be able to switch over to the indigenous RuPay card network with relative ease. Therefore, UPI and RuPay networks insulate the country from sanctions that could lead to denial of technology.

5.4.2 Economic Autonomy and Competition

Economic autonomy, and the ability to foster self-reliance, innovation ecosystems, and sustained local businesses, is another articulation of sovereignty. The provision of a technical “infrastructure” and open⁵ APIs lower the cost of innovation for local entities through lower barriers to entry. The NPCI structure and the open APIs under the UPI system theoretically enable innovation. Additionally, the NPCI has also made significant efforts in helping local businesses to innovate through hackathons.

However, the ability to leverage this infrastructure remains with corporate players. Large corporations have access to capital, data, networks, technical skills, and resources to develop and deploy a range of services very quickly. Despite the relatively open payment rails, October 2020 figures reveal that two US-owned entities – PhonePe (Walmart) and Google Pay – had 83% of the total volume of UPI transactions. This has prompted NPCI to issue a circular that no TPAPs can exceed more than 30% of the total volume of UPI transactions to curb the risk of a few parties dominating the UPI ecosystem.

Some of our interviewees highlighted the risk that by offering savings, investments, and a basket of financial services, TPAPs could control the consumer interface and reduce banks to back-end service providers. At a later stage, if they acquire a banking license, the need to rely on banks as PSP will also be eliminated. Therefore, there needs to be a deeper assessment of the risks involved in the consumer interface of UPI residing in two foreign-owned entities. If nothing else, the dominance of foreign-owned TPAPs on top of the UPI platform indicates that the task of protecting a country’s digital sovereignty is not a static task but a dynamic one that involves technological, institutional, regulatory, and programmatic efforts.

Shifting from Cash to Digital: Cash is the most widely accepted form of payment. If an economy wants to move people from cash to digital, ensuring that digital modes of payment are widely accepted is absolutely essential. If a payer on network X is not able to pay a merchant on network Y, the utility of each network is greatly diminished for the payer and the merchant.

For merchants, cost is another factor that impedes adoption of digital modes of payment. Card networks entail a one-time payment for the point-of-sale terminal and minimum monthly transaction fee guaranteed by the merchant, apart from relatively high transaction costs. With UPI, merchants need to set up a QR code connected to their bank accounts to start accepting payments. UPI transactions are free so there are no set-up or recurring fees. Merchants also like the fact that the money is credited immediately into their accounts. This has brought many new merchants into the ambit of digital payments.

For users, a high credit score is required to get a credit card, which restricts its reach to the relatively well-off section of Indian society. Since UPI (like debit cards) is attached to the bank account, there are no additional know-your-client (KYC) requirements to establish a customer’s identity and identify risk factors. It is also easier to use since payments can be made and received using virtual payment addresses (similar to email addresses) or QR codes. This has helped take digital payments beyond the major metros in India to tier 2 and tier 3 cities in India.

Therefore, the UPI network has accelerated the shift from cash to digital by virtue of ease of use, interoperability, and lower transaction costs. The incentives and cashbacks offered by UPI players have also helped speed up adoption by consumers and merchants.

Encouraging Competition and Innovation: NPCI has conducted many hackathons to encourage innovations on top of the UPI platform. NPCI has also made it easier for small banks and third parties to provide payments as a service. Once an organization connects to the UPI switch, their customers can make payments to anyone else within the UPI network. This open-loop architecture enables firms to direct their energies to providing customer-facing innovations, instead of negotiating interoperability agreements and other related tasks that closed-loop networks would have to undertake.

UPI is also a payment system that has been built with open application programming interfaces (APIs) at the core. This has enabled players to build their customer-facing and merchant-facing apps on top of these APIs.

Preventing Monopolies and Duopolies: Policymakers have found it very difficult to regulate the winner-take-all model that results from network effects in the areas such as payments. Classical competition theory states that one should not regulate monopolies, but the abuse of such monopolies. However, this is easier said than done. Competition theory has not kept pace with the exponential growth of digital networks and their winner-take-all nature. China, which started with a light-touch regulatory regime, has moved to create NUCC, an NPCI-like organization, in response to concerns that capital flows through direct payment tools could be misused for money laundering and other illicit activities. NUCC allows the government to ensure interoperability among payment instruments and provides greater oversight of the payments ecosystem. In Kenya, mobile money interoperability became a reality eleven years after M-Pesa was introduced (Mburu, 2018) but reports indicate that such interoperability is quite cumbersome for consumers (Cook, 2018).

Payment networks can easily function as quasi-regulators. This helps the state keep direct control over the playground and its participants, as well as keep a check on monopolies. In the hands of a well-intentioned state, this can be a boon and in the hands of an ill-intentioned state, it can be a bane. However, the scope of this chapter centers around a state’s capacity to maintain digital sovereignty, and not so much state intent, which could be the subject of a separate paper.

Interestingly, the rapid growth of UPI has also raised concerns within RBI that NPCI has become too big to fail. RBI therefore issued a policy paper on Authorisation of New Retail Payment Systems (Reserve Bank of India, 2019). Subsequently, RBI invited bids from organizations wishing to operate NUEs and seven consortia applied for the NUE license. This included a consortium led by a leading telco, Reliance Jio, which had members such as Facebook and Google, while another consortium was led by Amazon. Hariharan (2021) has criticized this move as it is likely to fundamentally alter the nonprofit, utility-pricing, and Indian-banks-owned nature of India’s payments infrastructure. In August 2021, RBI put the plans for issuing the NUE licenses on hold. A MINT news report cited RBI’s concerns over data security and compliance with its data localization norms as the reasons for this freeze (Gopakumar, 2021).

5.4.3 Individual Self-Determination and Inclusion

A third component of digital sovereignty is the ability to foster individual self-determination and inclusion. In countries such as India, social structures intersect with economic conditions to mediate vulnerable populations’ access to technologies. This is increasingly being demonstrated in the context of areas such as payments (Borgonovi et al., 2018; Demtschenko, 2020) and governance technologies (Sharma, Natarajan, & Udhayakumar, 2020). These barriers are being observed across geographies as well. The literature suggests that across contexts, the already disadvantaged, and those who are on the vulnerable side of the digital divide are doubly disadvantaged when systems shift toward digital ones (Sharma, et al., 2020). The digital gender divide, for example, hinders the ability of women to participate freely in the economy. This circumscribes opportunities for economic development, including by limiting access to markets, or worse, to entitlements and welfare from the state.

Examining the accessibility of the NPCI in this context and the ways in which its design and implementation encourage inclusion and agency is the third element of sovereignty. The structure of the UPI that fosters interoperability across different payments systems is a critical element of this accessibility. M-Pesa, another digital payment system, is similarly interoperable, though it is far less so than the UPI. This type of technological interoperability lowers the barriers to entry as all banks can “communicate” with each other. Interviewees identified interoperability as a critical element in driving inclusion and agency for users. Interoperability encourages firms to innovate and reduces friction and risk in everyday transactions. Together, these enable inclusion and agency.

Interoperability also allows firms to develop applications to service preferred market segments, distributing the costs of widening reach and allowing the development of innovative methods. For instance, Google has developed Google Pay/Tez to provide a payments interface application to its users; PhonePe and Paytm operate on a similar premise. Our interviewees pointed out that this offers significant advantages in that firms are then incentivized to innovate in order to make payments available to wider segments of the population and expand their customer bases. This widens the choices available to individuals, in turn supporting agency and inclusion.

Additionally, interoperability also reduces friction in everyday payments transactions. An example of this is the reduction in the need for communicating bank account numbers. Payments are immediately credited, reducing the latency between the issue and receipt of payments. This allows for reduction risk in the payments process.

However, as our interviewees pointed out, neither increased agency (as choice) nor reduced friction are adequate for inclusion. Nor are they addressable through technology alone. Indeed, as established earlier, there are profound challenges of inclusion and these fault lines map onto existing social cleavages of gender and geography in the Indian context. This requires institutional structure and programmatic efforts to be critical elements of this process. In this regard, the NPCI’s structure as a not-for-profit and its programmatic efforts are noteworthy.

The NPCI is structured as a nonprofit entity. The multi-stakeholder governance approach (representation from stakeholders) ensures that the NPCI represents diverse voices (NPCI, n.d. -f). The involvement of public sector banks also carries connotations of stakeholder engagement. However, the NPCI may additionally need to make efforts to make the process of governance itself inclusive. For example, the structure imagines the inclusion of civil society. In reality, no civil society organization is a part of the NPCI’s formal governance. Nor is there any subcommittee of the board or formal mechanism to consider financial inclusion.

Additionally, programmatic efforts are also an important component of inclusion. Given the difficulties in developing an application that is widely available and accessible, the NPCI developed the BHIM application.⁶ This is a reference application to work in low resource settings, available in multiple languages. The design and maintenance of BHIM by the NPCI ensure that it continues to be available to those who need it. This programmatic effort is valuable for inclusion. However, the NPCI needs to be mandated and incentivized to continue engagement with voices and actors who may further widen reach and address problems of ability and access to infrastructure on the ground.

5.5 Discussion: Assessing the NPCI

In this section, we assess the impact and effectiveness of the NPCI from a state digital sovereignty perspective. The empirical evidence and the interviews gathered so far suggest that the NPCI addresses some aspects of digital sovereignty. The fact that the UPI payment rails are hosted and governed within the territory of India offers insulation against denial of technology regimes. However, the fact that the dominant entities on the UPI rails are foreign entities who might leverage their hegemony to enter adjacent areas such as savings, insurance, and loans opens up a new set of challenges from a digital sovereignty perspective for regulators.

An additional concern is that the character of the NPCI, which can be classified as a state-sanctioned monopoly, may result in institutional capture. The NPCI structure has representation from a range of actors. However, over time, representation may exclude those entities (e.g., civil society) that lack the capacity to participate and engage in national-level institutions.

Equally, corporate power may impact the process of inclusion. To address this, RBI has proposed the setting up of New Umbrella Entities (NUEs) for retail payments, which would compete with NPCI, while interoperating with it. If Big Tech companies win the NUE licenses, it might invert the power relationship between banks and Big Tech. Currently, Big Tech companies operate as Over the Top (OTT) players on top of UPI Payment Services provided by banks. If Big Tech NUEs become a reality, banks will become OTT players on Big Tech payment platforms. Concerns have been expressed that since the bidders for NUEs include telecom giant Reliance Jio and firms such as Facebook, Amazon, and Google, the NUEs might undo the work of NPCI in ring-fencing India’s digital sovereignty and keeping the power of Big Tech in check (Hariharan, 2021).

In addition, since the NPCI is a government-regulated entity, fears of government surveillance remain. Threats from bad actors should not be leveraged by the state to acquire more power to the detriment of citizens. In particular, executive actions without judicial scrutiny must be guarded against.

Insulating the economy from state sanctions: NPCI controls the switch that routes the vast majority of payments within India. The major foreign payment players in India are the card networks, MasterCard and Visa. If US sanctions pull the plug on these card networks, it would immediately benefit the indigenous RuPay network that is the dominant network with 60% of credit and debit cards issued in India. On UPI, the biggest players are foreign-owned entities such as Google Pay and PhonePe (owned by Walmart), which collectively operate 80% of the UPI transactions. In a worst-case scenario, if they were to be switched off, it would not impact the underlying UPI network, which is controlled by NPCI. Given that UPI is an interoperable network, the cost of switching from one UPI app to another is negligible for customers. It is likely that they will switch to NPCI’s BHIM app or one of the 200 plus banks that offer UPI as part of their mobile banking services.

India’s ATM networks, Real Time Gross Settlement (RTGS), Immediate Payment System (IMPS), National Automated Clearing House (NACH), and others are also operated by NPCI. Therefore, India is well protected from shocks that might result from sanctions imposed by foreign states.

Deepening Digital Payments: Having control over the payment infrastructure can be helpful for attaining policy goals. A major policy goal in India has been to move the economy away from cash to digital, as this reduces black money transactions and encourages better tax compliance and financial inclusion. High Merchant Discount Rates (MDR), which is the transaction fee that merchants pay to the card networks, has been one of the factors that hindered the growth of digital payment networks. With retailers usually operating on a 5% margin, an MDR of 2–2.5% can cut into their profits. Therefore, retailers would sometimes include this fee in their total bill, which incentivized customers to pay in cash instead of card. Regulatory intervention in 2012 brought down MDR on debit cards from 2.5% to between 0.75 and 1% since debit card transactions are directly debited from users’ bank accounts and carry no credit risks (Reserve Bank of India, 2012). MDR on debit cards was further reduced (Reserve Bank of India, 2017). Similarly, NPCI trimmed the ATM interconnect fee in 2012 from INR 8 (0.11 USD) charged by MNC networks to INR 0.45 (0.0061 USD), which enabled greater debit card usage (Baruah, 2016).

Reducing the cost of cash: RBI estimates that the net cost of cash amounts to 1.7% of the GDP, compounded by the possibility of abnormal losses of cash via accidents.

Regulating the domestic payments ecosystem: For context, the Chinese government pulled the plug on Alibaba’s IPO because it had become too big to fail (Salmon, 2020). Beijing also tried to bring in interoperability among domestic payment systems through NUCC (Knowledge at Wharton, 2018). Imposing interoperability post-facto is difficult unless the regulator brings a strong hand to bear on the implementation because dominant players have every incentive to thwart its success and retain customers within a closed-loop, non-interoperable network. By design, UPI has avoided this problem. Once a bank connects to the NPCI’s UPI backbone, its users could make payments to anyone else on the UPI network. To reduce the systemic risk of any one TPSP becoming too big to fail, NPCI issued a volume cap of 30% for each TPSP (NPCI, 2021) on January 1, 2021 and gave organizations two years to comply. Implementing such rules might have been difficult if NPCI was not run and operated as a DPI.

5.6 Recommendations

Besides sovereign “control,” a well-implemented payments infrastructure can have a multiplier effect on an economy and help achieve policy goals such as financial inclusion, better regulation of an economy, and transfer of benefits directly to citizens’ bank accounts during pandemics such as COVID-19. Therefore, policymakers may consider implementing a UPI-like payment network, keeping the following factors in mind:

Interoperability: If the policy objective is to give citizens an alternative to cash, interoperability must be strictly enforced. An open-loop network such as UPI, with regulatory oversight and strict action against bad actors, can help countries provide their citizens with an attractive alternative to cash. This involves significant investments in technology, regulatory capacity, branding, marketing, and enforcement.

Multi-stakeholder governance: Interoperability has to work hand in hand with sovereign control over core elements of the stack (e.g., registries and API design) and robust governance of private parties. While the government manages and regulates the payment network, private sector players who build on top of this network need a stable policy regime to enable their investments to be amortized over a reasonable period. Voices of civil society, privacy advocates, and financial inclusion activists must also be factored into the network’s roadmap. This includes establishing robust integrity measures and checks as well as feedback loops.

Ownership: The consortium model followed by India (NPCI) with majority of the ownership of the infrastructure company being held by Public Sector Banks is one model that can be considered. In this model, the infrastructure company offers utility pricing and is run as a nonprofit. For-profit entities such as banks and TPAPs operate on top of this network. This enables regulatory oversight and prevention of money laundering and other illegal activities that would be hard to trace in a closed-loop network. If the infrastructure layer is operated by for-profit companies, countries must invest in significant regulatory capacity to ensure speedy dispute resolution and smooth functioning of the network.

Institutional checks and balances: A critical element of sovereign function, especially in the liberal democratic construct, is the requirement to serve and be available to all citizens. Access to payments can be interpreted as a component of life and liberty. Moreover, the unregulated institutions can end up amplifying powerful voices at the expense of others, causing harm in the process. Since payment is a sovereign function and norms of inclusion and access are central to sovereignty, exploring some measure of judicial scrutiny and review of actions may be useful. This may be done through the power of writ in the hands of citizens or widened applicability of legal frameworks.

Risk mitigation: Policymakers must conduct periodic risk assessments of the payment network from technology changes such as crypto currencies and cybersecurity risks.

5.7 Conclusion

As a DPI, India’s UPI has succeeded beyond most expectations. UPI, which is housed inside the NPCI and governed by the RBI, operates as a nonprofit utility. In the month of August 2021, UPI recorded 3.5 billion transactions worth Rs 639,116 billion (or USD $86 billion). India has the technological, institutional, and regulatory capacity to pull this off with a sizeable domestic market that supports such a massive scale of transactions.

However, many countries might lack such deep state capacities. Such countries could consider a variety of other options. Open-source DPGs such as the MojaLoop project could provide some technological infrastructure. Multilateral agencies could also support the deployment of these infrastructures for specific contexts, and the creation of regulatory capacity. For countries that do not have populations to support large-scale transactions, technology service providers could support cloud-based deployments. These deployments could be based on open standards and APIs that allow payment networks in different countries to work with each other.

India’s UPI and NPCI offer a case study that demonstrates that a DPI-based approach can provide a viable alternative to private sector-payment networks. More work is needed to understand the different ways in which countries with and without the capacity to build digital payment systems might need to grapple with these issues of sovereignty. There are emergent efforts to promote DPGs in payments and other areas (Digital Public Goods Alliance, 2021), which may become available. Indeed, the New Delhi Leaders’ Declaration acknowledges India’s commitment to establish the One Future Alliance, which aims to bring financial and technological capability to countries in need (G20 New Delhi Leaders’ Declaration, 2023, p. 22). The hope is that these efforts, in addition to driving resources, can foster a culture of inquiry and engagement.

6 Digital Statecraft of Middle Powers Tech Landscape and Digital Sovereignty in Brazil and India

Vashishtha Doshi * and Henrique Estides Delgado

6.1 Introduction

Power, in international relations, comprises autonomy and influence. Influence is the ability to affect others, while autonomy is the ability to prevent others’ actions to affect oneself. As argued by Benjamin Cohen, “power must begin with autonomy, which generates a potential for leverage. Influence – the deliberate activation of leverage – should then be thought of as functionally derivative” (2019a, p. 23). In this logic, states must possess autonomy before they can influence those outside their borders. This materializes in the ability to enact policy at home without outside constraint or preserve and enhance a policy space. Autonomy then becomes a necessary, but not sufficient, condition for influence (Cohen, 2019a, p. 23). Great powers such as the US possess both autonomy and influence. However, middle powers such as Brazil and India do not possess both. Rather, they are seeking to enhance autonomy.

In this chapter, we argue that autonomy is a foundational element of digital sovereignty. Autonomy is important to preserve democracy and state security as well as to protect and advance local innovation and economic interests. This chapter argues that in a world of weaponized interdependence, middle powers such as Brazil and India have policy choices that can enhance their autonomy. However, having this policy space is not enough. In order to turn the potential for policy space into policy enactment, domestic politics has to align in a particular way. In this chapter, we argue that when the independence of institutions’ interests are taken into or not usurped by the parliamentary process, we observe autonomy inducing policy enactment. We try to explain this using the case study of data localization policy in Brazil and India.

Farrell and Newman (2019) describe weaponized interdependence as an influence on the entire network of interdependence, arguing that it works through two mechanisms: panopticon effect and chokepoint effect. They classify panopticon effect as such where “states¹ that have physical access to or jurisdiction over hub nodes can use this influence to obtain information passing through the hub,” while chokepoint effect involves “states’² capacity to limit or penalize use of hubs by third parties” (p. 56).

Middle powers,³ with mid-level international power, capacity, and influence in the international system (Jordaan, 2003), do not enjoy the systemic ranges of action achieved and maintained by great powers; however, they still have the wherewithal to pursue autonomy and safeguard their sovereignty in narrower measures and fields. The paradigm of economic statecraft has largely focused on the actions, institutional setups, and structural asymmetries enjoyed by the great powers who utilize them for their own foreign policy goals (Narlikar, 2021). Much less attention is given to the role of middle powers such as Brazil and India.

This chapter seeks to answer two broader questions: (1) what agency do middle powers have in a world marked by weaponized interdependence to safeguard their digital sovereignty⁴ and (2) how does domestic politics structure the outcome of this agency?

We seek to answer these two global questions using the case studies of India and Brazil. In the realm of technology, both countries are similar in the way their domestic industry is structured, yet we have observed key differences in policy outcomes. This chapter is an example of the agency and policy space middle powers such as Brazil and India have but the enactment is mediated by domestic politics. In short, this study provides an example of the missing link between capability and outcomes in middle powers policy, and how they can achieve autonomy even under conditions of weaponized interdependence.

To answer the above questions, first, we discuss the role of firms in weaponize interdependence by great powers, using the fields of finance and digital technology as examples. Second, we examine the variables along which middle powers can attain autonomy in the above two fields, thus strengthening their digital sovereignty. Third, we explore how the range of policy outcomes varies among middles powers due to the constraints and opportunities emanating from domestic politics.

Utilizing the framework set forth by Farrell and Newman (2019) and Cartwright (2020), we argue that great powers weaponize interdependence through their firms. They internationalize state power by exercising jurisdictional authority over their market-dominant firms. Within this overarching architecture, middle powers have agency to seek autonomy for themselves along a set of variables that helps block the most adverse effect of weaponized interdependence, that is, the chokepoint effect. We argue that data localization is one such policy through which middle powers can achieve autonomy from weaponized interdependence. Data localization policies help eliminate the chokepoint effect by keeping the jurisdiction over the stock of data at home. We argue that data localization then becomes a necessary but not sufficient condition on the path to state-led digital sovereignty. In this chapter, we inquire the reason for observed variation in data localization policy in India and Brazil despite similar domestic interests.

We define data localization as “mandatory requirements of local storage of data, whether exclusively or in the form of mirror data copies, thus fundamentally steering, and altering, data flows” (Bailey & Parsheera, 2018).⁵ Brazil has no data localization policies, whereas India has a fractured outcome with sectoral data localization (Burman & Sharma, 2021).

In August 2023, India passed its Digital Personal Data Protection Act (DPDP Act). Through this act, India cemented the debate on data localization in the country. This act allows for cross-border transfers of data to all countries unless specifically restricted by the Indian government. Thus, India’s data protection bill is now in line with Brazil’s in removing almost all barriers to free cross-border flow of data. However, the key difference that remains and reinforces this paper’s argument is that in passing the Bill, the Indian government did not usurp the data localization mandates set by sectoral regulators.⁶ Section 16 (2) of the DPDP Act states, “Nothing contained in this section shall restrict the applicability of any law for the time being in force in India that provides for a higher degree of protection for or restriction on transfer of personal data by a Data Fiduciary outside India in relation to any personal data or Data Fiduciary or class thereof.” Industrial sectors can still maintain their own sectoral data localization mandates.

We argue that these divergent outcomes in data localization policies between Brazil and India stem from the difference in whether the interest of independent institutions was incorporated into the decision-making process. India’s sectoral data localization stems from independent institutions allowed to exercise their jurisdictional authority without explicit interference from the political process. However, in Brazil, independent institutions’ sectoral interests were subordinated to those of the Brazilian congress.

In this chapter, we argue that data localization is one such autonomyinducing policy choice to enhance digital sovereignty. However, the availability of data localization policy is not enough. Domestic politics must align in a particular way to enact them through meaningful digital statecraft. The novelty of our argument is that we examine the role of middle powers in the world under weaponized interdependence. We argue that middle powers face two sets of constraints – the international sphere and domestic sphere (politics and institutional design) – that eventually determine the outcomes of their sovereignty enhancing policies.

6.2 US Hegemony in Finance and Technology

Our theoretical argument begins with an emphasis on the role of US hegemony. This hegemony is manifested here as extraterritorial exercise of digital sovereignty at global scale. In this section, we argue that the US – and as of now only it⁷ – exercises hegemony in fields of finance and technology that are analogous and important for comparison. Section 6.3 will address how to limit this in order to build up the digital sovereignty of Brazil and India. We begin this section by listing the variables and mechanisms through which the US exercises power in the field of finance benefiting from the centrality of US firms in the global financial system, which may end up enjoying what this book considers as a form of corporate digital sovereignty or even acting as proxies for state digital sovereigns (Belli, 2022). The discussion on finance will be brief as finance is not the core topic of this chapter but a useful comparison. We then discuss the variable through which power resides in the technology industry and the centrality of US firms within it. Finally, we discuss how the US externalizes its power through the centrality of US technology firms.

The US can exercise influence through the networks that have been formed because of the dominant role of its firms in fields of both finance and technology (Babic et al., 2017; Birch et al., 2021; Farrell & Newman, 2019; Starrs, 2013). There is now substantial research on how the US is able to exercise influence over the international financial system through two distinct actors: public institutions (de Goede, 2021; Helleiner, 2019; Murau et al., 2021; Schwartz, 2019) and private activity (Fichtner, 2016, Fichtner & Heemskerk, 2020; Petry et al., 2019; Winecoff, 2015).⁸ US centrality in both is reinforcing. For the purposes of our study, we highlight how the US is able to exert influence through the activities of its firms. The international financial system is a complex network that is hierarchical in nature, with the only core nodes being the US and UK (Fichtner, 2016; Oatley et al., 2013; Winecoff, 2015). This high level of international market dominance coupled with US authority over domestic firms allows the US to internationalize state influence through its firms (Cartwright, 2020).

Centrality of US firms exists in the technology sector as well (Starrs, 2013, p. 822). Out of the top 100 technology companies in the world, 35 are US firms (Forbes, 2019). Further, out of the top 100 websites visited in the world 60 of them are US firms’ websites (Routley, 2019). None are Brazilian or Indian firms (Jawaid, 2023). “A huge fraction of the global data traffic is channeled through the servers of a handful of US companies” (Farrell & Newman, 2019, p. 64). Some estimates suggest that up to 70% of global web traffic passes through servers in Northern Virginia (Mekouar, 2020). Similarly, Google dominates worldwide search engine market share (over 85% market share). Facebook and other US firms dominate social media market share. Further, as these firms grow bigger, they will funnel more global data within their ambit. Majority of these firms’ business model is dependent on extraction of value from personal data processing (Birch et al., 2021; Zuboff, 2019a). This requires the immense collection and storage of personal data, and then the ability to monetize it for profits (Birch et al., 2021, p. 9).

The global dependence on US technology firms, their need to accumulate data, coupled with US legal framework – which includes the lack of a general data protection law matched with legislation allowing both international surveillance and access of data treated or stored domestically and abroad by US firms – allows the US government to create a panopticon effect on global information flows.⁹ As stated by General Hayden, former CIA director, “because of the nature of global communications, we are playing with a tremendous home field advantage, and we need to exploit this edge. We also need to protect this edge and those who provide it.” (Hayden, 2006).

The Snowden leaks revealed how the US utilizes the dominant position of its internet firms to conduct mass surveillance in the world. At the time, there was an upheaval in Brazilian politics and diplomacy. In wake of the Snowden leaks, President Dilma Rousseff wanted all internet companies operating in Brazil to store data of Brazilian clients in the country (i.e., data localization) (Douglas, 2013). Cartwright (2020) provides many examples of how the US government has utilized the dominant position of its technology companies to create a panopticon effect. For some analysts, unless there is a decline in the usage of US digital technology companies for most of the global internet traffic and personal data, it seems highly unlikely that US’s panopticon effects can be curtailed in any meaningful way. There is also the pathway for different jurisdictions to design stronger and better enforced regulation on local data, matched with enhanced investments in cybersecurity that curtail data leaks and cyberespionage. As Farrell and Newman (2019) describe – for reasons of the US’s own industrial policy goals together with specificities of history and context – the US government has not yet turned this advantage of panopticon effect into more than small-scale chokepoint effect. However, it is not an inconceivable scenario where one day the US could order its firms to exercise a chokepoint effect on the data of extraterritorial entities (whether it be public or private).¹⁰ As discussed earlier, the requisite recipe – concentration of data on US soil, US firm’s market dominance, and legal framework – is in place to exercise this option at large scale with the potential of major disruption to others’ national security, as well as economic and human rights.

While we are not arguing that data in the possession of or passing through US technology firms is the sole basis of US’s ability to weaponize interdependence, we believe that having US technology firms at the core of the global data economy – some providing services presented as “free” but in reality paid with data – is one of the ways in which the US maintains the upper hand in the digital age. Moreover, data concentration follows from such centrality and makes it impossible for other firms to compete.¹¹ Through a combination of centrality of US firms, provisions (and practice) for US government agencies to access data that flows within the ambit of these firms and willingness of the US to utilize this privilege to achieve state goals has meant that the US enjoys extraterritorial projection of its digital hegemony while other countries face constraints on their digital sovereignty stemming from this. Moreover, the levels of data concentration in a few US tech giants are such unsurmountable barriers to entry that even in US home markets other firms find it hard to compete. Hence, awareness about the importance to break these barriers and level the playing field are behind the efforts to enact data localization measures.

Currently, we can think of several other ways through which the US can weaponize interdependence.¹² For example, most of the world’s location-based devices are connected to the US’s GPS system. It is not inconceivable that the US can block a country’s access to the GPS system.¹³ Another variable is undersea cables. A significant amount of data that passes through US firms’ servers in the US goes through undersea cables. It is possible that the US can utilize this privileged position to block access to these cables for certain entities. Protection of undersea cable is such a significant part of US geopolitical strategy that the country even forced a joint Facebook–Google undersea cable to not have a landing site in Hong Kong. The US State Department’s Clean Network, an initiative publicly delineated in 2020, provides insight into the technology industry variables that the US considers geopolitically relevant. In short, there exists potentiality for the US to weaponize interdependence along other variables of the technology industry as well.

The above discussion delineates how the US exercises both forms of power – autonomy and influence – in the fields of finance and technology. And, in turn, middle powers have responded with measures to counter some of these variables of hegemony such as developing their own alternatives to GPS, nationalizing the cloud, developing more subsea cables, and promoting data localization measures. In this section, we have focused on the role of US firms as conduits through which the US state can exercise power and highlighted some of the measures undertaken by middle powers. Combining the concepts of Farrell and Newman (2019) and Cartwright (2020), we argue that the high international market dominance of US firms in finance and technology combined with US jurisdictional authority over them allows the US to weaponize interdependence (both panopticon and chokepoint effects) over the entire network. In Section 6.3, we begin to look at how middle powers operate under this environment.

6.3 Constraints and Opportunities for Middle Powers

In this section, utilizing the “dual faced nature of power” framework, we discuss the opportunities and constraints faced by middle powers as it relates to US hegemony. We briefly discuss the strategies middle powers utilized in the field of finance. Then, we argue middle powers have similar opportunities in the field of technology. Finally, we look at one such opportunity – data localization – and how it can enhance the autonomy of middle powers.

Power hierarchies pervade the international system (Lake, 2011), in which a set of countries are engaged in subordinate relationships with the hegemon (Lake, 2007). International hierarchies exist in various facets of the international economic system as well (Cohen, 2000). If hierarchy was a pyramid with the US at its apex, the countries that occupy space between the apex and bottom would classify as middle powers. Our understanding of middle powers is not that dissimilar to how semi-peripheries are described in world systems theory (Wallerstein, 1976). Middle powers are still engaged in a subordinate relationship with the hegemon but have significant market dominance in their home countries and presence in the countries surrounding them (Wallerstein, 1976, p. 464). The difference is that instead of deterministic outcomes – derived from an “antipossibilist” policy orientation as once criticized by Hirschman (1980) – we emphasize further possibility of agency and statecraft as able to create apertures and innovation in the system.

Considering the dual faced nature of power – autonomy and influence – these countries certainly cannot exercise influence in fields of finance and technology like the hegemon. However, due to their large internal markets, relevant levels of human capital, and financial capacity they are not completely subordinated either.¹⁴ They still retain a modicum of agency (Narlikar, 2021). This means that middle powers can ward off potentially adverse effects emanating from the panopticon and chokepoint effects exercised by the hegemon on the network. However, they are not able to influence the entire network as the hegemon does. Their power is thus only limited to autonomy and not influence, that is, middle powers can carve out policy spaces in a world of weaponized interdependence should they want to bear the costs. In essence, they have the potential to safeguard their sovereignty but not have the ability to undermine the sovereignty of others by influencing the network.

Middle powers have utilized defensive financial statecraft to shield the domestic economy from external financial pressure (Armijo & Katada, 2014a, p. 8). They have utilized the strategies of capital controls, state-owned banks, and foreign currency reserve accumulation “to shield their country not against a particular foreign state but rather against systemic influences, whether coming from global markets or from the rules and institutions of global financial governance” (Armijo & Katada, 2014a, p. 169). The authors label this as “defensive but systemic financial statecraft” (Armijo & Katada, 2014b). As we have seen before, US financial institutions are central to the global financial system, and US interests are executed through them. Thus, even if the actions (under the measures that constituted systemic but defensive financial statecraft) were not targeted against a particular government, they amounted to carving out policy space (autonomy) from the weaponized interdependence effects of the US.

In the technology industry, some of the most prominent variables through which countries have sought to limit the effect of US’s weaponized interdependence include: promoting data localization (Burman & Sharma, 2021), developing other GNSS, blocking access to US firms in the home market, indigenizing the cloud, and developing an entire tech ecosystem largely independent of the US system as in the case of China. Among middle powers, Brazil partnered with Europe to create the subsea cable connection for internet traffic called EllaLink that connects the two continents directly to bypass US surveillance (González, 2017). The list of variables is by no means exhaustive, but indicative of how countries have sought to undermine the effects of US’s weaponized interdependence in digital technologies.

For the purposes of this chapter, we are looking at one variable – data localization – and how it connects to US’s weaponized interdependence.¹⁵ Countries that enact data localization policies can jurisdictionally assert control of the data stored within the country, which means that the access to and processing of data would be governed by local laws. The physical and legal shifting of jurisdiction of the data from the US to the home country allows for the minimization of US extraterritorial reach.

Data localization would severely limit or remove the ability of foreign states to block access to data generated by the countries themselves.¹⁶ Key mechanism through which the chokepoint effect works – states’ capacity to limit or penalize use of hubs by third parties (Farrell & Newman, 2019) – would be limited as the jurisdictional control over hubs of information would become either transient or nullified. If the dominant internet firms in the concerned countries are still US firms, data localization policies would largely limit although perhaps not block entirely the panopticon effect as the US can still conduct surveillance operations through these firms. Putting this in generalized economic terms, the US would still be able to access the flow of data (panopticon effect), but data localization policies would limit access to the stock of data, thus curtailing the chokepoint effect. But, if the dominant internet firms in the concerned countries are national champions, then both the chokepoint effect and the panopticon effect would be curtailed or eliminated as hubs of information flow would be outside of US jurisdiction and so will be the storage of the stock of information.

The physical location of where data is stored is so important that in fact there are proposals in the US congress pushing for the US to follow explicit data localization strategies while using US economic diplomacy to advocate for the opposite abroad. Thus, access to global personal data is important not only for US industrial policy but also for the exercise of weaponized interdependence over the network. Hence, data localization has become the heart of global information geopolitics. Thus, we argue that attaining digital sovereignty for middle powers would be impossible without the curtailment or elimination of the most basic exposure to weaponized interdependence, that is, the chokepoint effect. Data localization policies then become necessary but not sufficient conditions to attain digital sovereignty for nation-states.

6.4 Overview of Digital Technology Industries in India and Brazil

In the area of digital technologies, a characteristic of middle powers is manifested by the presence of relevant domestic players in a given industry. These countries can carve out some space for their firms at the frontier of the expanding digital economy. A closer look at the landscape reveals how a pattern of partial autonomy emerges, one in which business sectoral interests are essentially similar between India and Brazil.

Tech landscape in any country can be analyzed at three levels: infrastructure, multi-sector platforms, and single-sector platforms. While this classification is not perfect, it does allow us to group services provided by different internet companies into relevant and comparable bins across countries. Before beginning the discussion of these three layers, it is important to note that the boundaries between these layers are distinct but porous, activities of firms can often include functions in all three layers. For example, in general, there has been trend toward vertical integration between access providers and content and app providers at least since the late 2000s (Guo, et al., 2010).

Infrastructure refers to the core of technology, the backbone on which other services rest. This includes not only telecom providers but also core operating system providers, cloud service providers, and logistical providers (UNCTAD, 2019). It also includes the “under the hood rails” of certain key economic activities such as payments. The middle level is what we colloquially think of as multi-sector platforms. They provide a sort of virtual meeting place (or marketplace) for actors to interact and conduct commerce (Belli, 2019). Finally, the outer layer is composed of other consumer facing digital services that are single-sector platforms.

Some key roles of platforms are: the ability to create and shape markets, benefit from “network effects” (where the value of the service increases with the number of users), and capturing and monetizing value through data accumulation (Belli, 2022). Using this standard definition of platforms begs for further explanation about the distinction between our usage of the term “multi-sector platforms,” and “single-sector platforms.” After all, both are consumer facing. However, there are distinct analytical differences. In this chapter, we refer to multi-sector platforms as the (i) e-commerce companies involved in the transaction of a wide range of products and services and (ii) platforms of digital banking, financing, and instant payment. Often (i) has (ii) as an important and growing part of their business. Platforms – both the internationally established large ones such as Walmart and Mercado Libre and the rising ones still inscribed to a domestic market such as Magalu – are either actually or potentially at a higher level of data-driven power than other consumer facing applications and websites that are single-sector platforms.

Moreover, platforms are at a lower level than core infrastructure, even though some players at the core also occupy multi-sector platforms and single-sector platforms services. For example, there is certain level of irreplaceability that happens due to positive feedback loops between organization of consumer behavioral data across different sectors on the one hand and data accumulation and targeting on the other by Amazon that is not replicated by Uber or Lyft. Khan (2017) argues that Amazon’s structural dominance stems from, inter alia, expansion into multiple business lines (p. 754), its logistics dominance and leveraging of that to disadvantage rivals (p. 774),¹⁷ and premature acquisition of rival firms (p. 768). Further, regulators have found that once Amazon moves into a particular business line it disadvantages sellers on its platform and organizes consumer behavior toward its own product by gleaning off consumer data on their rivals’ products, eventually leading to rivals leaving that business (Mattioli, 2020). This entire hydra-like business strategy is cemented by accumulation and targeting of data that organizes consumer behavior in ever more sectors on Amazon’s platform, further entrenching the irreplaceability of Amazon. Nothing of this sort exists with, say, a company like Uber.

Uber is a single-sector platform. Consumers are able to switch out of Uber relatively easily, should they want to, into a rival service without facing significant and sometimes irreplaceable switching costs that they would with Amazon. Thus, in our classification, Amazon is a multi-sector platform, whereas services such as Uber are single-sector platforms. This distinction between the traditional broader definition of platforms and how we outline their functioning is important to keep in mind as it highlights an essential difference between digital market players in India and Brazil, which we will outline in the following sections.

6.4.1 India’s Tech Landscape

India’s tech landscape is populated with a collection of US big tech firms, Indian conglomerates, a vibrant start-up ecosystem, and digital public infrastructures (DPIs).¹⁸ DPIs, as the term suggests, represent the digital variant of nonexcludable and non-rivalrous public infrastructures (Sukumar, 2021). Like other infrastructures, DPIs are the tools and systems required to make digital life function. US big tech firms are the only ones that span all three layers of the tech landscape in India.

6.4.1.1 Infrastructure Level

Three US tech giants dominate in India: Google, Facebook, and Amazon. They provide cloud infrastructure for businesses and the government. Google Cloud and Amazon Web Services (AWS) dominate India’s cloud market. Cloud, despite the oxymoronic name, is located in a physical environment. It requires servers, coolers, and an entire industrial setup. Without cloud services, it would be impossible to imagine a networked tech economy where even small players can rent space on these servers to start their online presence. AWS has the largest contract with Indian governmental agencies.

Finally, Google’s Android is the dominant mobile operating system in India. Most Indians who have a connection to the internet do so through their mobile phones. Google’s Android has a 96% market share. This means that Indian businesses must continuously monitor their compliance with Google’s standards, which indirectly allows Google to play the standard-setting role within India’s technology industry. Furthermore, this dominance in operating system deployment allows Google to exclusively deploy its platforms.

The only Indian companies that possess infrastructural roles in the technology sector are telecom operators Reliance Jio and Bharti Airtel. The third telecommunications company – Vodafone Idea – is still majorly owned by UK’s Vodafone. These three telecom operators deliver internet connection to most Indians. In fact, Reliance Jio has been credited for single handedly bringing 400 million previously disconnected Indians online in a span of two years and for dropping India data charges to the lowest in the world (Purnell, 2018).

However, such achievements are not enough and do not cover enough issue areas to really propel the vision of Digital India. This ambitious agenda stands on three legs: Jan Dhan (roughly translated to mass financial inclusion), Aadhaar (unique identity provision to every Indian to avail of government services), and Mobile. India calls this the JAM trinity (Ravi, 2018). To provide infrastructural support for the J & A aspect of the JAM trinity, the government decided to step in with the provision of DPI. This is also colloquially referred to as the India Stack.¹⁹

6.4.1.2 Multi-Sector Platform Level

The second layer of the tech landscape is populated by multi-sector platforms. The whole idea of an internet platform is to provide centralized spaces for multiple parties to interact in a trusting manner. However, platforms do not act in a neutral manner (Mattioli, 2020). Platform power rests on data-centric models and network effects (Rolf & Schindler, 2023). Even if they are providing a service presented as free, multi-sector platform companies collect vast troves of data on the user, the access to which they sell to third parties and use for many purposes. The more users utilize a multi-sector platform, the more data a multi-sector platform collects, which in turn allows it to outcompete rivals through better product design and more efficient operations. Network effects boosted by ‘first-scaler advantage’ propel market dominance (Khan, 2017). Once achieved in one sector, market dominance enables companies to influence other sectors through vertical and horizontal integrations. They can leverage their existing user base and accumulated data intelligence to enter new markets. This market power is further entrenched if multi-sector platforms end up providing infrastructural services. As noted earlier, four US firms occupy both spaces in India. However, Indian players do not have a significant presence at the platform level of the tech landscape.

Facebook and its subsidiary WhatsApp’s largest user base is in India. This means most Indians converge on a singular digital interface daily and communicate with each other. If users want to switch to another messaging platform, it becomes harder as they would lose access to all their centralized spaces for connections. This captive audience in India and elsewhere gives FB immense user data and an attractive centralized portal for other service providers to link up. Similarly, Amazon and Walmart not only connect buyers with sellers on their portals, but they are able to offer other services that keep users engaged on their respective multi-sector platforms. “Currently, Walmart-owned Flipkart and Amazon dominate the Indian ecommerce space with around 60% share between them. Reliance is a distant third” (The Economic Times, 2023).

Finally, even when these multi-sector platforms allow third-party business to link and do commerce, the multi-sector platforms eventually learn enough about their third-party sellers’ services and mimic to undercut them (Mattioli, 2020). This centralizes consumer behavior toward the multi-sector platform. For example, in India, Amazon offers payment services (Amazon Pay), operates an ecommerce platform (Amazon.in), is one of the largest players in the cloud (AWS), offers insurance (Amazon Insurance), operates a digital banking platform, offers a food service delivery, and so on. All these services are then discounted for its Indian Prime subscribers. Thus, once an Indian user enters the Amazon ecosystem, it would be harder for them to escape for Amazon has now become their banker, payment processor, insurer, food deliverer, grocer, and shopper.

Similarly, Google’s infrastructural dominance through the Android operating system allows it to nudge users toward using Google Suite of services and the Google Play Store. All Android phones come preloaded with apps ranging from the functional (such as Gmail, Google Drive, and Google Calendar) to the financial (such as Google Pay). Further, to utilize an Android phone, users must create a Google Play account to download other apps. This gives Google immense leverage over consumers and businesses (obey Google mandates or face being deplatformed). In this way, Google gets to set the terms of access and exclusion to most internet-connected Indians and Indian businesses (Kalra & Bhattacharjee, 2020). Without access to Google Play Store, app-based businesses cannot function, and most Indians are only connected to the internet through mobile phones and their apps.

6.4.1.3 Single-Sector Platform Level

At the single-sector platforms level, except for the payment space, India’s technological landscape resembles a vibrant competitive market. As one journalist remarked, “this is Indian tech’s Belle Epoque.” There are homegrown apps in fierce competition with foreign customer-facing apps.

For example, while Netflix and Disney’s Hotstar are dominant in the streaming services, Indian players such as Eros with their extensive library of local content have begun to carve out space for themselves. In the education technology sector, homegrown, venture-capital backed BYJU’S is one of the most valued firms in the world. Similarly, the music streaming service provider Gaana now has more listeners than Spotify. At this level of tech landscape, some Indian firms are not just dominating the local market but are competing with Silicon Valley and Chinese behemoths in overseas markets. For example, OLA, a ride sharing app, is now available in Australia, New Zealand, and the United Kingdom. Similarly, OYO rooms, a hotels-aggregator, has successfully expanded in the US.

Just by looking at market share, this space looks like a competitive environment between homegrown startups and American tech giants. Finally, the Indian state does not have any DPI at this level.

6.4.2 Brazil’s Tech Landscape

This section overviews the industrial organization of the data economy in Brazil and traces the relationship between economic statecraft and the structure of domestic capital as this relationship evolves and carves out some room for market participation in Brazil’s dependent development model–that is, one that is dependent on foreign players. Special attention is given to businesses to which data localization is potentially relevant, as is the case of digital financial transactions and e-commerce in Brazil.

6.4.2.1 Infrastructure Level

Brazil is highly reliant on US and EU core-level providers. In cloud computing, the demand for cloud services rose significantly due to the COVID-19 pandemic, speeding up a trajectory where key players are well positioned to turn products into services, create revenue, and further feed the data economy with granular information. The threefold basic division of cloud computing is represented by the provision of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The five largest players in the world include four US companies – Amazon (through AWS), Microsoft (through Azure), Google Cloud, and IBM – and the Chinese firm Alibaba Cloud. Together, these five are reported to have two-thirds of the world’s cloud infrastructure services market.²⁰ While Amazon dominates IaaS by far – and IaaS is often regarded as the core of cloud and its most promising part – Microsoft is the leader in SaaS, where it is followed by a group of the traditional Silicon Valley players plus Germany’s SAP. The main players of cloud computing in Brazil are the same.

While in Europe there is some action to promote local players in cloud computing, that understanding was not reached in Brazil yet. In Europe, the Gaia-X project seemed to add a twist in the EU’s long-lasting strategy to simply regulate the digital world. With Gaia-X, the EU affirms that valuable cloud contracts and data should remain within the bloc for both security and economic reasons. Even though the pursuit of data sovereignty through the networked system of cloud providers envisioned by Gaia-X extends participation to players from outside Europe, it is carving out some space for local players, including European players active in the telecom sector in Brazil. Telecom providers such as TIM (from Italy) and network infrastructure providers such as Ericsson (from Sweden) are involved with Gaia-X. They are also involved with the implementation of 5G, which has a cloud-native architecture. TIM for instance is migrating all content from its Brazilian data centers to cloud operated by Oracle and Microsoft.

In all, EU’s General Data Protection Regulation (GDPR) and Gaia-X initiatives have a demonstration effect on digital policies in Brazil, not only serving as an inspiration for different actors interested in strengthening the Brazilian digital economy, but also allowing normative diffusion to occur through market leaders operating in both EU and Brazilian markets. In addition, EU’s global digital footprint is also enhanced by norm-building exercises such as the “EU-Brazil Digital Economy Dialogue” (European Commission, n. d.). In practical terms, EU’s digital sovereignty practices have considerable influence in Brazil. There is also infrastructure underway to serve this influence strategy. In 2021, the submarine cable EllaLink – financed by the EU with the explicit purpose to link the bloc with Brazil to bypass US surveillance – was inaugurated. This new network connects, among other things, cloud services on both sides of the Atlantic.

In the area of mobile operating systems, similar to India, Google’s Android is the dominant player in Brazil with 81% of market share. The remaining market share is mostly controlled by Apple’s iOS. In 2022, 62% of Brazilians access the internet exclusively through their mobile phones (CGI, 2023). This means Brazilian app providers must continuously monitor their compliance with the standard-setter Google. This is exacerbated by the zero-rating practice that provides free internet access to users under the condition of limited access to a small number of websites or subsidy via ads. The main player is Facebook, which attempts to set the standard for communication in a country while collecting personal data from zero-rating users. While India promotes a stronger defense of network neutrality on the basis of which Facebook’s zero-rating service has been rejected, Brazilian regulators have been adopting the controversial rationale that zero-rating does not imply a violation of network neutrality (see Belli, 2019).

Finally, nowadays Brazilian telecom has three large players at the national level: they are subsidiaries of Italian (TIM), Spanish (Telefónica), and Mexican (América Móvil) multinationals.

6.4.2.2 Multi-Sector Platform Level

While Brazil is not an exception to foreign dominance in the infrastructure area, local platforms associated with big tech players have carved out some space for themselves in e-commerce and fintech. For example, Magazine Luiza, a retailer with a much bigger market share than Amazon in Brazil, uses Google Cloud technologies to boost its e-commerce platform.

Fintech is advancing in Brazil under the guidance of the Central Bank of Brazil. While the country’s central bank allowed Facebook’s WhatsApp to initiate financial transactions, it granted permission only after the creation of the Brazilian central bank’s own instant-payment system Pix. Recognizing WhatsApp’s largest user bases are located in India and Brazil, where WhatsApp’s first-mover advantage could potentially lead to its dominance in fintech, the Central Bank of Brazil helped promote broader competition in this area by launching Pix first.

In terms of access to bank accounts, most providers are local. Although fintech expanded in Brazil, 40% of its economically active population still did not have a bank account before the 2020 pandemic. That was drastically changed during the COVID-19 pandemic when welfare payments were attached to the creation of a digital bank account in a state-owned bank CAIXA. It remains to be seen if such digital bank accounts will be used in the future as a comprehensive move toward digital banking and financing in the country.

The Central Bank of Brazil is overseeing three important developments in the country’s financial system: the creation of Pix, the issuance of digital currency by 2024, and the Open Banking environment. The latter is another pro-competitive policy reform to reduce information asymmetry among market participants through the sharing of data, thus facilitating innovative digital financial services.

Brazilian platforms differ from their Indian counterparts in certain aspects. For instance, although the supermarket/grocery side of retail is controlled by French players Carrefour and Casino, both online retail and delivery services are dominated by Brazilian players. Firms such as Magazine Luiza, Via (through brands such as Casas Bahia), B2W (through brands such as Americanas and Submarino), and the Argentine Mercado Libre are competitive, even though Amazon arrives with a capitalization that only the world’s largest retailer has. However, these online retailors all rely on US technologies to structure their e-commerce platforms. In all, local firms are once more trading “the rents associated with state protection of the local market for those associated with their transnational corporate allies’ proprietary technology and global market power” (Evans, 1995, p. 16). However, this time, instead of the state offering protection in the local market, what local firms have to offer is their market shares based on a history of accumulating data and information about the local consumer base.

In the immediate post-WWII era, the Brazilian government deliberately aligned domestic policies with international capital within a growing neoliberal context, allowing Brazilian private capital to associate with leading transnational corporations that would retain the lion’s share. Even though this association is once more marked by imbalance, it allows these local businesses to flourish into the next phase of capitalism, evolving into a full-fledged digital economy. What were automotive products in the 1950s and 1960s,²¹ now is the data-driven and ICT-controlled knowledge economy in which finance and digital technologies are increasingly merging.

Brazil and India remain intermediate cases between predatory states and efficacious developmental states as studied by Evans (1995). They are intermediate cases because some “examples of successful intervention could be found even if the broader state apparatus did not approximate the developmental state model” (Haggard, 2018, p. 42).

6.4.2.3 Single-Sector Platform Level

At this level, Brazil’s situation is similar to India’s in terms of the local competitiveness and greater margin for innovation. Customer-facing apps are created on a competitive basis both to reach niche markets and to compete in larger ones. Even though the most used apps belong or end up being purchased by big techs, venture capital still boosts some local apps. However, different from India, fewer apps have reached one billion dollars in value in Brazil. Among those that do, there is one for general delivery (Loggi), one specifically for food delivery (iFood), one for car hailing (99), which was acquired by the Chinese vehicle-for-hire company Didi in 2018, and one fintech (Nubank). Nubank, which is mainly owned by international investors, is the most valuable unicorn with headquarters in Brazil and has disrupted the very profitable banking establishment.

Google’s YouTube is the number one platform to watch videos online in Brazil. In terms of paid streaming services, local player Globoplay has the most subscribers; Netflix comes in second. Globoplay, however, faces limitations to expand to international markets because most of its content is not in English.

6.5 Data Localization in India and Brazil

In the digital technology landscape, access to stock and flow of data is of the utmost importance. The stock of data allows technology firms to create better suited products toward consumers, which then creates a network effect of consumer behavior on that platform – the flow part. These two aspects of data work in positive feedback loop that entrenches bigger players at the expense of smaller ones. Beyond high-quality and creative engineering and programming, there is a quantitative aspect moving the mechanisms of the digital economy, which gain and sustain advantage through a series of tipping points and accelerating feedback loops (Lee 2018). Complementary, contextual, tailored data is also important. If one wants to put in place microlending apps in Rio de Janeiro or self-driving cars in Bengaluru, specific data from these places will always be superior to all possible data from the rest of the world (Lee, 2018). Accessing and amassing data, both in quantity and in quality, is thus the essence of platform and customer-facing dominance in technology.

Accessing and amassing data acquired new importance for statecraft as well. Beyond the idea that “war made the state, and the state made war” (Tilly, 1975, p. 42), the formation of states is also intrinsically linked to administrative institutions such as the census and other myriad of data-driven decision-making mechanisms, which serve as preconditions for the Weberian state (Gerth & Mills, 2009). It is no surprise why great powers such as the US and aspiring great powers such as China adamantly defend their advantage in ICT and digital technologies given what is at stake.

Data localization requirements have now appeared in the government’s toolkit of actions to boost a country’s tech landscape while guaranteeing levels of data sovereignty that serve goals ranging from security to guardrails for local business and economic interests (Cory & Dascoli, 2021). By itself, data localization does not guarantee an upgrade for the tech sector. However, determining that certain data generated in these countries should be stored domestically – even if some could be replicated abroad – can be part of digital policies that seek to enhance both cybersecurity and data sovereignty (Cory & Dascoli, 2021). Sections 6.5.1 and 6.5.2 explain data localization (or lack thereof) policies in both India and Brazil, and the reason for observed variation.

6.5.1 Data Localization in India: A Fractured Outcome

Countries such as India that do not have any domestic multi-sectoral platforms are placed at a disadvantage. Once a foreign multi-sectoral platform becomes relatively successful, the onset of network effects will privilege it over other domestic entities. Birch et al. (2021, pp. 5–6) explain how network effects coupled with exploitation of data allows for a “winner takes all” market. Multi-sectoral platforms combine network effects with exploitation of ever-expanding data within their ambit to utilize advantages from one aspect of their business to entrench consumer behavior in another aspect of their business. For example, Walmart’s Flipkart had such a dominance in e-commerce in India that because of network effects on its platform it was able to leapfrog an Indian payments player like Paytm to quickly become the top three payments processors in the country. This bleeding and spreading of dominance into more and more sectors of the economy is what has alarmed India.

India has pursued to limit this loop and privilege of big foreign platforms and thereby limiting the chokepoint effect of US’s weaponized interdependence by undertaking data localization policies. India is accused of using “data localization to merely entail a transfer of power to domestic elites and contribute to strengthening India’s profile and power in the community of nations” (Kovacs & Ranganathan, 2019, p. 20). The authors argue that policymakers in India “have constructed data as a primarily economic resource to be used in the service of economic enrichment of the country” (Kovacs & Ranganathan, 2019, p. 21).

Despite the overwhelming desire to be a technological powerhouse and limit the chokepoint effect of the US’s weaponized interdependence, India has avoided undertaking sweeping data localization measures. What has led the Indian government to make this policy choice?

Before we begin the analysis, it is important to see how India’s data storage landscape is governed. As discussed earlier, in August 2023, India passed the DPDP Act. This Act removes all constraints on the free flow of data across boundaries (bar some countries). However, as noted earlier, Section 16 (2) of the DPDP Act allows for independent regulators to enact data localization mandates and cements the mandates already put in place by sectoral regulators. Thus, the main characteristic of India’s data localization landscape is sectoral fragmentation. India already has data localization requirements placed through a number of sector-specific measures. Burman and Sharma (2021) compile ten sectoral data localization initiatives in place. They include “payment systems data (Reserve Bank of India (RBI), 2019), subscriber data in the broadcasting sector (Department of Communications & Digital Technologies, 2021), and insurance policyholder data (Insurance Regulatory and Development Authority of India (IRDAI), 2017)” (Kovacs & Ranganathan, 2019, p. 16). Policies that mandate data localization are underpinned by two main considerations: one is Criminal Investigation and Prevention and the other is Economic Gains. But, their effect is in limiting US’s weaponized interdependence effects.²²

So how did this fractured landscape come about? If the Indian government has been aware of the monopolization of data on foreign platforms entrenching their dominance, why did it not pursue a full-scale data localization? In our view, the Indian government tries to strike a balance between appealing to the desires of its own population with demand to access global standards of tech lifestyle and safeguarding against punitive measures from external actors, chiefly the US.

The interests of domestic conglomerates and government that tend to be in favor of data localization and American tech giants that assume an anti-data localization stance interact through India’s institutions. For instance, the Indian supreme court’s judgment in Puttaswamy v Union of India (2017) enshrined that every Indian has the right to privacy. This has meant that interests of both these domestic conglomerates and American tech giants must fit within the framework of privacy. Further, a few independent institutions in India took cue from the judgment to pass their own data localization mandates, namely RBI, SEBI, IRDAI, MCA, and the DoT. This is a key difference vis-à-vis the Brazilian case. In the Brazilian case, the enactment of the data protection bill by the Brazilian congress subsumed the interests and mandates of sectoral regulatory agencies within it; however, in India, the interests of independent regulatory agencies were not subsumed under the DPDP Act. Furthermore, a plan was in the works for localization of health sector data as well, but the proposal has now been withdrawn since the health sector does not have an independent regulatory body like finance or insurance does (Bailey & Parsheera, 2021, p. 139).²³

So, as we proceed with the complex nature of interactions, we see that the interests of the foreign businesses are getting more and more constrained by the effect of exogenous institutional diktats informed by macropolitical constraints. On the other hand, the need to access funding for elections by political parties from domestic conglomerates (Bardhan, 2023) further fractures this dichotomy (Indian institutions’ independent interests and the need to carve out spaces where domestic conglomerates are able to garner some of the user-generated data to compete with American Big Tech). The promotion of India’s Reliance Jio into e-commerce and associated IT services can be well understood as a state strategy to promote national champions (and compete against foreign companies) (Subramanian & Felman, 2022).

Further, the impetus behind creating the Data Empowerment and Protection Architecture framework²⁴ can be viewed through the lens of protection of privacy as guaranteed by the Supreme Court of India, but also as a way to create business sector development opportunities for local firms by carving out lakes of data for them. Regardless of the impetus, the effect of such data localization policies would be the limitation of US’s weaponized interdependence effects. While we use this as an example in one issue area, such a framework can be applied to other areas of the technology landscape in India to trace how a particular outcome has come about.

6.5.2 Data Localization in Brazil: A Dependent Outcome

The debate about whether Brazil should move toward requiring internet-transacted data related to Brazilian citizens to be stored in the country gained momentum following the Snowden revelations in 2013 about spying activities pursued by the US National Security Agency (NSA). Whether characterized as a whistleblowing about uncivil and undiplomatic panopticon activities or as a treason promoted by a contracted agent against the principal, it is clear that an US agency was dedicated precisely to achieving panopticon advantage. Snowden revelations not only demonstrated the US will and technological capabilities to collect intelligence globally but also ignited recalculations regarding (inter)national security by national governments around the world.

The Brazilian Civil Framework of the Internet, or Marco Civil da Internet, was a bill proposed to the Brazilian Congress by the executive branch of the government in 2011 after extensive multistakeholder discussions held since 2009 under the Ministry of Justice’s coordination. When the bill began to be considered in the Chamber of Deputies – the lower house of Brazil’s Congress – 36 other projects were attached to it, including some that had been pending in the Chamber since 2001. Following the 2013 Snowden incident, the executive branch used a legal device to request urgency in the appreciation of the bill by the legislature, while legislators close to the executive branch included in the bill a data localization mandate. That was a clear turning point whose impacts will likely go beyond the mere Brazilian Civil Framework of the Internet and all other internet-related legislations that have been approved since then.

At the time, the representative serving as bill’s rapporteur considered the data localization rule as a “political answer against a political act that violated our sovereignty” (Israel & Soto, 2013). Perhaps because it was framed primarily as a “political answer” without further strategic considerations of economic interest, the data localization part of the bill did not gather enough support to move forward. Symptomatically, what moved forward became just as quickly undone when there was a change in government. An executive decision in 2013 to transfer to the Federal Data Processing Service (Serpro) the contracts that were with Microsoft was reversed in 2016. Among other services that it was already used to and able to provide, Serpro was commissioned with launching a cloud with IaaS, PaaS, and SaaS facilities, a move that did not receive either macropolitical or material support, thus was short lived.

Arguably, the way that data localization was dealt with as haphazard politics without seeking consensus with clear explanation about its importance to local actors shrunk the margin of maneuverability of the groups supporting the mandate. The entire process lacked a well-designed strategy for achieving data localization while managing the negative reactions from international business lobbies. Originally supporters of data localization included telecom companies, broadcasters, and other domestic copyright holders, together with governmental, judicial, and police authorities. The main and most cohesive opposition was from foreign content and services providers, aided by fractured opinion and interests among representatives of civil society and national content providers (Chamber of Deputies, 2016). In the end, data localization was defeated.

Inspired by the European GDPR, Brazil passed its General Data Protection Law (LGPD) in 2018, which became effective in 2020. Regarding the lack of data localization requirements, the current LGPD is a compromise. At this point, Brazil basically affirms its right to extraterritorial reach to the data in case of domestic contestation of something related to the data, its treatment, and storage, that is, violation on national data protection law by foreign actors. While defeated sectors in Brazil wanted data to be stored in the country at least for some categories of data, a compromise was designed by a winning coalition²⁵ in which data would be allowed to be stored anywhere. The text of the compromise affirms that Brazil would have extraterritorial reach to its national data stored abroad, as well as the right to define what foreign system is to be considered “adequate” in terms of data protection, that is, to what country Brazil’s data can flow freely. Nonetheless, it is clear that this purported extraterritorial reach lacks enforcement power. As for Serpro – the one that was commissioned in 2013 with launching a cloud with IaaS, PaaS, and SaaS facilities and was being privatized in the early 2020s – in 2020, it hired Amazon’s AWS directly without a public bidding process to be in charge of those facilities.

Since this issue is being addressed in the Brazilian legislature rather than by independent agencies as in India, interest groups were unable to form a coalition that sees data localization as beneficial and desirable. So far, groups in favor of data localization policies were not able to articulate arguments to either convince the legislator or create a competitive coalition to support policies that would foment a feasible technological upgrading that would address data sovereignty concerns and generate more gains and maneuverability for domestic actors in areas such as artificial intelligence, cloud computation and storage, internet of things, and machine learning. If well explained, this action can arguably be performed hand in hand with some sort of understanding with established (international) interests.

Current Brazilian framework does not limit at all the chokepoint effect of US’s or any other eventual superpower’s weaponization of interdependence in the digital sector. Given current winning coalitions in Brazil, curtailed sovereignty and economic dependence tend to be embraced as paths of least resistance, differentiating Brazil from India, the latter restricting cross-border flow for certain data as well as defining categories of data that can cross India’s border as long as a copy of it is kept in a data center in the country.

6.6 Concluding Remarks

In this chapter, we surveyed the digital technology landscapes of Brazil and India, especially their data localization policies. To a large extent, both middle powers are interdependent on the US-led digitalization of socioeconomic processes. We present support for the idea that data localization is a necessary, but not sufficient, condition on the path to digital sovereignty, and that it can be designed to diminish US chokepoint effects under weaponized interdependence.

We have observed that in both countries, a fractured, technological landscape exists, albeit differently assembled. In India, the core of the technological landscape represents a healthy mix of foreign tech giants, domestic conglomerates, and independent governmental entities. In the Brazilian case, a similarly fractured outcome exists at the infrastructural level. However, at the intermediary level (such as large retail and finance platforms), Brazil’s landscape is dominated by local conglomerate players, whereas India’s landscape is completely dominated by American tech giants. Finally, at the single-sector level, both India and Brazil represent a vibrant competitive market with a healthy mix of domestic private-sector players and foreign players (including both tech giants and single-sector players); however, with the caveat, India has an advantage due to broader human capital dedicated to these industries.

In general, our note on fractured outcomes fits in well with the existing developmental politics literature on Brazil and India (Evans, 1995). However, when each country’s digital technology landscape interacts with other political institutional designs and macropolitical arrangements, such as the US hegemony in digital technologies, different outcomes result, especially in terms of data localization policies. While India reaffirms a fractured outcome, Brazil moves to a more dependent one.

Thus, reiterating our central argument: data localization policies help countries avoid chokepoint effects under weaponized interdependence; however, the enactment of these policies is dependent on domestic politics. The two case studies discussed earlier highlight how countries that are similar in the hierarchy of international relations – middle powers – can have varied outcomes when it comes to critical policies that may enhance their autonomy under weaponized interdependence. We argue that the observed variation in these policies occurs because of a variation in authority of a country’s independent institutions. The two case studies of India and Brazil are emblematic of a wider argument about middle powers, autonomy under weaponized interdependence, and domestic institutional authority.

7 A Modulated Approach to Digital Sovereignty Exploring Huawei-Led Smart City Initiatives in South Africa and Italy

Stefano Calzati

7.1 Introduction

This chapter is framed within the broad and multilayered issue of China–Africa relations in connection with Information and Communication Technologies (ICTs). At such a juncture, it becomes particularly relevant to unpack the geopolitical and tech-dependent power relations between two BRICS countries – China and South Africa – in the context of smart city initiatives. The Huawei OpenLab in Johannesburg is chosen for the study, with a similar initiative from Cagliari – the capital of Sardinia, Italy – used as a comparison. The goal is to explore the extent to which bilateral cooperation between China and South Africa in constructing smart cities can be said to empower all actors involved, especially South African actors and citizens, rather than (re)producing power asymmetries within a South–South geopolitical scenario. Further, the chapter offers a better understanding of how Huawei-led smart city initiatives are conceived by scrutinizing their discursive framing, exploring the extent to which the tech giant actions can be deemed as an example of corporate digital sovereignty (see Chapter 1). The chapter also sheds light on the governance model of these smart city initiatives, with particular attention paid to Huawei’s partnerships and the management of data lifecycle.

Today, South Africa has one of the most advanced ICT markets in the African continent, largely due to interventions and investments by foreign partners, both Western and Chinese. Chinese tech giant Huawei, in this regard, represents a key actor. Huawei has entered South Africa’s ICT market since early 2000s and gained an increasing centrality over the years. In this context, Huawei OpenLab is a paradigmatic example of Chinese-led multi-stakeholder tech initiative whose goal is to conceive, develop, and implement smart city solutions (e.g., face recognition, mobility sensors, diffused Internet of Things (IoTs) for pollutions monitoring, traffic management, and building energy savings) in and for the city of Johannesburg. For comparison, this initiative is juxtaposed to a similar one, the Joint Innovation Center (JIC) in Sardinia, Italy, of which Huawei is also a key stakeholder. This comparison highlights the similarities and differences between the two initiatives in discourse and governance.

The chapter is structured as follows. First, it briefly discusses methodology and the documents reviewed for the study, followed by an outline of the theoretical framework along three main axes: (1) the role of China in Africa in the context of ICT development; (2) current competing visions about internet (geo)governance through the lenses of “digital sovereignty” and “data colonialism”; and (3) a critical review of the concept of “smart city.” Then, the author introduces the two case studies: Huawei OpenLab in Johannesburg and the JIC in Italy, highlighting major discursive and governance-related similarities and differences. Lastly, the chapter draws some conclusions, linking the major findings from the case studies to the theoretical framework (see Chapter 1), highlighting the strains and exchanges when different forms of digital sovereignty – especially state and corporate ones – may clash or converge.

7.2 Methodology

Huawei OpenLab in Johannesburg and the JIC in Cagliari were chosen as case studies due to three considerations. First, Huawei played a key role in both initiatives as a main actor and provider of technological support. Second, these two initiatives aim to achieve similar goals in smart city solutions. Third, the comparison offers an interesting opportunity to triangulate and explore the activities of Huawei in different settings, notably in a country part of the BRICS and in a country of the “Global North.” The study examines a series of documents, reports, and press releases to provide valuable insights into the inner workings of these two initiatives as well as the development models they represent. The analysis helps unveil the discourses surrounding the two Huawei-led initiatives as well as the management of data lifecycle and the smart solutions developed. It should be noted that the analysis here does not draw from direct feedback from Huawei. Despite the author’s attempts to interview Huawei representatives for the two smart city projects, the Chinese company did not provide a response.

7.3 The Role of China in Africa’s ICTs among Soft Power, Digital Sovereignty, and “Smart” Development

7.3.1 China in Sub-Saharan Africa

Currently, Africa is the continent with the strongest growth in digital connectivity worldwide: more than 5.2% of annual growth rate in mobile subscriptions and 8.7% in internet users between 2018 and 2019 (We Are Social, 2019). Despite the remarkable advancement, internet penetration in the continent remains uneven across regions. In North and South Africa, at least 50% of the population have access to the internet. However, in East and West Africa, the percentages of penetration are lower, at 32% and 41% respectively, with Central Africa reaching only 12%.

Sub-Saharan Africa (SSA) represents a crucial crossroad along the New Maritime Silk Road. A set of major techno-infrastructural investments, the New Maritime Silk Road is part of the Belt and Road Initiative, and it aims at connecting Mainland China to Europe via Hong Kong, India, and Africa. Chinese ICT-related investments in SSA span across all African regions (Oreglia, 2012): eastern (e.g., Kenya, Ethiopia, and Zimbabwe), western (e.g., Ghana and Nigeria), central (e.g., Cameroon), and southern (mainly in South Africa). These investments, often in the form of financial loans, have initially focused on infrastructures (backbone and last-mile cabling), while over the last decade, they have shifted toward knowledge transfer, cloud computing, artificial intelligence solutions, and smart city projects.

Different from Western powers, China has been said to exert “soft power”¹ on the African continent by promoting investments “with no strings attached” (Gagliardone, 2019). At least in rhetoric, China is committed to developing African infrastructures and services by fostering agreements that keep African business partners, local authorities, and workers involved, tailoring investments for their needs. In various international documents, China’s relationships with SSA countries are discursively shaped as peer-to-peer forms of collaboration rather than top-down aids (King, 2013). However, the extent to which China’s and Chinese companies’ commitment to fostering vibrant ICT markets in SSA aims to empower African actors instead of subjecting these actors to forms of soft colonization is still being debated. For instance, not only do Chinese individuals tend to occupy managerial roles in Chinese–African partnerships, but knowledge transfer to Africa is also contested (Makundi, Huib, & Develtere, 2016). Some scholars have found that effective cooperation on a peer-to-peer basis is limited (Cheru & Obi, 2010; Gagliardone, 2019; Shen, 2013; Taylor, 2006). On the other hand, it is also recognized that China’s involvement in Africa does produce sharing and collaboration with local communities, helping to foster a positive perception of Chinese expats by locals (Agbebi, 2018; Anshan, 2007; Musyimi, Malechwanzi, & Luo, 2018). In a more balanced summary, King (2010) notes that “there is recognition by Chinese officials that the transfer of Chinese labor practices can lead to friction, and they provide advice about this. On the other hand, there seems to be a good deal of admiration for the Chinese determination to start and finish a job on time and on budget” (p. 494).

Hence, the idea of a homogenizing “soft power” exerted by China on Africa calls for contextualization. In fact, such label can hardly account for the variety and complexity of Chinese investments in the African continent. It would be too simplistic to consider Chinese companies as the longa manus of the Chinese government in Africa, insofar as the diverse, multilayered initiatives put forth by various Chinese actors – diplomats, private companies, state-led companies, trade intermediaries, and so on – can often have competing agendas. For instance, Xu’s research (2014) shows that the Chinese Ministry of Commerce and Ministry of Foreign Affairs tend to have different approaches toward their foreign partners. Gu and colleagues (2016), in turn, observe that “the Chinese state has engaged in unprecedented economic diplomacy in Africa” (p. 25), implying a flexible approach of Chinese authorities to African economies and societies, instead of presupposing a uniform top-down relationship. This is in line with Li’s argument (2008) that China’s paradigmatic approach to Africa has shifted from “economy serving diplomacy” to “diplomacy serving economy,” manifest of China’s soft power in developing regions of the world.

Besides a pan-Africa diplomacy framework, China is increasingly committed to fostering bilateral agreements with individual African states. Gu and colleagues (2016) note:

this [diplomacy] has two aspects: multilateral (pan-African) and bilateral (state-to-state) diplomacy. The former is driven through the FOCAC [Forum on China-Africa Cooperation] framework, a dialog and institutionalized process for cooperation established in 2000. The latter is driven by extensive tours of African states by Chinese state and party officials and bilateral cooperation agreements (p. 25).

From a Chinese perspective, the goal is to adapt to each context without imposing an agenda, while seeking a convergence between China’s own interests and those of local actors. On this point, Gagliardone (2019) claims that “a continental overview of China’s engagement (…) corroborates the impression that China is not trying to impose a blueprint (…) Rather, [it] has produced specific and individual responses in different African countries” (p. 56). For this study, the involvement of the Chinese tech giant Huawei in South Africa is of special interest.

Huawei is the major Chinese ICT actor in South Africa. It entered the country in 1999, just one year after its arrival in Kenya, which marked the beginning of Chinese investments in SSA’s ICTs. Huawei’s presence in South Africa has grown considerably over the years. Huawei’s sales in Africa reached $4 billion in 2012. As for June 2021, Huawei compete with Samsung to be the leading mobile phone provider, after having already overtaken Apple (Statista, 2021). In addition, Huawei has also committed to delivering ICT training through its Huawei Authorized Information and Network Academy (HAINA), which has so far mentored more than 50,000 graduates.

In early 2019, Huawei played a crucial role in the rollout of the first 5G commercial network in South Africa, together with Rain, the country’s mobile data-only network operator. In 2020, following the US ban of Huawei, South Africa’s government confirmed its support to the Chinese company. Currently, Huawei is at the center of a project of techno-renovation of the city of Rustenburg, near Pretoria. Famous for its mines, the city has been identified as the target of major investments and deployment of smart city solutions.

7.3.2 Unpacking (Cyber) Power Relations

The genealogy of China–Africa relations in the ICT realm can date back to the 1970s. Riding on the wave of Third-Worldism, commercial and political partnerships between China and states of the Non-Aligned Movement, that is, countries not directly subsumed under either of the two superpower blocs centered around the United States and USSR, thrived. Half a century later, the geopolitical scenario has radically changed, with the eclipse and metamorphosis of the former Soviet Union into Russia and China’s rise on the global stage as a leading commercial, technological, and political power. On the other hand, African countries experienced substantial demographical and technology-led economic growth, although uneven across the continent. Today, China, Russia, and South Africa – the most economically developed African country – together with Brazil and India, are part of the BRICS alliance composed of some of the largest emerging economies of the world.

The rise of China and the emergence of the BRICS bloc challenge conceptual frameworks and theories of the Global North and Global South as well as of a world system divided into “the first world,” “the second world,” and “the third world.” It has been contested that such epistemological categories have their limitations and even harmfulness vis-à-vis the goal to account for and put forth a truly inclusive internationalist perspective in which all actors – nations, public institutions, private companies, and people – are granted a proactive (and not only reactive) agency. While such categories might be useful for identifying patterns of socioeconomic imbalances, they nonetheless tend to oversimplify stratifications and tensions cutting through these geographies, thus fundamentally overlooking the unique histories, internal and external power relations, and cultural differences affecting the involved countries. This has become more pronounced in global trade and ICT infrastructures, consolidated around China and the US. For instance, China’s involvement in Africa and Europe, via the proxy of Huawei’s investments in both continents, requires not only a contextual assessment of technological and geopolitical power relations between the “superior” and the “subaltern” actors but also a paradigmatic rethinking of the theoretical basis of such assessments. As Wen (2021) writes in his book Huawei’s Model, “the development of the global economy has been characterized by the transition toward transnationalized digital capitalism, within which information and communications technologies have increasingly played a pivotal role in restructuring the global capitalist system” (p. 12). To foster generative discussions and debates and institute practical policies, it is important to subject the new global map of power relations to a critical examination.

This entails the undoing of dichotomies such as global–local, especially when it comes to issues of “data colonialism” (Couldry & Mejias, 2019) and “digital sovereignty” (Belli, 2017) as well as conceptual binaries such as “multi-stakeholderism–multilateralism” (Nonnecke, 2016) in the realm of internet governance. In this respect, Wasserman (2018) observes that what is at stake is the remaking of global power relations that “have prompted different ways of thinking about categories such as the ‘South,’ the ‘global,’ the ‘local’ and the ‘transnational’ in communications” (p. 448). What has emerged bears resemblance of federated forms of technological globalization – contested internally as much as externally – in which the circulation of data, tech expertise, innovation, and policies can be prompted or hindered by competing discourses, actors, and agendas part of different ecologies at once.

Elsewhere (Calzati, 2020a), I have noted that any discussion on data colonialism can be fruitful only to the extent it is contextualized and historically thickened. Otherwise, the risk lies in reifying the same power asymmetries that the notion of data colonialism aims to uncover. For instance, while US corporations tend to dominate internet services and software, the “ownership” of the internet infrastructure’s components sees an imbrication of actors. A case in point is the transpacific FASTER cable system between the United States and several cities in Japan, China, and Korea. This is a major infrastructure jointly developed by Chinese, American, and South Asian private companies, including Google, China Mobile, China Telecom, SingTel, KDDI, and Global Transit. It is evident that within such a multilayered, entangled scenario, the very concept of digital sovereignty risks losing its epistemological validity if it is not anchored to the ground: each “North” contains its “South,” each node exists as an extension of its edges, each network is traversed and repeatedly remolded by contingent (data) interests.

When ICTs are framed within a geopolitical North–South perspective, the risk of new forms of power asymmetry emerges. Studies have shown the “misalignment” between the internet as a commons infrastructure and the legitimacy of sovereign powers (Mueller, 2019) as well as the shifting toward a multipolar scenario (Winseck, 2017) in internet governance. Traditional categories such as “market” and “state,” “national” and “international,” and multi-stakeholderism vs. multilateralism may no longer be sufficient to account for such changing and complex realities. For instance, as Yu and Goodnight (2020) note with specific regard to China: “cast in light of the cybersphere, China’s so-called Intranet also reveals entanglements with foreign capital, foreign technology, foreign markets, and foreign labor” (p. 13). Hence, digital sovereignty, data colonialism, and also digital self-determination can be best regarded as macro-entangled dimensions that contest and resist linear (agent-structure) readings.

SSA’s digital transformation is increasingly associated with a new “scramble for Africa” (Taylor, 2013) aimed at controlling the deluge of ICT-derived data from the continent. There exists a grave risk due to the lack of agency provided to African institutions and African peoples when it comes to their own digital transformations. Studies have shown a colonially tainted asymmetry between Africa and the developed countries (Mohan & Lampert, 2013; Taylor & Broeders, 2015), which relegates African countries and people to a subaltern role. Given the power asymmetry, scholars have emphasized the urgent need to “Africanize technology” (Mutsvairo & Ragnedda, 2019, p. 22) to empower African actors and ICT users. However, it remains to be seen whether such asymmetry also affects South–South power relations, such as those among BRICS countries. Thus, this study seeks to investigate the tensions informing the smart city initiatives led by Huawei in Johannesburg and compare them with similar projects developed in the Global North, of which Italy is part traditionally. More broadly, the study assesses the indigenous and transnational entanglement of digital sovereignty and data colonialism and how such double-sided articulation impacts an effective emancipation of African (and Italian) actors.

This brings us to explore the concept of “digital sovereignty,” deeply intertwined with “data colonialism.” Historically, the notion of sovereignty emerges at the intersection of exclusive authority and territoriality. This chapter will show that, when contextualized, the concept can be usefully adopted to understand Huawei’s initiatives across the globe.

According to Kushwaha and colleagues (2020), “digital sovereignty” is a concept that is midway between the broad idea of “technological sovereignty” and the narrow idea of “data sovereignty.” In her speech in February 2020, the President of the European Commission Ursula von der Leyen defined digital sovereignty as the capability “to make its own choices, based on its own values, respecting its own rules” in the field of tech (von der Leyen, 2020). At the heart of the matter is control over data and/or tech infrastructures (Hummel et al., 2021). More concretely, to assess the soundness of the concept, it is necessary to put it in context. Apart from those countries able to chart their own course of economic and technological developments – those which can “consider creating a national programme to foster and promote nationally headquartered companies to invest in creating and offering CSP services within their country” (Kushwaha, Roguski, & Watson, 2020, p. 60) – for the majority of countries around the world, especially LMICs, the risk of being co-opted by major global powers, private or public, in their infrastructures and services is extremely high. As de Nardis (2014) pointed out, technology governance becomes part and parcel of geopolitics when power relations heavily influence how a technology is developed, implemented, controlled, shared, and used. Such technology, in turn, impact people’s lives – both individually and collectively – in creating or eroding values at social, economic, cultural, environmental, and institutional levels (Cardullo & Kitchin, 2019; Micheli et al., 2020).

This type of cyber-geo-governance has peculiar features. One such feature is the increasingly federated forms of transnational technologization, with China gaining a central role in shifting global power relations. Thus, it should not surprise anyone that the European Union (2019) warned against the “digital dependency on non-European providers and the lack of a well-performing cloud infrastructure respecting European norms and values.” This also means that “states will increasingly face difficult policy decisions with regard to deciding how best to balance competing sovereign interests” (Kushwaha, Roguski, & Watson, 2020, p. 58). For instance, Wu (2021) notes that the US Cloud Act, passed after China’s adoption of its Cybersecurity Law, is a typical example of a law that, under the guise of data localization and protection, has an eminently transnational character. Yet, such a law might also have undesirable commercial repercussions, especially for the US’s European allies.

Given such scenario, it is certainly insightful to examine the power relations binding two BRICS countries – China and South Africa – through the lens of digital sovereignty (and colonialism), as applied in studying a smart city project in Johannesburg (and one in Cagliari for comparison). The way in which the Chinese tech giant Huawei approaches different contexts and fosters multi-stakeholder partnerships for developing smart city solutions sheds light onto how the concept of digital sovereignty gets challenged and rearticulated differently in reality.

7.3.3 Smart Cities: A Critical Review

Despite the fuzziness, multiple interpretations, and sometimes abuses of the term “smart cities,” the notion has come to signify primarily the fostering of highly efficient urban spaces based on ICTs and the gathering of IoT-related data. Plus, the development of smart cities has occurred at a time of increasing responsiveness to the need for sustainability of the whole built environment. The International Telecommunication Union (ITU)’s Focus Group on Smart Sustainable Cities (FG-SSC 2016) defines smart cities as follows: “A smart sustainable city is an innovative city that uses ICTs and other means to improve the quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social and environmental aspects.”

With nuances from report to report, such a definition has become the standardly accepted idea of what a smart city should be and do, ideally. However, what counts as “quality of life,” “efficiency,” and “competitiveness” and whether such features are desirable, compatible, and truly beneficial to citizens remain open questions. Many smart city initiatives have increasingly been shaped by a techno-optimism ethos that tends to overlook the realpolitik behind the implementation of tech-based solutions in the urban environment. As Angelidou (2017) notes in her critical review of several case studies, “most smart city strategies fail to incorporate bottom-up approaches, are poorly adapted to accommodate the local needs of their area, and consider issues of privacy and security inadequately.”

The hyperefficiency that the smart city is meant to realize conflates “easiness of use” with “living wellbeing.” The idea that a city is good to live in when it is easy to navigate betrays the underlying technological rationale of an urban space “founded on the basis of utopian ‘clean and orderly’ pervasive computing” (Viitanen & Kingston, 2014, p. 807). Things, however, are more complex. Oftentimes, how, where, and what smart technology is deployed contributes to widening socioeconomic disparity, precisely because technology is already epistemologically loaded with the same principles and rationalistic logics that guide its development and which, in turn, technology reinforces.

Secondly, the idea of a city’s smartness often conceals economic drives and interests. Turning a city into a clean and orderly space on the ground of an accrued attention to citizens’ needs also implies shaping the city as a space to be used. The smart solutions adopted in cities are often offered by private companies and co-opted by market forces (Mann, Mitchell, Foth, & Anastasiu, 2020), which then take the lead in defining the normative ideas of what counts as “smart,” that is, something that they can profit from. It is no surprise that given tech innovation is primarily led by private firms, the underlying business model of today’s smart cities is one that produces power asymmetries at various levels: not only does it subordinate public spaces and actors to private ones, but it also turns citizens into consumers.

Thirdly, it is not rare to find the concept of smart city coupled with that of “safe city,” via the creation of a network of diffused technological solutions, among which video cloud, facial recognition, and tracking sensors, which overlaps to the citizen’s being-in-the-city as a ghostly shadow. A safe city, then, can be realized above all as a “monitored city” in which technology can be used in exploitative (and often lucrative) terms. In this sense, “safe city” is to be found somewhat in the middle between “care” and “control” (Lyon 2007): the extent to which safety morphs into surveillance rather than enhances people’s wellbeing is an economic-political matter closely linked to how smart technologies are developed, deployed, by whom and for which purposes. As Deleuze (1992) acutely points out by distinguishing between an old “disciplinary” city governance from a new “control” one: “the disciplinary man was a discontinuous producer of energy, but the man of control is undulatory, in orbit, in a continuous network” (p. 4). The citizen of smart cities is metamorphosed into a trace-leaver. “Any one of us,” Bratton writes (2016), “is (or could be, or should be) less a political subject of this one city – London, Mumbai, Shanghai – but of the City, of the globally uneven mesh of amalgamated infrastructures and delaminated jurisdictions” (p. 152). The smart city is an agglomeration that transcends borders and specificities to impose a new layer of global technologized living space that demands to be unpacked in all its internal complexities.

7.4 Huawei OpenLabs in South Africa and the Joint Innovation Center in Italy

Over the last few years, Huawei has launched a number of OpenLabs around the world. Except the OpenLab in Suzhou, Mainland China, which opened in 2012, the others are all abroad, for example, in Johannesburg (April 2017), Istanbul (December 2017), Paris (April 2018), Moscow (April 2018), and New Delhi (October 2018).

These initiatives are conceived as hubs where, based on shared infrastructures and facilities provided by Huawei, various stakeholders can converge for developing and testing innovative technological solutions for the “smartening” of the urban environment. It is significant to delve into the governance model that regulates the relations among the OpenLab’s stakeholders in order to understand how data are put to use, by whom, for whom, and for which purposes.

More specifically, while the vision of sharing hardware, software, and tech know-how is clear, it is worth exploring how the data lifecycle is managed as well as how the tech solutions developed address issues of cybersecurity and local actors’ empowerment. This same approach also applies to the second case study – the JIC in Cagliari, Italy – of which Huawei is also one of the leading actors in constructing tech infrastructures, facilities, and know-how.

7.4.1 The OpenLab in Johannesburg

The OpenLab in Johannesburg is interesting as it was one of the first hubs to be opened by Huawei outside Mainland China and it remains the only one of its kind in SSA. The initiative hopes to bring together various stakeholders to create a synergic model of tech innovation with an impact at the urban level.

As stated in the press release published at the occasion of the launch of the OpenLab (Huawei, 2017), “Huawei will provide the data centre facility, hardware and software infrastructure and technical team while the partners will contribute ideas, products and human resources” with the goal to “test and customise a broad range of solutions under the umbrella of safe cities and smart grids.” Here the equation of smart city as safe city returns, a leitmotif in Huawei’s discourses on technological solutions applied to urban environments.² On its website,³ Huawei elaborates:

The center focuses on four capacities: joint innovation, partner development, solution development, and industry experience. Johannesburg OpenLab works together with global, regional, and local partners, concentrating on Safe City, Smart Grid, and Smart City solution [sic] to develop competitive solutions for industrial customers. Johannesburg OpenLab supports the demonstration of Safe City converged command, video cloud, and facial recognition scenario.

Overall, the presentation of the OpenLab is rather minimal and factual. The description of the smart city projects is kept at a high level of abstraction and any form of qualitative assessment is avoided. While the Lab is open for “cooperation/consultation,” Huawei’s representatives declined to respond to this researcher’s request for interviews. Such an approach seems symptomatic of a corporate strategy that, while leaving the doors open to a wide spectrum of partnerships, remains problematically vague over the concrete projects and the effective results of the Lab toward a broader audience. In fact, the stress on “industrial customers” is indicative that the smart city’s solutions developed, albeit having an immediate impact on the local communities, are kept among a small cohort of actors.

Further, the concept of “safe city” is projected to be realized through a network of tech solutions that include video cloud and facial recognition. “Safe city,” therefore, can be intended above all as “control city” to the extent to which the restriction of access to the OpenLab mainly to industrial customers and lack of community presence cast doubt on the public agency and publicly beneficial impact of the solutions developed by the Lab.

After operating in Johannesburg for six years, the OpenLab provides few details about the extent tech solutions developed within the Lab have been deployed. Nor has it openly addressed concomitant issues of privacy and data protection as well as other potential unintended consequences such as different forms of bias and discrimination. While there is no legal obligation for any private tech company to explore and account for these concerns outright, from a cyber-geopolitical perspective, these issues remain front and center of large-scale public projects and beg for more transparency.⁴

Such technological side effects are of particular relevance in a multiracial context such as South Africa, to the point that Kwet (2019) speaks of the risk of “AI-powered apartheid.” Yet, Huawei does not openly address such concerns related to the activities and solutions of its OpenLab. Instead, it tends to favor a purely technically optimistic presentation of the smart city initiative, seemingly oblivious to the intrinsic social facets of technology and its governance. In the words of Arsène (2018), “the very sensitive character of these technologies and the geopolitical stakes paradoxically lead to a certain level of secrecy around the technologies that are supposed to bring more transparency” (p. 58).

More information on the smart city solutions envisioned and developed by Huawei can be found in its 2018 Corporate and Social Responsibility (CSR) report, which describes the ambitious project in the mining city of Rustenburg to be turned into a smart city:

A world-class city where all communities enjoy a high quality of life, and one that is interconnected, energetic, healthy, green, friendly, secure, smart, prosperous, efficient, and sustainable. (…) To efficiently implement this project and build a smarter Rustenburg, the municipal government has picked a number of partners, including South Africa’s ICT and financial technology company Electronic Connect, Sanchuan Water Meter Co., Ltd., intelligent transportation system provider Xiamen Lenz Communication Inc., and Huawei (p. 34).

Unlike the limited information about such smart city projects made available on its OpenLab’s website, Huawei’s CSR report puts forth an overinflated discourse on smart cities. It presents the upcoming renovation of the city of Rustenburg as an all-encompassing masterplan that will significantly uplift the quality of citizens’ life, characterizing the “smart city” as the “optimal city” with such intrinsic qualities as “security,” “interconnectedness,” “prosperity,” and “sustainability.” Yet, no further insights are provided in support of these projected values or how they are realized through specific technological solutions.

To put things into perspective to assess a smart city’s socioeconomic-ethical implications, it is worth looking at a similar project initiated in 2015 by the Chinese Development Group Zendai, which proposed a plan to turn the neighborhood of Modderfontein (east of Johannesburg) into a smart city. After two years, the project fell into disgrace due to the conflicting visions between the company and the municipality of Johannesburg. The city required at least 5,000 affordable homes to be included in the plan, while Zendai insisted on building luxurious housing, offices, and venues.

This case pulls aside the curtains, allowing a glimpse into the realpolitik behind smart cities. The label of “smart city” often conceals rather than reveals how the smartening of a city can lead to diverging interests among the actors involved, thus raising concerns about the socioeconomical sustainability of the solutions proposed. In other words, the benchmark against which to assess smart city solutions cannot be solely their tech feasibility or efficiency, but also their concrete economic, cultural, and social impacts on the local communities. The Modderfontein case epitomizes the extent to which smart initiatives, especially those led by private companies only, risk reinforcing or exacerbating existing socioeconomic inequalities and demand a thoughtful assessment involving all parties before being implemented.

One further aspect to be stressed is that both cases – Modderfontein and Rustenburg – entail a synergy of local and foreign actors, both public and private, concretizing the idea of cooperation among Chinese and African actors discussed earlier. However, the scenario is much different when it comes to Huawei OpenLab that provides few details about its “global, regional, and local partners.” Among the publicly listed partners involved in the OpenLab are⁵: (1) a French and a Chinese company focused on railways infrastructures, (2) a UK firm that offers consulting digital services (both business-to-consumer and public-to citizens), (3) three Chinese tech companies focused on smart city solutions and smart grids for energy efficiency and facial recognition; (4) a German and a Danish company in the field of surveillance and tech safety solutions; (5) a Swedish IT company that provides smart city solutions; (6) two US tech companies; and (7) a French company involved in digital identity and security solutions.

On the one hand, the OpenLab clearly can attract an array of private partners. On the other, the glaring absence of South African partners, either public or private, is significant. This is particularly striking because the focus of the Lab on smart city solutions by default bears a local outreach. The lack of local community representation is thrown into sharp contradiction considering South Africa’s Minister of Communications and Digital Technologies, Stella Ndabeni-Abrahams’ recent remarks: “South African initiatives are likely to be successful only if they happen in an integrated manner” (SA News, 2019). Lacking integration with local stakeholders, Huawei OpenLab risks compromising the digital sovereignty of South Africa and its citizens, severely limiting the potential beneficial effects of its tech solutions.

Overall, it is possible to identify four major actors leading tech innovation initiatives in South Africa: (1) foreign ICT companies (mainly Western and Chinese); (2) South African ICT companies; (3) South African governmental bodies; and (4) South African universities. While a number of tech hubs and incubators witness the collaborations among these four types of actors (e.g., The Innovation Hub in Pretoria and Thsimologong Precint in Johannesburg), Huawei has favored a proprietary, corporate approach to the development of the OpenLab, which makes the development of the solutions potentially disempowering for South African actors.

7.4.2 The Joint Innovation Center in Cagliari

For comparison, this chapter also examines the JIC launched in Cagliari, the capital of Sardinia, at the end of 2019. A comparative analysis aims to produce more insight into the governance models of Huawei’s smart cities initiative around the world. Similar to the OpenLab, the JIC focuses on the collaborative development of tech solutions to turn the Italian city of Cagliari into a smart city. In this case, too, Huawei is the leader of the initiative, together with CSR4, the Centre for Advanced Studies, Research and Development of Sardinia, which is an interdisciplinary pole of technological innovation whose sole public shareholder is the regional agency Sardegna Ricerche. In this case, Huawei joins forces with the main public actor in the region in technological R&D. Beyond that, other partners of the JIC include: (1) an Italian company that develops core IT infrastructures through cloud computing; (2) an Italian company that offers hardware and software solutions for the IoTs including cybersecurity services; (3) an Italian company that develops network and connectivity solutions; and (4) an Italian firm focused on IT projects and installations.

Although neither Huawei Italy nor CSR4 were available for interviews before the end of the partnership (expected at the end of 2021), on the JIC’s (2020) website,⁶ the media section provides valuable information from the stakeholders involved in the initiative. As Massimo Carboni, coordinator of the JIC for Sardegna Ricerche, states: “the project is a collaborative venture of three main actors: CSR4, which provides skills and know-how, Regione Sardegna, which defined the vision and mission of the initiative, and ICTs companies, among which Huawei is the main partner, plus other six SMEs.” From this perspective, the initiative has a “indigenous” component, especially in comparison with Huawei OpenLab in Johannesburg. This, however, does not provide a clear indication of the governance behind the initiative, that is, the power relations among the actors when it comes to the data lifecycle’s management. The JIC website states:

The objective of the project is the realization of an experimental infrastructure with which new technologies will be developed for widespread connectivity on a metropolitan scale (…) aimed at solving problems related to smart cities, the experimentation of widespread sensors for the acquisition of large amounts of data that will be managed through the development of architectures for Open Data and Big Data, the testing of systems for city safety (safe city) and the study of new generation e-LTE systems.

Resonating with the mission of Huawei OpenLab in Johannesburg, here too the stress is on “smart city” as “safe city.” Mentioned on the JIC’s website is the development of an array of sensors for vast collections of data: video cameras and distributed urban tracking systems such as “face recognition, plate recognition, intrusion detection, behavioural analysis, etc.” The idea of amassing large amounts of data by means of innovative tech solutions is again framed within a techno-optimistic discourse of “improvement of citizens’ quality of life” and even of “increase [of] both cultural and educational mutual knowledge” for all the companies involved. Hence, the discourse supporting the initiative tends to present a win-win situation, which echoes the idea of peer-to-peer cooperation typical of Chinese companies’ “going out” efforts. As Lidia Leoni in charge of strategic partnerships at CSR4 points out, what counts the most is the ultimate goal rather than the means: “it is extremely important to have an idea of what is happening everywhere (…) by connecting data which would remain otherwise unrelated.” While such a functionalistic approach of the tech cooperation between Huawei and CSR4 adheres to an understanding of the city as a space to be mapped in real time for increased control and efficiency, overlooked are issues of realpolitik and people’s safety and security behind data lifecycle. Missing from JIC’s public discourse is clear communication of which actors and under which obligations are responsible for the management and security of data and potential data breaches.⁷

What we do know, via the media releases, is that through the deployment of these smart city solutions, the JIC aims to build an intelligent operation center (IOC), that is, a centralized platform on which all data converge for the formation of what is called the “data lake.” Vincenzo Strangis, director of smart cities and innovation at Huawei, defines the IOC by resorting to the human–machine metaphor: “the IOC is like the brain of the human body connected to the nervous system, for us the nervous system is that which comes from all the sensors that are present in the city.” The platform is based on open-source technologies on which vertical applications can then be implemented. The open-source choice favors the potential arrival of (new) partners by lowering barriers to access and enhancing interoperability. Namely, the IOC is based on a logic of federation of the data, which maximizes data’s capitalization through the creation of the data lake by an array of different actors. On this point, Strangis specifies that “the infrastructure gravitates around the data center, that is, the storage technology that allows for the emergence of the data lake, to which all the various stakeholders will contribute by making available to us the data coming from their applications [emphasis added].”

The fact that the JIC is led by a public stakeholder should prioritize, in principle, the public interest in using data to tackle social and environmental issues in the urban context instead of profit-only objectives. In a way, data are expected to be repurposed for the benefit of the local community. On the other hand, however, the network through which these data run is owned by Huawei, making the Chinese company an inalienable actor of the whole initiative (the “us” used by Strangis is emblematic). And this does raise concerns over the risk of tech dependency voiced by the European Union recently. To borrow the well-established and somewhat questionable metaphor of data as “the new oil,” the IOC could be seen as the public-led data refinery and Huawei as the owner of the pipeline through which the oil runs. On the JIC’s website, it is also reported that the goals of the initiative are:

To experiment and demonstrate on the field the effectiveness in the implementation of a private network, which exploiting a high data transmission capacity, allows the study of new solution for the benefit of the city community and of public and private institutions. We will then proceed with the experimentation of sensors able to detect data that will be processed by other parts of the project. Prototypes of mobile devices operating on the frequencies of the private e-LTE network provided by Huawei will be tested in the field.

E-LTE networks are also at the core of the OpenLab initiative in Johannesburg. The corporate-based conception of the “pipeline,” which makes the collection of data possible, puts Huawei in a privileged position, whether the solutions developed will concretely and beneficially impact on the community and/or other partners or not. At stake, it is not to contest such conception – these solutions might really improve the quality of citizens’ life – but rather to shed light on the trade-offs in terms of digital sovereignty that the governance model of these initiatives entail. Notably, compared to the South African case where the joint venture capitalized exclusively on foreign actors, the JIC enacts a multinational approach that sees Huawei establishing not only commercial ties but also institutional partnerships (e.g., the CSR4) with local actors. However, such multinational approach should be dutifully scrutinized from a cyber-geopolitical perspective, considering that, as Wen (2021, p. 31) notes, Huawei’s activity “has been closely entangled with the Chinese government’s (…) attempt to extend China’s control over transnational network infrastructures.” The stake is eminently sociopolitical, that is, accountability of the extent to which technology and data use/ownership create socioeconomic value and for whom.

7.5 Conclusion

By comparing Huawei’s OpenLab in Johannesburg and the JIC in Cagliari, the chapter scrutinized the discursive framings of these initiatives with regard to the normative tech-centered conception of smart city solutions, and assessed the different governance models and partnerships supporting the initiatives in terms of their potential (dis)empowerment for local actors and citizens.

Both initiatives put forth a techno-optimistic vision that presents them as win-for-all projects. This framing avoids an in-depth characterization of actual implementations of smart city solutions and their impact on local communities. In this regard, the discourses surrounding both initiatives adhere to the normative understanding of smart city solutions as ICT-based endeavors to enhance decision-making efficiency and quality of life, by default rather than proven. Of particular significance is the coupling of smart city with the concept of safe city, that is, increasingly controlled spaces. From this perspective, socioeconomic considerations are eschewed as if the smartening of the city were an inevitable tide uplifting all actors involved. The analysis also revealed differences in the ways in which these initiatives have been publicly communicated. While there is more publicly available information in the Italian case, very minimal exists in the case of Johannesburg’s OpenLab. In both cases, however, Huawei refrained from delivering any statements upon request about the workings and outcomes of its initiatives.

In terms of governance, the OpenLab is heavily based on foreign private stakeholders. In fact, no South African stakeholders, either private or public, are officially part of the Lab. Instead, the OpenLab includes Western and Chinese private ICT companies alike. Running against the call by South African authorities to fuel tech initiatives in an integrated manner, the foreign-led nature of the OpenLab frustrates the development of local stakeholders and hinders the emergence of South Africa’s digital sovereignty. This unbalance emerges even more vividly when comparing the OpenLab with the JIC in Italy. Although Huawei is the main private stakeholder, the JIC is nonetheless led by CSR4, an Italian public research center. However, in this case too, the cyber-geopolitical tensions surrounding the technology governance of the initiative cannot be overlook in that they do represent a potential threat to digital sovereignty as underscored by the European Union.

To an extent, Huawei shows high contextual flexibility when establishing its investments and partnerships abroad. The proprietary approach Huawei favors in South Africa undoubtedly gives the company more discretion with regard to the type of projects developed. The diversity of stakeholders with whom Huawei partners, particularly in Italy, does highlight the extent to which its smart city initiatives rework the concept of digital sovereignty and how, beyond theory, such diversity fosters a certain real-political form of digital sovereignty based on contextual opportunities. Beyond a domestic and foreign dichotomy, these smart city initiatives rearticulate the concept of digital sovereignty according to a transnational approach, underscoring Huawei’s modulated interventions across the globe.

For both case studies, further field research is needed to substantiate the discursive analysis with ethnographic findings. Indeed, the assessment of the extent to which digital sovereignty is a contested arena along the Global North–Global South axis, as much as the South–South axis cannot do without the direct engagement with stakeholders. This, in turn, requires putting pressure on all ICT actors for demanding a more transparent and accountable communication concerning how the data fueling their smart city projects are managed, especially considering that digital sovereignty is an increasingly entangled transnational geo-governance issue.