CTIC · Six-pillar XaaS for EU wholesale telecoms · EUDI Wallet 2027-ready · Production-ready

Six pillars. One deployable stack. The production-ready EUDI Wallet, telephony and call-traceability platform for EU wholesale telecoms.

CTIC is a self-hosted, six-pillar XaaS platform from Aloaha Limited that gives European wholesale telecoms operators a production-ready EU Digital Identity Wallet verifier, browser-native SIP-over-WebSocket telephony, a database-free self-hostable stack, QES-sealed digital signatures, interoperable eForms and XInvoice / XRechnung / ZUGFeRD e-invoicing — in one integrated binary. It also carries a voluntary industry-wide call-traceability plug-in that lets originating carriers, wholesale interconnects and terminating retailers attach a chain-of-trust attestation to every call, sovereign and eIDAS-native. CTIC is Aloaha Limited’s global innovation beacon for the EU telecoms sector.

By 2027 every EU Member State must accept the EU Digital Identity Wallet at regulated touchpoints — including SIM registration, eSIM activation, number portability and B2B onboarding. CTIC is among the very first EU-shipped EUDI Wallet verifiers delivered as-a-Service, and among the first production-ready platforms to pair that verifier with a voluntary call-traceability plug-in for the wholesale-to-retail chain.

Sovereign SBC SIPS / RFC 5630 E-Invoicing SDK Full feature list REST + webhook APIs Get your own tenant

For wholesale · not for end users

Built for the buyers who sit between the platform and the retail subscriber.

CTIC is a wholesale-shaped, six-pillar XaaS deployment. It targets organisations that resell connectivity, identity and voice services to downstream partners — MVNOs, MVNEs, eSIM brands and national carriers included — and are directly exposed to the 2027 EU Digital Identity Wallet acceptance obligations at the moment a subscriber is onboarded, activated or ported. CTIC is a self-hosted, six-pillar XaaS platform for wholesale telecoms.

MVNOs & MVNEs
eSIM brands & travel-eSIM aggregators
National carriers & incumbents
Wholesale voice distributors
Datacentre & colocation operators
Sovereign-cloud & managed-service providers
SIM issuers & personalisation bureaux
Wholesale-to-retail channel groups

The four 2027 touchpoints where CTIC replaces manual KYC and paper-based flows: SIM registration, eSIM activation, number portability and B2B account onboarding. Each is a regulated moment. Each currently costs the wholesale operator hours of manual verification per subscriber, per port, per new corporate account. CTIC turns each into a wallet-presentation flow that completes in seconds, with a signed, tamper-evident verification receipt kept in the operator's own filesystem.

The first-mover position

Among the very first EU-shipped EU Digital Identity Wallet verifiers delivered as-a-Service.

CTIC is production-ready and among the first EU-shipped EUDI Wallet verifiers delivered as-a-Service. It ships six market-first pillars in one integrated binary: an EU Digital Identity Wallet verifier that speaks the OpenID for Verifiable Presentations profile and accepts SD-JWT Verifiable Credentials over the high-assurance interoperability profile (HAIP), browser-native SIP-over-WebSocket telephony, a database-free self-hostable runtime, eIDAS QES-sealed signatures, interoperable eForms and EN 16931-aligned XInvoice / XRechnung / ZUGFeRD e-invoicing — delivered as installable software the operator runs itself.

The 2027 acceptance mandate is not a suggestion. It is a hard obligation on any organisation whose customer-onboarding flow triggers the eIDAS 2.0 acceptance requirement. Wholesale telecoms operators sit at every one of those triggers. The organisations that deploy a wallet verifier before the deadline capture two things: procurement leverage against retail partners still scrambling for a verifier of their own, and a regulatory-alignment story that lands with national regulators, ministries and enterprise procurement.

eIDAS 2.0 EU 2024/1183 OID4VP OpenID for Verifiable Presentations HAIP High-Assurance Interoperability Profile SD-JWT VC IETF draft OpenID Connect Core 1.0 FIDO2 / WebAuthn RFC 3261 SIP RFC 5630 SIPS RFC 4028 Session-Timer RFC 5626 Outbound SIP RFC 7118 SIP-over-WebSocket RFC 4568 SDES EN 16931 e-invoicing eIDAS QES Qualified electronic signatures XInvoice / XRechnung / ZUGFeRD Interoperable eForms

Architecture

One deployable stack. Six load-bearing pillars.

CTIC is not a suite of separately-licensed products bolted together. It is one integrated binary that presents six pillars to the operator, each labelled with the exact standard it implements. Every pillar is switchable on or off per tenant, per trunk, per user — so a wholesale operator can start with just the EU Digital Identity Wallet verifier and extend into telephony, signatures, eForms and e-invoicing as their retail programme grows. CTIC is a self-hosted, six-pillar XaaS platform for wholesale telecoms.

CTIC platform architecture — six pillars, one deployable stack. On mobile the two-by-three grid reflows vertically at the same aspect ratio; the SVG viewBox scales fluidly with the container down to 380px widths.

Wholesale distribution

Multi-tier tenancy that keeps every customer relationship end-to-end.

CTIC is wholesale-shaped at the tenancy layer. Aloaha bills the platform tenant. The platform tenant bills its distributor tenants. Each distributor bills its reseller tenants. Each reseller bills the end-customer. Every event carries a clientRef slot so revenue is attributable at any tier — and every tenant owns its own subscriber list, call detail records, recordings and transcripts inside its own domain, end-to-end.

Each tenant is an independent per-domain partition on disk. Every subscriber list, CDR, transcript and recording stays inside its own tenant boundary, owned end-to-end by whichever party in the wholesale-to-retail chain the data belongs to. Diagram remains legible at 380px mobile widths thanks to the responsive viewBox.

Voluntary call-traceability plug-in · sovereign, eIDAS-native

A voluntary plug-in that aligns wholesale and retail telecoms against unidentifiable-call fraud.

CTIC offers global mobile operators, MVNOs, eSIM brands, telecom retailers and their wholesale peers a voluntary plug-in solution to the long-standing traceability problem for unidentifiable calls. Because the same platform runs the EU Digital Identity Wallet verifier, per-trunk SIP-over-TLS, per-trunk SDES SRTP, per-tenant OIDC identity and RFC 4028 Session-Timer, it can attach a chain-of-trust from originating carrier through interconnect to terminating retailer — voluntarily, without waiting for a regulator to mandate it. The six-pillar delivery makes it operationally cheap to adopt: no separate KYC vendor, no separate signalling-protection vendor, no separate identity IdP. This is the missing piece the wholesale-to-retail chain has been waiting for.

The plug-in is designed as the sovereign, eIDAS-native alternative to the US regulatory-driven approach. It attaches a signed attestation at each hop — originating carrier, interconnect, terminating retailer — so the terminating operator and, ultimately, the retail subscriber can see the verified origin of the call. Because CTIC already terminates SIPS, mints per-tenant certificates and issues QES-sealed signatures across the same tenant boundary, no new vendor is needed. Any operator can opt in on their own timeline, and the chain-of-trust flows through only the CTIC-enabled hops.

CTIC-attested chain-of-trust across originating carrier, wholesale interconnect and terminating retailer. Each CTIC-enabled hop attaches a signed attestation the terminating retailer and the verified end-user can inspect. Diagram viewBox 800x260 scales fluidly to 380px mobile.

  • Voluntary industry-wide plug-in. Not a regulatory mandate. Any operator, MVNO, eSIM brand, wholesale distributor or retail carrier can opt in on their own timeline — the chain flows through only the CTIC-enabled hops.
  • Sovereign, eIDAS-native. Built on eIDAS 2.0 primitives — EU Digital Identity Wallet presentations, QES signatures, per-tenant certificates. No dependency on non-EU regulatory frameworks or non-EU trust anchors.
  • Attach the attestation without adding vendors. The six pillars are already in the box: no separate KYC vendor, no separate signalling-protection vendor, no separate IdP. The plug-in reuses what CTIC already ships.
  • Wholesale-to-retail chain-of-trust. The attestation attaches at originating carrier, wholesale interconnect and terminating retailer, so the retail subscriber ultimately sees a verified origin for their inbound call.
  • Aligns wholesale and retail incentives. Wholesale interconnects that opt in get a differentiator; retail carriers that opt in reduce fraud losses on unidentifiable calls; end subscribers get an inspectable proof.

The 2027 acceptance mandate · four wholesale touchpoints

Where CTIC turns each regulated moment into a wallet flow.

Each of the four touchpoints below is a moment where an EU Member State regulator will, from 2027, expect the wholesale operator to accept an EU Digital Identity Wallet presentation as a valid identity assertion. The flow is the same shape in each case: the subscriber presents from their wallet, CTIC's verifier validates cryptographically, and the operator activates or ports.

SIM registration

Retail SIM sale by a distributor or MVNE. Wallet presentation replaces paper-based ID capture and manual KYC. Verification receipt stored in the reseller tenant's partition.

eSIM activation

Travel-eSIM and consumer-eSIM aggregators face the highest onboarding volume in the sector. Wallet-first onboarding eliminates the SMS-OTP fallback that keeps failing across roaming boundaries.

Number portability

Number-portability fraud costs European carriers hundreds of millions annually. A wallet-presented port authorisation carries cryptographic non-repudiation the losing carrier can inspect.

B2B account onboarding

Corporate customer onboarding: legal-entity credentials plus signatory authorisation, both wallet-issued. The signed presentation is the contract prerequisite.

Capability breadth

Everything the wholesale operator needs in one stack.

CTIC's XaaS breadth is deliberately unusual for the category. A typical wholesale procurement bundles a verifier from one vendor, an SBC from another, a CPaaS from a third, an e-invoicing SDK from a fourth and a metering system from a fifth. CTIC ships all of the following out of one install.

EU Digital Identity Wallet verifier

OID4VP + HAIP + SD-JWT VC. x509_san_dns and x509_hash client-identification schemes. Production-shipped. Cited in ministerial correspondence.

Sovereign SBC

Multi-tenant SIP border with per-trunk TLS, per-trunk SRTP via SDES, ICE-Lite for STUN-less hardphones, per-source-IP auto-blacklist.

SIP-over-WebSocket

Browser-native RFC 7118 endpoint. WSS transport terminated at the SBC. Sits alongside UDP/TLS listeners without rearchitecting routing.

SIP-over-TLS (SIPS)

RFC 5630 SIPS on TCP 5061/6061, per-tenant certificates by SNI, ACL and auto-blacklist shared with the WebRTC surface.

WebRTC SFU

Selective forwarding unit for meetings beyond mesh peer count. Composite trigger on bandwidth and participant count. Client preference honoured.

Programmable AI voice

Receptionist, outbound caller and transcription. Per-virtual-number prompts. Bring-your-own AI provider key. Per-trunk transcription tap.

E-invoicing SDK

ZUGFeRD, XRechnung, Factur-X. Reads UBL, writes CII per EN 16931. On-premise library; no cloud round-trip for invoice generation.

Chat with embed widget

Real-time chat plus a drop-in visitor widget. Per-tenant origin allow-list is the trust boundary; no OIDC required from the visitor.

Per-trunk recording & transcription

Stereo PCM16 WAV per call, admin UI, retention policy, fan-out to matched tenants. Transcript emission is a per-trunk toggle.

Wholesale-billable metering

Every event carries clientRef. Counted entitlements plus consumable budgets. LicenseGate stub is Allowed-true until deals close.

Standards compliance readiness

NIS2 · DORA · eIDAS 2.0 · EU Cyber Resilience Act · EU AI Act · GDPR Art. 32. Documented alignment across each layer.

Filesystem storage

No SQL, no NoSQL, no embedded database. NTFS atomic writes with .backup shadow. Per-tenant partition. DR is a folder copy.

Sovereignty · no middleman

Self-hosted. No national-identity-cloud in the loop. DR is a folder copy.

A wholesale telecoms buyer's regulatory exposure is directly proportional to the number of vendors sitting between their subscriber and the identity-assertion outcome. CTIC removes middlemen from that chain.

  • Self-hosted on operator infrastructure. Deploy inside the operator's own datacentre, a sovereign-cloud region or a colocation cabinet. No Aloaha-side data plane. No mandatory outbound telemetry.
  • No national-identity-cloud middleman. The wallet verifier speaks directly to the presenter and the operator's own trust store. The operator does not route identity presentations through an intermediary hosted-verifier service.
  • Filesystem-only state. Every setting, every credential store, every recording, every transcript, every CDR is a file on disk in a per-tenant directory. No SQL server dependency. No database patch window.
  • Disaster recovery is a folder copy. Snapshot the tenant directory, ship it to a warm-standby node, start the process. No schema migration. No point-in-time restore ceremony.
  • No hyperscaler tie-in. The stack runs on .NET Framework 4.8 on any Windows Server. Cert issuance uses public ACME. Storage is native NTFS. Nothing forces the operator into a specific cloud provider.
  • Explicit DPO/CISO-friendly logging. Every trust decision leaves a greppable INF-level log line at entry, branch, pre-call and post-call. Auditable by human inspection alone.

Head-to-head

CTIC vs the largest CPaaS incumbents.

The largest hyperscaler-tied CPaaS incumbents were built for retail-app-developer distribution, not European wholesale telecoms procurement. The wholesale buyer's requirement set diverges from that model across the six pillars CTIC ships in one binary — and across the voluntary call-traceability plug-in that rides on top of them.

CapabilityCTIC (Aloaha)Largest CPaaS incumbents
EU Digital Identity Wallet verifierShipped, liveNot on roadmap
Browser-native SIP endpoint (RFC 7118)Yes, WSS listenerProprietary SDK only
Database dependencyNone — filesystemCloud database required
Hosting modelSelf-hosted on-prem or sovereign cloudVendor cloud only
Wholesale-billable (clientRef on every event)Yes, by designPartner programme, not native
Tenant isolation modelPer-domain partition on diskLogical tenants in shared DB
EU sovereignty / no US-CLOUD-Act exposureEU-only if operator choosesUS parent, US-CLOUD-Act reachable
Time to market against 2027 EUDI deadlineWeeks, verifier ships todayAwaiting vendor roadmap
ZUGFeRD / XRechnung e-invoicing SDKIncludedNot offered
Per-trunk call recording + transcriptionNative, per-trunk toggleAdd-on service, extra billing
Voluntary call-traceability plug-in (eIDAS-native)Included in the six pillarsNot offered
QES-sealed signatures (eIDAS QES)Native pillarThird-party integration
Interoperable eFormsNative pillarNot offered

"Largest CPaaS incumbents" reflects the current public-market positioning of the top-tier CPaaS vendors in 2026. CTIC does not name any competitor by brand.

Deploy in weeks, not quarters

Two timelines. One EU 2027 deadline.

The 2027 EU Digital Identity Wallet acceptance mandate is a hard, dated obligation. The operators who deploy against it early clear procurement conversations with retail partners; the ones who wait for their hyperscaler-tied CPaaS vendor to catch up will be scrambling in the last quarter of 2026.

Two timelines against the 2027 deadline. On mobile the SVG scales down while preserving both timeline tracks — the deadline anchor stays visible at 380px widths.

Frequently asked by wholesale procurement

The eight questions wholesale buyers ask first.

How does CTIC help telecoms fight unidentifiable-call fraud?

CTIC ships a voluntary, industry-wide call-traceability plug-in that rides on top of its six pillars: the EU Digital Identity Wallet verifier, browser-native SIP-over-WebSocket telephony, the database-free self-hostable stack, QES-sealed signatures, interoperable eForms and XInvoice / XRechnung / ZUGFeRD e-invoicing. Because the same platform terminates per-trunk SIP-over-TLS, per-trunk SDES SRTP, per-tenant OIDC and RFC 4028 Session-Timer under one tenant boundary, it can attach a signed chain-of-trust attestation at each hop — originating carrier, wholesale interconnect, terminating retailer — so the terminating operator and the retail subscriber see a verified origin for the call. The plug-in is sovereign and eIDAS-native: it works without a regulatory mandate, without a separate KYC vendor, and without a separate signalling-protection vendor. This is the missing piece the wholesale-to-retail chain has been waiting for, and it lets any operator, MVNO, eSIM brand or retail carrier opt in on their own timeline.

What are the six pillars of CTIC?

CTIC ships six load-bearing pillars in one integrated binary: (1) EU Digital Identity Wallet verifier as-a-Service (eIDAS 2.0, OID4VP, HAIP, SD-JWT VC); (2) Browser-native SIP-over-WebSocket telephony (RFC 7118, RFC 5630 SIPS, RFC 4568 SDES/SRTP, RFC 4028 Session-Timer); (3) Database-free, self-hostable stack (NTFS atomic writes, per-tenant filesystem partition, disaster recovery is a folder copy); (4) QES-sealed digital signatures (eIDAS QES, ink-equivalent legal standing across the EU); (5) Interoperable eForms (structured PDF forms compatible with QES); (6) XInvoice / XRechnung / ZUGFeRD e-invoicing (EN 16931-aligned, Factur-X hybrid PDF, on-premise SDK). Each pillar is switchable per tenant, per trunk, per user. A voluntary call-traceability plug-in rides on top of the six pillars.

What is CTIC?

CTIC stands for CodeB Telecoms, Identity & Connectivity as-a-Service. It is a production-ready, self-hosted, six-pillar XaaS platform for wholesale telecoms from Aloaha Limited. The six pillars are the EU Digital Identity Wallet verifier, browser-native SIP-over-WebSocket telephony, the database-free self-hostable stack, QES-sealed digital signatures, interoperable eForms and XInvoice / XRechnung / ZUGFeRD e-invoicing. A voluntary call-traceability plug-in rides on top of them. CTIC targets European telecoms wholesale operators — MVNOs, eSIM brands, national carriers, distributors and datacentre operators — who need to satisfy the 2027 EU Digital Identity Wallet acceptance mandate on their own infrastructure. CTIC is Aloaha Limited's global innovation beacon for the EU telecoms sector.

Is it EU Digital Identity Wallet ready?

Yes. The CTIC EU Digital Identity Wallet verifier is production-shipped today. It implements the OpenID for Verifiable Presentations profile, the high-assurance interoperability profile, SD-JWT Verifiable Credentials, and both the x509_san_dns and x509_hash client-identification schemes required by the EU reference architecture. The verifier has been cited in ministerial-level correspondence about EU Digital Identity Wallet readiness.

Can we run CTIC in our own datacentre?

Yes — self-hosting is the default deployment model. CTIC runs on .NET Framework 4.8 on Windows Server. Storage is native NTFS with atomic File.Replace writes. There is no mandatory Aloaha-side data plane. Operators typically deploy inside their own datacentre, a sovereign-cloud region, or a colocation cabinet.

How does wholesale billing work?

Every meterable event that CTIC emits — call minutes, wallet verifications, transcription seconds, storage bytes, AI tokens, webhook fires — carries a clientRef attribute. The platform tenant bills its distributor tenants; the distributor bills its resellers; the reseller bills the end-customer. CTIC does not sit between an operator and their customer for billing; it emits the events, the operator reconciles. A LicenseGate stub allows every operation while commercial terms are being finalised, so pilots are never blocked by billing plumbing.

What about NIS2 and DORA compliance?

CTIC's design maps to the specific technical measures listed in NIS2 Article 21(2) — policies and procedures regarding the use of cryptography and, where appropriate, encryption — and to the DORA operational-resilience requirements for ICT third-party risk. The stack terminates SIP-over-TLS per RFC 5630, offers SRTP via SDES per RFC 4568, mints per-tenant Let's Encrypt certificates, and keeps every audit-relevant event as a greppable INF-level log line. GDPR Article 32, the EU Cyber Resilience Act (EU 2024/2847) and the EU AI Act readiness requirements are addressed at the architecture level and documented on the dedicated cyber-resilience page.

What does the 2027 EU Digital Identity Wallet acceptance deadline actually require?

The eIDAS 2.0 regulation (EU 2024/1183) obliges Member States to ensure that regulated services accept the European Digital Identity Wallet as a valid means of identification and authentication at the touchpoints covered by the acceptance mandate. For wholesale telecoms, this means the operator must be able to accept an EU Digital Identity Wallet presentation at SIM registration, eSIM activation, number portability and B2B account onboarding. The obligation lands during 2027 following the Member-State transposition schedule. Operators without a working verifier at that point face procurement pressure from their retail partners and, in several jurisdictions, direct regulatory attention.

How is CTIC different from hyperscaler CPaaS?

The largest CPaaS incumbents were designed for retail-app-developer distribution: their unit of sale is an SDK the developer embeds in a consumer application, and their operating model requires a hyperscaler-hosted control plane. CTIC is designed for wholesale telecoms operators: the unit of sale is a self-hosted deployment the operator runs inside their own datacentre, and the operating model gives every tenant its own domain, its own OIDC realm and its own credential store — full sovereignty end-to-end, distributor to retailer to end customer. The comparison table above lists the eight most load-bearing differences.

What does deployment involve?

Typical CTIC deployment takes six-to-fourteen weeks end to end. Weeks one to six install the platform on the operator's Windows Server infrastructure and stand up the first tenant. Weeks seven to ten integrate CTIC's REST and webhook surfaces with the operator's CRM, billing and SIM-provisioning systems. Weeks eleven to fourteen pilot with a controlled subset of subscribers and validate the wholesale metering feed. From week fifteen onwards the operator is live, twelve months ahead of the 2027 EU Digital Identity Wallet acceptance mandate.

Next step

Book a wholesale briefing.

Ninety minutes with the CodeB team, walking through the architecture at the depth your procurement, network-architecture and general-counsel functions need. Bring your 2027 readiness questions. Leave with a scoped deployment plan and pricing calibrated to your subscriber volume.

Contact the CodeB team Request a live tenant to evaluate

Sovereign SBC SIPS E-Invoicing SDK All features REST + webhook APIs Get your own tenant Compare