Summary
- RIPE NCC's Standard Service Agreement permits a member to terminate on three months' notice. Termination ends service and member status and requires cooperation with deregistration of registered resources.
- The technical and evidentiary interests associated with a number record survive the corporate relationship: uniqueness, historical custody, contact accuracy, reverse delegation, certification state and downstream reliance still require a recognised disposition.
- Transfer, merger, sponsorship change and reactivation can preserve some continuity. None gives an ordinary former member the right to select a different authoritative registry provider while carrying the same verified record and history intact.
- Termination must have consequences or contracts become optional. The governance defect is not that RIPE NCC can close a relationship; it is that the member's alternatives remain surrender, transfer within the recognised framework, re-contracting or loss of service.
- A future portability model would separate the durable holder record from the provider maintaining it, while preserving identity, uniqueness, history, security state, dispute responsibility and customer continuity.
The resignation letter is not the end of the network story
A director signs a resignation from the association. Three months pass. The service agreement ends. The company disappears from the member register and no longer votes. In ordinary association law, this looks like a complete exit: the legal relationship has ended and neither party need pretend otherwise.
The network does not disappear with the signature. Addresses may remain configured on equipment. Customers may depend on them. Routing arrangements, reverse delegation and security credentials may refer to records maintained through the regional system. Historical documents still matter if the company merges, sells assets, becomes insolvent or disputes who may request a change. Operators elsewhere continue to consult registry information.
RIPE NCC's published instruments recognise this reality. Termination is linked to closure and deregistration procedures. Transfers require documented changes. Users of independent resources affected by a sponsoring LIR's closure must establish a replacement contractual relationship. A terminated agreement can be reactivated only with authorisation and payment conditions. These are not signs that termination failed. They are signs that the legal and technical events cannot be collapsed into one moment.
The governance question is what kind of exit the member actually has. It can leave the corporate relationship. It cannot simply take the authoritative registration service elsewhere while preserving every recognised state. Company membership ends; institutional dependence is resolved only through routes controlled or recognised by the same registry framework.
RIPE-812 states the legal consequence clearly
The RIPE NCC Standard Service Agreement, published as ripe-812 in November 2023, enters into force for an indefinite period. The member may terminate with three months' written notice. RIPE NCC may terminate for specified breaches and in defined immediate circumstances, including insolvency, payment default, falsified information, refusal to assist audits and legal compulsion.
Article 9.5 provides the key bridge. Upon termination, RIPE NCC stops providing services, the member loses member status, the member must stop using the services and cooperate with deregistration of Internet number resources registered to it. Termination is therefore not a clean separation between corporate voting and an otherwise untouched registry position. Service and membership are joined in the agreement.
The clause is understandable. A party cannot reject the contract while demanding all contracted services indefinitely. Accurate records require an accountable counterparty. If a member ceases to exist or refuses verification, RIPE NCC needs a procedure for preventing stale claims from remaining authoritative.
The same clause demonstrates lock-in. The member cannot say, "I terminate membership but appoint another provider to maintain the same recognised record." The listed consequence is cessation and cooperation with deregistration, subject to transfer, re-contracting or other recognised procedures. Exit exists as a legal right, but continuity is conditional on the incumbent system's available states.
A record has a life beyond the account
An Internet number record is not merely a line in a customer portal. It links a legal or operational identity to resources and maintains information used for coordination. Its history can show how a registration moved, which documents supported a change and who was authorised at a relevant time.
Several related states can depend on that relationship. Reverse DNS delegation may require authenticated administration. Routing-security certification depends on recognised resource holdings and account controls. Contact and maintainer entities support updates and abuse handling. Transfer records can be relevant to later disputes. None of these guarantees global routing, but all can affect confidence and operation.
When membership ends, the need for accurate disposition increases. If records vanish too quickly, customers and counterparties face uncertainty. If they remain indefinitely under an unresponsive entity, accuracy suffers. If they move without documented consent, competing claims emerge. Termination therefore triggers custody work rather than eliminating it.
This persistence is the source of dependence. The former member needs the registry to recognise a transfer, closure, sponsor relationship or successor. Customers need the registry to avoid sudden ambiguity. The registry needs the former member's cooperation or reliable substitute evidence. The relationship has ended legally while its consequences remain administratively alive.
Closure and deregistration are separate questions
RIPE NCC's closure procedure distinguishes termination of the service relationship and LIR account from deregistration of number resources. That distinction is essential. The institution must identify why closure occurs, what notice and cure apply, and what happens to each kind of record.
A voluntary resignation differs from non-payment, insolvency, falsified data or a court order. A member transferring all records before leaving differs from one abandoning active customer dependencies. A temporary failure to respond differs from a dissolved company. A fair process cannot treat every path as the same moral event.
Deregistration is also resource-specific. Allocations, assignments, independent resources and legacy records may have different histories and contractual positions. Downstream End Users can have agreements with a sponsoring LIR rather than direct membership. The closure of the sponsor does not prove that the End User's operational need has ended.
Separating questions allows proportionate remedies. The association can suspend voting or account access while preserving record state during review. It can require a successor agreement without immediately treating the resources as unclaimed. It can distinguish a member's corporate exit from the rights and expectations of customers who were not responsible for the breach.
Voluntary termination is real but unattractive where continuity matters
A right is meaningful partly because it can be used without destroying the value it is supposed to discipline. A member dissatisfied with governance can vote, speak, litigate or terminate. If termination predictably ends service and leads toward deregistration unless another recognised transaction occurs, the member will use it only when it is prepared to surrender, transfer or restructure.
That does not make the right fictional. Businesses terminate after transferring resources, closing operations or changing corporate form. The option can protect a member from indefinite fee liability. It can end participation cleanly after need disappears.
It is not competitive provider exit. An ordinary software customer can often export data and buy a substitute service. A number-resource holder cannot create a second authoritative regional history by contract with an unrelated vendor. Other networks rely on recognised coordination, not merely the holder's private copy.
The member's rational choice is therefore constrained. It may remain despite dissatisfaction because the cost of losing recognised service exceeds the benefit of exit. Corporate voting provides some discipline, but a monopoly-like continuity dependency weakens the threat to leave.
Transfer changes holder, not registry provider
Transfer procedures can preserve value and continuity when resources move to another organisation. They require evidence, agreement and updates to the registered record. If a member transfers all of its records, termination may follow once the disposition is complete.
This is important mobility. It supports mergers, acquisitions and market transactions. It can prevent resources from becoming stranded in a company that no longer needs them. It also protects uniqueness by ensuring that the old and new claims are reconciled in one recognised record.
But transfer is not portability of registry service. The holder changes, or a corporate event is recognised, while RIPE NCC remains the institution maintaining the regional record. The former member does not retain the same holder position under a competing provider. Its exit is achieved by moving the asset relationship within the incumbent framework.
Calling transfer an exit right therefore obscures the relevant choice. It is an exit from the member's current holding or legal identity, not necessarily an exit from dependence on RIPE NCC recognition.
Sponsoring LIR choice is valuable and narrower
Users of provider-independent resources can have a contractual relationship with a sponsoring LIR. RIPE NCC guidance says such an End User can change sponsoring LIR. The new sponsor submits the agreement and company documentation, and the old relationship is terminated. This provides a meaningful degree of service choice.
The procedure protects an End User when a sponsor closes. Historical versions gave short periods for establishing a new agreement before deregistration steps began; current procedures should always be checked for the applicable deadline. The mechanism recognises that the End User's continued need is distinct from the sponsor's corporate fate.
Still, the End User is changing an intermediary, not the authoritative regional registry. The replacement contract must satisfy RIPE NCC requirements and the change must be accepted into RIPE NCC's records. If the End User chooses a direct relationship, it signs the applicable agreement with RIPE NCC and pays the required charges.
Sponsor mobility is therefore a useful model for controlled handover. It demonstrates that continuity can survive one intermediary's termination. It does not dissolve regional registry dependence.
Provider-assigned customers face a harder edge
Many customers use addresses assigned from a provider's larger allocation. Those addresses are part of the provider's operational plan. If the provider relationship ends, customers ordinarily cannot take the addresses to another provider as though they were independent registrations. They may need to renumber.
Renumbering can be manageable for a household device using automated configuration. It can be costly for an enterprise with firewalls, access lists, partner whitelists, certificates, monitoring, embedded systems and contractual references. The cost varies enormously. It is not visible from the member's resignation letter.
If an LIR closes or loses service, the effect on such customers depends on network arrangements, successor providers, transfer possibilities and transition support. Customers may have claims against the provider under their contracts, but they usually do not hold the member vote or direct service agreement with RIPE NCC.
This is why termination decisions require downstream impact assessment. The member's breach can justify action without making customers culpable. A staged plan can preserve records and allow migration while legal responsibility is resolved.
Insolvency reveals the separation most sharply
When a member becomes insolvent, corporate identity, contractual capacity and network operation can move at different speeds. A company may enter administration while engineers keep services running. Assets can be sold. Customers may continue paying. A receiver or insolvency practitioner may gain authority to act for the company.
RIPE-812 permits immediate termination in insolvency-related circumstances. That power protects RIPE NCC from an unperforming counterparty and stale records. Exercised without continuity planning, it can also destroy value that an insolvency process is trying to preserve.
The correct approach is evidence-based. Who has legal authority? Are services still operating? Is a sale or transfer pending? Which customers depend on the records? Can fees be secured? A temporary preservation order may protect both registry accuracy and creditor value while the facts are resolved.
Insolvency does not create a permanent right to service without payment or verification. It does show why company failure and network failure should not be treated as synonyms.
Reactivation confirms the central gate
The agreement allows a terminated service relationship to be reactivated with prior written authorisation and payment of a sign-up fee, with billing procedures addressing outstanding invoices. Reactivation can correct a temporary failure and avoid unnecessary reconstruction.
It also confirms that the member cannot restore itself unilaterally. RIPE NCC controls the gate and can require compliance. That is reasonable for security and accuracy. It is also a concentrated power over continuity.
A fair reactivation process should publish criteria, decision times, required evidence and review rights. Similar cases should receive similar treatment. Where delay threatens customers, interim preservation should be available without prematurely deciding the merits.
The availability of reactivation should not become an excuse for careless termination. Restoration after records, certificates or delegations change may not fully undo harm. Prevention is often cheaper than cure.
Accuracy arguments support both control and portability
The strongest case against provider portability is uniqueness. Two institutions should not issue conflicting authoritative statements about the same number resources. Fragmented histories can enable fraud. Security services depend on a reliable chain of authority. Disputes require a forum and one enforceable result.
These concerns justify rigorous handover. They do not prove that one provider must maintain the record forever. Banking, domain registration, telephone numbers and other coordination systems have developed forms of portability while preserving authoritative state. The analogies are imperfect, but they show that continuity and provider choice are not logically incompatible.
A portable design would need one active custodian at a time, a signed transfer of custody, immutable history, conflict detection, identity verification and a rule for failed providers. The former and new providers would not maintain competing truths. They would participate in a recognised state transition.
The question is institutional: who defines the protocol, accredits providers, resolves disputes and bears liability? Portability without those answers could be worse than the current concentration.
What exactly must survive termination
The durable package is larger than an address list. First is verified identity: the legal or natural person entitled to request changes. Second is resource scope and the basis on which the record is recognised. Third is an audit history of allocations, assignments, transfers and contested actions.
Fourth are authentication and authorised-contact states. Fifth are reverse delegation arrangements. Sixth is routing-security certification state and relevant revocations. Seventh are sponsorship and End User relationships. Eighth are open disputes, holds and court orders. Ninth are customer-continuity notices and transition deadlines.
Some information can be public; much should remain protected. Portability requires data minimisation and precise access controls. A new provider should receive what it needs to maintain continuity, not an unlimited copy of commercial or personal records.
Without this package, "export" is cosmetic. A spreadsheet of current fields cannot reproduce institutional confidence. The hard part is transferring authority and responsibility, not copying text.
Termination needs an administrative record
For every consequential closure, RIPE NCC should produce a decision record identifying the contractual ground, evidence, notices, cure period, member response, downstream classes, resource-specific disposition and available review. Confidential material can be withheld with reasons, but the member must see enough to answer the case.
The decision-maker should distinguish mandatory legal action from discretionary enforcement. A court order may leave little choice about one record while allowing transition for unrelated customers. Non-payment may be cured. Falsified information may require urgent security controls. Proportionality depends on the ground.
An independent reviewer should be able to preserve the status quo where the challenge is credible and delay would cause irreversible harm. Review need not guarantee continued service indefinitely. It should prevent the institution from becoming judge of disputed facts without correction.
Published aggregate statistics would reveal whether procedures work: notices, cures, voluntary exits, transfers, sponsor changes, deregistrations, reactivations, appeals and restoration time.
Customers need notice without receiving confidential allegations
Downstream customers can be harmed by surprise but need not receive every detail of a dispute. A staged notice model can protect both due process and confidentiality. The member receives full allegations. Identified End Users and sponsors receive operational notice and deadlines. Broader customers receive continuity information through the provider where feasible.
Notices should explain what is changing, what is not, the earliest effective date and whom to contact. They should avoid implying that an investigation has already established wrongdoing. Emergency action can be taken where necessary, with prompt post-action review.
The institution should maintain a continuity contact independent of the disputed account credentials. Otherwise a member locked out of the portal may be unable to coordinate an orderly transition. Verified insolvency officers and successors need a documented route to establish authority.
Good notice does not eliminate dependence. It reduces the harm created when dependence is exercised through an abrupt administrative switch.
Exit, voice and review reinforce each other
Membership voting is often presented as the answer to concentrated power. Members elect the board and approve charging schemes. If they dislike policy, they can participate. This voice matters.
Its discipline weakens when exit threatens continuity. A member may vote against governors yet remain because leaving is too costly. A low-turnout election can then be interpreted as satisfaction even though rational members see no safe alternative. Review can correct specific errors but does not create market pressure.
Portability would not eliminate the need for voting. Providers can share incentives or coordinate poorly. The durable record still needs common governance. Nor would portability eliminate review; a provider could obstruct a handover. The three instruments work together: voice shapes rules, review constrains decisions and exit disciplines service.
Current RIPE NCC arrangements supply meaningful voice and some review, plus sponsor mobility and transfer. They do not supply general provider portability for the member's intact registry relationship.
The objection from forum shopping
Critics of portability reasonably fear that a holder facing audit, sanctions or adverse findings would move to a permissive provider. Competing custodians might lower verification standards to attract fees. Conflicting claims could proliferate.
The answer is that portability cannot erase obligations or open disputes. A transfer of custody should carry holds, audit history and binding decisions. Providers should meet common accreditation standards and be subject to independent oversight. A move should not change applicable number policy merely because the service provider changes.
Portability is not a right to select facts. It is a right to change the institution maintaining a recognised record under common integrity rules. If no common rules can be enforced, provider competition may be unsafe.
This objection sets design conditions; it does not justify describing termination as meaningful provider exit when it is not.
The objection from cost
Building interoperable custody, audit and dispute systems would be expensive. RIRs already maintain mature services. Multiple providers could duplicate security and compliance costs. Small operators might pay more rather than less.
Cost should be measured against concentration risk. A failure, governance crisis or erroneous termination at a singular provider can impose large regional costs. Portability can create redundancy and clearer service incentives. It can also fail if fixed costs are spread across too few providers.
Pilot design is appropriate. Independent-resource sponsorship changes offer lessons about documented handover. A limited class of records could test custody transfer, with public metrics for error, delay, security and cost. Expansion should depend on evidence.
Institutional reform should not promise instant competition. It should establish whether technically safe choice is possible and which common functions remain central.
Evidence boundaries
The public instruments establish the legal sequence: membership through the service agreement, termination, loss of status and service, cooperation with deregistration, recognised transfer and sponsorship-change procedures, and conditional reactivation. They establish dependence on RIPE NCC action for changes to the recognised record.
They do not establish the outcome of every termination. Public aggregate data are limited public evidence to measure voluntary exits, involuntary closures, affected customers, appeals, delays or restored services. Legacy relationships may differ. Applicable Dutch law and individual facts can alter remedies.
The evidence also does not prove that RIPE NCC controls global routing. Operators make routing decisions. A record's loss does not mechanically switch off every route. The harm lies in degraded recognition, security, administration and contractual continuity, which can propagate differently in each case.
Nor does the evidence establish property ownership in number resources. Portability can be justified as continuity of a recognised service position without resolving property doctrine.
A charter for portable continuity
A practical future framework would declare that termination of one provider relationship does not extinguish a verified holder record until a reasoned disposition is complete. It would permit transfer to an accredited custodian, subject to one-active-provider rules, full history handover, unresolved-claim holds and independent dispute resolution.
The former provider would have a duty to cooperate within deadlines. The new provider would verify identity and assume defined liabilities. A neutral coordination layer would prevent duplicates and preserve public state. Customers would receive transition notice. Emergency preservation would be available when providers fail.
Fees would fund the common layer and service provider separately, making costs transparent. Governance would include operators, affected users and independent technical and legal reviewers. Concentrated custodians could not write their own accreditation conditions without appeal.
Number Resource Society points toward this future by emphasising operator freedom, accurate registration and limits on concentrated authority. Its contribution should remain a proposition to test. Credible implementation needs protocol details, independent governance, financing, adoption and liability—not slogans.
Non-payment is the hard edge of the problem
The easiest case for termination is non-payment. A member uses services, receives invoices and fails to pay. An association cannot operate if payment obligations become optional. Other members should not subsidise unlimited default. The registry must have a path to suspend, terminate or refuse service after notice.
Yet non-payment is also the case that exposes the dependence problem most clearly. The registry may be dealing with a legal member, but the operational consequences can fall on customers, subsidiaries, public services or a successor that is not responsible for the unpaid invoice. If the sanction is designed only as debt collection, it can become a continuity shock. If the sanction is never available, the registry becomes a hostage to dependency. Neither answer is satisfactory.
The procedural solution is to separate financial pressure from record destruction. Non-payment should trigger notice, cure periods, service limitations and clear escalation. It should not automatically convert into loss of all public-state continuity without asking who else relies on the record and whether a safe transfer, sponsored handover or temporary custodian is available. The member's debt can remain enforceable while the record is kept accurate enough to protect third parties.
This distinction is familiar in other infrastructure settings. A utility, registrar, landlord or clearing platform may have payment remedies, but high-consequence service disruption often requires notice, transition and limited preservation. Number registries are not identical to those sectors, but the institutional logic is similar: a bilateral default can create external harm when the service has become a dependency point.
Voluntary resignation is not ordinary exit
Voluntary resignation looks cleaner than non-payment. A member decides it no longer wants the relationship. In an ordinary association, that should end membership. In the registry setting, resignation raises the question of where the number record goes. If the member no longer wants the service but the network still exists, the system must choose between continued dependence, transfer, sponsorship, return or some other custody.
That choice is not ordinary exit. A company can leave a trade association without needing the association's ledger for customer packets to keep flowing. A network operator cannot treat registered numbers as a newsletter subscription. Even if the association's corporate rules say resignation is effective, the operational record still needs a disposition. That disposition can be governed by policy and contract; it should not be obscured by the language of resignation.
The practical record should therefore list resignation separately from resource disposition. It should state whether resources were transferred, returned, placed under a sponsoring relationship, held pending dispute, or left in a legacy status. It should identify deadlines and review paths. It should not allow the public to infer from membership termination that the underlying operational dependency has vanished.
Members also need better pre-exit information. Before resigning, they should receive a plain-language map of what happens to each class of number resource, certification entity, reverse delegation, contact record and customer-facing dependency. The map should include options, deadlines, cost, appeal routes and consequences for inaction. Exit without that map is not meaningful choice; it is a jump from one ambiguity into another.
Dependence can outlive the original contract
The deeper problem is that registry dependence accumulates over time. A member may join for one administrative purpose and later build services, contracts, security processes and customer commitments around the public record. Banks, auditors, cloud platforms, upstreams and customers may treat that record as evidence. Internal systems may automate around it. Contact, route, reverse-DNS and certification data may become part of operational identity.
When termination arrives years later, the original agreement no longer captures the full dependency surface. The legal relationship is still bilateral, but the reliance structure is larger. A registry that treats termination as a simple contract endpoint underestimates what its own public ledger has allowed other parties to rely on.
This is not an argument that every long relationship becomes unbreakable. It is an argument for reliance accounting. The longer and deeper the reliance, the stronger the need for notice, transition, proportionality and review. A newly created account with no active dependencies can be ended differently from a long-running network supporting public services. The institution should have criteria for that difference rather than improvising it in a dispute.
Reliance accounting would also protect the registry. It would show that the institution considered third-party effects before acting and that any preservation was bounded. It would reduce the incentive for defaulting members to claim catastrophic harm without evidence. It would give courts or reviewers a record to examine if termination becomes contested.
Customers need notice before they need blame
Downstream customers often discover registry dependence only when something fails. A provider changes status, a sponsor relationship becomes disputed, a record update stalls, a reverse delegation is delayed, or a cloud onboarding question exposes a mismatch between contract and registry reality. At that point the customer may not know whether the problem belongs to its provider, the registry, a sponsor, a reseller, a consultant or a corporate successor.
Termination procedure should therefore include customer-aware notice where the institution can reasonably identify affected classes without exposing private topology. The notice need not name every customer publicly. It can require the member to certify that affected customers have been warned, require a sponsor or successor to provide published contact points, and give independent-resource holders direct notice where the registry already has their relationship on file. For high-impact cases, an independent reviewer could verify that notice was meaningful.
This is not consumer regulation by another name. It is evidence discipline for a registry whose records are relied on by parties outside the membership contract. If a terminating member says no customers are affected, that assertion should be recorded. If customers later appear, the institution can compare the assertion to reality and adjust future process. Over time, the registry learns which termination categories create downstream harm and which do not.
Customer notice also prevents strategic surprise. A provider should not be able to use registry ambiguity to trap a customer into hurried renegotiation. A customer should not be able to use vague harm claims to avoid a lawful provider termination indefinitely. Notice creates a period in which facts can be sorted before continuity becomes leverage.
Portability requires a public-state handover, not just a new contract
Many proposed exit solutions sound contractual: sign with a new sponsor, transfer to a new provider, appoint a new maintainer, update the contact. Those steps matter, but portability is not complete until public state has moved coherently. Registration, routing authority, reverse DNS, certification, abuse contact, assignment evidence and historical dispute notes must align. A new private agreement cannot by itself make the old public reliance disappear.
That is why a portable continuity rule should specify the handover bundle. It should identify which records move, which records remain as history, which claims are carried as warnings, which certifications must be recreated, which third parties require notice and which deadlines govern each state. Without the bundle, portability becomes a promise that works only in clean cases.
The bundle also protects uniqueness. A failing provider cannot keep one part of the public state while a successor activates another. A customer cannot shop inconsistent assertions between custodians. A registry cannot preserve old records indefinitely without explaining whether they are active, disputed, transitional or retired. Portability should increase clarity, not multiply shadows.
The practical question for future systems is therefore not whether exit is desirable in principle. It is whether the exit package can be specified tightly enough to preserve a single authoritative state while allowing the service relationship to change. Number Resource Society's portability language will be credible only if it answers that operational question.
The same test should govern incumbent registries. If they reject portability, they should explain which part of the public-state handover cannot be made safe and what narrower remedy can protect continuity instead. That explanation is itself a guardrail against treating permanent dependence as an unexamined administrative convenience.
Termination should end membership, not erase continuity
RIPE NCC is entitled to know its members, charge for service and terminate relationships on lawful grounds. Members are entitled to resign. Those propositions are not in conflict. The institutional difficulty is that number registration has continuing effects that neither party can switch off cleanly.
A mature system should therefore report termination as a chain, not a date: legal ground, notice, review, record disposition, customer transition and final custody. It should preserve service where facts are disputed and separate corporate sanctions from unrelated customer harm. It should publish outcomes so members can judge consistency.
Most importantly, it should stop treating transfer, surrender and re-contracting as equivalents to provider choice. They are valuable mechanisms within the existing framework. They do not let the holder take an intact recognised history elsewhere.
A membership termination that does not end dependence is not a contradiction. It is the predictable result of joining corporate status to a singular coordination service. The remedy is not consequence-free resignation. It is portable, auditable continuity under rules strong enough to protect uniqueness and flexible enough to prevent one provider from becoming the only possible custodian forever.

