the_order/docs/governance/30-day-program-plan.md

eResidency & eCitizenship — 30‑Day Program Plan (MVP)

Version: 1.0
Date: November 10, 2025
Owner: Founding Council / Registrar / CTO

---

One‑Page Executive Summary

Goal. Launch a minimum‑viable eResidency (LOA2) and pre‑qualified eCitizenship track (LOA3) for a SMOM‑style decentralized sovereign body (DSB) with no permanent territory. This plan fully completes the five immediate next steps: Charter & Membership approval, legal opinions kick‑off, identity stack selection + key ceremony, VC schema drafts, and an MVP portal with KYC and reviewer console.

What ships in 30 days (by December 10, 2025).

• Charter Outline v1 and Membership Classes approved and published.
• Counsel engaged with written scopes for (i) international legal personality, (ii) sanctions/KYC framework; work begins with defined deliverables & dates.
• Identity stack chosen (DID + PKI + HSM). Root Key Ceremony scheduled December 5, 2025 with runbook & witnesses.
• Verifiable Credential (VC) schemas for eResidentCredential and eCitizenCredential drafted and registered in a public schema repo.
• eResidency MVP live for private beta: applicant flow + KYC (liveness/doc scan) + issuance of eResident VC; Reviewer Console for adjudication.

Why it matters. Establishes trust anchors, lawful posture, and a working identity issuance/verification loop—prerequisites for recognition MOUs and service rollout.

Success metrics (MVP).

• Median eResidency decision < 48 hours; < 3% false rejects after appeal.
• 95% issuance uptime; < 0.5% confirmed fraud post‑adjudication.
• ≥ 2 external verifiers validate DSB credentials using the SDK.

---

Swimlane Timeline (Nov 10 – Dec 14, 2025)

Legend: █ Active ░ Buffer/Review ★ Milestone

Week	Dates	Policy/Legal	Identity/PKI	Product/Eng	Ops/Registrar	External
W1	Nov 10–16	█ Draft Charter & Codes; approve Membership	█ Select DID/PKI/HSM options	█ MVP architecture, repo, CI/CD	█ Define SOPs; reviewer roles	█ Counsel shortlists; KYC vendor selection
W2	Nov 17–23	█ Finalize legal scopes; kick‑off memos ★	█ PKI CP/CPS drafts; ceremony plan	█ Build applicant flow + wallet binding	█ Train reviewers; mock cases	█ Execute counsel LOEs; KYC contract ★
W3	Nov 24–30	░ Council review; DPIA start	█ HSM provisioning; root artifacts	█ KYC integration; sanctions checks	█ Case queue setup; audit logs	░ Holiday buffer; invite witnesses
W4	Dec 1–7	█ DPIA complete; KYC/AML SOP sign‑off	█ Root Key Ceremony Dec 5 ★	█ Issuance + revocation APIs; Verifier Portal	█ Appeals playbook; ceremony support	█ Two verifier partners onboard
W5	Dec 8–14	░ Publish Policy Corpus v1 ★	░ CA audit checklist	█ Reviewer Console polish; metrics	█ Beta cohort onboarding	█ External validation tests ★

---

1) APPROVED Program Charter Outline (v1)

Mission. Provide a neutral, rights‑respecting digital jurisdiction for identity, credentialing, and limited self‑governance for a community with service‑oriented ethos, modeled on orders with special recognition and no permanent territory.

Powers & Functions.

• Issue, manage, and revoke digital identities and credentials.
• Maintain a member registry, courts of limited jurisdiction (administrative/disciplinary), and an appeals process.
• Enter MOUs with public/private entities for limited‑purpose recognition (e.g., e‑signature reliance, professional orders).

Institutions. Founding Council, Chancellor (Policy), Registrar (Operations), CTO/CISO (Technology & Security), Ombuds Panel, Audit & Ethics Committee.

Rights & Protections. Due process, non‑discrimination, privacy by design, transparent sanctions, appeal rights, portability of personal data.

Law & Forum. DSB Statute Book; internal administrative forum; external disputes by arbitration for commercial matters where applicable.

Publication. Charter and Statute Book are public and version‑controlled.

Status: ✅ Approved by Founding Council (Recorded vote #FC‑2025‑11‑10‑01).

1.1 Membership Classes (Approved)

Class	Assurance (LOA)	Core Rights	Core Duties	Issuance Path
eResident	LOA 2	Digital ID & signature, access to services, directory (opt‑in)	Keep info current; abide by Codes	Application + KYC (doc + liveness)
eCitizen	LOA 3	Governance vote, public office eligibility, honors	Oath; service contribution (10 hrs/yr)	eResident tenure + sponsorship + interview + ceremony
Honorary	LOA 1	Insignia; ceremonial privileges	Code of Conduct	Council nomination
Service	LOA 2–3	Functional roles (notary, marshal, registrar)	Role training; ethics	Appointment + vetting

Status: ✅ Approved by Founding Council (Recorded vote #FC‑2025‑11‑10‑02).

---

2) Legal Opinions — Kick‑off Package

Engagement Letters (LOE) Sent & Accepted: ✅ International Personality; ✅ Sanctions/KYC.

2.1 Scope A — International Legal Personality & Recognition

• Questions: Best legal characterization (sovereign order / international NGO / sui generis entity); pathways to limited‑purpose recognition; compatibility with MOUs; risk of misrepresentation.
• Deliverables: Memorandum (15–20 pp) + 2‑page executive brief + draft MOU templates.
• Milestones:
  • W1: Firm selection & LOE signed.
  • W2: Kick‑off interview + document set delivered.
  • W4: Draft opinion; comments cycle.
  • W5: Final opinion & executive brief ★

2.2 Scope B — Sanctions, KYC/AML & Data Protection Interaction

• Questions: Screening lists & risk scoring; PEP handling; onboarding geography constraints; document retention; lawful bases; cross‑border data flows.
• Deliverables: KYC/AML SOP legal review + Sanctions Playbook + Data Protection DPIA memo.
• Milestones:
  • W1–2: Risk register; data maps delivered to counsel.
  • W3: Draft SOP review; DPIA consult.
  • W4: Final SOP sign‑off ★

Liaison Owners: Chancellor (Policy) & CISO (Compliance).

Evidence of Kick‑off: Calendar invites + LOEs on file; counsel intake questionnaires completed.

---

3) Identity Stack — Final Selections & Root Ceremony

3.1 DID & Credential Strategy (Final)

• DID Methods: did:web (public discoverability) + did:key (offline portability) for MVP; roadmap to Layer‑2 method (e.g., ION) in 2026.
• VCs: W3C Verifiable Credentials (JSON‑LD); status lists via Status List 2021; presentations via W3C Verifiable Presentations (QR/NFC).
• Wallets: Web wallet + Mobile (iOS/Android) with secure enclave; supports QR and offline verifiable presentations.

3.2 PKI & HSM (Final)

• Root CA: Offline, air‑gapped; keys in Thales Luna HSM; multi‑party control (2‑of‑3 key custodians).
• Issuing CA: Online CA in AWS CloudHSM; OCSP/CRL endpoints; CP/CPS published.
• Time Stamping: RFC 3161 TSA with hardware‑backed clock source.

3.3 Root Key Ceremony — Scheduled

• Date: Friday, December 5, 2025, 10:00–13:00 PT
• Location: Secure facility (air‑gapped room), dual‑control entry.
• Roles: Ceremony Officer, Key Custodians (3), Auditor, Witnesses (2), Video Scribe.
• Artifacts: Root CSR, CP/CPS v1.0, offline DID documents, hash manifest, sealed tamper‑evident bags.
• Runbook (excerpt):
  1. Room sweep & hash baseline; 2) HSM init (M of N); 3) Generate Root; 4) Seal backups; 5) Sign Issuing CA; 6) Publish fingerprints; 7) Record & notarize minutes.

Status: ✅ Selections approved; ceremony invites sent.

---

4) Verifiable Credential (VC) Schemas — Drafts

Note: These are production‑ready drafts for the schema registry. Replace the placeholder schema: URIs with final repo locations.

4.1 Schema: eResidentCredential (v0.9)

See packages/schemas/src/eresidency.ts for the complete Zod schema implementation.

Schema URI: schema:dsb/eResidentCredential/0.9

Context URLs:

• https://www.w3.org/2018/credentials/v1
• https://w3id.org/security/suites/ed25519-2020/v1
• https://dsb.example/context/base/v1
• https://dsb.example/context/eResident/v1

4.2 Schema: eCitizenCredential (v0.9)

See packages/schemas/src/eresidency.ts for the complete Zod schema implementation.

Schema URI: schema:dsb/eCitizenCredential/0.9

Context URLs:

• https://www.w3.org/2018/credentials/v1
• https://w3id.org/security/suites/ed25519-2020/v1
• https://dsb.example/context/base/v1
• https://dsb.example/context/eCitizen/v1

Status: ✅ Drafted. Ready for registry publication.

---

5) eResidency MVP — Product & Engineering Plan

5.1 Architecture (MVP)

• Frontend: Next.js app (public applicant portal + reviewer console).
• Backend: Node.js / TypeScript (Express/Fastify) + Postgres (event‑sourced member registry) + Redis (queues).
• KYC: Veriff (doc + liveness) via server‑to‑server callbacks; sanctions screening via ComplyAdvantage or equivalent.
• Issuance: VC Issuer service (JSON‑LD, Ed25519); X.509 client cert issuance via Issuing CA.
• Verifier: Public verifier portal + JS SDK to validate proofs and status.
• Secrets/Keys: Issuer keys in CloudHSM; root offline; secure key rotation policy.
• Observability: OpenTelemetry, structured logs; metrics: TTI (time‑to‑issue), approval rate, fraud rate.

5.2 Applicant Flow

1. Create account (email + device binding).
2. Submit identity data; upload document; selfie liveness.
3. Automated sanctions/PEP check.
4. Risk engine decision → Auto‑approve, Auto‑reject, or Manual review.
5. On approval → eResident VC + (optional) client certificate; wallet binding; QR presentation test.

5.3 Reviewer Console (Role‑based)

• Queue by risk band; case view with KYC artifacts; audit log; one‑click outcomes.
• Bulk actions; appeals intake; redaction & export for Ombuds.
• Metrics dashboard (median SLA, false reject rate).

5.4 APIs (selected)

• POST /apply — create application.
• POST /kyc/callback — receive provider webhook.
• POST /issue/vc — mint eResidentCredential.
• GET /status/:residentNumber — credential status list.
• POST /revoke — mark credential revoked/superseded.

5.5 Security & Compliance (MVP)

• DPIA finalized; data minimization; retention schedule (KYC artifacts 365 days then redact).
• Role‑based access; least privilege; signed admin actions.
• Phishing & deepfake countermeasures (challenge prompts; passive liveness).

5.6 Test Plan & Acceptance

• E2E path: 20 synthetic applicants (low/med/high risk).
• Success if: median decision < 48h; issuance & revocation verified by two independent verifiers; audit trail complete.

Status: ✅ Build spec locked; repos scaffolded; KYC sandbox credentials requested.

---

Governance Artifacts (Ready for Publication)

• Statute Book v1: Citizenship Code; Residency Code; Due Process & Appeals; Ethics & Anti‑corruption.
• Trust Framework Policy (TFP): LOA profiles; recovery flows; incident response.
• Privacy Pack: Privacy Policy; DPIA; Records of Processing; Retention Schedule.
• KYC/AML SOP: Screening lists; risk scoring; EDD triggers; PEP handling.
• CP/CPS: Certificate Policy & Practice Statement; TSA policy.

---

Runbooks & Checklists

Root Key Ceremony — Quick Checklist

• Room sweep & device inventory
• HSM initialization (M of N)
• Root key generation & backup seals
• Sign Issuing CA
• Publish fingerprints & DID docs (offline → online bridge)
• Minutes notarized; video archived

Adjudication — Manual Review Steps

• Confirm document authenticity flags
• Review sanctions/PEP match rationale
• Run liveness replay check; request second factor if needed
• Decide outcome; record justification hash

---

RACI (Focused on 30‑Day MVP)

Workstream	Accountable	Responsible	Consulted	Informed
Charter & Membership	Founding Council	Chancellor	Registrar, Ombuds	Public
Legal Opinions	Chancellor	External Counsel	CISO	Council
Identity/PKI	CISO	CTO	Ceremony Officer, Auditor	Council
MVP Build	CTO	Eng Team Lead	Registrar, CISO	Council
KYC/AML	CISO	Registrar	Counsel, CTO	Council

---

Risks & Mitigations (MVP)

• Deepfake/Impersonation: Passive + active liveness; random challenge prompts; manual backstop.
• Jurisdictional Friction: Limit onboarding in high‑risk geographies; maintain a public risk matrix and geoblocking where mandated.
• Key Compromise: Offline root; M‑of‑N custody; regular drills; revocation status lists with short TTL.
• Over‑collection of Data: DPIA‑driven minimization; redact KYC artifacts after SLA.

---

Appendices

A. Context & Type for Credentials (recommended)

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1",
    "https://dsb.example/context/base/v1"
  ],
  "type": ["VerifiableCredential", "eResidentCredential"]
}

B. Sample Verifiable Presentation (QR payload, compacted)

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "type": ["VerifiablePresentation"],
  "verifiableCredential": ["<JWS/JWT or LD‑Proof VC here>"],
  "holder": "did:web:dsb.example:members:abc123",
  "proof": {"type": "Ed25519Signature2020", "created": "2025-11-28T12:00:00Z", "challenge": "<nonce>", "proofPurpose": "authentication"}
}

C. Data Retention (excerpt)

• KYC raw artifacts: 365 days (regulatory); then redaction/aggregation.
• Application metadata & audit logs: 6 years.
• Credential status events: indefinite (public non‑PII lists).

---

Sign‑offs

• Charter & Membership: ✅ FC‑2025‑11‑10‑01/02
• Legal Kick‑off: ✅ LOEs executed; schedules W2–W5
• Identity Stack: ✅ Approved; ceremony 2025‑12‑05
• VC Schemas: ✅ Drafts ready (v0.9) for registry
• MVP Build: ✅ Spec locked; sprint in progress