What changed
FACT (Federal Register, 2026-07-09): the FCC published an NPRM proposing to enhance Know-Your-Upstream-Provider (KYUP) requirements, strengthen STIR/SHAKEN Governance Authority oversight, raise caller-ID attestation standards, and close STIR/SHAKEN implementation gaps. The word 'enhancing' in the FCC's own summary confirms a baseline KYUP/robocall-mitigation duty already exists today; the NPRM expands it into a recurring collect-verify-monitor-review obligation.
Why now
The NPRM published yesterday (2026-07-09). Comment window is open now, which means the obligated class is publicly self-identifying in ECFS; when the rule finalizes, a synchronized effective date compresses thousands of providers into one demand spike. HYPOTHESIS: building and list-building during the comment period captures that spike; waiting until finalization means competing in a crowded scramble. Crucially, there is pre-deadline value to sell NOW: under the existing framework, delisted upstream providers must have their traffic blocked, so delisting alerts have present-day utility independent of the proposed rule.
Converging signals
(1) FACT: FCC NPRM creating/expanding a recurring KYUP duty for voice service providers (Federal Register 2026-13874). (2) FACT (public knowledge, verifiable): the FCC Robocall Mitigation Database is a public, downloadable registry of every filer β the obligated class doubles as a machine-readable lead list with contact info. (3) INFERENCE: incumbent robocall-compliance vendors (TransNexus, Numeracle) sell carrier-grade platforms to large operators, leaving small resellers unserved. NOTE: the input's signals array is empty and no PAIN or HIRING evidence was retrieved β the small-provider gap and willingness-to-pay are unproven hypotheses pending the RMD-profiling and outreach tests.
Customer pain
HYPOTHESIS (structurally sound but not yet evidenced by complaints): a small VoIP reseller with zero compliance staff must (a) know who its upstream providers are, (b) verify their RMD status and certification level, (c) document that vetting on a recurring basis under the proposed rule, and (d) block traffic from delisted providers or face enforcement/its own delisting. Delisting is existential β downstream providers must stop accepting your traffic. The testable prediction (most RMD entries list an owner/officer rather than a compliance contact) has NOT yet been run; it is the first validation step, not a fact.
Who pays
Small and mid-size voice service providers, VoIP resellers, and wholesale voice operators listed in the RMD β HYPOTHESIS: thousands of entities below the size where TransNexus/Numeracle contracts make sense. Secondary: telecom compliance consultants and FCC regulatory law firms who would white-label the dossier for their client base.
Solved today
INFERENCE: large carriers use TransNexus/Numeracle-class platforms or in-house compliance teams. Small providers either rely on their upstream aggregator's assurances, pay a telecom regulatory attorney ad hoc, or do nothing and hope. Manual RMD lookups are possible but nobody maintains a continuous, timestamped review log by hand.
Why current solutions are bad
Incumbent platforms are priced and scoped for carriers (SIP-analytics suites, enterprise contracts). Attorneys are $300+/hr and don't do continuous monitoring. Doing nothing becomes untenable the moment KYUP requires documented periodic reviews β an undocumented vetting process is a per-provider violation even if your upstreams are clean. The deliverable the rule effectively demands β a maintained, auditable dossier β does not exist as a product at small-provider price points (INFERENCE; must be verified in discovery calls).
Proposed product
RMD Sentinel: customer enters their upstream providers (or imports from invoices/CDR headers). The service continuously pulls the FCC RMD export and ECFS/certification filings, tracks each upstream's status, certification level, and filing changes, auto-generates timestamped KYUP vetting records and periodic-review logs formatted to the final rule's requirements, and fires email/SMS alerts on upstream status changes or delistings ('block this traffic by X or you are out of compliance'). The maintained dossier IS the deliverable β same Compelled Compliance Dossier shape as the founder's shipped FMCSA ELDT product.
MVP version
Scraper/ETL on the public RMD export + a diff engine (status/certification changes per provider) + a per-customer dossier page with PDF export of vetting records + email alerts. No FCC portal write-access needed β this is read-monitor-document, technically simpler than the ELDT app. 2β4 weeks of AI-assisted build. Pre-MVP validation is cheaper still: profile the RMD CSV for entity size/contacts (1 day) and read ECFS small-provider comments for burden complaints (1 day).
30-day build
Days 1β3: download and profile the RMD export β test the prediction that most entries lack dedicated compliance contacts; read early ECFS comments on the docket for small-provider burden complaints. Days 4β14: build the monitor + diff engine + dossier generator. Days 15β30: cold-email 100+ small RMD-listed providers (the registry provides the contacts) with a free 'Upstream Risk Report' for their specific upstreams as the demonstrated-value hook. Kill threshold from the hypothesis: <3 discovery calls showing $100β300/mo willingness after 30 targeted contacts β shelve until the rule finalizes.
60-day build
Convert free-report recipients to paid monitoring at founding-customer pricing ($99/mo locked). File a short ECFS comment or publish a plain-English NPRM explainer to become a citable small-provider resource β this is discoverable marketing inside the obligated class's own research path. Partner outreach to 5β10 telecom compliance consultancies and FCC regulatory boutiques for white-label/referral.
90-day revenue plan
Target 10β25 paying subscribers at $99β299/mo ($1kβ5k MRR) sold on the CURRENT value (delisting alerts + documented upstream vetting) with the finalized KYUP rule as the forcing function that upgrades everyone to the full dossier tier. If the rule's final text lands within 6β12 months (typical FCC cadence β HYPOTHESIS), the pre-built list of every obligated entity plus an already-live product captures the deadline spike.
Distribution path
Unusually strong: the RMD export enumerates every buyer with contact details β a complete, public, machine-readable TAM list. Channels: cold email with per-recipient free risk reports (demonstrated value, matching founder's selling style), ECFS docket commenters (self-identified engaged providers), telecom compliance consultants as resellers, and SEO on 'KYUP requirements' / 'robocall mitigation database compliance' where content is thin because the rule is days old.
Pricing hypothesis
$99/mo (β€3 upstreams, alerts + dossier), $199β299/mo (unlimited upstreams, periodic-review automation, audit-ready PDF pack), one-time $499 'KYUP readiness assessment' as a cash-flow wedge during the pre-finalization window. Per-upstream-provider pricing mirrors the per-upload model that worked for ELDT.
Technical difficulty
Low-moderate: public CSV ingestion, diffing, document generation, alerting β squarely within the founder's demonstrated stack. Hardest part is mapping the final rule's exact recordkeeping language onto the dossier template, which is a reading-the-mandate skill the founder has proven. No government portal WRITE integration required (simpler than ELDT).
Legal / regulatory risk
Low for the product itself (monitoring public data + generating internal records; not legal advice β disclaim accordingly). The real risk is REGULATORY TIMING: this is an NPRM, not a final rule. Requirements may change, small providers could be exempted, or finalization could slip 12+ months. Mitigation: the delisting-alert value proposition stands on today's rules; the dossier tier flexes to the final text.
Platform dependency
Depends on continued public availability of the RMD export and ECFS β both statutorily grounded public resources with low removal risk. No app-store or third-party-platform gatekeeper.
Founder fit
VERY HIGH. This is a near-exact structural repeat of the proven FMCSA ELDT play: federal mandate β enumerated obligated class β recurring filing/documentation duty β per-entity fee β and the accumulated lesson (confidence 0.80) says government-mandate opportunities fit this founder best. It is actually easier than ELDT (read-only vs. portal submission). Systems thinking, complaint-mining, and demonstrated-value selling all apply. No enterprise procurement required at the entry tier.
Breakout potential
Moderate-high: the same engine extends to adjacent recurring FCC obligations for the same customer (RMD filing updates, STIR/SHAKEN certification tracking, Form 499 deadlines, 911/RAY BAUM compliance calendars) β an 'FCC compliance-in-a-box for small voice providers' suite at $500+/mo, plus white-label revenue through telecom law firms.
Final recommendation
PURSUE β VALIDATE FIRST. This is the highest-founder-fit pattern in the system (compelled compliance dossier on a federal mandate) with a public lead list and a trivially cheap validation path. Do not build the full product yet: run the 3-day validation (RMD profiling + ECFS burden-comment scan), then the free-risk-report outreach. Green-light the build on β₯3 willing-to-pay discovery calls; otherwise shelve with a tickler to revisit at Report & Order publication.
Next action
Today: download the RMD CSV from fcc.gov, profile entity count/size/contact type to test the 'no compliance staff' prediction, and pull the ECFS docket number from the NPRM to scan for small-provider burden comments; then send the first 30 personalized upstream-risk cold emails.