The Standard · Primer

A vCon Primer.

A portable, verifiable container for a conversation — what it is, why it matters now, and what it lets you do that other formats can’t.

A vCon is a portable, verifiable container for a conversation. It is currently on the standards track at the premier internet standards organization, the IETF. The three core specifications are in preparation for working-group last call, after more than two years of work from dozens of leading engineers, privacy advocates, regulators, and operators.

This page explains what one is, why the idea matters now, where vCons are already in production, what they look like inside, and what they let you do that other formats do not. If you read one piece of vCon documentation, read this.

What a vCon is

A vCon (virtualized conversation) is to a conversation what a PDF is to a document, or a vCard is to a business card. Think of it as a sealed folder for a conversation, carrying who was on the call, what was said, what they agreed to, the notes added since, and a stamped record of every set of hands it has passed through. Inside the cover it is a signed JSON object. The same shape works for a phone call, a chat session, a video meeting, or a human-to-agent conversation.

vConfive things inside
Parties — who was there Dialog — what was said Analysis — what was derived Attachments — the context
consent
carried inside the file, scoped by purpose and duration
A signed JSON object that stays coherent across every system it touches.

The name traces to a casual remark by Brian Galvin, past CTO of both Genesys and Nuance, asking why there was no vCard equivalent for conversations. vCon is the answer. The technical definition lives in the IETF VCON working group, with the spec target draft-ietf-vcon-vcon-core. Like PDF and vCard, vCon is open and carries no intellectual-property encumbrance. Data formats cannot be patented in most jurisdictions, and vCon was designed that way on purpose.

Why this matters now

The original use case was contact-center recording. Since 2024 the stakes have widened. Four forces are pushing the same direction at once.

  • Agentic AI is moving into production. Agents are starting to talk to customers and to each other. There is no shared record of what an agent said, on whose behalf, or under what authority. Without that record, there is nothing for a regulator, a customer, or a downstream system to verify against.
  • Authentic and synthetic are getting harder to tell apart. A deepfake injected into an AI pipeline is the conversational analog of malware injected into a software supply chain. vCon pairs with SCITT, the IETF effort for Supply Chain Integrity, Transparency, and Trust, so creation, sharing, analysis, and deletion are recorded in an append-only ledger that cannot be altered after the fact.
  • Consent does not travel today. Consent typically lives in a privacy policy, a recording disclosure, or a screenshot, separate from the conversation it covers. vCon carries consent inside the file itself, scoped by purpose and time. That is the difference between reporting on a privacy policy and enforcing one.
  • The silo model is doubling down. Proprietary contact-center, recording, and AI stacks are extending deeper, on architectures that do not interoperate. Without an open container, every enterprise rebuilds the same data prison in a new color every five years.

vCon is built in the open at the IETF, the standards body responsible for TCP/IP, DNS, HTTP, TLS, and SIP. The process is rough consensus, running code, and a public record. Anyone can read the drafts, join the mailing list, and challenge a design decision in writing.

Past the pilot stage

Where vCon is running today

~250K/mo
The BPO that incubated the technology runs roughly a quarter-million vCon-formatted conversations a month through production. That volume has roughly doubled over the past year.
Millions/day
A large financial institution is live with millions of vCon productions per day, on a path to a million per hour. It is also the first production instance of real-time vCons, following a conversation as it happens.
211
A prototype at a United Way 211 center listens for context that should change routing. A food-banking question and an abuse disclosure should not sit in the same queue, or wait for tomorrow's review.

Dozens of companies are actively building with vCons today. Telecom, contact-center, and CPaaS vendors are leaning in first, which is the usual pattern for an open standard. SIP gave service providers recording. vCon gives them a portable answer for what to do with the recording next.

Inside a vCon

A vCon has five things inside it.

  • Dialogs are the recorded media: audio, video, text, messaging. A vCon can be packed (media inline) for emailing or shipping as one file, or unpacked (media by reference) when the recordings are large enough to live on their own storage.
  • Parties identify who was in the conversation, and who verified their identity. Identity verification is a first-class concept, not an afterthought.
  • Consent is carried inside the file, scoped by purpose and duration. When consent is withdrawn or expires, the systems holding the vCon can act on it without consulting an external policy.
  • Analysis holds commentary derived from the dialog: transcription, sentiment, redaction, summarization, model outputs. It is stored as JSON, attachable in layers, and tied to the dialog it refers to.
  • Attachments carry the context the conversation depended on: a sales lead, a CRM record, an inbound form, an authentication challenge, anything that explains why the conversation happened in the first place.

The hard part

Conversations are simultaneously the most valuable and the most sensitive data a business holds. The value is obvious: every renewal, complaint, sales objection, support edge case, agent error, and customer insight lives in conversation long before it shows up in structured data. Modern ML, agentic AI, compliance audits, and revenue operations all want this material in volume. The sensitivity is just as obvious. Voices and faces are biometric identifiers a customer cannot change. The disclosures inside a conversation routinely include health, finances, family circumstances, and named third parties who never consented to be in the room at all.

Treating one side without the other is the trap. Lock the conversations down and the business loses the most important signal it produces. Open them up and the next breach is catastrophic and unrecoverable. vCon is built to hold both sides at once:

  • Consent rides inside the file, scoped by purpose and duration, so each downstream system can see what it is allowed to do and refuse to act outside that scope.
  • Redaction is a first-class operation, recorded in the analysis layer, so a redacted projection can be produced for one audience while the unredacted original stays controlled and inspectable for another.
  • Provenance and integrity are cryptographic, not procedural, so any version of a vCon can be traced back to who signed it, what was changed, and when.
  • SCITT records every lifecycle event — creation, sharing, analysis, deletion — in an append-only log that downstream auditors can verify on their own, without trusting the operator.

None of these mechanisms eliminate the tension. They make it manageable, auditable, and verifiable in software, which is the difference between a privacy policy and a privacy posture.

GDPR, in practice

Every data-subject right GDPR grants becomes operable rather than aspirational when conversations live in vCons.

  • The right to be informed is met by the disclosure stored at capture.
  • The right of access becomes a query against a structured object instead of a hunt across systems.
  • Rectification lands as an additional analysis entry with provenance, rather than an overwrite.
  • Erasure can be issued by the Conserver across every storage location holding the vCon, with the deletion event recorded in SCITT.
  • Restriction of processing follows the consent scope inside the file, which downstream systems read directly and refuse to act outside of.
  • Portability is the format's defining trait, so a subject-access request can return the conversations themselves rather than a flat export.
  • The right to object travels with the file, since revocation of consent propagates rather than waiting on a separate policy.
Talk to the team

See what your conversations are telling you.

Not a slide pitch, a two-way discovery of where a governed, portable conversation record fits your stack. We’ll be back to you within 24 hours.

Talk to the team →

A Vconic explainer, built on the open vCon standard (IETF).