What changed
FACT (Federal Register, 2026-07-09): the FCC published an NPRM proposing enhanced Know-Your-Upstream-Provider requirements, stronger STIR/SHAKEN Governance Authority oversight, raised caller-ID attestation standards, and closure of STIR/SHAKEN implementation gaps. This conditions a provider's practical ability to keep originating/transiting traffic on new information-collection, vetting, and documentation duties. INFERENCE: the obligated population includes thousands of small VoIP resellers/wholesalers with no compliance staff.
Why now
The NPRM is dated 2026-07-09, creating a comment period, an adoption timeline, and a predictable compliance deadline wave. Positioning during the comment period means the tool exists when panic buying starts. CAVEAT (FACT): this is a PROPOSED rule β obligations are not yet final, so the demand wave has a real but uncertain start date, likely 6-18 months out based on typical FCC rulemaking cadence (INFERENCE).
Converging signals
(1) FACT: FCC NPRM adding KYUP information-collection and attestation-standard obligations. (2) INFERENCE from convergence input: incumbent robocall-mitigation vendors (TransNexus, Numeracle, TNS) sell to carriers and mid-size operators, leaving the long tail of small resellers under-served at low price points β unverified, needs confirmation. (3) Founder's proven pattern: regulation compels a class of filers β build the documentation/submission layer β charge per seat or per transaction.
Customer pain
HYPOTHESIS (directionally supported by the NPRM's own burden framing): a 3-15 person VoIP reseller must now vet every upstream provider, keep signed questionnaire evidence, justify attestation levels against codified standards, monitor continuously, and produce a defensible packet if the FCC or the Governance Authority asks β or risk blocking/delisting, which is existential for a voice business. They have no compliance person and no system of record; today this would be email threads and spreadsheets.
Who pays
Small US VoIP/voice service providers, resellers, and wholesale aggregators already registered in the Robocall Mitigation Database β the owner/GM pays because delisting or mandatory blocking kills the business. Secondary: telecom consultants and regulatory attorneys who would white-label the workbench for their client books. INFERENCE: population plausibly in the thousands given RMD registration counts, but I have not verified a count from the provided sources.
Solved today
HYPOTHESIS: ad-hoc β spreadsheets, PDF questionnaires over email, or outsourcing to telecom regulatory consultants at consultant hourly rates; larger providers use carrier-grade platforms (TransNexus, Numeracle) that are priced and designed for carriers, not 200-customer resellers.
Why current solutions are bad
Spreadsheets can't prove chain-of-custody on vetting evidence, can't timestamp attestation decisions against the codified levels, and fall apart in an audit. Consultants are episodic and expensive. Carrier-grade platforms are overkill and (HYPOTHESIS, must verify) have no sub-$200/mo tier for the long tail.
Proposed product
KYUP Desk: a per-provider/month workbench that (a) generates upstream-provider vetting questionnaires mapped to the final rule's requirements, (b) sends/collects/stores signed responses as tamper-evident evidence, (c) logs each attestation-level decision with rationale against the codified standards, (d) runs recurring re-vetting/monitoring reminders, and (e) exports a one-click compliance-review packet. Later: RMD filing assistance and FCC docket-watch alerts as upsells.
MVP version
A single-tenant web app: questionnaire template engine seeded from the NPRM text, e-sign capture (or countersigned PDF upload), evidence vault with immutable audit log, attestation-decision register, and PDF packet export. Buildable solo with AI assistance in 4-6 weeks. Pre-final-rule version ships as a 'KYUP Readiness' audit-and-evidence tool so it sells before adoption.
30-day build
Read the full NPRM and map every proposed information-collection duty into a requirements matrix. Scrape/monitor the ECFS docket for burden-focused comments from small providers and their associations (target list source). Cold-email 25 small wholesalers/resellers from RMD data; run the stated test: β₯2 replies admitting no KYUP plan validates. Build the questionnaire + evidence-vault core.
60-day build
Ship the Readiness edition to 5 design partners at $99/mo founder pricing. Publish a free 'KYUP NPRM decoded for small providers' guide and a comment-deadline countdown page to harvest the exact buyer list. Partner outreach to 10 telecom regulatory consultants/attorneys for white-label interest.
90-day revenue plan
Convert design partners to paid ($99-199/provider/mo), sell one-time 'KYUP readiness assessments' ($500-1,500) as cash flow while the rule finalizes, and land 1-2 consultant white-label deals. Realistic: $1-4k MRR by day 120-180, with the step-change deferred to final-rule adoption. This fits the founder's runway posture (lesson, confidence 0.90): sellability now, wave later.
Distribution path
Directly reachable list: the Robocall Mitigation Database is public and enumerates the exact obligated buyers with contact info β cold email/call at zero ad spend. ECFS commenters self-identify as worried buyers. Communities: VoIP operator forums, Cluecon/ITEXPO circles, telecom-consultant channel. No app-store or platform gatekeeper.
Pricing hypothesis
$99-199 per provider per month (under card-swipe threshold, no procurement), plus $500-1,500 one-time readiness assessment, plus white-label tier for consultants at ~$79/provider/mo wholesale. Anchor against one consultant-hour per month.
Technical difficulty
Low-moderate: forms, e-sign, document vault, audit logging, PDF generation, docket monitoring. No government portal API required for v1 (the 'portal' here is evidence production, not submission). Well inside solo + AI-assisted capability.
Legal / regulatory risk
Moderate but manageable: the tool documents compliance rather than certifying it β must avoid unauthorized-practice-of-law framing (position as recordkeeping software, offer attorney partners). Main risk is regulatory, not legal liability: the rule could change shape or exempt small providers.
Platform dependency
Low. Depends on the FCC rulemaking outcome, not on any platform's API or approval. Docket/RMD data is public.
Founder fit
VERY HIGH. This is structurally identical to the proven FMCSA ELDT play: a federal rule compels a defined class to document/attest, incumbents ignore the long tail, and a solo operator monetizes the paperwork layer per seat. Applies the stored heuristic (confidence 0.80) that government-mandate paperwork opportunities are this founder's best fit. Fresh evidence supports rather than overrides that prior. One divergence from ELDT: no per-upload federal portal transaction yet β this is evidence-keeping, not submission β slightly weaker lock-in until/unless the final rule creates a filing artifact.
Breakout potential
If the final rule lands as proposed, this becomes the QuickBooks-of-KYUP for the reseller long tail, expandable into RMD filing management, 499/CPNI calendar compliance, and general small-carrier regulatory ops β a durable niche compliance suite with high switching costs (the evidence vault IS the moat).
Final recommendation
PURSUE as a staged bet, not an immediate build-out. The founder-fit and forced-buyer structure are top-decile, but the trigger is a proposed rule. Spend the next 2 weeks on the cheap falsification tests (docket comments + 25 cold emails + incumbent pricing check); if β₯2 providers admit they have no plan and no incumbent shows a sub-$200 tier, build the Readiness MVP and own the niche before adoption. Cap pre-validation spend at ~$2k.
Next action
Today: pull the ECFS docket for this NPRM, count and read small-provider/association comments citing burden; extract 25 small wholesaler contacts from the public Robocall Mitigation Database and send the cold-email test described in the hypothesis.