Convergence Radar Convergence Engine

← Feed

A

RMD Carrier Passport: audit-ready KYUP/STIR-SHAKEN compliance file for small voice providers

71/100

A $150-300/mo service that builds and maintains the audit-ready Know-Your-Upstream-Provider file and shareable 'carrier passport' dossier that small RMD-listed VoIP providers must now produce to stay unblocked β€” sold via cold outreach to the FCC's own public roster of every obligated buyer.

Build immediately β€” high demand, fast revenue, solo feasible. Β· created 2026-07-10 03:57 UTC

public recordssaasaifast cash

Scorecard

newness 9/10
convergence 5/10
demand evidence 7/10
existing spend 5/10
solo feasibility 9/10
speed to mvp 8/10
speed to revenue 7/10
distribution 8/10
competitive gap 6/10
expansion 7/10
founder fit 9/10

Opportunity brief

What changed
FACT (cited NPRM, published 2026-07-09): The FCC proposes enhanced Know-Your-Upstream-Provider (KYUP) requirements, stronger STIR/SHAKEN Governance Authority oversight of voice service providers, raised caller ID attestation standards, and closure of STIR/SHAKEN implementation gaps. INFERENCE: this layers new recurring, evidentiary vetting/documentation duties on top of the existing Robocall Mitigation Database (RMD) regime, where delisting already triggers mandatory traffic blocking by downstream carriers.
Why now
FACT: the NPRM is one day old, so the category ('KYUP passport') and the prospect list are effectively unclaimed. INFERENCE: the comment/finalization window creates a synchronized compliance-anxiety spike across thousands of small providers, and β€” critically β€” existing RMD certification and STIR/SHAKEN duties already bind today, so revenue does not depend on the rule finalizing. HYPOTHESIS: pre-capturing the niche before finalization yields cheap category ownership; risk if the NPRM is weakened or delayed.
Converging signals
One strong FORCED-BUYER signal (the FCC NPRM, cited) plus structural facts about the existing regime (RMD is a public, downloadable registry; delisting compels downstream blocking). The signals array is otherwise empty β€” this is a pattern-instantiated hypothesis on a single fresh mandate, not a multi-signal convergence, and convergence is scored accordingly.
Customer pain
INFERENCE: small CLECs and VoIP resellers listed in the RMD typically have no compliance staff. They face (a) existing duties: RMD certification, mitigation plans, STIR/SHAKEN implementation, and (b) proposed duties: documented upstream-provider vetting, attestation-level justification, and responsiveness to compliance reviews. Failure risk is existential β€” RMD removal legally forces peers to block their traffic. The pain is 'produce a defensible paper trail on demand or lose the ability to carry traffic.' Unproven: actual willingness to pay; the testable prediction (30 cold emails β†’ β‰₯3 paying-intent replies in 7 days) is the designed check.
Who pays
The small voice provider itself (the vetted party pays to make itself easy to vet). FACT: the RMD is a public roster of this entire obligated class with contact information, which makes the buyer list downloadable β€” an unusually direct path to buyers. Secondary payer (HYPOTHESIS): downstream carriers who must vet many small upstreams and would pay for standardized vetting dossiers.
Solved today
INFERENCE: a mix of telecom regulatory law firms and consultancies (e.g., The CommLaw Group) charging thousands per engagement, robocall-mitigation vendors (TransNexus, Numeracle) focused on signing/analytics rather than audit-file maintenance, and β€” for the smallest providers β€” nothing at all (stale template mitigation plans filed once and forgotten).
Why current solutions are bad
Law firms are episodic and expensive, not continuous file maintenance. Signing/analytics vendors solve the technical STIR/SHAKEN layer, not the evidentiary KYUP paperwork layer. DIY leaves stale filings that fail a compliance review. Nobody (HYPOTHESIS, must verify) sells a cheap, continuously-maintained, shareable compliance dossier aimed at the long tail.
Proposed product
A subscription compliance-file service: (1) intake wizard that inventories the provider's upstreams, attestation practices, and RMD filing status; (2) generated and continuously updated KYUP file β€” upstream vetting records, attestation-level justifications, mitigation-plan updates, compliance-review response templates; (3) a shareable, versioned 'carrier passport' web dossier the provider hands to downstream carriers who must vet them; (4) monitoring/alerts for RMD status changes, deadlines, and docket developments (WC 17-97). AI-assisted document generation with human-readable citations to the provider's own records.
MVP version
A manually-assisted concierge version: RMD CSV scrape + deficiency scan of a prospect's current filing, a one-page gap report used as the outreach hook, and a Google-Docs-grade passport dossier assembled with AI templates for the first 5 customers. No portal automation needed on day one; productize after 10 paying customers.
30-day build
Download the RMD CSV; build the deficiency scanner (stale mitigation plans, missing fields); cold-email 100+ small (non-top-100) providers with their own gap report attached; file/monitor the WC 17-97 docket for small-provider burden comments as sales ammunition; close 3-5 concierge customers at $150-300/mo.
60-day build
Convert the concierge workflow into a web app (intake wizard, dossier generator, shareable passport link); add RMD-status and deadline monitoring; test the downstream-carrier side (do vetting teams accept/prefer the passport format?); reach 10-15 subscribers.
90-day revenue plan
Target 20-40 subscribers ($3k-10k MRR) via sustained RMD-list outreach plus referrals from downstream carriers who start requesting the passport format. If the NPRM advances toward finalization, run a deadline-driven campaign to the entire long tail.
Distribution path
Cold email/phone to the public RMD roster (FACT: registry is public and downloadable β€” the entire buyer class with contacts is enumerable). Secondary: WC 17-97 docket commenters, VoIP reseller communities, and downstream-carrier vetting teams who can push the passport onto their upstreams. No ad spend, no marketplace gatekeeper.
Pricing hypothesis
$150-300/mo per entity subscription; optional $500-1,500 one-time file-buildout fee; possible per-dossier-share or compliance-review-response add-ons. Anchored against $5k+ law-firm engagements and the existential cost of being delisted/blocked.
Technical difficulty
Low-to-moderate: CSV ingestion, document generation, a dossier web app, deadline monitoring. No government-portal write integration required initially (unlike ELDT), which cuts risk; the founder's portal skills become relevant if the FCC adds structured KYUP submission later.
Legal / regulatory risk
Moderate and manageable: must avoid unauthorized practice of law β€” position as document preparation/records management with 'consult counsel' framing, or partner with a telecom attorney for review tiers. The product documents compliance; it is not itself a regulated telecom service. NPRM risk: proposed duties could change (existing RMD/STIR-SHAKEN duties still anchor the product).
Platform dependency
Low. Depends on public FCC data (RMD CSV, ECFS docket) β€” government open data, not a revocable commercial API. INFERENCE per stored lesson pattern: government registries are stable distribution substrates.
Founder fit
VERY HIGH. This is exactly the proven FMCSA ELDT shape: a federal mandate compels a class to maintain/submit compliance artifacts tied to a government registry; a solo operator builds the artifact/automation layer and charges recurring fees. Matches stored heuristic (confidence 0.80) that government-portal mandate opportunities score 8-9 founder-fit. Systems thinking + public-records + AI document workflows all apply; no relationship-sales channel required because the buyer list is public and the pain is existential.
Breakout potential
Moderate-plus: the 'registry-gated survival paperwork' pattern replicates across other FCC obligations (499 filings, CPNI certifications) and other agencies; the downstream-carrier side could become a two-sided vetting network. Realistic ceiling as a niche compliance SaaS is $30-80k MRR (HYPOTHESIS).
Final recommendation
PURSUE THE VALIDATION TEST NOW, before building. The demand signal is a genuine forced-buyer mandate with a public buyer roster and existential enforcement β€” structurally the best pattern for this founder β€” but it rests on one day-old NPRM and zero corroborating spend evidence. The test is cheap (days, ~$0): scrape the RMD CSV, run the deficiency scan, send 30-100 gap-report cold emails. β‰₯3 paying-intent replies β†’ build the concierge MVP immediately; ~0 replies β†’ kill and keep the scanner as a prospecting asset for the next FCC mandate.
Next action
Today: download the public RMD export from fcc.gov, script a staleness/deficiency scan of non-top-100 entries, and send the first 30 personalized 'here is what a compliance review would flag in your filing' cold emails; simultaneously pull WC 17-97 docket comments for small-provider burden quotes.

Kill arguments (adversarial)

Competitors

β€’ TransNexus (link) β€” STIR/SHAKEN signing and robocall mitigation software (ClearIP); strong on the technical signing layer, not positioned (as far as known β€” verify) as an audit-file/passport maintenance service for the small-provider long tail.
β€’ Numeracle (link) β€” Number reputation and 'Know Your Customer' vetting for enterprises and providers; conceptually adjacent to KYUP dossiers β€” the most likely incumbent to bundle this. Must verify current offerings before committing.
β€’ The CommLaw Group / Marashlian & Donahue (link) β€” Telecom regulatory law firm handling RMD filings and robocall compliance for providers; episodic, high-cost engagements rather than continuous subscription file maintenance.

Source citations (facts)

β€’ [Proposed Rule] Enhancing Know-Your-Upstream-Provider Requirements and Strengthening STIR/SHAKEN β€” FACT: The FCC proposes enhanced KYUP requirements, improved Governance Authority oversight of voice service providers, raised caller ID attestation standards, and closure of STIR/SHAKEN implementation gaps β€” establishing new recurring, evidentiary compliance duties on the RMD-registered provider class.
β€’ [Proposed Rule] Enhancing Know-Your-Upstream-Provider Requirements and Strengthening STIR/SHAKEN β€” FORCED BUYER: this is a proposed rule (not final) β€” demand urgency from the NEW duties is contingent on finalization; existing RMD certification and STIR/SHAKEN obligations, referenced as the framework being strengthened, bind today and anchor interim revenue.

Actions