From India Stack to EuroStack
Two countries built digital infrastructure for a combined two billion people. They solved the same problem. They arrived at opposite architectures.
India built a centralised biometric identity system — Aadhaar — that assigns a twelve-digit number to every resident based on fingerprints, iris scans, and facial photographs. On top of that identity layer, India built a cashless payments layer (UPI), a paperless document layer (DigiLocker), and a consent-based data-sharing layer (Account Aggregator). The whole assembly is called India Stack. It is open-API, centrally governed, and designed for a population that will trade biometric data for financial inclusion. As of March 2026, 1.44 billion Aadhaar numbers have been generated. UPI processed 21.7 billion transactions in January 2026 alone. The International Monetary Fund recognises UPI as the world’s largest retail fast-payment system by transaction volume — 49 per cent of all real-time payment transactions on earth.
The EU is building the opposite. The European Digital Identity Wallet — mandated under eIDAS 2.0 — requires every member state to offer at least one digital identity wallet to citizens by the end of 2026. The architecture is federated: data released by one member state must be trusted by relying parties in another, but no central biometric database exists. The wallet supports selective disclosure — a user can prove they are over eighteen without revealing their date of birth. Zero-knowledge proofs are mandated by Recital 14 of the regulation. The design philosophy is privacy-by-design, data minimisation, and user control.
Same problem. Two architectures. The conventional reading is that India prioritised scale and inclusion while the EU prioritised privacy and rights. This reading is correct. It is also insufficient. The architectures are not merely different technical solutions to an identity problem. They are different cultural systems expressed as infrastructure.
Trompenaars would recognise them immediately.
The Cultural Dimensions of Infrastructure
Fons Trompenaars, in Riding the Waves of Culture, identified seven dimensions along which national cultures diverge. Two of them explain India Stack and EuroStack more precisely than any technical whitepaper.
Universalism versus particularism. Universalist cultures believe that rules should apply equally to everyone, regardless of circumstance. Particularist cultures believe that relationships and context should modify how rules are applied. Germany, Sweden, and the Netherlands score high on universalism. India scores high on particularism.
India Stack is, paradoxically, a universalist technology deployed in a particularist culture. Aadhaar assigns the same twelve-digit number, through the same biometric process, to a software engineer in Bangalore and a subsistence farmer in Bihar. The system is deliberately context-blind. It does not care about caste, region, language, or economic status. It treats every resident as an identical unit in a digital database. This universalism was the point. Before Aadhaar, India’s welfare distribution system was riddled with identity fraud — benefits intended for rural poor were siphoned by intermediaries who exploited the absence of verifiable identity. Aadhaar’s universalism was a tool against particularist corruption.
The EU’s architecture is the inverse paradox. A universalist culture — one that believes in equal rules for all — has built a particularist infrastructure. Each member state issues its own identity credentials. Each member state controls its own data. The wallet is interoperable but not centralised. A German credential and a Portuguese credential are technically equivalent but institutionally distinct. The system preserves the particular — the member state’s sovereignty over its citizens’ identity — within a universal framework of mutual recognition.
A universalist culture built a particularist system because the particular it is preserving is the member state itself. The EU is not a nation. It is twenty-seven nations that have agreed on a framework for coexistence. The infrastructure reflects the political ontology. India is one nation with 1.4 billion people. The infrastructure reflects that, too.
Individualism versus communitarianism. Individualist cultures prioritise the rights and autonomy of the individual. Communitarian cultures prioritise the group — the family, the community, the nation.
India Stack is communitarian infrastructure. The system was designed for collective benefit — financial inclusion, welfare distribution, economic formalisation. The individual’s biometric data is collected not primarily for the individual’s convenience but for the nation’s administrative efficiency. The consent architecture exists, but it was added later, as a fourth layer. The foundational layers — identity and payments — were built on a communitarian logic: the nation needs to know who its residents are, and the residents benefit from being known.
The EUDI Wallet is individualist infrastructure. The entire architecture is organised around the individual’s right to control their data. Selective disclosure. Zero-knowledge proofs. Data minimisation. The individual decides what to share, with whom, and when. The system is designed to protect the individual from the state and from corporations. The foundational assumption is that the individual’s privacy is a right that the infrastructure must enforce — even at the cost of administrative efficiency.
These are not technical preferences. They are cultural axioms expressed as software architecture.
What the ECDPM Paper Found
In February 2026, the European Centre for Development Policy Management published Discussion Paper 384: “From India Stack to EuroStack: Reconciling Approaches to Sovereign Digital Infrastructure.” The authors — Chloe Teevan, Raphael Pouye, and Gautam Kamath — made an argument that should be obvious but is not: the EU and India are building sovereign digital infrastructure on fundamentally different premises, and neither framework is complete without engaging the other.
India and a range of international institutions have championed Digital Public Infrastructures — secure, interoperable digital systems designed to serve society. The DPI movement, catalysed by India’s G20 presidency in 2023, has positioned India Stack as the reference implementation. Twenty-four countries have signed memoranda of understanding with India for cooperation on DPI. The model is spreading.
Meanwhile, the EU’s conversation about digital infrastructure has crystallised around EuroStack — a broader initiative that extends beyond identity to encompass cloud computing, semiconductors, AI, and data sovereignty. The EuroStack initiative, launched in September 2024 at a conference organised by Cristina Caffarra, Francesca Bria, and Meredith Whittaker and hosted by the European Parliament, addresses a stark dependency: more than 80 per cent of Europe’s digital technologies and infrastructures are imported. Seventy per cent of the foundational AI models used globally originate in the United States. The GAIA-X cloud initiative, Europe’s first attempt at sovereign cloud infrastructure, failed when American hyperscalers lobbied their way into the consortium and hollowed it from within.
The ECDPM paper argues that the EU should expand global discussions around digital infrastructures to present a more complete and democratic framework. The paper’s insight is structural: India’s DPI model and the EU’s sovereignty model are not competitors. They are complementary expressions of different cultural priorities. India optimised for inclusion at scale. The EU optimised for rights preservation across jurisdictions. A complete framework would need both.
The paper is diplomatic. The cultural analysis is mine.
The Biometric Bargain
India Stack rests on a transaction that Europeans find difficult to comprehend. The transaction is this: give the state your fingerprints, your iris scans, and your photograph, and in return, receive a verifiable identity that grants access to banking, welfare, telecommunications, and government services.
Before Aadhaar, approximately 400 million Indians had no formal identification. No birth certificate. No driver’s licence. No passport. No way to prove, in an administrative sense, that they existed. The Pradhan Mantri Jan Dhan Yojana — the financial inclusion programme built on Aadhaar — expanded bank accounts from 147 million to 577 million by March 2026. The deposits in those accounts total 2.94 lakh crore rupees — approximately 32 billion US dollars. UPI, the payments layer, now processes over 228 billion transactions per year, with 500 million unique users.
The scale is staggering. The cultural logic is clear. In a country where hundreds of millions of people lacked any verifiable identity, the biometric bargain was not perceived as surveillance. It was perceived as existence. To be in the database was to be visible to the state — and visibility, in a context of administrative exclusion, was emancipation.
The Indian Supreme Court understood this tension. In 2018, the court upheld Aadhaar’s constitutionality by a four-to-one majority but imposed restrictions. Aadhaar could be required for welfare distribution and tax filing. It could not be required for bank accounts or mobile phone connections. The dissenting justice rejected the framework entirely, arguing that it created a surveillance architecture incompatible with the right to privacy that the same court had recognised as fundamental just one year earlier.
The legal compromise reflects the cultural compromise. India chose inclusion over privacy — not because privacy does not matter, but because inclusion, in the Indian context, was the more urgent right. Four hundred million people without identity is a crisis that abstract privacy rights do not address.
Europeans do not face this crisis. The EU’s 450 million residents overwhelmingly possess formal identification. The biometric bargain — trade your body’s data for administrative existence — is unnecessary because administrative existence is already established. The EU’s infrastructure problem is not “how do we identify our residents?” It is “how do we let our residents move across twenty-seven jurisdictions without surrendering control of their data?”
Different problem. Different architecture. Different culture.
The Consent Layer
The cultural divergence is sharpest in how each system handles consent.
India Stack’s consent architecture — the Data Empowerment and Protection Architecture, or DEPA — was added as the fourth and final layer. The first three layers (identity, payments, documents) were built and deployed before the consent framework existed. The Account Aggregator system, which allows users to share financial data with consent, launched in 2021 — a decade after Aadhaar and five years after UPI. The sequencing is significant. India built the infrastructure first and added consent controls later. The architecture prioritised function over permission.
The EU built consent into the foundation. The EUDI Wallet’s architecture is designed from the first specification around GDPR’s data minimisation principle. Selective disclosure is not a feature added to an existing system. It is a design constraint that shapes every technical decision. The wallet cannot share more data than the user authorises. The relying party cannot request more data than is necessary. Zero-knowledge proofs — the cryptographic technique that allows a user to prove a claim without revealing the underlying data — are mandated by the regulation itself, not by a subsequent amendment.
The sequencing reveals the cultural priority. India asked: “What does the system need to function?” The EU asked: “What does the individual need to be protected?” Both questions are legitimate. Neither is complete without the other.
Trompenaars would map this to the specific-versus-diffuse dimension. In specific cultures — Germany, the Netherlands, Sweden — the boundary between public and private is sharp. What is mine is mine. What is the state’s is the state’s. The boundary is non-negotiable. In diffuse cultures — India, China, many East Asian societies — the boundary between public and private is permeable. Personal data flows more freely between domains because the domains themselves are less rigidly separated.
India Stack’s architecture assumes diffuse boundaries. The system collects biometric data for identity purposes and then allows that identity to flow across payments, documents, and data sharing. The boundaries between layers are technically defined but culturally porous. The EUDI Wallet assumes specific boundaries. Each data element is compartmentalised. The user controls every boundary crossing. The architecture enforces specificity even when the user might prefer convenience.
What the EU SME Inherits
For a European company operating across both markets, the cultural architecture of each stack is not abstract. It is inherited.
A fintech company building on UPI in India inherits India Stack’s assumptions. The product can authenticate users via Aadhaar biometrics. It can access financial data through the Account Aggregator framework with user consent. It can process payments through UPI at near-zero cost. The infrastructure assumes that the user has traded biometric data for inclusion and that the system has permission to operate across layers. The developer builds on a substrate of centralised identity and open APIs.
The same company building a payment product in the EU inherits the EUDI Wallet’s assumptions. There is no central biometric database to authenticate against. Identity verification requires interacting with member-state-specific credential issuers. Data access requires selective disclosure mechanisms that the user controls. The infrastructure assumes that the user has not traded anything — that every data exchange is a negotiation, not a given.
The company that deploys the same product architecture in both markets will fail in one of them. The Indian product, transplanted to Europe, will request too much data, assume too much identity infrastructure, and violate privacy expectations that are not merely regulatory but cultural. The European product, transplanted to India, will be too cautious, too fragmented, too insistent on boundaries that the Indian user does not recognise as necessary.
This is not a compliance problem. It is a design problem. The product must be structurally different in each market — not because the regulations differ (though they do), but because the cultural assumptions embedded in the infrastructure differ.
The ECDPM paper notes that the EU should learn from India’s approach to inclusion and scale, while India should learn from the EU’s approach to rights and privacy. The recommendation is correct at the policy level. At the product level, the lesson is different. You do not learn from the other system. You design for it. You build two products that solve the same problem on different cultural substrates.
The Sovereignty Question
Both India Stack and EuroStack are sovereignty projects. Both respond to the same threat: dependence on American technology platforms for critical digital infrastructure.
India’s response was to build its own. Aadhaar is not built on AWS. UPI does not run on Google Cloud. The entire stack is domestically developed, domestically hosted, and domestically governed. India’s digital sovereignty is achieved through construction — building the infrastructure from scratch, with Indian engineers, Indian standards, and Indian governance.
The EU’s response has been slower and more contested. GAIA-X, the original European cloud sovereignty initiative, was compromised when Microsoft, Google, and Amazon Web Services joined the consortium and diluted its purpose. EuroStack, the successor initiative, estimates that Europe needs 300 billion euros by 2035 to build genuine digital sovereignty. The European Commission launched the Cloud and AI Development Act in 2025, aiming to triple the EU’s data centre capacity within five to seven years.
The contrast is cultural. India, a country that achieved independence from colonial rule in 1947, has a deeply embedded cultural reflex toward self-reliance — swadeshi, the principle of economic self-sufficiency, is a political and cultural force that predates the technology sector by a century. Building your own infrastructure is not merely a technical decision. It is a cultural imperative.
The EU, by contrast, is an economic union of twenty-seven sovereign nations that achieved integration through trade, not independence through struggle. The EU’s cultural relationship with sovereignty is negotiated, not existential. Sovereignty in the EU context means coordinated autonomy — the ability to set your own rules while participating in a shared market. This produces federated architectures because federation is what the EU is.
India builds centrally because India is one country solving one problem at continental scale. The EU builds in federation because the EU is twenty-seven countries negotiating a shared solution. The infrastructure is the culture, expressed as code.
The EuroStack Expansion
EuroStack extends beyond identity into the full technology stack — semiconductors, networks, cloud computing, AI, and data platforms. The ambition is comprehensive: a sovereign European digital infrastructure that reduces the current 80 per cent dependency on imported technology.
The initiative faces a cultural challenge that India Stack did not. India had a single government, a single regulatory framework, and a single political mandate. Nandan Nilekani, the architect of Aadhaar, could design a system for one country. The EU must design a system for twenty-seven countries with different languages, different administrative traditions, different privacy cultures, and different relationships with state authority.
Germany’s relationship with state surveillance — shaped by the Stasi, by the Nazi census, by a deep historical awareness of what happens when the state knows too much — produces a privacy culture that is structurally different from France’s relationship with its centralised administrative state. The Netherlands’ pragmatic approach to data governance differs from Italy’s more flexible interpretation of the same regulations. Sweden’s high trust in public institutions coexists with a strong tradition of individual rights.
A single European digital infrastructure must accommodate all of these cultural positions simultaneously. This is why the EU builds federated systems. Not because federation is technically optimal — centralisation is almost always more efficient — but because federation is the only architecture that can contain twenty-seven different cultural relationships with the state within a single interoperable framework.
India Stack works because India, for all its diversity, operates under a single constitutional framework with a single digital governance authority. EuroStack must work across twenty-seven constitutional frameworks with twenty-seven digital governance authorities. The architectural complexity is not a design flaw. It is a cultural necessity.
The Infrastructure Is the Culture
The conventional analysis of India Stack versus EuroStack focuses on technical architecture, regulatory frameworks, and policy implications. The ECDPM paper does this well. The Bertelsmann Stiftung’s EuroStack report does this well. The Indian government’s DPI documentation does this well.
What none of them do is name the cultural systems that produced these architectures. The architectures are not neutral technical choices. They are cultural artefacts — as culturally specific as a legal system, a kinship structure, or a writing system.
India Stack encodes a culture that prioritises collective benefit over individual privacy, that trades biometric data for administrative inclusion, that builds centrally because the nation is one entity with one problem. The consent layer was added later because, in the cultural sequence, function precedes permission.
EuroStack encodes a culture that prioritises individual rights over administrative efficiency, that refuses the biometric bargain because the bargain is unnecessary when identity is already established, that builds in federation because the union is twenty-seven entities with twenty-seven relationships to sovereignty. The privacy layer is foundational because, in the cultural sequence, permission precedes function.
For an EU SME deploying products across both systems, the lesson is not which stack is better. Both work. Both serve their populations. Both have achieved things the other has not — India’s financial inclusion numbers are extraordinary; the EU’s privacy architecture is the most sophisticated on earth.
The lesson is that plugging into either stack means inheriting its cultural assumptions. The API is not neutral. The authentication flow is not neutral. The consent mechanism is not neutral. Each carries the cultural logic of the civilisation that built it.
Trompenaars measured seven dimensions of culture. Infrastructure measures zero — but embodies all of them. The company that understands this builds two products. The company that does not builds one product and wonders why it fails in the other market.
Digital infrastructure is not plumbing. It is architecture. And architecture, as every architect knows, is culture made visible.