diff --git a/src/service/iot_config.proto b/src/service/iot_config.proto
index 7e7f3e24..ce155308 100644
--- a/src/service/iot_config.proto
+++ b/src/service/iot_config.proto
@@ -18,10 +18,13 @@ import "region.proto";
 //   are signed by the config service to allow the recipient to validate
 //   the authenticity of the data returned.
 //
-// - Every key called `owner`, `payer` and `delegate_keys` are binary
+// - org_v1 Every key called `owner`, `payer` and `delegate_keys` are binary
 //    encoded public keys, Rust encoding example here:
 //    https://github.com/helium/helium-crypto-rs/blob/main/src/public_key.rs#L347-L354
 //
+// - org_v2 Every key called `owner`, and `delegate_keys` are solana pubkeys
+//    https://docs.rs/solana-sdk/1.18.0/solana_sdk/pubkey/struct.Pubkey.html
+//
 // == DevAddrs ==
 //
 // - `devaddr_range` and `devaddr_constraints` are inclusive on both sides,
@@ -40,8 +43,11 @@ enum action_v1 {
   remove = 1;
 }
 
-// Define an organisation
+// Define an organization
+// Deprecated: Use org_v2 instead
 message org_v1 {
+  option deprecated = true;
+
   uint64 oui = 1;
   // Org admin key
   bytes owner = 2;
@@ -53,6 +59,22 @@ message org_v1 {
   bool locked = 5;
 }
 
+message org_v2 {
+  uint64 oui = 1;
+  // On chain address
+  bytes address = 2;
+  // Org admin key
+  bytes owner = 3;
+  // Used to infer escrow address for DC payments
+  string escrow_key = 4;
+  // List of keys allowed some specific actions, see services.
+  repeated bytes delegate_keys = 5;
+  // Is org approved on chain
+  bool approved = 6;
+  // Is org locked because of no payment
+  bool locked = 7;
+}
+
 // Device address range, ex: 16#00000001 to 16#0000000A
 message devaddr_range_v1 {
   string route_id = 1;
@@ -136,9 +158,13 @@ message route_v1 {
 // Service Message Definitions
 // ------------------------------------------------------------------
 
-message org_list_req_v1 {}
+message org_list_req_v1 {
+  option deprecated = true;
+}
 
 message org_list_res_v1 {
+  option deprecated = true;
+
   repeated org_v1 orgs = 1;
   // in seconds since unix epoch
   uint64 timestamp = 2;
@@ -148,9 +174,29 @@ message org_list_res_v1 {
   bytes signature = 4;
 }
 
-message org_get_req_v1 { uint64 oui = 1; }
+message org_list_req_v2 {}
+
+message org_list_res_v2 {
+  repeated org_v2 orgs = 1;
+  // in seconds since unix epoch
+  uint64 timestamp = 2;
+  // pubkey binary of the signing keypair
+  bytes signer = 3;
+  // Signature over the response by the config service
+  bytes signature = 4;
+}
+
+message org_get_req_v1 {
+  option deprecated = true;
+
+  uint64 oui = 1;
+}
+
+message org_get_req_v2 { uint64 oui = 1; }
 
 message org_create_helium_req_v1 {
+  option deprecated = true;
+
   enum helium_net_id {
     type0_0x00003c = 0;
     type3_0x60002d = 1;
@@ -172,6 +218,8 @@ message org_create_helium_req_v1 {
 }
 
 message org_create_roamer_req_v1 {
+  option deprecated = true;
+
   bytes owner = 1;
   bytes payer = 2;
   uint32 net_id = 3;
@@ -185,16 +233,22 @@ message org_create_roamer_req_v1 {
 
 message org_update_req_v1 {
   message delegate_key_update_v1 {
+    option deprecated = true;
+
     bytes delegate_key = 1;
     action_v1 action = 2;
   }
 
   message devaddr_constraint_update_v1 {
+    option deprecated = true;
+
     devaddr_constraint_v1 constraint = 1;
     action_v1 action = 2;
   }
 
   message update_v1 {
+    option deprecated = true;
+
     oneof update {
       bytes owner = 1;
       bytes payer = 2;
@@ -214,6 +268,8 @@ message org_update_req_v1 {
 }
 
 message org_res_v1 {
+  option deprecated = true;
+
   org_v1 org = 1;
   uint32 net_id = 2;
   repeated devaddr_constraint_v1 devaddr_constraints = 3;
@@ -225,6 +281,18 @@ message org_res_v1 {
   bytes signature = 6;
 }
 
+message org_res_v2 {
+  org_v2 org = 1;
+  uint32 net_id = 2;
+  repeated devaddr_constraint_v1 devaddr_constraints = 3;
+  // in seconds since unix epoch
+  uint64 timestamp = 4;
+  // pubkey binary of the signing keypair
+  bytes signer = 5;
+  // Signature over the response by the config service
+  bytes signature = 6;
+}
+
 message org_disable_req_v1 {
   uint64 oui = 1;
   // in milliseconds since unix epoch
@@ -646,17 +714,9 @@ message region_params_res_v1 {
 
 service org {
   // List Org (no auth)
-  rpc list(org_list_req_v1) returns (org_list_res_v1);
+  rpc list(org_list_req_v2) returns (org_list_res_v2);
   // Get Org (no auth)
-  rpc get(org_get_req_v1) returns (org_res_v1);
-  // Create Org on Helium Network (auth admin only)
-  rpc create_helium(org_create_helium_req_v1) returns (org_res_v1);
-  // Create Org on any network (auth admin only)
-  rpc create_roamer(org_create_roamer_req_v1) returns (org_res_v1);
-  // Update any Org (Helium or Roaming)
-  // Modify payer and add/remove delegate keys (owner/admin)
-  // Modify owner and add/remove devaddr constraints (auth admin only)
-  rpc update(org_update_req_v1) returns (org_res_v1);
+  rpc get(org_get_req_v2) returns (org_res_v2);
   // Disable an org, this sends a stream route delete update to HPR
   // for all associated routes (auth admin only)
   rpc disable(org_disable_req_v1) returns (org_disable_res_v1);
@@ -702,7 +762,7 @@ service route {
 
   // List Filters for a Route (auth delegate_keys/owner/admin)
   rpc list_skfs(route_skf_list_req_v1) returns (stream skf_v1);
-  // List Filters for a DevAddr (auth delegate_keys/owner/admin
+  // List Filters for a DevAddr (auth delegate_keys/owner/admin)
   rpc get_skfs(route_skf_get_req_v1) returns (stream skf_v1);
   // Update Filters for an Org (auth delegate_keys/owner/admin)
   rpc update_skfs(route_skf_update_req_v1) returns (route_skf_update_res_v1);