At CASA25, a standout panel dove deep into one of the most critical—and least understood—aspects of the vCon revolution: how to handle consent, compliance, and data provenance in an AI-driven world.

Moderated by Thomas Howe of Strolid, the panel brought together a mix of perspectives from across the ecosystem: Jason Goecke (Creo Solutions), Nima Golchini (Enea), Tony Nuzzo (Approved Contact), and Ben Curtis and Dean Landsman from JLINC. Together, they explored how programmable trust and verifiable consent are becoming the new foundation of intelligent communications.

From Permissions to Provenance

Tony Nuzzo of Approved Contact opened with a simple but powerful premise: trust starts with permission.

His company’s new Permissions product lets brands validate consent explicitly — not just “we think they agreed,” but clear records of whether customers allow their voice to be used in AI, or whether they want to receive texts or calls.

“You want to be a trusted brand, not just a brand,” Tony said. “And the VCon gives you a way to prove that trust.”

By capturing this consent inside verifiable conversation data, VCons effectively become an insurance policy for brands — proof that engagement is both compliant and authentic.

Security First: Cleaning the Pipeline

Nima Golchini of Enea then connected the dots between consent and cybersecurity.

Enea provides messaging and signaling firewalls that filter spam, block malicious content, and enforce regional compliance rules across operators and CPaaS providers.

He explained how AI models now detect campaign drift — where a registered campaign sends unrelated content — and help enforce national codes of conduct, like France’s restriction on promotional messages during weekends.

“It’s about keeping a clean pipeline,” Nima said. “Security, compliance, and monetization all depend on it.”

JLINC: Proof That Data Stays True

The discussion moved to data provenance, where Ben Curtis and Dean Landsman from JLINC outlined how cryptographic signatures and zero-knowledge auditing can verify the flow of data without ever exposing its contents.

Ben explained how their system ensures that data shared between systems — for example, between AI models or CPaaS platforms — is traceable, trusted, and compliant with privacy regulations.

“We can prove that the data went where it was supposed to go, and came from who it was supposed to — without ever revealing the private data itself.”

Dean added that this capability turns compliance into something verifiable and automatic:

“From the moment data begins to the moment it ends, it still belongs to its originator. That’s the essence of trust under GDPR and every new data law to come.”

Smart Contracts for Consent

When Jason Goecke of Creo Solutions joined the exchange, he described VCons as the foundation for programmable compliance.

“It’s like a smart contract for communication,” he said. “Consent travels with the data itself. That gives you ownership, transparency, and interoperability — the foundation for trusted applications.”

VCons, in this view, turn consent into code — allowing businesses to automate trust, not just declare it.

The New CRM: Conversational and Consumer-Centric

Closing the panel, Dean Landsman reflected on how VCons could transform CRM systems.

Traditional CRMs were designed to collect and exploit data, not to protect it. The next generation, he said, will be conversational and consumer-centric — powered by verifiable, user-owned data.

“CRM hasn’t really had guardrails before. VCons bring them,” he said. “They ensure customer data stays their own — and make the system finally work for the customer.”

From Compliance to Confidence

The message from this CASA25 panel was clear: VCons aren’t just about storing conversations — they’re about redefining digital trust.

They turn compliance into a design principle, enable verifiable provenance for AI, and make consent portable across every layer of the communications stack.

As Thomas Howe closed the session, he summed up the mood perfectly:

“This isn’t about regulation slowing us down — it’s about trust becoming programmable.”

At CASA25, Nicolai Schaettgen (Match-Maker Ventures) hosted a candid fireside chat with Ramazan Soganci, Portfolio Lead CPaaS at KPN, diving into how the Dutch telco is reinventing itself through practical network API use cases. The star example? A collaboration with buy-now-pay-later giant Riverty — not built on technology for its own sake, but on something more fundamental: trust.

From Side Project to Strategic Priority

Two years ago, CPaaS at KPN was still treated like a side hustle. Like many telcos, KPN had spent a decade debating RCS and dabbling in APIs. But the rise of enterprise digital transformation—and the demand for flexible, secure, real-time communications—finally pushed the company to act.

That shift came with a new mindset: expose telco assets through APIs, go beyond messaging, and focus on value creation. Today, Ramazan leads this transformation. His team is scaling KPN’s CPaaS and network API business in partnership with aggregators and enterprises—proving the time for real deployment is now.

The Riverty Story: Trust Is the Real Currency

When financial services firm Riverty (formerly Arvato) approached KPN, it wasn’t to discuss APIs, pricing, or product specs. The conversation centered on trust—the most valuable asset in financial services.

With growing regulatory pressure across Europe, Riverty needed a robust age verification solution to protect consumers and satisfy regulators. Could telco data play a role in ensuring underage users weren’t accessing credit? Could the solution be seamless, scalable, and compliant?

KPN said yes—and delivered a simple yet powerful age verification API. The solution checks, in real time, whether a buyer is 18 or older, using KPN’s verified subscriber data. It’s frictionless, accurate, and—critically—trusted by both regulators and customers.

“We never discussed financial KPIs with Riverty,” Ramazan noted. “The entire conversation was about trust, compliance, and protecting customers.”

Beyond KPN’s Network: Scale Through Collaboration

One standout aspect of this use case: it doesn’t stop with KPN subscribers. Realizing that full market coverage is essential for enterprise buyers, KPN collaborated with other Dutch telcos and aggregators to make the solution available across networks.

This is not the telco playbook of old. It’s a new era of API-driven cooperation, where value comes from federation, not fragmentation.

“No customer accepts 40% coverage. To win, we need scale—and that means working together,” Ramazan said. “It’s not about ego anymore.”

A Strategic Framework: Communication + Network + Identity APIs

KPN’s offering spans far beyond a single use case. Ramazan described their CPaaS strategy as built around three pillars:

• Communication APIs – traditional messaging and voice (SMS, RCS, etc)
• Network APIs – exposing telco assets like quality on demand, SIM swap detection, and location
• Identity APIs – enabling age, identity, and silent authentication use cases

Each API is evaluated based on relevance to specific verticals, with financial services and e-commerce currently showing the most traction due to their fraud and compliance needs.

“We don’t believe in throwing dozens of APIs into the market and hoping for adoption,” Ramazan emphasized. “We start with real use cases, solve problems, and then scale.”

Hyperscalers, Developers, and the Go-to-Market Dilemma

One of the most honest parts of the discussion was around hyperscalers. Ramazan acknowledged that companies like Amazon and Google have a head start when it comes to developer relationships—but KPN isn’t trying to compete on the same terms.

Instead, they’re going deep in verticals, working directly with compliance officers, risk managers, and business owners, not just IT or procurement.

This account-based, consultative approach helped land the Riverty deal—and it’s the foundation for growth in other industries.

What’s Next: From Proof to Scale

KPN isn’t alone anymore. With GSMA’s Open Gateway initiative pushing global alignment, and more telcos investing in practical, privacy-compliant APIs, momentum is building. But challenges remain.

To truly scale:

Cross-operator collaboration must become the norm Success cases like Riverty must be productized and marketed The developer experience still needs simplification and abstraction Telcos must embrace new go-to-market roles, beyond network operations

Ramazan closed with a call to action:

“The industry needs more collaboration—not just among telcos, but with aggregators, platforms, and innovators in this room.”

Key Takeaways

• Trust is a strategic differentiator. Telcos can offer unique identity and verification tools that businesses—and regulators—will rely on.
• Start small, scale smart. Don’t launch dozens of APIs. Build reference use cases with high-value verticals, then replicate.
• Partnerships matter. Cross-operator collaboration and aggregator support are key to reaching enterprise-grade scale.
• Riverty is just the beginning. Financial services and e-commerce are ripe for more telco-powered identity and fraud solutions.

Final Word

At CASA25, the buzzword wasn’t APIs. It was impact. And KPN’s Riverty collaboration is a clear signal: telcos can move from slow-moving incumbents to trusted partners in the digital economy—when they build with purpose.

Let’s make it happen. Together.