ITU: U4SSC, Digital Public Infrastructure (Working Group 3)

We contribute to DPI Working Group 3, dedicated to digital transformation for people-centred cities and driven by ITU's United for Smart Sustainable Cities (U4SSC), focusing our input on embodied and physical systems, edge computing, resilience, and energy-efficient public infrastructure.

Related

• UN Global Digital Compact (GDC): AI Governance and Digital Infrastructure

• UNESCO: Science Report 8th Edition (2026)

ITU United for Smart Sustainable Cities (U4SSC)

The United for Smart Sustainable Cities (U4SSC) is a global UN initiative coordinated by ITU, UNECE, and UN-Habitat, supported by a broad network of multilateral partners spanning environment, development, finance, and cultural institutions. Serving as an international platform for knowledge exchange and multi-stakeholder partnership, U4SSC empowers cities and communities to align their digital transformation agendas with the UN Sustainable Development Goals and the 2030 Agenda. Through thematic groups, Key Performance Indicators adopted by over 250 cities globally, and a growing network of U4SSC Hubs, the initiative develops actionable technical specifications, policy guidance, and case studies that help cities become more efficient, innovative, and people-centred.

At its core, U4SSC advances a holistic understanding of digital public infrastructure (DPI) for cities, defined as the necessary and sufficient digital ICT systems that improve quality of life, efficiency of urban operations, and competitiveness through trustworthy, secured, and interoperable engagement between people, city processes, and underlying technologies. This includes critical systems such as digital identity, digital payments, data exchange, and artificial intelligence, structured across eight analytical viewpoints encompassing secured and climate-resilient infrastructure, smart digital governance, gender equality, sustainable urban mobility, and multilateral cooperation for SDG localization.

DPI Working Group 3

The Thematic Group on Digital Public Infrastructure for Cities (TG-DPI4Cities) operates through dedicated working groups that collectively address the full spectrum of challenges at the intersection of urban governance, cybersecurity, emerging technologies, and public service resilience. Working Group 3 focuses specifically on security and privacy aspects, tackling a threat landscape that spans ransomware attacks, identified by 45% of organizations as the top cyber risk in the WEF Global Cybersecurity Outlook 2025, supply chain vulnerabilities, large-scale data breaches, and the rapidly expanding attack surface introduced by AI-driven threats, edge computing architectures, and agentic AI systems capable of autonomously coordinating multi-vector attacks on critical public infrastructure.

Beyond conventional cybersecurity, the group's work addresses emerging risks including adversarial attacks on AI-integrated DPI systems, data poisoning of machine learning models underpinning public services, and the long-horizon threat of quantum computing to existing cryptographic standards—including "harvest now, decrypt later" strategies that put today's sensitive public data at risk. The group's outputs articulate a five-pillar governance model—spanning legislative frameworks, operational management and enforcement, secure technology and innovation, culture and capacity building, and ecosystem collaboration, alongside a people-process-technology mapping and a layered defense-in-depth architectural model aligned with NIST, ISO/IEC 27005, Zero Trust principles, and post-quantum cryptography migration pathways. Drawing on real-world implementations across Estonia, India, Brazil, Singapore, the EU, the US, China, and Japan, these frameworks are designed for policymakers, technology providers, regulators, and civil society actors responsible for building the secure and resilient public digital infrastructure of tomorrow.

References

¹ ITU / UNECE / UN-Habitat. "United for Smart Sustainable Cities (U4SSC)." ITU. 2025.

² TG-DPI4Cities / U4SSC. "Building Digital Public Infrastructure for Cities and Communities: A Strategic Framework for City Leaders, Ministers, and Policymakers." ITU. 2024.

³ World Economic Forum. "Global Cybersecurity Outlook 2025." WEF. January 2025.

⁴ European Union Agency for Cybersecurity (ENISA). "ENISA Threat Landscape Report 2024." ENISA. 2024.

⁵ National Institute of Standards and Technology. "Cybersecurity Framework Version 2.0." NIST. 2024.

⁶ International Organization for Standardization. "ISO/IEC 27005: Information Security Risk Management." ISO. 2022.

⁷ Organisation for Economic Co-operation and Development. "Digital Public Infrastructure for Digital Governments." OECD. 2023.

⁸ European Parliament and Council. "Regulation (EU) 2024/1689 on Artificial Intelligence Act (EU AI Act)." Official Journal of the European Union. 2024.

⁹ European Parliament and Council. "General Data Protection Regulation (EU) 2016/679 (GDPR)." 2016.

¹⁰ NIST Post-Quantum Cryptography Project. "Post-Quantum Cryptography Standards." NIST. 2024.