What changed
FACT (Federal Register, 2026-07-09): the FCC published a Proposed Rule to enhance Know-Your-Upstream-Provider (KYUP) requirements, expand STIR/SHAKEN Governance Authority vetting and enforcement, codify attestation levels, and define improper attestations. Simultaneously (OpenAI, 2026): long-running agents can now execute multi-hour, multi-app verification/monitoring work autonomously, which is exactly the labor shape KYUP diligence creates.
Why now
The rule was published YESTERDAY β the comment period is open now, meaning zero purpose-built KYUP tooling exists and the buyer class (every US voice service provider) is just becoming aware of a new recurring diligence obligation. Whoever owns the 'KYUP readiness' search terms and provider lists before the final rule drops captures the compliance panic window. CAVEAT (fact): this is a PROPOSED rule (PRORULE), not final β obligations and deadlines are not yet binding.
Converging signals
(1) FCC PRORULE creating recurring information-collection, verification, monitoring, and compliance-review duties for voice providers [federalregister.gov]. (2) Agentic AI capable of the recurring verification/monitoring labor (checking upstream providers against the Robocall Mitigation Database, FCC enforcement actions, attestation behavior) at near-zero marginal cost [openai.com]. The convergence: a mandate that creates recurring diligence labor + agents that commoditize that labor = high-margin compliance SaaS.
Customer pain
HYPOTHESIS grounded in the rule text: small and mid-size VoIP/wholesale voice providers have no compliance staff; KYUP would force them to collect and verify upstream-provider info, monitor attestation levels, and document compliance reviews on an ongoing basis or risk removal from the Robocall Mitigation Database β which is a death sentence (downstream providers must block their traffic). The pain is existential, but it only fully materializes when the rule is finalized.
Who pays
US voice service providers, gateway providers, and intermediate/wholesale carriers β a known, enumerable, publicly listed buyer class: the FCC Robocall Mitigation Database lists thousands of filers with contact info (HYPOTHESIS on exact count; the RMD itself is a public FCC filing system, FACT). The realistic wedge buyer is the long tail of small providers who currently pay telecom law firms for RMD/STIR-SHAKEN filings and cannot afford enterprise compliance suites.
Solved today
HYPOTHESIS (not in provided evidence): today's adjacent spend goes to telecom regulatory law firms and consultants (RMD filings, robocall mitigation plans, STIR/SHAKEN certificates) and to incumbent vendors like TransNexus, Numeracle, and iconectiv (the STI Policy Administrator ecosystem). Nobody sells KYUP-specific automation yet because the obligation was proposed yesterday.
Why current solutions are bad
Law-firm diligence is manual, expensive, and point-in-time β KYUP as proposed is a CONTINUOUS monitoring duty (upstream attestation behavior changes, providers get delisted). Incumbent analytics vendors sell call-analytics to carriers, not lightweight diligence-file automation to the long tail. A per-provider, always-on agent that watches the RMD, FCC enforcement releases, and attestation levels and keeps an audit-ready file current is a different, smaller, cheaper product than anything incumbents ship.
Proposed product
KYUP Compliance Copilot: onboarding wizard ingests your upstream/downstream provider list β agent workflows verify each upstream against the RMD, FCC filings, and enforcement actions β continuous monitoring with alerts on delisting/enforcement/attestation anomalies β auto-generated, timestamped compliance-review documentation pack (the artifact you show the FCC or the Governance Authority). Pre-final-rule product: a free/cheap 'KYUP Readiness Report' + rulemaking tracker that converts to paid monitoring at adoption.
MVP version
A single-page 'KYUP Readiness Check': enter your company + upstream providers, get an automated report scoring each upstream against public FCC data (RMD status, enforcement history) plus a plain-English summary of the proposed obligations and comment deadlines. Built in 3-6 weeks with Python + public FCC data + headless agent runs. This validates willingness-to-pay before the rule is final.
30-day build
Scrape/ingest the public RMD filer list; build the readiness-report generator; publish 2-3 SEO/LinkedIn explainers on the KYUP proposal (near-zero competition on the term as of yesterday); direct-email 200 small RMD-listed providers offering a free readiness report; interview 10 to price the monitoring product.
60-day build
Convert readiness users to a paid pilot: continuous upstream-monitoring alerts + diligence-file generation at $99-$299/mo depending on provider count. Add a rulemaking tracker (comment-period milestones, final-rule alert) as a retention hook while the rule pends. Partner outreach to 3-5 telecom law firms who could white-label the monitoring layer under their compliance practice.
90-day revenue plan
Target 10-25 paying providers at $99-$299/mo ($1k-$6k MRR) on the monitoring/readiness wedge BEFORE the final rule, with the real revenue step-function (per-provider diligence files, higher tiers, law-firm white-label) landing when the FCC adopts final rules. Founder has runway to hold through that gap β consistent with the capital/runway lesson (confidence 0.9).
Distribution path
The buyer list is public and enumerable (RMD filings include contact info) β cold outreach with a concrete free artifact (their own readiness report) fits this founder's demonstrated-value sales style. Secondary: telecom compliance LinkedIn/communities, law-firm white-label, SEO on 'KYUP requirements' while the term is uncontested.
Pricing hypothesis
Freemium readiness report β $99/mo (β€5 upstreams) / $299/mo (unlimited + audit pack) / white-label tier for law firms. Per-diligence-file transactional pricing mirrors his proven ELDT per-upload model if the final rule requires periodic filed certifications.
Technical difficulty
Moderate and squarely in his lane: public-data ingestion, monitoring loops, document generation, agent orchestration β no carrier-network integration needed for the diligence/documentation layer. The hard version (SIP/attestation traffic analysis) is explicitly NOT the wedge and should be avoided.
Legal / regulatory risk
Low-moderate: the product documents someone else's compliance; it is not itself regulated. Risk is giving wrong compliance guidance β mitigate with 'not legal advice' framing and law-firm partnerships. Rule-change risk is the real exposure: the final rule may differ materially from the proposal.
Platform dependency
Low. Public FCC data sources (Federal Register, RMD, ECFS) are stable government systems; no app-store or API-gatekeeper risk. Agent tooling is swappable.
Founder fit
HIGH per the accumulated lesson (confidence 0.8): this is a regulation-compels-a-class-of-filers shape, his proven ELDT pattern β read the mandate, identify who is forced to comply, build the automation layer, charge per transaction/seat. Two deductions: (a) telecom is incumbent-dense unlike ELDT's greenfield; (b) KYUP as proposed is an ongoing-diligence duty more than a portal-submission duty, so the per-upload monetization analogue is weaker until final rules specify filing/certification mechanics.
Breakout potential
Moderate-good: KYUP is one obligation in a widening FCC robocall framework (RMD updates, attestation compliance, Governance Authority reviews) β the same enumerable buyer list supports a multi-module telecom-compliance suite, and the law-firm white-label channel scales without headcount.
Final recommendation
CONDITIONAL GO β this survives the kill attempt on shape (enumerable forced-buyer class, proven founder pattern, public-data product, no VC needed) but not yet on timing. Do the cheap validation now: build the readiness-report MVP and email 200 RMD-listed providers within 30 days. If β₯10% engage and β₯3 will pay for monitoring pre-final-rule, proceed to the paid pilot; if not, park it with a final-rule alert and re-enter at adoption. Do NOT build the full monitoring suite before that signal.
Next action
Pull the FCC Robocall Mitigation Database filer list and the full text of FCC docket for this NPRM (comment deadlines, proposed compliance mechanics); build the automated KYUP Readiness Report generator against 5 sample providers this week.