What changed
FACT: On 2026-07-09 the FCC published an NPRM proposing enhanced Know-Your-Upstream-Provider (KYUP) requirements, stronger STIR/SHAKEN Governance Authority oversight, higher caller ID attestation standards, and closure of STIR/SHAKEN implementation gaps (Federal Register 2026-13874). HYPOTHESIS: this converts upstream vetting from an informal practice into documented, auditable, recurring paperwork for every carrier-to-carrier relationship.
Why now
The comment-to-effective-date window is the standards-setting moment: small carriers are just realizing they lack any vetting workflow, no vendor owns the 'small carrier KYUP' niche yet, and a dossier format that gains adoption before the final rule becomes the de facto template. Waiting until the rule is final means competing against announced incumbent modules.
Converging signals
FACT: one strong signal β the FCC NPRM itself, which appeared in both the FCC feed and the proposed-rules early-warning feed (same document). INFERENCE: the many-to-many structure (N downstreams each vetting M upstreams, both sides small and under-staffed) is derived from industry structure, not stated in the source. No corroborating PAIN or HIRING/SPEND evidence was retrieved.
Customer pain
HYPOTHESIS (structurally sound, not yet evidenced by complaints): a 5-person wholesale voice provider interconnecting with 30 partners faces 30 inbound vetting requests AND 30 outbound vetting obligations, each requiring ownership info, Robocall Mitigation Database status, attestation practices, and traffic declarations β repeated at every review cycle. Today that is ad-hoc email and spreadsheets, and under the proposed rules it becomes an enforcement exposure. No direct complaint evidence exists yet; NPRM comment filings from small carriers are the confirmation to watch for.
Who pays
Small/mid VoIP and wholesale voice providers registered in the FCC's Robocall Mitigation Database β a public, enumerable, directly-emailable buyer list. Dossier holders pay a subscription to maintain their passport; downstream providers pay per-review for auto-generated compliance documentation on their upstreams. FACT: these entities are the direct objects of the proposed obligations; INFERENCE: their willingness to pay pre-final-rule is unproven.
Solved today
HYPOTHESIS: ad-hoc questionnaires over email, spreadsheets, PDF attestations, and expensive telecom compliance consultants; larger carriers use STIR/SHAKEN analytics vendors (TransNexus, Numeracle) whose products center on call analytics and attestation, not standardized inter-carrier vetting dossiers for small operators.
Why current solutions are bad
Every pairwise relationship duplicates the same vetting work; small carriers have no compliance staff; documentation is inconsistent so it fails as audit evidence; and the proposed recurring-monitoring obligation turns a one-time chore into a treadmill. Consultants price for enterprises, not 5-person LLCs.
Proposed product
A web app where a carrier builds one KYUP passport (ownership, FCC RMD status pulled/verified automatically, 499 filer ID, attestation practices, traffic-type declarations, mitigation plan) that stays current via automated RMD monitoring, and grants view access to downstream partners. Downstreams get one-click, timestamped, audit-ready recurring review reports for each upstream. Critically, it is single-player-viable: even with zero network adoption, a downstream can use it as a KYUP workflow tool that generates and tracks vetting on non-member upstreams from public data.
MVP version
Scrape/ingest the public Robocall Mitigation Database; a dossier builder with ~20 structured fields; automated RMD status re-checks with change alerts; and a PDF/JSON 'upstream review report' generator citing the rule sections. Buildable solo in 4-6 weeks with AI assistance β the RMD is public data and the core is forms + monitoring + document generation, squarely in the founder's proven government-data wheelhouse.
30-day build
Read the full NPRM and map each proposed obligation to a dossier field. Build the RMD ingest and a landing page. Execute the stated test: email 40 small carriers from the RMD with a one-page passport concept; target >=5 intent replies or >=2 LOIs within 7 days. Monitor NPRM comment filings for small-carrier burden complaints (free demand evidence and a lead list of self-identified sufferers).
60-day build
Ship the MVP to 3-5 design partners free. File or piggyback attention on FCC comments referencing standardized vetting documentation to seed the passport format as a candidate norm. Add the single-player mode: downstream-initiated vetting of any RMD-listed upstream.
90-day revenue plan
Convert design partners to paid: ~$99-199/mo per passport holder, ~$29-49 per generated upstream review or a bundled downstream plan. Realistic first revenue is months 3-6 β carriers facing an active rulemaking with enforcement history (FCC has removed providers from the RMD) will pay for preparedness, but many will wait for the final rule; both outcomes are consistent with the founder's runway.
Distribution path
The FCC RMD is a complete, public, addressable list of every buyer β direct email/LinkedIn outreach at near-zero cost, exactly the demonstrated-value motion the founder prefers. Secondary: NPRM comment filers, VoIP operator communities, and telecom compliance attorneys/consultants as referral channels (they keep the advisory work, offload the paperwork).
Pricing hypothesis
$99-199/mo per dossier holder; $29-49 per downstream review report or $149/mo unlimited-reviews downstream seat. HYPOTHESIS β no willingness-to-pay evidence yet; anchor against telecom compliance consultants ($200-400/hr) and existing RMD-filing services.
Technical difficulty
Low-moderate: public-data ingestion, structured forms, monitoring/alerting, document generation, access control. No carrier network integration, no SIP/telephony stack needed for the MVP. Well within solo + AI-assisted capability.
Legal / regulatory risk
Moderate and mostly manageable: the product must not constitute legal advice (position as documentation tooling); the real risk is REGULATORY TIMING β this is an NPRM, not a final rule, so obligations, thresholds, and small-provider exemptions can change or vanish. Build field mappings to be rule-version-flexible.
Platform dependency
Low. Depends on public FCC data (RMD, ECFS) and the rulemaking's survival β no app store, no private API, no platform gatekeeper.
Founder fit
Very high (8/10). This matches the proven ELDT pattern β read a federal mandate, identify the compelled class, build the compliance/documentation layer, charge per transaction β and a confidence-0.8 system lesson says government-mandate opportunities are this founder's best fit. It falls one notch short of perfect because there is no government portal to submit into (the deliverable is inter-carrier paperwork, not a federal filing), and the passport's full value has a network-effect component the founder normally avoids β mitigated by the single-player downstream-vetting mode.
Breakout potential
If the passport format becomes the de facto standard during the comment window, it compounds: every new interconnect pulls in both counterparties, and the dossier naturally extends to adjacent recurring telecom compliance (RMD certifications, 499 filings, attestation evidence) β a compliance system of record for small carriers. HYPOTHESIS entirely, and the network upside should be treated as a bonus, not the plan.
Final recommendation
PURSUE AS A CHEAP, FAST TEST β do not build first. The forced-buyer structure, enumerable public buyer list, and founder fit are excellent, but the mandate is not yet final and demand evidence beyond the NPRM itself is zero. Run the 7-day outreach experiment to 40 RMD-listed carriers immediately (cost: ~2 days); build the 4-6-week MVP only if it hits the reply/LOI threshold; watch NPRM comments for burden complaints as the second gate. Kill if outreach is cold AND comment filings show no small-carrier pain, or if incumbents announce small-carrier KYUP modules.
Next action
Pull 40 small carriers from the FCC Robocall Mitigation Database today, write the one-page Provider Passport concept, and send the outreach batch; in parallel, set a monitor on ECFS docket comments for this NPRM filtering for small-carrier burden language.