The social security benefits scandal (‘Zorgtoeslagaffaire’), which recently led to the government’s resignation, testifies to the complexities of a nation-wide digital infrastructure operating on huge and interlinked data flows. This is especially true for data integrity, which needs to be impeccable as well as secure at all times. Research has shown that this is not the case. Never sufficiently addressed by the Digi Commissioner and his small support staff, important deficiencies and obstacles to governing the GDI remain at large today.

Several reasons account for this failure, such as the Digi Commissioner’s enfeebled starting position – i.e. the lack of sufficient mandate and budget - as a result of which his efforts could not jump start GDI-governance. His support base within the digital community also turned out to be insufficient from the start, and even deteriorated over time. The many and diverse stakeholders present could not be convinced to change their behavior under the guidance of the Digi commissioner, and remained uncooperative. In addition, the Digi Commissioner’s attention was too narrowly focused on financial and intra-departmental governance, to the detriment of the digital infrastructure’s core: i.e. the huge amounts of data flowing through the system. The quality and safety of this data, which is often highly personal, needs to be guaranteed at all times. The official external evaluation of the Digi commissioner in 2017 – confirmed by himself in a simultaneous self-evaluation – made this painfully clear.

After three years in office, the Digi commissioner recognized the discrepancy between his tasks and resources, and the resulting dysfunctionality of his position. In 2017 he pleaded for GDI-coordination under the responsibility of a single minister with strong executive powers and sufficient means, and quietly returned to his former profession as a mayor. No successor was appointed and on 17 January 2018 this ambitious pilot scheme formally ended. The governance of the Dutch digital infrastructure is now served by an equally dysfunctional system of policy consultation rounds (‘Overheidsbreed Beleidsoverleg Digitale Overheid’; OBDO). Coordination of the Dutch digital infrastructure formally rests with the state secretary of the Ministry of Interior Affairs, but central governance of the GDI remains far from reality.

The Digi commissioner’s appointment in 2014 thus constituted an abortive governance attempt for the GDI. In a final interview in 2018 he acknowledged this, pointing to the resistance of entrenched stakeholders as the main cause. Though financial deficits had been tackled, he conceded that more emphasis on his mandate and appropriate legislation would probably have mattered. On his personal website he sounded skeptical with regard to the chosen new governance approach which showed continued disregard of digital urgency, uniform legislation, and sufficient budgets.

We can draw three insights from the Digi Commissioner’s initiative:

• First, the current governance model has significant financial, legislative, and organizational deficiencies. In contrast to, for example, the Dutch water infrastructure under the guidance of a powerful Delta Commissioner, the GDI is without a robust mandate, structural financial and legal underpinning, and decisive leadership. There are several preconditions for a GDI fit for the 21^st century: adequate legislation, a strong mandate, sufficient budget, as well as convincing and, if need be, forceful leadership.

• Second, political attention, a sufficient support base, and public awareness with regard to the GDI need to be elevated to much higher levels. There are serious ‘mental’ obstacles hindering the GDI’s effectiveness and efficiency. True recognition of its vital importance remains absent, and so does a heart-felt sense of urgency. As a result, the GDI lacks a clear security focus. So far cyber security threats have failed to instill an adequate response. Incidents have had relatively isolated effects with minimal nuisance to the general public. Adequate risk mitigation and successful crisis response had less to do with this fortunate outcome than chance and a good deal of luck. Contrary to Estonia in 2007, when cyber assaults effectively paralysed country and society for days, the Netherlands have yet to experience a truly disruptive digital calamity, that can serve as a wake-up call.

• Third, data integrity warrants more attention. Data confidentiality and availability are usually emphasised, whereas data integrity is crucial to digital government and big data developments. The adage ‘garbage in, garbage out’ holds true – especially when it comes to the GDI and the circulating huge amount of data it contains. Ultimately, the crucial trust relationship between the government and its citizens is at stake here. A stable political environment, successful administrative implementation of government decisions, but also a sufficient national tax base depend upon this. The wide ranging implications of the ‘Zorgtoeslagaffaire’ and other ‘scandals’ involving citizens’ data and taxpayers’ money have hardly been realized.

With a government embracing big data technology, preventing misbehaviour and properly balancing the pros and cons of digital government development should therefore receive top priority and be made ‘Chefsache’.