The Governance Stack
A systems architecture for the digital state
TL;DR:
The modern state is no longer shaped only by laws and institutions. It is increasingly shaped by digital identity systems, registries, payment rails, data exchanges, and decision protocols. This means governance must be understood as a stack: norms define legitimacy, institutions allocate authority, the Minimum Digital Kernel structures how public decisions are rendered and challenged, infrastructure rails move identity, data, and money, and applications deliver services. The key implication is that public policy can no longer focus only on legal rules and administrative authority. It must also specify the foundational digital architecture through which public authority is exercised.
Public administration is no longer shaped only by laws and institutions. It is increasingly shaped by digital identity systems, registries, payment rails, data exchanges, and decision protocols. To understand the modern state, we need to think in layers.
For most of modern history, governance was understood primarily as an institutional problem. Constitutions constrained power. Legislatures made laws. Ministries executed policy. Courts and auditors corrected abuses. The state was imagined as a set of organizations governed by law.
That picture is no longer sufficient.
Today, public authority is increasingly exercised through digital systems. A welfare benefit may be approved through data matching across registries. A tax liability may be computed automatically from digital filings. A subsidy may be transferred instantly through a payment rail. Regulatory enforcement increasingly depends on digital evidence flows and automated compliance checks.
In practice, the architecture of the state is no longer only institutional. It is also infrastructural.
That shift matters because software does not merely implement governance. It increasingly structures how governance operates. Rules may be encoded as decision logic. Administrative discretion may be embedded in workflows. Access to public services may depend on identity systems and registries. Oversight may rely on system logs rather than paper records.
In the paper state, procedure constrained discretion largely after authority was exercised. In the digital state, architecture increasingly structures discretion before authority is exercised.
This has an important implication. Public policy can no longer focus only on laws and institutions. It must also define certain foundational features of the infrastructure and protocols through which those laws are executed.
Some may object that this amounts to over-specifying policy. It does not. The argument is not that legislation or policy should prescribe every application, interface, or workflow. It is that in a digital state, policy must specify the core public guarantees that should remain stable across applications.
Consider a cash transfer scheme. A law may define who is eligible, and a ministry may be authorized to administer it. But the real experience of that policy depends on architectural choices: how identity is verified, which registries are treated as authoritative, how eligibility is computed, how payments are routed, what decision record is generated, and how a citizen can appeal an error. These are not merely technical details. They shape who gets included, how quickly benefits arrive, how errors are corrected, and how power is exercised in practice.
The issue, then, is not whether the state should prescribe every digital detail. It should not. The issue is whether the state should deliberately define the shared rails and decision protocols through which public authority will be exercised. In a digital state, the answer is increasingly yes.
To make sense of this shift, it helps to think in terms of a layered architecture. Just as computing systems are organized into stacks that separate responsibilities across layers, governance can also be understood as a stack. Political norms define legitimacy. Institutions allocate authority. Infrastructure enables execution. Between them sits a crucial but under-specified layer: the machinery that structures how public decisions are rendered.
I call that machinery the Minimum Digital Kernel.
The kernel is not another service platform or government application. It is the thin protocol layer that governs how authoritative public decisions are made and recorded. A consequential state decision should not simply produce an outcome. It should produce a structured decision object: which rule was applied, which version of that rule authorized the action, which verified facts were used, which authority executed the step, and what appeal path exists if the decision is contested.
When combined with Digital Public Infrastructure such as identity systems, registries, payments, credentials, and trusted data exchange, this decision protocol forms part of a broader architecture. The resulting structure can be understood as a governance stack with five layers: norms, institutions, the decision kernel, digital infrastructure rails, and applications.
This framework is useful because it helps explain something that institutional theory alone struggles to capture: in a digital state, governance failures can arise not only from bad laws or weak institutions, but also from poor architecture. A state can have a sound policy and still fail because identity is badly designed, registries are fragmented, decisions are opaque, or appeals are not built into the system. The governance stack makes those failure points visible.
It also helps reconcile debates that are often treated as rival explanations. Rule of law, state capacity, institutional economics, polycentric governance, and adaptive governance are not necessarily competing theories of the whole. They often describe different layers of the same system.
Norms determine what is legitimate.
Institutions determine who is authorized.
The kernel determines how decisions must be rendered and challenged.
Infrastructure rails move identity, data, credentials, and money.
Applications determine how citizens experience public services.
The five layers of the governance stack
At the top of the stack sit norms. This layer contains constitutional values and political commitments that define what the state is allowed to do and what citizens are entitled to expect. Rights, equality before the law, distributive justice, fiscal responsibility, and democratic legitimacy all live here. Norms determine the goals and constraints of governance. They are not replaced by digital systems. They are expressed through them.
Below the normative layer lie institutions. Legislatures, ministries, regulators, courts, and local governments translate political mandates into policies, budgets, and administrative authority. Institutional structures determine who can write rules, who can enforce them, and who can review decisions. This remains the central terrain of politics and administrative design.
The next layer is the Minimum Digital Kernel, which sits between institutions and infrastructure. The kernel standardizes the structure of public decisions. Instead of treating administrative actions as opaque events, it represents them as structured decision objects. Each decision links an authorized rule, the verified facts used to evaluate that rule, the authority responsible for executing the decision, and the outcome produced. Crucially, it also records the path through which that decision can be challenged or reviewed.
Below the kernel sit the digital infrastructure rails that make execution at scale possible. These rails include digital identity systems, authoritative registries, payment networks, credential systems, secure messaging, and trusted data exchange mechanisms. Their purpose is to move verified identity, information, and financial resources between institutions. These are the foundational components commonly described as Digital Public Infrastructure.
At the bottom of the stack lies the application layer. This is where citizens encounter the state in practice. Tax filing portals, welfare benefit systems, health platforms, licensing systems, procurement portals, and grievance platforms all live here. Applications translate policy and infrastructure into actual service experiences. They are also the layer most open to experimentation because multiple actors can build services on shared rails.
The stack suggests a discipline of restraint. The lower layers should be stable and widely shared. The upper layers should remain adaptable. Norms and institutions evolve slowly because they embody political settlement and public purpose. Kernels and rails provide common guarantees and reusable capabilities. Applications should remain open to iteration, competition, and contextual design.
That is why the point is not to over-specify the edge. It is to specify the core.
The digital expression of the governance stack
Each layer of the governance stack also has a digital expression. As governance becomes increasingly mediated through software systems, the layers of the stack appear not only as political and institutional arrangements but also as specific forms of digital infrastructure.
This does not mean that governance can be reduced to software. Norms and institutions remain political constructs. But in a digital state, they increasingly require structured digital representations in order to operate at scale.
At the normative layer, the digital expression takes the form of rule repositories. Laws, regulations, and policy rules must be published, versioned, and increasingly expressed in machine-readable form so they can be interpreted consistently across systems. This may include legal text repositories, policy rule catalogs, eligibility rule definitions, and version histories of regulations. The purpose of this layer is not to automate law but to ensure that the rules governing public decisions are visible, traceable, and consistently applied.
At the institutional layer, the digital expression appears as directories of authority. Governments increasingly need structured representations of who is authorized to do what within the system. This may include directories of agencies, registries of delegated authority, role and responsibility mappings, jurisdictional boundaries, and separation-of-duty rules. These directories make institutional authority legible to digital systems while preserving political accountability.
At the Minimum Digital Kernel layer, the digital expression takes the form of decision protocols. This includes the schema through which public decisions are represented, the rule evaluation logic that links rules to evidence, the binding of verified data to decision records, and the audit trail that records how decisions were produced. The kernel defines the shared structure through which decisions become traceable and contestable across institutions.
At the infrastructure rail layer, the digital expression consists of foundational systems that move trusted information and resources across the state. These include digital identity systems, authoritative registries, payment networks, credential systems, secure messaging infrastructure, and trusted data exchange mechanisms. These rails allow institutions to coordinate reliably while maintaining clear boundaries of responsibility.
Finally, at the application layer, the digital expression appears as the services through which citizens interact with the state. These include tax filing portals, welfare systems, health platforms, licensing systems, procurement portals, and grievance platforms. Applications translate policy and infrastructure into concrete service experiences.
Taken together, these digital expressions illustrate why the governance stack matters. The modern state does not operate only through laws and institutions. It increasingly operates through software systems that embody those laws and institutions in structured form.
Understanding governance in the digital era therefore requires attention not only to political design but also to the architecture of the systems through which public authority is exercised.
The lifecycle of public decisions
To see how these layers interact in practice, it helps to look at how public decisions actually unfold. Governance is not a single act but a sequence through which policies become outcomes. Whether the domain is taxation, welfare benefits, licensing, procurement, or regulation, most public actions follow a broadly similar lifecycle.
A typical public decision passes through five stages: policy design, eligibility determination, resource allocation, execution, and accountability.
Policy design is the stage where legislatures and policymakers determine the rules that govern public programs. These rules define entitlements, obligations, taxes, subsidies, regulatory requirements, and enforcement mechanisms. This stage is shaped primarily by the normative and institutional layers.
Eligibility determination follows. Once rules exist, the system must determine whether a particular individual, household, firm, or institution satisfies them. In a digital state, this increasingly depends on identity systems and registries that supply verified facts. At this stage the kernel evaluates evidence against authorized rules.
Resource allocation determines what follows from that evaluation. A welfare program assigns a transfer amount. A tax system computes liability. A procurement system selects a winning bid. These are kernel-level decisions that connect rules, evidence, and outcomes. Infrastructure rails then support execution by enabling payments, credentials, or authorizations to move across institutions.
Execution refers to the delivery of services, transfers, or regulatory actions. This stage occurs largely at the application layer where agencies and ecosystem partners build services that interact with citizens and organizations.
Finally, accountability allows decisions to be reviewed and corrected. Courts, auditors, regulators, and grievance mechanisms all participate here. Because the kernel produces structured decision objects linking rules, evidence, authorities, and outcomes, oversight institutions can reconstruct how decisions were made and determine whether they were lawful and correct.
Seen this way, the governance stack shifts attention upstream. Traditional public administration often focused on recording transactions after they occurred. A digital governance architecture focuses more on structuring the decisions that produce those transactions in the first place.
Governance theories as layers, not rivals
This perspective also helps reconcile classical governance theories that often appear to compete with one another.
The rule-of-law tradition focuses primarily on the normative and kernel layers. Legitimacy requires that public authority operate through known rules. The kernel makes those rules traceable in practice by linking every decision to an authorized rule, evidence, and review pathway.
State-capacity theory emphasizes the institutional and infrastructure layers. Governments require capable organizations and reliable execution systems to implement policy at scale. Identity systems, registries, and payment rails strengthen that capacity by providing common foundations across programs.
Institutional economics focuses on credible commitments and transaction costs. Standardized decision protocols and interoperable infrastructure reduce uncertainty, lower coordination costs, and make governance systems more predictable.
Polycentric governance highlights the value of multiple actors delivering services within shared standards. In the governance stack, this pluralism appears most clearly at the application layer, where different institutions and service providers can build interoperable services on common rails.
Adaptive governance emphasizes the ability of systems to learn and evolve. A layered architecture supports this by stabilizing the core while allowing experimentation at the edges.
The point is not that the governance stack replaces these traditions. It is that it gives each of them a clearer place. What earlier theories often treated as competing accounts of governance can now be understood as distinct lenses on different layers of the same architecture.
The Minimum Digital Kernel
The Minimum Digital Kernel matters because most acts of government are ultimately decisions. A benefit is approved or denied. A tax liability is assessed. A license is granted or revoked. A procurement bid is accepted. Each represents the exercise of public authority over a person, organization, or transaction.
Historically these decisions were embedded in administrative processes that were difficult to inspect. An official might apply a rule using information from multiple sources, record the outcome in a file, and communicate the result through a letter or order. Oversight institutions then had to reconstruct the logic of the decision from fragmented records.
In digital governance, these decision processes increasingly occur within software systems. The kernel addresses this shift by standardizing how consequential public decisions are represented.
Every decision object links four elements:
the rule that authorizes the decision
the verified evidence used to evaluate the rule
the authority responsible for executing the decision
the outcome, along with the path through which it can be contested or reviewed
This structure strengthens procedural legality, improves transparency, enhances accountability, and supports contestability. Courts and oversight bodies continue to matter, but the quality of information available to them changes dramatically.
In this sense, the Minimum Digital Kernel functions as the operational counterpart of administrative procedure law. It embeds procedural guarantees directly into the systems that execute public decisions.
That is also why the kernel should remain minimal. It is not meant to encode the whole of governance. It is meant to define the irreducible public guarantees that must hold across domains: authorized rule use, verified evidence, attributable authority, traceable decisions, and reviewability.
Risks and limits, by layer
A governance stack does not solve every problem of governance. It clarifies where different problems sit.
At the normative layer, injustice can still be encoded. A decision protocol can ensure that rules are applied consistently, but it cannot determine whether those rules are fair. A bad rule can become more efficient through good infrastructure.
At the institutional layer, power remains political. Institutions still decide what rules are encoded, which registries are authoritative, and how oversight operates. The stack does not abolish politics. It makes some of its consequences more visible.
At the kernel layer, opacity can persist if decision logic is badly designed, poorly documented, or insulated from challenge. A system may appear formal while still hiding meaningful discretion.
At the rail layer, concentration risk emerges. Identity systems, registries, or decision protocols can become chokepoints if governance is weak. The same infrastructure that enables interoperability can also enable exclusion, surveillance, or systemic fragility.
At the application layer, fragmentation can return. If applications diverge too far from shared standards, the system can slide back into siloed experiences and uneven accountability.
These are not arguments against the governance stack. They are reminders that each layer requires its own forms of governance, restraint, and oversight.
Governance as infrastructure
The digital transformation of the state is often discussed in terms of new technologies or improved services. The deeper shift, however, is architectural.
Governments increasingly operate through identity systems, registries, payment networks, and automated workflows. The infrastructure through which public authority is exercised is becoming part of governance itself.
This is why the central policy question is changing. It is no longer enough to ask what the law says or which institution is responsible. We must also ask: through what architecture will public authority actually be exercised?
Norms define legitimacy.
Institutions allocate authority.
The Minimum Digital Kernel structures decisions.
Digital infrastructure rails move identity, data, and resources.
Applications deliver services.
Digital Public Infrastructure provides the execution rails of the modern state. The Minimum Digital Kernel governs the form of the decisions executed on those rails. Together they form a layered architecture that allows constitutional principles, institutional authority, and digital systems to work together coherently.
States already have digital constitutions in practice, whether they recognize them or not. Every identity system, registry, payment rail, and decision workflow encodes assumptions about authority, accountability, and access.
The real question is whether those constitutional properties are designed deliberately and governed publicly, or whether they emerge accidentally through fragmented procurement, vendor platforms, and ad hoc system design.
The digital state will not be governed by software alone. But it will increasingly be governed through software. The task ahead is to ensure that the architecture through which public authority operates reflects democratic values rather than undermining them.
Thank you for sharing this is a serious piece of work. It feels like the layered architecture is defensible, the decision-object formalism at the kernel layer is the most original contribution, and the core argument - that the architecture through which public authority is exercised is itself a governance problem - is correct and very important.
I would like to suggest two structural improvements which could widen the argument’s reach.
First, the essay conflates an analytical claim (governance can be understood as a layered architecture) with a prescriptive one (a specific artefact, the Minimum Digital Kernel, should occupy the middle layer). These are different arguments. The layered frame stands independently; the kernel requires substantial additional specification. Treating them as the same argument weakens both.
Second, the kernel is under-specified where it must be strongest. The four-element decision object - rule, evidence, authority, outcome plus contestability path - captures inputs and outcomes but not the inference function linking them. In automated or semi-automated systems, the transformation from inputs to outputs is where discretion hides. Without inference transparency and temporal binding (which version of which rule, against which snapshot of evidence, at which moment), the decision object is structured but not reconstructable. Reconstructability is precisely the property that makes such a kernel useful to courts, auditors, and regulators.
Contestability has the same gap. It is described as a requirement but not specified as a protocol. Minimum properties would include timeliness, independence, access to the full decision record, and the capacity to suspend or reverse outcomes.
Two further absences matter. The piece does not address the political economy of infrastructure procurement - governance stacks are not designed abstractly but procured through vendors under specific ownership and liability conditions. And interoperability is treated as an engineering property rather than a governance problem: a political settlement over whose ontologies, classifications, and standards prevail.
I think one of the strongest line appears near the end: states already have digital constitutions in practice, whether they recognise them or not. That observation should open the essay rather than close it. It captures the stakes more clearly than anything else in the piece.
A substantive first articulation of an important problem. The kernel proposal is promising, but it needs the specification work that would make it admissible in the regulatory and institutional design contexts where it belongs.