Convergence Radar Convergence Engine

← Feed

B

KYUP Dossier β€” standing upstream-provider vetting files for small VoIP providers

66/100

Per-seat SaaS that builds and maintains the FCC-mandated Know-Your-Upstream-Provider vetting dossier (questionnaires, RMD/499/attestation evidence, degradation alerts, audit-ready review logs) for small voice resellers who have zero compliance staff.

Worth deeper research β€” promising but has risk. Β· created 2026-07-10 03:30 UTC

saaspublic recordsapifast cashairevisit later

Scorecard

newness 9/10
convergence 5/10
demand evidence 7/10
existing spend 4/10
solo feasibility 9/10
speed to mvp 8/10
speed to revenue 5/10
distribution 8/10
competitive gap 7/10
expansion 7/10
founder fit 9/10

Penalty flags
no urgent pain (βˆ’3 from raw 69)

Opportunity brief

What changed
FACT: On 2026-07-09 the FCC published an NPRM proposing enhanced Know-Your-Upstream-Provider (KYUP) requirements, stronger STIR/SHAKEN Governance Authority oversight, raised caller-ID attestation standards, and closure of STIR/SHAKEN implementation gaps (Federal Register 2026-13874). This would convert upstream vetting from informal practice into codified, recurring information-collection and compliance-review duties tied to staying in the Robocall Mitigation Database and keeping traffic flowing.
Why now
FACT: NPRM is one day old β€” the comment period and eventual effective date create a synchronized compliance deadline for the entire obligated class. INFERENCE: the sub-100k-line reseller tier has no incumbent tooling because existing STIR/SHAKEN vendors sell analytics/signing to carriers, not vetting paperwork to resellers. Building now positions the product to capture the demand spike at final-rule adoption while selling lighter 'RMD monitoring + upstream file' value in the interim.
Converging signals
FACT: One strong regulatory signal (the KYUP NPRM) carried by two Federal Register feeds. HYPOTHESIS: converges with the founder's proven government-portal-compliance pattern and with the ongoing FCC enforcement trend of removing providers from the RMD (not evidenced in the provided sources). This is a single-signal, pattern-instantiated convergence β€” real corroboration is thin and must come from ECFS docket comments and outreach.
Customer pain
INFERENCE from the rule text summary: thousands of small VoIP resellers/originators would face new duties β€” collect and verify upstream-provider information, monitor upstream status on an ongoing basis, review attestation practices, and keep RMD filings current β€” with no compliance staff, no templates, and personal traffic-cutoff risk for getting it wrong. Direct complaint evidence (docket comments, forum posts) is NOT yet in hand; the testable prediction (50 cold emails β†’ β‰₯5 calls) is the validation step.
Who pays
Small non-facilities-based and reseller voice providers listed in the FCC Robocall Mitigation Database β€” a public, scrapeable, complete list of the obligated class with contact info. Secondary: telecom compliance consultants and law firms who would white-label the dossier tool across their client base.
Solved today
HYPOTHESIS: ad-hoc β€” email questionnaires, spreadsheets, or nothing; larger providers use telecom regulatory counsel/consultants (e.g., Commpliance-Group-style firms) for 499/RMD filings at law-firm rates. No self-serve product exists for standing upstream vetting files at this tier (unverified β€” competitor scan required).
Why current solutions are bad
Manual vetting doesn't produce the codified artifacts an FCC compliance review would demand (dated evidence, verification records, monitoring logs); consultants are episodic and expensive per engagement, while the proposed duties are continuous; spreadsheets can't alert when an upstream's RMD status, GA token, or attestation posture degrades.
Proposed product
'KYUP Dossier': per-seat SaaS maintaining one living vetting file per upstream provider β€” codified questionnaire keyed to the final rule's attestation/vetting elements, automated evidence pulls (RMD status, 499 Filer ID, GA token status), change-detection alerts on upstream degradation, periodic re-attestation workflows, and one-click export of the audit-ready compliance-review log. Interim (pre-final-rule) wedge: free RMD status monitor for your upstreams as lead-gen.
MVP version
RMD scraper + upstream watchlist + change alerts + a dossier template mapped to the NPRM's proposed KYUP elements, PDF/CSV export. No portal write-back needed for v1. 3-5 weeks of AI-assisted build on the founder's existing FastAPI/Postgres/scraping stack.
30-day build
Scrape RMD for the obligated class; read the NPRM in full and map every proposed duty to a dossier field; ship the free upstream-monitor wedge; cold-email 50 small providers (the convergence's own testable prediction); file/read ECFS docket comments to gauge burden complaints and trade-association template risk.
60-day build
Convert monitor users to paid dossiers at $99-199/mo; add questionnaire send/track and evidence vault; recruit 2-3 telecom compliance consultants as white-label channel; publish a 'KYUP readiness checklist' SEO/LinkedIn asset targeting the docket's public attention.
90-day revenue plan
Target 10-25 paying providers ($1.5k-4k MRR) on the monitoring+dossier tier before the rule is final, positioning as the default when the compliance deadline lands; consultant channel deals for multi-client seats.
Distribution path
Uniquely good: the RMD is a public roster of every buyer with contact emails β€” pure demonstrated-value cold outbound, plus ECFS commenters as warm leads, plus consultant white-labeling. No ad spend, no marketplace.
Pricing hypothesis
$99-199/mo per provider (unlimited upstream dossiers) or $29/upstream/mo; consultant multi-seat at $500-1k/mo. Priced far below one hour of telecom counsel.
Technical difficulty
Low-moderate: scraping RMD/499 public data, diffing, questionnaires, document generation β€” squarely in the founder's demonstrated stack. Hardest part is regulatory fidelity of the templates, which is reading work, not engineering.
Legal / regulatory risk
Moderate-low: product is record-keeping tooling, not legal advice β€” needs clear 'not legal advice' framing. Key risk is rule-change risk, not liability: dossier fields must track the final rule, and templates may need a consultant's review (~$2-5k, affordable given runway).
Platform dependency
Low: depends on public FCC data (RMD, ECFS, 499 registry) remaining accessible; no app-store or API gatekeeper. FACT-adjacent risk: government sites can bot-block (per system lessons on scraping), so ingestion needs polite/backup paths.
Founder fit
VERY HIGH: this is the founder's proven ELDT pattern β€” a federal mandate compels a class of small operators to produce filings/records against a government system, and he builds the automation layer and charges per seat/transaction. Same skills: mandate parsing, portal/data automation, cold outbound on public rosters, no relationship sales. Applies the 0.8-confidence 'government-portal mandate' lesson directly.
Breakout potential
Moderate-strong: KYUP dossiers expand naturally into full small-provider compliance ops (RMD filing updates, 499-A prep support, STIR/SHAKEN attestation tracking, traceback response kits) β€” a compliance OS for the long tail of voice providers that incumbents ignore.
Final recommendation
PURSUE-VALIDATE: build the RMD scrape + 50-provider outreach test THIS WEEK (it costs days and directly tests the stated prediction), read the full NPRM and the ECFS docket, and build the free upstream-monitor wedge. Gate any paid-product build on β‰₯5 discovery calls and β‰₯2 'we have no vetting process' admissions, and on docket signals that the KYUP duties survive to a final rule. The founder-fit and forced-buyer structure justify the validation spend; the NPRM-stage timing is the one honest reason to keep the initial investment small.
Next action
Scrape the FCC Robocall Mitigation Database for non-facilities-based/reseller entries with contact emails; read the full 2026-13874 NPRM and map proposed KYUP duties to dossier fields; send 50 cold emails offering a free 'upstream provider risk check' and log response rate against the β‰₯5-call prediction.

Kill arguments (adversarial)

Competitors

β€’ TransNexus (ClearIP/NexOSS) (link) β€” HYPOTHESIS: dominant STIR/SHAKEN signing/analytics vendor selling to carriers and larger providers; not known to offer reseller-tier vetting-dossier paperwork β€” verify current product line.
β€’ Numeracle (link) β€” HYPOTHESIS: number reputation/KYC-adjacent vetting for enterprises and their providers; enterprise-priced, not self-serve for sub-100k-line resellers β€” verify.
β€’ Telecom compliance consultancies / regulatory law firms (e.g., The Commpliance Group) (link) β€” HYPOTHESIS: already file 499/RMD for these buyers and could bolt on KYUP services; they are also the best white-label channel β€” competitor and partner simultaneously.

Source citations (facts)

β€’ [Proposed Rule] Enhancing Know-Your-Upstream-Provider Requirements and Strengthening STIR/SHAKEN β€” FACT: FCC proposes enhanced KYUP requirements, improved GA oversight of voice service providers, raised caller-ID attestation standards, and closure of STIR/SHAKEN implementation gaps β€” the forced-buyer mandate underlying this brief; PROPOSED rule stage, not final.

Actions