Open-Source in India

Promise, Peril, and the Path to Digital Sovereignty

(via collaboration with guest author)

In 2023, India witnessed a digital triumph that few could have imagined. The country’s Unified Payments Interface (UPI), an online money transfer system powered by open-source software, processed over 10 billion transactions in a single month. It was more than a staggering statistic – it was a moment of national pride, a vivid demonstration of how far India had come in building world-class digital infrastructure. Yet just a few months earlier, a very different incident had left the nation uneasy. A ransomware attack crippled the servers of AIIMS Delhi, one of India’s premier public hospitals, abruptly halting critical medical services and exposing gaping vulnerabilities in the country’s digital backbone.

One story showcased the promise of open technology, the other revealed its peril. Like two sides of a coin, these twin episodes capture the dual nature of India’s relationship with open-source software (OSS) – an innovation brimming with hope on one side, and fraught with risk on the other. This juxtaposition raises a fundamental question: Can India embrace open-source as the foundation of its digital future without falling prey to its pitfalls?

The Open-Source Revolution: India’s Digital Leap Forward

Open-source software – code that anyone can inspect, modify, and improve – has become the engine driving India’s digital ambitions. From Aadhaar’s nationwide biometric ID system to CoWIN’s pandemic-era vaccine distribution platform, OSS lies at the heart of many of the nation’s most transformative projects. The logic behind this open-source revolution is simple yet powerful: Why remain dependent on expensive foreign vendors when Indian talent can build, adapt, and share technology tailored to India’s unique needs?

Officials and tech architects increasingly speak of open-source in almost visionary terms. “Open-source is our sarvodaya – upliftment for all – in the digital age,” says Dr. Pramod Verma, the chief architect of Aadhaar and much of India’s digital public infrastructure. “It empowers us to solve distinctly Indian challenges at scale.” In invoking sarvodaya, a Gandhian ideal of progress for everyone, Dr. Verma emphasizes how India sees open tech as a great equalizer — a way to include the masses in the digital economy, whether through universal payments or accessible identity platforms.

And so far, it seems to be working. India now ranks among the top five contributors on GitHub, the world’s largest code-sharing hub, with developers from Bengaluru to Pune collaborating on cutting-edge projects from artificial intelligence frameworks to blockchain solutions. Progressive government policies have further accelerated this momentum. A notable example is a 2015 mandate that every new public software project give preference to OSS; this move has saved an estimated ₹10,000 crore each year in software licensing fees. By nurturing homegrown tech and avoiding exorbitant foreign software costs, India’s public sector is not only saving money but also fostering a culture of innovation and self-reliance.

But beneath this rush of success lies an uneasy question: Is India’s heavy reliance on open-source truly sustainable, or does it conceal weak points that could undermine the country’s quest for digital sovereignty? In other words, will the very openness that fueled India’s digital leap forward also expose it to new dangers?

The Security Tightrope: Trust, Transparency, and Threats

Transparency is open-source’s superpower – and also its Achilles’ heel. On one hand, when code is open for all to see, it’s harder for anyone to slip in a secret backdoor. “You can’t hide backdoors in code everyone can see,” as cybersecurity expert Trisha Shetty rightly notes. But on the other hand, if a flaw does creep into widely used open-source code, the fallout can be tremendous. Think of the Log4j vulnerability in 2021: a tiny bug in a ubiquitous open library for internet servers that sent system administrators worldwide into a panic. That single flaw threatened millions of systems across the globe, vividly illustrating how one small crack in the foundation of open software can send shockwaves through the entire digital edifice. In open-source, trust is built through transparency – yet that same openness means a modest mistake can have outsize consequences.

India’s security challenge is compounded by its hybrid approach to infrastructure. Take the case of CoWIN, the open-source platform that helped orchestrate India’s massive COVID-19 vaccine rollout. CoWIN was a showcase of OSS success, openly designed and deployed at an unprecedented scale. But there’s a catch: the platform runs on Amazon’s cloud servers (AWS) rather than on sovereign Indian infrastructure. This reliance on a foreign tech backbone raises uncomfortable questions about data sovereignty – who controls the data and underlying systems when crisis strikes? As Rajeev Chandrasekhar, the Union Minister of State for IT, has cautioned, “Open-source code is just one layer. True digital independence requires control over data, servers, and governance.” In other words, even the freest code isn’t truly free if it’s shackled to external servers beyond the nation’s control.

Then there’s the human factor — perhaps the most fragile link in the chain. The best open-source system in the world still needs skilled people to secure and maintain it. The AIIMS Delhi cyberattack in 2023 drove this point home in dramatic fashion. Investigations blamed the breach on outdated software and poor upkeep, revealing a glaring gap in expertise. It turns out that many of the technicians managing critical systems simply weren’t prepared to keep OSS updated and hardened against threats. A report by NASSCOM found that 65% of Indian IT professionals lack confidence in auditing open-source code, leaving many essential systems effectively with a digital door left unlocked. In practice, that means too many public databases and services are one step away from being compromised, not because open-source failed, but because the ecosystem around it – skilled admins, rigorous audits, timely updates – remains underdeveloped. When it comes to open tech, India finds itself walking a tightrope: it must balance the trust that openness engenders with the threats that lurk if that openness is not vigilantly managed.

The Neo-Colonialism Debate: Who Really Controls Open-Source?

Even as India works to shore up security, another debate swirls around open-source – one about global power and control. For all its egalitarian ethos, the open-source movement can sometimes feel like a club still dominated by the Global North. In fact, critics contend that OSS often reinforces a kind of digital neo-colonialism. Many of the world’s most influential open projects – think of the Linux operating system, Google’s Android, or the TensorFlow machine learning library – are stewarded by Western corporations or foundations. Indian developers may contribute mountains of code to these projects, but the strategic decisions (what features to prioritize, which direction to take) often happen half a world away in Silicon Valley boardrooms. The result, say sceptics, is that India’s coders become digital coolies of a sort: doing the heavy lifting in the open-source economy without sharing in the power. As social activist Aruna Roy, founder of the Mazdoor Kisan Shakti Sangathan, bluntly puts it, “We’re digital coolies in the open-source economy. Our coders enrich platforms like GitHub – owned by Microsoft – while India buys back support services from IBM or Red Hat.” In this biting analogy, Indian talent is effectively giving away its labor, only for India to pay later for expertise or support packaged by foreign firms. It’s a sobering reminder that “open” doesn’t always mean equal in the global tech landscape.

This dependency extends beyond who runs the projects to how those projects are designed. Much of today’s open-source software is built with advanced economies in mind, often assuming fast internet and cutting-edge hardware. The upshot is that Bharat – the proverbial rural heartland of India where roughly 600 million citizens still struggle with spotty connectivity – can get left out in the cold. An open-source education app, for example, might work flawlessly in urban Mumbai but falter in a village with intermittent 3G internet. Likewise, many Indian AI startups rely on open frameworks like TensorFlow, which are optimized for American and European use-cases. These tools excel in the contexts they were built for, but they can stumble when asked to handle uniquely Indian challenges – whether it’s interpreting dozens of local languages in a health care app or providing crop advisories tailored to small farmers. In essence, one size open-source does not fit all. Without deliberate adaptation, importing an OSS tool can be like wearing a sweater made for someone else: it might cover you, but it doesn’t quite fit the contours of your needs.

Yet, not everyone sees India’s open-tech role as fundamentally subordinate. Visionaries like Nandan Nilekani argue that open-source, far from being a neo-colonial trap, remains India’s best bet for true technological independence. They point to success stories as evidence. “UPI and Aadhaar prove that open-source, coupled with public investment, can create world-class systems by India, for India,” Nilekani insists. In his view, the very platforms that have transformed India – a universal payments network and a nationwide digital ID – are products of an open ethos combined with strong public backing. Rather than rejecting open-source because global players currently dominate it, Nilekani and others suggest India should double down on OSS but on its own terms: developing capacity to guide projects, building for local needs first, and asserting a stronger voice in the open-source community worldwide. After all, the open-source model is just a tool – what matters is who wields it and how. And with the right strategy, India can wield it to its advantage.

Case Studies: Lessons from the Frontlines

Several of India’s flagship digital projects underscore both the promise and the pitfalls of the open-source approach. From financial technology to identity and governance, these real-world examples highlight what open code can achieve – and where caution is warranted:

• UPI (Unified Payments Interface): This homegrown digital payments network, built on open protocols and APIs, now rivals Visa and Mastercard in transaction volume worldwide. Its success hinges on India’s control over both the software codebase and the regulatory framework that governs it – a combination that allowed UPI to innovate rapidly while keeping transaction costs negligible for users. In effect, India owns both the car and the road in this digital journey, ensuring sovereignty over a critical payments ecosystem.

• MOSIP (Modular Open-Source Identity Platform): Developed in India, MOSIP provides a blueprint for building national digital ID systems on open-source rails. It has already been adopted by countries like Morocco and the Philippines, showcasing how nations of the Global South can co-create and share technology as equal partners rather than as passive consumers. By opening up its identity platform, India enabled other countries to adapt the system to their needs, fostering a spirit of collaboration and reducing dependence on proprietary foreign solutions.

• Aadhaar’s Growing Pains: The Aadhaar program, India’s colossal biometric ID database, demonstrates both the scalability of open tech and the risks of centralization. Built largely on open-source components, Aadhaar rapidly brought over a billion people into a digital ID system – an inclusion triumph. However, its centralized database has sparked intense debates over privacy and security. Critics argue that while Aadhaar achieved unparalleled reach, it also created a single point of potential failure or misuse. The lesson? Prioritizing sheer reach without equal attention to resilience and privacy safeguards can undermine public trust.

Together, these examples illustrate the double-edged nature of India’s open-source experiment. They show that technical ingenuity and bold policy can indeed unlock tremendous public value – if backed by robust governance and foresight. Open-source can be a force multiplier for development, but it will fulfill that role only when projects are managed with a clear-eyed understanding of local realities, user needs, and security imperatives.

The Road Ahead: Five Pillars for India’s Open-Source Future

So how can India maximize the benefits of open-source while taming its risks? The path forward will require nothing less than a comprehensive strategy – a game plan built on five key pillars:

1. Build Sovereign Stacks: Develop and deploy India’s own tech infrastructure alongside open-source software. In practice, this means pairing OSS with indigenous cloud platforms (such as the government’s MeghRaj cloud) so that critical systems remain under India’s complete control, from the application code right down to the servers. True sovereignty comes when India owns the full stack of its digital public services.

2. Fix the Skills Gap: Invest in human capital to support and secure open technologies. Integrate open-source security and software maintenance into university curricula and technical training. At the same time, expand nationwide cybersecurity programs (like those run by CERT-In) to upskill millions of developers and IT administrators. An army of well-trained experts is India’s best defense against the next cyber threat lurking in an open-source library.

3. Fund Public Innovation: Back open-source projects with serious public funding. Launch a National OSS Foundation to support, maintain, and continually improve mission-critical open software in sectors such as healthcare, education, agriculture, and elections. With dedicated funding and coordination, India can ensure that vital open-source projects don’t wither for lack of resources and that they evolve to meet new challenges. In short, treat open-source as public infrastructure and invest in it accordingly.

4. Lead Global Coalitions: Embrace a leadership role in the international open-source community, especially with fellow developing nations. India can partner with countries across Africa and Southeast Asia (ASEAN) to co-develop open-source tools for shared challenges – from building climate resilience in farming communities to creating affordable urban mobility solutions. By spearheading collaborative projects, India not only pools talent and insight from multiple countries but also helps set the agenda, ensuring the resulting technologies serve collective interests rather than one dominant player.

5. Balance Openness with Security: Implement policies that make security an integral part of open development. For all government-adopted OSS projects, mandate robust bug bounty programs and independent third-party code audits. In other words, invite the world’s hackers to test Indian systems before the bad guys do, and have impartial experts scrutinize the code for weaknesses. This way, transparency doesn’t come at the expense of security – it bolsters it, by creating accountability and quick feedback loops to patch any cracks in the armor.

Conclusion: A Call for Digital Swaraj

Open-source is not a panacea or magic wand for all of India’s tech troubles. If anything, it acts as a mirror – reflecting India’s greatest strengths (ingenuity at scale, a democratic and collaborative spirit) while also exposing its weaknesses (fragmented governance, skill gaps, and patchy infrastructure). Yet, as the United States and China battle for dominance in the digital arena, India finds itself with a unique opportunity to chart a different course. By embracing the open-source model wisely, India can redefine OSS from a mere tool into an expression of digital swaraj – the idea of self-rule applied to the digital realm. In doing so, India would be asserting that its destiny online, as in the analog world, is ultimately in its own hands.

The stakes in this journey transcend technology; at heart, this is a debate about sovereignty and power. Will India remain just a consumer in the global tech marketplace, reliant on systems and standards set by others? Or will it become an architect of its own digital future, crafting platforms the world can also adopt? The answer lies in how ardently India pursues open-source not as a borrowed convenience, but as a homegrown manifesto for equitable progress. With openness guided by wisdom, and freedom fortified by foresight, India’s digital revolution can indeed live up to its promise – not only for India’s one billion-plus citizens, but as an inspiring model of tech self-determination for the world.

Disclaimer: The views expressed in this article are those of the guest author and do not reflect the official position of The Pax Indica. We publish a diversity of perspectives in the interest of informed debate.