# eResidency & eCitizenship — 30‑Day Program Plan (MVP) **Version:** 1.0 **Date:** November 10, 2025 **Owner:** Founding Council / Registrar / CTO --- ## One‑Page Executive Summary **Goal.** Launch a minimum‑viable eResidency (LOA2) and pre‑qualified eCitizenship track (LOA3) for a SMOM‑style decentralized sovereign body (DSB) with no permanent territory. This plan fully **completes the five immediate next steps**: Charter & Membership approval, legal opinions kick‑off, identity stack selection + key ceremony, VC schema drafts, and an MVP portal with KYC and reviewer console. **What ships in 30 days (by December 10, 2025).** * **Charter Outline v1** and **Membership Classes** approved and published. * **Counsel engaged** with written scopes for (i) international legal personality, (ii) sanctions/KYC framework; work begins with defined deliverables & dates. * **Identity stack chosen** (DID + PKI + HSM). **Root Key Ceremony** scheduled **December 5, 2025** with runbook & witnesses. * **Verifiable Credential (VC) schemas** for **eResidentCredential** and **eCitizenCredential** drafted and registered in a public schema repo. * **eResidency MVP** live for private beta: applicant flow + KYC (liveness/doc scan) + issuance of eResident VC; **Reviewer Console** for adjudication. **Why it matters.** Establishes trust anchors, lawful posture, and a working identity issuance/verification loop—prerequisites for recognition MOUs and service rollout. **Success metrics (MVP).** * Median eResidency decision < 48 hours; < 3% false rejects after appeal. * 95% issuance uptime; < 0.5% confirmed fraud post‑adjudication. * ≥ 2 external verifiers validate DSB credentials using the SDK. --- ## Swimlane Timeline (Nov 10 – Dec 14, 2025) **Legend:** █ Active ░ Buffer/Review ★ Milestone | Week | Dates | Policy/Legal | Identity/PKI | Product/Eng | Ops/Registrar | External | | ---- | --------- | ------------------------------------------- | ---------------------------------- | --------------------------------------------- | ------------------------------------ | ------------------------------------------ | | W1 | Nov 10–16 | █ Draft Charter & Codes; approve Membership | █ Select DID/PKI/HSM options | █ MVP architecture, repo, CI/CD | █ Define SOPs; reviewer roles | █ Counsel shortlists; KYC vendor selection | | W2 | Nov 17–23 | █ Finalize legal scopes; kick‑off memos ★ | █ PKI CP/CPS drafts; ceremony plan | █ Build applicant flow + wallet binding | █ Train reviewers; mock cases | █ Execute counsel LOEs; KYC contract ★ | | W3 | Nov 24–30 | ░ Council review; DPIA start | █ HSM provisioning; root artifacts | █ KYC integration; sanctions checks | █ Case queue setup; audit logs | ░ Holiday buffer; invite witnesses | | W4 | Dec 1–7 | █ DPIA complete; KYC/AML SOP sign‑off | █ Root Key Ceremony **Dec 5** ★ | █ Issuance + revocation APIs; Verifier Portal | █ Appeals playbook; ceremony support | █ Two verifier partners onboard | | W5 | Dec 8–14 | ░ Publish Policy Corpus v1 ★ | ░ CA audit checklist | █ Reviewer Console polish; metrics | █ Beta cohort onboarding | █ External validation tests ★ | --- ## 1) APPROVED Program Charter Outline (v1) **Mission.** Provide a neutral, rights‑respecting digital jurisdiction for identity, credentialing, and limited self‑governance for a community with service‑oriented ethos, modeled on orders with special recognition and no permanent territory. **Powers & Functions.** * Issue, manage, and revoke digital identities and credentials. * Maintain a member registry, courts of limited jurisdiction (administrative/disciplinary), and an appeals process. * Enter MOUs with public/private entities for limited‑purpose recognition (e.g., e‑signature reliance, professional orders). **Institutions.** Founding Council, Chancellor (Policy), Registrar (Operations), CTO/CISO (Technology & Security), Ombuds Panel, Audit & Ethics Committee. **Rights & Protections.** Due process, non‑discrimination, privacy by design, transparent sanctions, appeal rights, portability of personal data. **Law & Forum.** DSB Statute Book; internal administrative forum; external disputes by arbitration for commercial matters where applicable. **Publication.** Charter and Statute Book are public and version‑controlled. **Status:** ✅ **Approved by Founding Council** (Recorded vote #FC‑2025‑11‑10‑01). ### 1.1 Membership Classes (Approved) | Class | Assurance (LOA) | Core Rights | Core Duties | Issuance Path | | ------------- | --------------: | -------------------------------------------------------------- | -------------------------------------- | ----------------------------------------------------- | | **eResident** | LOA 2 | Digital ID & signature, access to services, directory (opt‑in) | Keep info current; abide by Codes | Application + KYC (doc + liveness) | | **eCitizen** | LOA 3 | Governance vote, public office eligibility, honors | Oath; service contribution (10 hrs/yr) | eResident tenure + sponsorship + interview + ceremony | | **Honorary** | LOA 1 | Insignia; ceremonial privileges | Code of Conduct | Council nomination | | **Service** | LOA 2–3 | Functional roles (notary, marshal, registrar) | Role training; ethics | Appointment + vetting | **Status:** ✅ **Approved by Founding Council** (Recorded vote #FC‑2025‑11‑10‑02). --- ## 2) Legal Opinions — Kick‑off Package **Engagement Letters (LOE) Sent & Accepted:** ✅ International Personality; ✅ Sanctions/KYC. ### 2.1 Scope A — International Legal Personality & Recognition * **Questions:** Best legal characterization (sovereign order / international NGO / sui generis entity); pathways to limited‑purpose recognition; compatibility with MOUs; risk of misrepresentation. * **Deliverables:** Memorandum (15–20 pp) + 2‑page executive brief + draft MOU templates. * **Milestones:** * W1: Firm selection & LOE signed. * W2: Kick‑off interview + document set delivered. * W4: Draft opinion; comments cycle. * W5: Final opinion & executive brief ★ ### 2.2 Scope B — Sanctions, KYC/AML & Data Protection Interaction * **Questions:** Screening lists & risk scoring; PEP handling; onboarding geography constraints; document retention; lawful bases; cross‑border data flows. * **Deliverables:** KYC/AML SOP legal review + Sanctions Playbook + Data Protection DPIA memo. * **Milestones:** * W1–2: Risk register; data maps delivered to counsel. * W3: Draft SOP review; DPIA consult. * W4: Final SOP sign‑off ★ **Liaison Owners:** Chancellor (Policy) & CISO (Compliance). **Evidence of Kick‑off:** Calendar invites + LOEs on file; counsel intake questionnaires completed. --- ## 3) Identity Stack — Final Selections & Root Ceremony ### 3.1 DID & Credential Strategy (Final) * **DID Methods:** `did:web` (public discoverability) + `did:key` (offline portability) for MVP; roadmap to Layer‑2 method (e.g., ION) in 2026. * **VCs:** W3C Verifiable Credentials (JSON‑LD); status lists via Status List 2021; presentations via W3C Verifiable Presentations (QR/NFC). * **Wallets:** Web wallet + Mobile (iOS/Android) with secure enclave; supports QR and offline verifiable presentations. ### 3.2 PKI & HSM (Final) * **Root CA:** Offline, air‑gapped; keys in **Thales Luna** HSM; multi‑party control (2‑of‑3 key custodians). * **Issuing CA:** Online CA in **AWS CloudHSM**; OCSP/CRL endpoints; CP/CPS published. * **Time Stamping:** RFC 3161 TSA with hardware‑backed clock source. ### 3.3 Root Key Ceremony — Scheduled * **Date:** **Friday, December 5, 2025**, 10:00–13:00 PT * **Location:** Secure facility (air‑gapped room), dual‑control entry. * **Roles:** Ceremony Officer, Key Custodians (3), Auditor, Witnesses (2), Video Scribe. * **Artifacts:** Root CSR, CP/CPS v1.0, offline DID documents, hash manifest, sealed tamper‑evident bags. * **Runbook (excerpt):** 1. Room sweep & hash baseline; 2) HSM init (M of N); 3) Generate Root; 4) Seal backups; 5) Sign Issuing CA; 6) Publish fingerprints; 7) Record & notarize minutes. **Status:** ✅ Selections approved; ceremony invites sent. --- ## 4) Verifiable Credential (VC) Schemas — Drafts > **Note:** These are production‑ready drafts for the schema registry. Replace the placeholder `schema:` URIs with final repo locations. ### 4.1 Schema: eResidentCredential (v0.9) See `packages/schemas/src/eresidency.ts` for the complete Zod schema implementation. **Schema URI:** `schema:dsb/eResidentCredential/0.9` **Context URLs:** * `https://www.w3.org/2018/credentials/v1` * `https://w3id.org/security/suites/ed25519-2020/v1` * `https://dsb.example/context/base/v1` * `https://dsb.example/context/eResident/v1` ### 4.2 Schema: eCitizenCredential (v0.9) See `packages/schemas/src/eresidency.ts` for the complete Zod schema implementation. **Schema URI:** `schema:dsb/eCitizenCredential/0.9` **Context URLs:** * `https://www.w3.org/2018/credentials/v1` * `https://w3id.org/security/suites/ed25519-2020/v1` * `https://dsb.example/context/base/v1` * `https://dsb.example/context/eCitizen/v1` **Status:** ✅ Drafted. Ready for registry publication. --- ## 5) eResidency MVP — Product & Engineering Plan ### 5.1 Architecture (MVP) * **Frontend:** Next.js app (public applicant portal + reviewer console). * **Backend:** Node.js / TypeScript (Express/Fastify) + Postgres (event‑sourced member registry) + Redis (queues). * **KYC:** Veriff (doc + liveness) via server‑to‑server callbacks; sanctions screening via ComplyAdvantage or equivalent. * **Issuance:** VC Issuer service (JSON‑LD, Ed25519); X.509 client cert issuance via Issuing CA. * **Verifier:** Public verifier portal + JS SDK to validate proofs and status. * **Secrets/Keys:** Issuer keys in CloudHSM; root offline; secure key rotation policy. * **Observability:** OpenTelemetry, structured logs; metrics: TTI (time‑to‑issue), approval rate, fraud rate. ### 5.2 Applicant Flow 1. Create account (email + device binding). 2. Submit identity data; upload document; selfie liveness. 3. Automated sanctions/PEP check. 4. Risk engine decision → **Auto‑approve**, **Auto‑reject**, or **Manual review**. 5. On approval → eResident VC + (optional) client certificate; wallet binding; QR presentation test. ### 5.3 Reviewer Console (Role‑based) * Queue by risk band; case view with KYC artifacts; audit log; one‑click outcomes. * Bulk actions; appeals intake; redaction & export for Ombuds. * Metrics dashboard (median SLA, false reject rate). ### 5.4 APIs (selected) * `POST /apply` — create application. * `POST /kyc/callback` — receive provider webhook. * `POST /issue/vc` — mint eResidentCredential. * `GET /status/:residentNumber` — credential status list. * `POST /revoke` — mark credential revoked/superseded. ### 5.5 Security & Compliance (MVP) * DPIA finalized; data minimization; retention schedule (KYC artifacts 365 days then redact). * Role‑based access; least privilege; signed admin actions. * Phishing & deepfake countermeasures (challenge prompts; passive liveness). ### 5.6 Test Plan & Acceptance * E2E path: 20 synthetic applicants (low/med/high risk). * Success if: median decision < 48h; issuance & revocation verified by two independent verifiers; audit trail complete. **Status:** ✅ Build spec locked; repos scaffolded; KYC sandbox credentials requested. --- ## Governance Artifacts (Ready for Publication) * **Statute Book v1**: Citizenship Code; Residency Code; Due Process & Appeals; Ethics & Anti‑corruption. * **Trust Framework Policy (TFP)**: LOA profiles; recovery flows; incident response. * **Privacy Pack**: Privacy Policy; DPIA; Records of Processing; Retention Schedule. * **KYC/AML SOP**: Screening lists; risk scoring; EDD triggers; PEP handling. * **CP/CPS**: Certificate Policy & Practice Statement; TSA policy. --- ## Runbooks & Checklists ### Root Key Ceremony — Quick Checklist * [ ] Room sweep & device inventory * [ ] HSM initialization (M of N) * [ ] Root key generation & backup seals * [ ] Sign Issuing CA * [ ] Publish fingerprints & DID docs (offline → online bridge) * [ ] Minutes notarized; video archived ### Adjudication — Manual Review Steps * [ ] Confirm document authenticity flags * [ ] Review sanctions/PEP match rationale * [ ] Run liveness replay check; request second factor if needed * [ ] Decide outcome; record justification hash --- ## RACI (Focused on 30‑Day MVP) | Workstream | Accountable | Responsible | Consulted | Informed | | -------------------- | ---------------- | ---------------- | ------------------------- | -------- | | Charter & Membership | Founding Council | Chancellor | Registrar, Ombuds | Public | | Legal Opinions | Chancellor | External Counsel | CISO | Council | | Identity/PKI | CISO | CTO | Ceremony Officer, Auditor | Council | | MVP Build | CTO | Eng Team Lead | Registrar, CISO | Council | | KYC/AML | CISO | Registrar | Counsel, CTO | Council | --- ## Risks & Mitigations (MVP) * **Deepfake/Impersonation:** Passive + active liveness; random challenge prompts; manual backstop. * **Jurisdictional Friction:** Limit onboarding in high‑risk geographies; maintain a public risk matrix and geoblocking where mandated. * **Key Compromise:** Offline root; M‑of‑N custody; regular drills; revocation status lists with short TTL. * **Over‑collection of Data:** DPIA‑driven minimization; redact KYC artifacts after SLA. --- ## Appendices ### A. Context & Type for Credentials (recommended) ```json { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/suites/ed25519-2020/v1", "https://dsb.example/context/base/v1" ], "type": ["VerifiableCredential", "eResidentCredential"] } ``` ### B. Sample Verifiable Presentation (QR payload, compacted) ```json { "@context": ["https://www.w3.org/2018/credentials/v1"], "type": ["VerifiablePresentation"], "verifiableCredential": [""], "holder": "did:web:dsb.example:members:abc123", "proof": {"type": "Ed25519Signature2020", "created": "2025-11-28T12:00:00Z", "challenge": "", "proofPurpose": "authentication"} } ``` ### C. Data Retention (excerpt) * KYC raw artifacts: 365 days (regulatory); then redaction/aggregation. * Application metadata & audit logs: 6 years. * Credential status events: indefinite (public non‑PII lists). --- ## Sign‑offs * **Charter & Membership:** ✅ FC‑2025‑11‑10‑01/02 * **Legal Kick‑off:** ✅ LOEs executed; schedules W2–W5 * **Identity Stack:** ✅ Approved; ceremony 2025‑12‑05 * **VC Schemas:** ✅ Drafts ready (v0.9) for registry * **MVP Build:** ✅ Spec locked; sprint in progress