# eResidency & eCitizenship Task Map Complete execution-ready task map to stand up both **eResidency** and **eCitizenship** for a decentralized sovereign body (DSB) modeled on SMOM-style sovereignty (recognition without permanent territory). ## Phase 0 — Program Charter & Guardrails (2–3 weeks) ### 0.1 Foundational Charter * Draft: Purpose, powers, immunities sought, governance model, membership classes (Resident, Citizen, Honorary, Service). * Define scope: digital-only status vs. claims with diplomatic effects. * Deliverable: DSB Charter v1 + Glossary. * Accept: Approved by Founding Council with recorded vote. ### 0.2 Legal & Risk Frame * Commission legal opinions on: personality under international law (IO/NGO/Order), recognition pathways, host-state agreements/MOUs, data protection regimes, sanctions compliance, export controls. * Map constraints for KYC/AML, conflict-of-laws, tax neutrality, consumer protections. * Deliverable: Legal Risk Matrix + Opinion Letters Index. * Accept: Red/Amber/Green ratings with mitigations. ### 0.3 Trust & Assurance Model * Choose trust posture: "Assured Identity Provider" with defined Levels of Assurance (LOA 1–3) and assurance events (onboard, renew, recover). * Deliverable: Trust Framework Policy (TFP), including incident handling & audit. * Accept: External reviewer sign-off. --- ## Phase 1 — Governance & Policy Stack (4–6 weeks) ### 1.1 Constitutional Instruments * Citizenship Code (rights/duties, oath), Residency Code (privileges/limits), Due Process & Appeals, Code of Conduct, Anti-corruption & Ethics. * Deliverable: Statute Book v1. * Accept: Published and version-controlled. ### 1.2 Data & Privacy * Privacy Policy, Lawful Bases Register, Data Processing Agreements, DPIA, Records of Processing Activities, Retention & Deletion Schedules. * Deliverable: Privacy & Data Governance Pack. * Accept: DPIA low/medium residual risk. ### 1.3 Sanctions/KYC/AML Policy * Define screening lists, risk scoring, Enhanced Due Diligence triggers, PEP handling, source-of-funds rules (if fees/donations), audit trail requirements. * Deliverable: KYC/AML Standard Operating Procedures (SOPs). * Accept: Mock audit passed. ### 1.4 Benefits & Obligations Catalog * Enumerate tangible benefits (digital ID, signatures, notarial layer, dispute forum, community services, ordinaries, honors) and duties (updating info, code compliance). * Deliverable: Benefits Matrix + Service SLAs. * Accept: SLA thresholds defined and met in testing. --- ## Phase 2 — Identity & Credential Architecture (6–8 weeks) ### 2.1 Identifier Strategy * Pick scheme: Decentralized Identifiers (DIDs) + UUIDs; namespace rules; revocation & recovery flows. * Deliverable: Identifier & Namespace RFC. * Accept: Collision tests + recovery drill. ### 2.2 Credentials & Schemas * Define verifiable credential (VC) schemas for: eResident Card, eCitizen Passport (digital), Address Attestation, Good Standing, Professional Orders. * Deliverable: JSON-LD schemas + Registry. * Accept: Interop tests with 3rd-party verifiers. ### 2.3 PKI / Trust Anchors * Stand up Sovereign Root CA (offline), Issuing CAs (online), Certificate Policy/Practice Statements (CP/CPS), CRL/OCSP endpoints. * Deliverable: Root ceremony artifacts + HSM key custody procedures. * Accept: External PKI audit checklist passed. ### 2.4 Wallet & Verification * User wallet options: web wallet + mobile wallet (iOS/Android) with secure enclave; verifier portal; QR/NFC presentation. * Deliverable: Wallet apps + Verifier SDK (JS/TS) + sample verifier site. * Accept: LOA-aligned presentation proofs; offline-capable QR working. --- ## Phase 3 — Application, Vetting & Issuance (6–10 weeks) ### 3.1 eResidency Workflow (MVP) * Application: email + device binding, basic identity, selfie liveness. * KYC: doc scan (passport/ID), sanctions/PEP screening, proof-of-funds if needed. * Issuance: eResident VC + X.509 client cert; optional pseudonymous handle tied to real identity at LOA 2. * Deliverable: eResidency Portal v1 + Reviewer Console. * Accept: Median approval time <48h; false-reject rate <3%. ### 3.2 eCitizenship Workflow (elevated assurance) * Eligibility: tenure as eResident, sponsorship, service merit, oath ceremony (digital). * Additional checks: video interview, multi-source corroboration, background attestations. * Issuance: eCitizen VC (higher LOA), qualified e-signature capability, digital heraldry/insignia. * Deliverable: eCitizenship Portal v1 + Ceremony Module. * Accept: Chain-of-custody logs complete; ceremony audit trail immutable. ### 3.3 Appeals & Ombuds * Build case management, independent panel roster, timelines, remedy types. * Deliverable: Appeals System + Public Register of Decisions (redacted). * Accept: Two mock cases resolved end-to-end. --- ## Phase 4 — Services Layer & Interoperability (6–8 weeks) ### 4.1 Qualified e-Signatures & Notarial * Implement signature flows (advanced/qualified), timestamping authority (TSA), document registry hashes. * Deliverable: Signature Service + Notarial Policy. * Accept: External relying party verifies signatures without DSB assistance. ### 4.2 Interop & Recognition * Map to global standards (ISO/IEC 24760 identity; W3C VC/DID; ICAO Digital Travel Credentials roadmap; ETSI eIDAS profiles for cross-recognition where feasible). * Deliverable: Interop Gateway + Conformance Reports. * Accept: Successful cross-verification with at least 3 external ecosystems. ### 4.3 Membership & Services * Roll out directories (opt-in), guilds/orders, dispute resolution forum, grant program, education/badging. * Deliverable: Service Catalog live. * Accept: ≥3 live services consumed by ≥20% of cohort. --- ## Phase 5 — Security, Audit, & Resilience (continuous; gate before GA) ### 5.1 Security * Threat model (insider, phishing, bot farms, deepfakes), red team, bug bounty, key compromise drills, geo-redundant infra. * Deliverable: Security Plan + PenTest Report + DR/BCP playbooks. * Accept: RTO/RPO targets met in exercise. ### 5.2 Compliance & Audit * Annual external audits for PKI and issuance, privacy audits, sanctions/KYC reviews, SOC2-style controls where applicable. * Deliverable: Audit Pack. * Accept: No critical findings outstanding. ### 5.3 Ethics & Human Rights * Anti-discrimination tests, appeal transparency, proportionality guidelines. * Deliverable: Human Rights Impact Assessment (HRIA). * Accept: Board attestation. --- ## Phase 6 — Diplomacy & External Relations (parallel tracks) ### 6.1 Recognition Strategy * Prioritize MOUs with NGOs, universities, chambers, standards bodies, and willing states for limited-purpose recognition (e.g., accepting DSB e-signatures or credentials). * Deliverable: Recognition Dossier + Template MOU. * Accept: ≥3 executed MOUs in Year 1. ### 6.2 Host-State Arrangements * Negotiate data hosting safe harbors, registered offices (non-territorial), or cultural mission status to facilitate operations. * Deliverable: Host Agreement Playbook. * Accept: At least one host agreement finalized. --- ## Product & Engineering Backlog (cross-phase) ### Core Systems * Member Registry (event-sourced), Credential Registry (revocation lists), Case/Appeals, Payments (if fees), Messaging & Ceremony. ### APIs/SDKs * Issuance API, Verification API, Webhooks for status changes, Admin API with immutable audit logs. ### Integrations * KYC providers (document, selfie liveness), sanctions screening, HSM/KMS, email/SMS gateways. ### UX * Application flows ≤10 minutes, save/resume, accessibility AA+, multilingual, oath UX. ### Observability * Metrics: time-to-issue, approval rates, fraud rate, credential use rate, verifier NPS. --- ## Distinguishing eResidency vs eCitizenship (policy knobs) ### Assurance * **eResidency**: LOA 1–2 * **eCitizenship**: LOA 2–3 ### Rights * **eResident**: Use DSB digital ID, signatures, services * **eCitizen**: Governance vote, public offices, honors, diplomatic corps (as policy allows) ### Duties * **eCitizen**: Oath; possible service contribution/hour benchmarks ### Fees * **eResidency**: Lower, subscription-like * **eCitizenship**: One-time plus renewal/continuing good standing ### Revocation * Graduated sanctions; transparent registry --- ## Acceptance Metrics (90-day MVP) * 95% issuance uptime; <48h median eResidency decision * <0.5% confirmed fraud after adjudication * ≥2 independent external verifiers using the SDK * First recognition MOU executed * Public policy corpus published and versioned --- ## Minimal Document Set (ready-to-draft list) * Charter & Statute Book * TFP (Trust Framework Policy) * CP/CPS (Certificate Policy/Practice Statements) * KYC/AML SOP * Privacy Pack (DPIA, DPA templates) * Security Plan * HRIA (Human Rights Impact Assessment) * Benefits & SLA Catalog * Ceremony & Oath Script * Appeals Rules * Recognition MOU Template * Host-State Playbook --- ## RACI Snapshot (who does what) * **Founding Council**: Approves Charter, Statutes, Recognition targets * **Chancellor (Policy Lead)**: Owns legal/policy stack, diplomacy * **CIO/CISO**: Owns PKI, security, audits * **CTO/Eng**: Platforms, wallets, APIs, issuance & verification * **Registrar**: Operations, case management, ceremonies * **Ombuds Panel**: Appeals & remedies * **External Counsel/Auditors**: Opinions, audits, certifications --- ## Implementation Priority ### Immediate (Phase 0-1) 1. Draft DSB Charter 2. Legal & Risk Framework 3. Trust Framework Policy 4. Constitutional Instruments 5. Privacy & Data Governance ### Short-term (Phase 2-3) 1. Identifier Strategy 2. Credential Schemas 3. PKI Infrastructure 4. eResidency Workflow 5. eCitizenship Workflow ### Medium-term (Phase 4-5) 1. Qualified e-Signatures 2. Interoperability 3. Security & Compliance 4. Services Layer ### Long-term (Phase 6) 1. Recognition Strategy 2. Host-State Arrangements 3. External Relations --- ## Integration with The Order This task map integrates with The Order's existing systems: * **Identity Service**: Extends credential issuance for eResidency and eCitizenship * **Database Package**: Member registry, credential registry, case management * **Auth Package**: Enhanced authentication and authorization for membership classes * **Workflows Package**: Application workflows, appeals, ceremonies * **Notifications Package**: Application status, ceremony invitations, renewal reminders * **Compliance Package**: KYC/AML, sanctions screening, risk scoring