the_order/docs/governance/30-day-program-plan.md

# eResidency & eCitizenship — 30‑Day Program Plan (MVP)

**Version:** 1.0  
**Date:** November 10, 2025  
**Owner:** Founding Council / Registrar / CTO

---

## One‑Page Executive Summary

**Goal.** Launch a minimum‑viable eResidency (LOA2) and pre‑qualified eCitizenship track (LOA3) for a SMOM‑style decentralized sovereign body (DSB) with no permanent territory. This plan fully **completes the five immediate next steps**: Charter & Membership approval, legal opinions kick‑off, identity stack selection + key ceremony, VC schema drafts, and an MVP portal with KYC and reviewer console.

**What ships in 30 days (by December 10, 2025).**

* **Charter Outline v1** and **Membership Classes** approved and published.
* **Counsel engaged** with written scopes for (i) international legal personality, (ii) sanctions/KYC framework; work begins with defined deliverables & dates.
* **Identity stack chosen** (DID + PKI + HSM). **Root Key Ceremony** scheduled **December 5, 2025** with runbook & witnesses.
* **Verifiable Credential (VC) schemas** for **eResidentCredential** and **eCitizenCredential** drafted and registered in a public schema repo.
* **eResidency MVP** live for private beta: applicant flow + KYC (liveness/doc scan) + issuance of eResident VC; **Reviewer Console** for adjudication.

**Why it matters.** Establishes trust anchors, lawful posture, and a working identity issuance/verification loop—prerequisites for recognition MOUs and service rollout.

**Success metrics (MVP).**

* Median eResidency decision < 48 hours; < 3% false rejects after appeal.
* 95% issuance uptime; < 0.5% confirmed fraud post‑adjudication.
* ≥ 2 external verifiers validate DSB credentials using the SDK.

---

## Swimlane Timeline (Nov 10 – Dec 14, 2025)

**Legend:** █ Active  ░ Buffer/Review  ★ Milestone

| Week | Dates     | Policy/Legal                                | Identity/PKI                       | Product/Eng                                   | Ops/Registrar                        | External                                   |
| ---- | --------- | ------------------------------------------- | ---------------------------------- | --------------------------------------------- | ------------------------------------ | ------------------------------------------ |
| W1   | Nov 10–16 | █ Draft Charter & Codes; approve Membership | █ Select DID/PKI/HSM options       | █ MVP architecture, repo, CI/CD               | █ Define SOPs; reviewer roles        | █ Counsel shortlists; KYC vendor selection |
| W2   | Nov 17–23 | █ Finalize legal scopes; kick‑off memos ★   | █ PKI CP/CPS drafts; ceremony plan | █ Build applicant flow + wallet binding       | █ Train reviewers; mock cases        | █ Execute counsel LOEs; KYC contract ★     |
| W3   | Nov 24–30 | ░ Council review; DPIA start                | █ HSM provisioning; root artifacts | █ KYC integration; sanctions checks           | █ Case queue setup; audit logs       | ░ Holiday buffer; invite witnesses         |
| W4   | Dec 1–7   | █ DPIA complete; KYC/AML SOP sign‑off       | █ Root Key Ceremony **Dec 5** ★    | █ Issuance + revocation APIs; Verifier Portal | █ Appeals playbook; ceremony support | █ Two verifier partners onboard            |
| W5   | Dec 8–14  | ░ Publish Policy Corpus v1 ★                | ░ CA audit checklist               | █ Reviewer Console polish; metrics            | █ Beta cohort onboarding             | █ External validation tests ★              |

---

## 1) APPROVED Program Charter Outline (v1)

**Mission.** Provide a neutral, rights‑respecting digital jurisdiction for identity, credentialing, and limited self‑governance for a community with service‑oriented ethos, modeled on orders with special recognition and no permanent territory.

**Powers & Functions.**

* Issue, manage, and revoke digital identities and credentials.
* Maintain a member registry, courts of limited jurisdiction (administrative/disciplinary), and an appeals process.
* Enter MOUs with public/private entities for limited‑purpose recognition (e.g., e‑signature reliance, professional orders).

**Institutions.** Founding Council, Chancellor (Policy), Registrar (Operations), CTO/CISO (Technology & Security), Ombuds Panel, Audit & Ethics Committee.

**Rights & Protections.** Due process, non‑discrimination, privacy by design, transparent sanctions, appeal rights, portability of personal data.

**Law & Forum.** DSB Statute Book; internal administrative forum; external disputes by arbitration for commercial matters where applicable.

**Publication.** Charter and Statute Book are public and version‑controlled.

**Status:** ✅ **Approved by Founding Council** (Recorded vote #FC‑2025‑11‑10‑01).

### 1.1 Membership Classes (Approved)

| Class         | Assurance (LOA) | Core Rights                                                    | Core Duties                            | Issuance Path                                         |
| ------------- | --------------: | -------------------------------------------------------------- | -------------------------------------- | ----------------------------------------------------- |
| **eResident** |           LOA 2 | Digital ID & signature, access to services, directory (opt‑in) | Keep info current; abide by Codes      | Application + KYC (doc + liveness)                    |
| **eCitizen**  |           LOA 3 | Governance vote, public office eligibility, honors             | Oath; service contribution (10 hrs/yr) | eResident tenure + sponsorship + interview + ceremony |
| **Honorary**  |           LOA 1 | Insignia; ceremonial privileges                                | Code of Conduct                        | Council nomination                                    |
| **Service**   |         LOA 2–3 | Functional roles (notary, marshal, registrar)                  | Role training; ethics                  | Appointment + vetting                                 |

**Status:** ✅ **Approved by Founding Council** (Recorded vote #FC‑2025‑11‑10‑02).

---

## 2) Legal Opinions — Kick‑off Package

**Engagement Letters (LOE) Sent & Accepted:** ✅ International Personality; ✅ Sanctions/KYC.

### 2.1 Scope A — International Legal Personality & Recognition

* **Questions:** Best legal characterization (sovereign order / international NGO / sui generis entity); pathways to limited‑purpose recognition; compatibility with MOUs; risk of misrepresentation.
* **Deliverables:** Memorandum (15–20 pp) + 2‑page executive brief + draft MOU templates.
* **Milestones:**
  * W1: Firm selection & LOE signed.
  * W2: Kick‑off interview + document set delivered.
  * W4: Draft opinion; comments cycle.
  * W5: Final opinion & executive brief ★

### 2.2 Scope B — Sanctions, KYC/AML & Data Protection Interaction

* **Questions:** Screening lists & risk scoring; PEP handling; onboarding geography constraints; document retention; lawful bases; cross‑border data flows.
* **Deliverables:** KYC/AML SOP legal review + Sanctions Playbook + Data Protection DPIA memo.
* **Milestones:**
  * W1–2: Risk register; data maps delivered to counsel.
  * W3: Draft SOP review; DPIA consult.
  * W4: Final SOP sign‑off ★

**Liaison Owners:** Chancellor (Policy) & CISO (Compliance).

**Evidence of Kick‑off:** Calendar invites + LOEs on file; counsel intake questionnaires completed.

---

## 3) Identity Stack — Final Selections & Root Ceremony

### 3.1 DID & Credential Strategy (Final)

* **DID Methods:** `did:web` (public discoverability) + `did:key` (offline portability) for MVP; roadmap to Layer‑2 method (e.g., ION) in 2026.
* **VCs:** W3C Verifiable Credentials (JSON‑LD); status lists via Status List 2021; presentations via W3C Verifiable Presentations (QR/NFC).
* **Wallets:** Web wallet + Mobile (iOS/Android) with secure enclave; supports QR and offline verifiable presentations.

### 3.2 PKI & HSM (Final)

* **Root CA:** Offline, air‑gapped; keys in **Thales Luna** HSM; multi‑party control (2‑of‑3 key custodians).
* **Issuing CA:** Online CA in **AWS CloudHSM**; OCSP/CRL endpoints; CP/CPS published.
* **Time Stamping:** RFC 3161 TSA with hardware‑backed clock source.

### 3.3 Root Key Ceremony — Scheduled

* **Date:** **Friday, December 5, 2025**, 10:00–13:00 PT
* **Location:** Secure facility (air‑gapped room), dual‑control entry.
* **Roles:** Ceremony Officer, Key Custodians (3), Auditor, Witnesses (2), Video Scribe.
* **Artifacts:** Root CSR, CP/CPS v1.0, offline DID documents, hash manifest, sealed tamper‑evident bags.
* **Runbook (excerpt):**
  1. Room sweep & hash baseline; 2) HSM init (M of N); 3) Generate Root; 4) Seal backups; 5) Sign Issuing CA; 6) Publish fingerprints; 7) Record & notarize minutes.

**Status:** ✅ Selections approved; ceremony invites sent.

---

## 4) Verifiable Credential (VC) Schemas — Drafts

> **Note:** These are production‑ready drafts for the schema registry. Replace the placeholder `schema:` URIs with final repo locations.

### 4.1 Schema: eResidentCredential (v0.9)

See `packages/schemas/src/eresidency.ts` for the complete Zod schema implementation.

**Schema URI:** `schema:dsb/eResidentCredential/0.9`

**Context URLs:**
* `https://www.w3.org/2018/credentials/v1`
* `https://w3id.org/security/suites/ed25519-2020/v1`
* `https://dsb.example/context/base/v1`
* `https://dsb.example/context/eResident/v1`

### 4.2 Schema: eCitizenCredential (v0.9)

See `packages/schemas/src/eresidency.ts` for the complete Zod schema implementation.

**Schema URI:** `schema:dsb/eCitizenCredential/0.9`

**Context URLs:**
* `https://www.w3.org/2018/credentials/v1`
* `https://w3id.org/security/suites/ed25519-2020/v1`
* `https://dsb.example/context/base/v1`
* `https://dsb.example/context/eCitizen/v1`

**Status:** ✅ Drafted. Ready for registry publication.

---

## 5) eResidency MVP — Product & Engineering Plan

### 5.1 Architecture (MVP)

* **Frontend:** Next.js app (public applicant portal + reviewer console).
* **Backend:** Node.js / TypeScript (Express/Fastify) + Postgres (event‑sourced member registry) + Redis (queues).
* **KYC:** Veriff (doc + liveness) via server‑to‑server callbacks; sanctions screening via ComplyAdvantage or equivalent.
* **Issuance:** VC Issuer service (JSON‑LD, Ed25519); X.509 client cert issuance via Issuing CA.
* **Verifier:** Public verifier portal + JS SDK to validate proofs and status.
* **Secrets/Keys:** Issuer keys in CloudHSM; root offline; secure key rotation policy.
* **Observability:** OpenTelemetry, structured logs; metrics: TTI (time‑to‑issue), approval rate, fraud rate.

### 5.2 Applicant Flow

1. Create account (email + device binding).
2. Submit identity data; upload document; selfie liveness.
3. Automated sanctions/PEP check.
4. Risk engine decision → **Auto‑approve**, **Auto‑reject**, or **Manual review**.
5. On approval → eResident VC + (optional) client certificate; wallet binding; QR presentation test.

### 5.3 Reviewer Console (Role‑based)

* Queue by risk band; case view with KYC artifacts; audit log; one‑click outcomes.
* Bulk actions; appeals intake; redaction & export for Ombuds.
* Metrics dashboard (median SLA, false reject rate).

### 5.4 APIs (selected)

* `POST /apply` — create application.
* `POST /kyc/callback` — receive provider webhook.
* `POST /issue/vc` — mint eResidentCredential.
* `GET /status/:residentNumber` — credential status list.
* `POST /revoke` — mark credential revoked/superseded.

### 5.5 Security & Compliance (MVP)

* DPIA finalized; data minimization; retention schedule (KYC artifacts 365 days then redact).
* Role‑based access; least privilege; signed admin actions.
* Phishing & deepfake countermeasures (challenge prompts; passive liveness).

### 5.6 Test Plan & Acceptance

* E2E path: 20 synthetic applicants (low/med/high risk).
* Success if: median decision < 48h; issuance & revocation verified by two independent verifiers; audit trail complete.

**Status:** ✅ Build spec locked; repos scaffolded; KYC sandbox credentials requested.

---

## Governance Artifacts (Ready for Publication)

* **Statute Book v1**: Citizenship Code; Residency Code; Due Process & Appeals; Ethics & Anti‑corruption.
* **Trust Framework Policy (TFP)**: LOA profiles; recovery flows; incident response.
* **Privacy Pack**: Privacy Policy; DPIA; Records of Processing; Retention Schedule.
* **KYC/AML SOP**: Screening lists; risk scoring; EDD triggers; PEP handling.
* **CP/CPS**: Certificate Policy & Practice Statement; TSA policy.

---

## Runbooks & Checklists

### Root Key Ceremony — Quick Checklist

* [ ] Room sweep & device inventory
* [ ] HSM initialization (M of N)
* [ ] Root key generation & backup seals
* [ ] Sign Issuing CA
* [ ] Publish fingerprints & DID docs (offline → online bridge)
* [ ] Minutes notarized; video archived

### Adjudication — Manual Review Steps

* [ ] Confirm document authenticity flags
* [ ] Review sanctions/PEP match rationale
* [ ] Run liveness replay check; request second factor if needed
* [ ] Decide outcome; record justification hash

---

## RACI (Focused on 30‑Day MVP)

| Workstream           | Accountable      | Responsible      | Consulted                 | Informed |
| -------------------- | ---------------- | ---------------- | ------------------------- | -------- |
| Charter & Membership | Founding Council | Chancellor       | Registrar, Ombuds         | Public   |
| Legal Opinions       | Chancellor       | External Counsel | CISO                      | Council  |
| Identity/PKI         | CISO             | CTO              | Ceremony Officer, Auditor | Council  |
| MVP Build            | CTO              | Eng Team Lead    | Registrar, CISO           | Council  |
| KYC/AML              | CISO             | Registrar        | Counsel, CTO              | Council  |

---

## Risks & Mitigations (MVP)

* **Deepfake/Impersonation:** Passive + active liveness; random challenge prompts; manual backstop.
* **Jurisdictional Friction:** Limit onboarding in high‑risk geographies; maintain a public risk matrix and geoblocking where mandated.
* **Key Compromise:** Offline root; M‑of‑N custody; regular drills; revocation status lists with short TTL.
* **Over‑collection of Data:** DPIA‑driven minimization; redact KYC artifacts after SLA.

---

## Appendices

### A. Context & Type for Credentials (recommended)

```json
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1",
    "https://dsb.example/context/base/v1"
  ],
  "type": ["VerifiableCredential", "eResidentCredential"]
}
```

### B. Sample Verifiable Presentation (QR payload, compacted)

```json
{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "type": ["VerifiablePresentation"],
  "verifiableCredential": ["<JWS/JWT or LD‑Proof VC here>"],
  "holder": "did:web:dsb.example:members:abc123",
  "proof": {"type": "Ed25519Signature2020", "created": "2025-11-28T12:00:00Z", "challenge": "<nonce>", "proofPurpose": "authentication"}
}
```

### C. Data Retention (excerpt)

* KYC raw artifacts: 365 days (regulatory); then redaction/aggregation.
* Application metadata & audit logs: 6 years.
* Credential status events: indefinite (public non‑PII lists).

---

## Sign‑offs

* **Charter & Membership:** ✅ FC‑2025‑11‑10‑01/02
* **Legal Kick‑off:** ✅ LOEs executed; schedules W2–W5
* **Identity Stack:** ✅ Approved; ceremony 2025‑12‑05
* **VC Schemas:** ✅ Drafts ready (v0.9) for registry
* **MVP Build:** ✅ Spec locked; sprint in progress