Over the past few weeks, we’ve been testing the vetKeys protocol on subnets 2fq7c and fuqsr. These tests successfully exercised operational tasks such as master key generation and backup, as well as validated the full end-to-end flow of key derivation.

We’re now proposing to move vetKeys to the next phase by generating the production key, which will proceed in the following stages:

• June 20 – Propose key generation: We will submit an NNS proposal to generate a production vetKD key on subnet pzp6e, the fiduciary subnet that also holds the production ECDSA and Schnorr keys. The key will use key ID Bls12_381_G2:key_1.

• June 26 (8AM UTC) – Backup the key: The production key will be backed up to a second subnet, uzr34, which also serves as the backup for ECDSA and Schnorr keys.

• June 27 – Propose enabling the production key: After successful backup, a final proposal will be submitted to enable the vetKey for public use, making it available to canisters via the vetKD API.

Internet Identity scheduled Downtime - June 26, 8AM UTC

The backup step on June 26 requires temporarily pausing subnet uzr34 while the key is being reshared. This operation is not yet fully automated and involves a sequence of three NNS proposals submitted and executed in order. The same process was exercised recently to backup the vetKD test key to subnet fuqsr.

As a result, subnet uzr34, which hosts the Internet Identity (II) canister, will be unresponsive for approximately 5–10 minutes. During this brief downtime:

• New II sessions cannot be initiated

• Existing sessions remain unaffected

• Dapps using II will continue to operate normally for logged-in users

We recognize the inconvenience this may cause and will work to minimize the impact.

We’ll continue to share updates as each step progresses. In the meantime, feedback and discussion are welcome!