Summary
- Delegation should identify a principal, a recipient, a defined function, conditions, retained control and a route for withdrawal or succession. Technical histories can accurately describe distributed responsibility without creating a sovereign mandate.
- Recognition records that an institution meets criteria or will be treated as occupying a coordinated role. It can have powerful practical consequences, but it does not necessarily transfer ownership, jurisdiction or coercive authority.
- Certification can describe an evidentiary assurance or, in RPKI, a cryptographic relationship supporting verifiable statements about number resources. It does not turn the certificate issuer into a general regulator of network conduct.
- ICANN criteria, IANA service descriptions, RFCs, coordination memoranda and RIR contracts have different parties and purposes. Their language cannot be pooled into one implied charter.
- Every consequential claim should be restated as a complete sentence naming the actor, instrument, entity, scope, retained control, remedy, liability and succession terms. If those elements cannot be supplied, the word is carrying more authority than the evidence.
Three folders on the same desk
Picture three closed folders on the desk of counsel advising a network operator. One concerns an address block described as delegated to the operator. The second concerns the recognised institution serving the operator's region. The third concerns a certificate used to support a route-origin statement. From across the room, the folders look alike: each appears to contain an official decision backed by a global technical system.
Open them, and the resemblance breaks down. The first may contain a membership or registration-services contract. It may define the operator's rights, duties, fees, accuracy obligations, termination grounds and remedies. The second may contain institutional criteria and correspondence showing that a Regional Internet Registry was accepted into a coordinated system. The third may concern a technical service in which digitally signed material allows another system to verify a statement within a bounded chain.
The distinctions are not academic. If the operator breaches its contract, the relevant registry may have specified contractual remedies. That does not mean ICANN directly enforces the contract. If an RIR no longer satisfies recognition criteria, the continuity question concerns regional service, institutional replacement and the wider coordination system. It does not follow that every certificate held by every customer instantly becomes a judgment on the customer's legal entitlement. If a certificate expires or is revoked, the technical effect depends on the certificate system and on how relying networks use it.
It is not automatically a confiscation of property or an order to every router.
These words gain force because the Internet depends on coordinated records and repeatable technical signals. Practical reliance can be immense. Yet reliance is exactly why precision matters. A phrase that begins as a convenient description of technical responsibility can later be quoted as evidence of legal mandate. A criterion for institutional recognition can be retold as though it transferred public jurisdiction. A cryptographic assurance can be described as if it certified the legitimacy of an organisation in every relevant sense.
The discipline proposed here is simple: never allow the noun to replace the instrument. Ask who delegated what to whom; who recognised whom against which criteria; who certified which proposition for which relying party. Then ask what happens when the relationship is disputed, withdrawn or transferred. The answers reveal three different architectures of power.
Vocabulary is infrastructure when institutions act through documents
In a physical utility, authority is visible in pipes, gates and control rooms. Number governance operates through a more distributed combination of contracts, records, policy texts, technical systems and counterparties' decisions. Words connect these layers. They tell staff what action is permitted, tell members what position they hold and tell other networks which signals they may trust.
That makes semantic ambiguity operational. Suppose a public explanation says that an RIR has been delegated authority for its region. A reader may reasonably ask whether some identifiable body possessed that authority first, what instrument transferred it, whether the transfer was exclusive, which powers were retained and how the arrangement can end. If the available evidence instead shows that the RIR was recognised after satisfying criteria, then delegation language has inserted a principal-and-transfer story that the recognition record may not contain.
The opposite substitution also causes trouble. Calling a delegation mere recognition can hide conditions and oversight that the principal retained. Calling certification recognition can obscure the precise proposition actually verified. Calling recognition certification can imply that one institution periodically attests to another's compliance under an established assurance regime when the evidence may show a historical acceptance followed by continuing operational reliance.
Specialised communities are entitled to use terms of art. Delegation is a familiar word in DNS and address administration. Certification has a precise place in public-key systems. Recognition is a natural description of an institution accepted into a coordinated role. The problem is not the words themselves. It is movement between contexts without carrying the local definition, parties and limits along with the word.
A reliable reading therefore begins at document level. Is the text an executed agreement, a memorandum between institutions, an informational RFC, a set of recognition criteria, a service description, a policy, or a public summary? Who authored it, who accepted it and what subject does it cover? A sentence in one category cannot silently do the legal work of another.
Delegation requires a principal, not merely a history
Delegation normally conveys a relational claim. A principal entrusts a defined function or competence to a recipient. The principal may retain supervision, reserve powers, impose conditions or provide for substitution. The exact effect varies with governing law and context, but the grammar itself creates questions that a serious authority claim must answer.
Who is the principal? What did that principal possess before the transfer? Was the subject a legal power, a contractual function, an administrative task, control of a technical zone, or responsibility for maintaining records? Which instrument records the act? When did it take effect? Is the recipient permitted to pass the function onward? What standard governs withdrawal? Who protects continuity if the recipient fails?
Without these answers, delegation can be no more than a historical shorthand for distributed work. That may be perfectly accurate as a description. The early Internet community did distribute responsibility as scale and geography made central administration impractical. Institutions developed, communities formed around them, and operational relationships hardened. But a history of useful responsibility does not automatically identify an original principal capable of transferring public jurisdiction.
RFC 7020, published in August 2013 as an Informational document, describes the Internet Numbers Registry System as a hierarchy rooted in the IANA address-allocation function. It recounts the proposal to delegate responsibility for address space administration to regional bodies and explains the roles of IANA, RIRs, Local Internet Registries and customers. This is strong evidence of technical architecture and historical vocabulary. It is not, by its publication status alone, a statute creating every later power exercised under a regional membership agreement.
The distinction protects the RFC rather than diminishing it. Its purpose is to explain how the registry system operates, including goals such as uniqueness, registration and stewardship. Reading every use of delegation as a public-law grant would force a technical architecture document to carry consequences it was not designed to allocate. The careful conclusion is that the document supports a distributed responsibility model while leaving particular legal effects to the instruments that govern particular relationships.
A bounded delegation can be real and still be narrow
The contrast appears clearly in RFC 2860, the June 2000 memorandum concerning specified technical work of the Internet Assigned Numbers Authority. Here, the parties, field and division of responsibility matter. The memorandum concerns technical work performed for the IETF and preserves policy authority within the covered protocol-parameter setting while identifying boundaries and a dispute path.
This is what a useful delegation analysis looks like. It does not begin and end with the word. It identifies the parties and the subject. It distinguishes technical administration from policy authority. It recognises exclusions. It provides a basis for asking how disagreements are handled. The relationship can be consequential without becoming universal.
The lesson for number-resource governance is not that RFC 2860 answers every question about addresses or RIRs. It does not. The lesson is methodological. A genuine instrument can entrust one function while withholding another. An organisation may perform globally significant work without receiving general authority over contracts, corporations, regional communities or network operators.
This boundedness is often lost in institutional summaries. IANA is described as performing globally central functions; ICANN is described as coordinating unique identifiers; RIRs are described as administering regions. All three statements can be operationally sound. None permits a reader to merge separate instruments and infer a single descending chain of unlimited command.
A delegation claim should therefore be written in a form that could be contradicted. “Under instrument X, principal A entrusted function B to recipient C, subject to conditions D, while retaining E, with dispute route F and succession route G.” If the claim cannot be made that specifically, it should be downgraded to a description of practice, history or reliance. Precision is not hostility to the institution. It is the difference between evidence and atmosphere.
IANA's operational role is strong evidence of function
The current IANA Number Resources page describes coordination of global pools of IP addresses and Autonomous System Numbers and their provision to RIRs according to global policies. It gives a reader a concise account of a real, continuing service. That service matters because uniqueness and coherent distribution depend on consistent administration at the top of the registry hierarchy.
The page should be read for what it proves. It supports the proposition that IANA presently coordinates global number pools and provides resources to the regional registries through global-policy arrangements. It helps explain the operational relationship between the global and regional levels. It does not, standing alone, set out a complete theory of ownership, public jurisdiction, institutional liability, regional member discipline or emergency replacement.
This difference becomes important whenever the service description is invoked as the first link in a chain of authority. A chain cannot be stronger than its transitions. If IANA performs a global allocation function, the next question is what legal or institutional effect accompanies a particular allocation to an RIR. If an RIR then enters a contract with a member, that bilateral contract is another transition. If the member relies on a certificate service, that is another. The existence of an upstream function does not determine every downstream remedy.
Operational reliance nevertheless carries governance weight. A service can become difficult to replace, and its records can influence conduct far beyond direct parties. That practical significance supports requirements for transparency, continuity and bounded discretion. It does not require fictionalising the service as sovereign authority. The stronger position is more candid: the institution has substantial functional power because coordinated actors rely on its work, and that power should be documented and constrained in the instruments that actually govern it.
Recognition answers a different question
Recognition does not necessarily begin with a principal transferring something it already possesses. It can instead record a judgment that an institution satisfies criteria and will be treated as occupying a role in a coordinated arrangement. The recognised body may already exist under local law, have members, operate systems and possess contractual capacity. Recognition links that body to a wider institutional order.
The ICP-2 criteria, dated 4 June 2001, frame the establishment of a new RIR through institutional qualities: broad support from the regional Internet community, a defined service region, bottom-up self-governance, neutrality and impartiality, technical capability, sound business planning and continuity. Those criteria are not trivial. Satisfaction of them can determine whether one organisation becomes the accepted regional channel in a system that depends on unique records.
Recognition can therefore create or confirm a powerful practical position. Once an institution is accepted as the RIR for a region, network operators, other registries and global coordination bodies may organise their conduct around it. An aspiring rival cannot produce equivalent status merely by incorporating a company and publishing a database. The accepted role affects access, trust and interoperability.
But consequence is not the same as transfer. ICP-2 does not need to convey ownership of addresses or legislative jurisdiction in order to matter. Its institutional logic is conditional: a body receives recognition because it demonstrates community support, capability, neutrality and continuity. The role is justified by those properties, not by an unexplained inheritance of sovereign power.
That conditional logic should continue after initial recognition. If neutrality, support and continuity were relevant at entry, a credible system should explain how they are monitored, what happens when they weaken, who decides whether recognition remains justified and how services continue during a transition. Recognition without a visible maintenance and succession framework risks becoming permanent status detached from the criteria that originally justified it.
Recognition can be exclusive without becoming ownership
Critics sometimes understate recognition because it is not a legislative grant. Supporters sometimes overstate it because the operational system needs a single accepted regional registry. Both positions miss the middle.
Recognition can be institutionally exclusive in practice. Unique registration works poorly if several bodies make conflicting claims over the same pool. Regional coordination needs a settled service channel. Global policies need identifiable institutions capable of implementing them. These facts can make recognised status highly valuable and make exit disruptive.
Exclusivity, however, does not answer what the recognised institution owns or which remedies it may use against members. A registry's corporate powers come from its legal form and governing documents. Its rights against a holder come from the relevant contract, policy structure and applicable law. Its technical functions come from operating arrangements and coordinated practice. Recognition helps explain why its acts are widely relied upon, but it does not collapse these distinct bases into one source.
This matters most during conflict. A registry may claim that recognised status requires it to preserve accurate records. A member may accept that objective while disputing the evidence, procedure or proportionality of a particular termination. The dispute should be resolved under the member-facing instrument and its review route, not by treating recognition as a complete defence. Likewise, a challenge to the registry's institutional fitness should not be converted into hundreds of unrelated member-contract disputes. Different relationships require different forums and remedies.
The same distinction clarifies accountability. Recognition creates responsibilities toward the broader coordinated system, including continuity and impartiality. Membership creates internal governance rights that vary by institution. Contracts create bilateral rights and duties. Host law supplies corporate and judicial constraints. None is redundant. Institutional legitimacy depends on showing how they fit together without allowing the most prestigious word to dominate every question.
The ASO memorandum coordinates policy roles; it is not a regional charter
The Address Supporting Organization memorandum index provides the executed texts through which ICANN, the Number Resource Organization and RIR-based bodies define their relationship. The 2019 executed ASO memorandum identifies the Address Council, global policy roles and obligations among the parties.
This is valuable evidence precisely because it is an executed institutional instrument rather than a loose summary. It can be read for parties, defined bodies, procedures and duties. It gives form to coordination between ICANN and the RIR system. It supports claims about global number-policy development and the part played by the Address Council and the NRO.
It should not be stretched into a regional member-services charter. The memorandum does not become the source of every power that APNIC, ARIN, AFRINIC, LACNIC or RIPE NCC may assert under its own contracts and policies. It does not make ICANN the direct counterparty to every number-resource holder. It does not silently allocate all liability arising from a regional decision. Nor does it prove ownership of the resources whose registration the system coordinates.
The temptation to stretch the text comes from hierarchy. If ICANN sits at a globally visible coordination point and the RIRs participate through the NRO and ASO, institutional prose can sound like a descending grant. But an organised relationship is not necessarily a chain of command. Memoranda can divide tasks, create consultation routes and define policy interfaces among autonomous legal persons.
The proper reading asks what each clause does. Does it require advice, establish a council, define a global policy, specify appointments, allocate expenses or provide amendment terms? Those verbs should control. A broad phrase such as “recognised role” or “delegated responsibility” cannot enlarge the executed commitments. If regional enforcement authority is claimed, the regional instrument must carry it.
Certification begins with the proposition being certified
Certification is perhaps the most easily misunderstood of the three words because it moves between institutional and cryptographic settings. In ordinary governance speech, certification may mean that a competent body attests that an organisation, product or process satisfies a standard. The effect depends on the assurance scheme: criteria, assessor, evidence, validity period, surveillance, withdrawal and appeal.
In RPKI, certification has a technical chain meaning. Certificates help support verifiable statements associated with Internet number resources. The relevant inquiry is not whether the holder is a good company, a lawful speaker or a prudent network operator. It is what proposition the certificate system represents, within which chain, under which service terms, and how relying parties process the resulting data.
The ARIN Registration Services Agreement, version 14.0 dated 15 August 2025, helps keep the categories separate. It defines included number resources in terms of registration rights and enumerates services that include registry entries, reverse name service, RPKI and record administration. This drafting does not treat certification as the source of all rights. It places RPKI among services associated with a defined contractual relationship.
That separation is important. A registration right, a certificate, a route-origin authorisation and a route announcement are not one thing. A contract can govern the holder's access to registry services. A certificate can participate in a technical validation chain. A route-origin authorisation can support a statement about which autonomous system may originate a prefix. Networks still decide how to use validation information in their routing policies.
Calling the whole arrangement certification can imply more than the system attests. The first question must always be: certified as to what? The second is: for whom? The third is: with what consequence if the certification changes? Without those answers, a technical trust service can be mistaken for general accreditation.
A certificate is not a judgment on the whole operator
The limits of certification become clearer through examples. A valid technical certificate does not necessarily prove that the holder is solvent, compliant with every regulation, secure against intrusion, entitled to serve every customer or authorised by a government to operate telecommunications infrastructure. It should not be marketed as a universal badge of legitimacy.
Conversely, the absence or invalidity of a certificate does not itself answer every underlying legal question. A certificate may expire because of timing, account status, key management, a registry action or technical error. The holder may dispute the contractual basis for that action. Networks may react according to their own routing policy. Courts or reviewers may later decide the institutional dispute. Each layer has its own evidence and remedy.
This is not an argument against relying on RPKI. Technical validation can improve routing decisions by allowing operators to distinguish certain authorised and unauthorised origin statements under the system's rules. The argument is for accurate claims. Strong security comes from knowing exactly what a signal means, not from inflating it.
The certificate issuer's role must also be bounded. Issuance and revocation powers can have operational consequences. That supports careful authentication, notice, resilient systems, audit records, rapid correction and clear service terms. It does not follow that the issuer has a general disciplinary jurisdiction over the holder. If revocation is triggered by a contract event, the contract and incorporated rules need to authorise the event. If revocation follows a technical key compromise, the emergency procedure should say so and provide restoration steps.
Certification thus illustrates the article's central rule. The prestigious noun is never enough. The proposition, chain, relying party, failure mode and remedy define the power.
APNIC's “delegated resources” are situated inside a contract
The Standard APNIC Membership Agreement uses the phrase “delegated resources” in a concrete bilateral setting. The agreement identifies the company and member, describes services and obligations, incorporates APNIC documents, and addresses revocation and termination consequences. Within that instrument, delegation vocabulary participates in a contractual allocation of rights and duties.
This is different from saying that the word itself proves APNIC's ultimate title or sovereign authority. The legal effect comes from the agreement, the parties' status, incorporated documents and applicable law. The term helps name the resources within the contract. It does not settle every philosophical or public-law question about Internet numbers.
The agreement also demonstrates how language can travel. An engineer may say that an address block was delegated to a member, meaning that registration responsibility and services now identify that member. A contract lawyer may ask what rights the agreement grants and what happens on termination. An institutional historian may ask how APNIC acquired its regional role. A network operator may ask whether a route will still be accepted. The same phrase enters four inquiries, but the answers come from different evidence.
The correct discipline is to preserve the level at which the claim is made. Under the membership agreement, APNIC and the member have specified rights and obligations concerning delegated resources. Under the wider registry architecture, APNIC occupies a regional coordination role. In routing, autonomous networks make distributed decisions. A public summary should not turn the first sentence into ownership, the second into government, or the third into central technical control.
This local reading also improves member accountability. If a resource status is changed, the member can ask which clause, which incorporated rule, which evidence and which review route governed the act. An answer that merely says the resource was always delegated confuses the label for the remedy.
ARIN shows that different vocabulary can describe related operations
ARIN's current agreement avoids relying on one expansive delegation concept. It defines included number resources through registration rights, gives the holder specified rights within the ARIN database, separately identifies services and states termination effects. That vocabulary is not proof that ARIN's model is perfect. It is evidence that similar registry operations can be described with greater legal separation.
The comparison with APNIC is instructive. APNIC can speak of delegated resources while ARIN speaks of registration rights. Both institutions participate in the same global number-registry environment. The difference cautions against building a universal theory from one institution's noun.
It also reveals why summaries should quote operative verbs rather than rely on status words. Does the registry register, allocate, assign, provide, revoke, suspend, terminate, certify or publish? Against whom? Under which condition? A defined registration right may be exclusive within a registry database without becoming property in the integers themselves. A delegated resource may be subject to return or revocation under contract without proving a governmental licence. A certification service may produce technical materials without adjudicating the holder's wider conduct.
Comparative drafting is useful because it exposes choices. Institutions are not forced by technology to use identical legal language. Where choices exist, definitions matter. A registry should explain why it uses delegation rather than registration, what interests the term creates, what it does not create and how the position ends.
This would also assist courts and counterparties. A dispute often becomes harder when operational shorthand is presented as a settled legal category. Clear definitions reduce the risk that one party argues from technical custom while another argues from property or administrative-law analogies. The contract should do the translation before conflict begins.
The eight-part authority sentence
A practical audit can force every claim into an eight-part sentence. First, identify the actor. Second, identify the counterparty or recipient. Third, name the entity: a function, institutional status, registration right, certificate or technical record. Fourth, cite the controlling instrument. Fifth, describe the legal or technical effect. Sixth, state retained control and amendment authority. Seventh, identify remedy and liability. Eighth, provide withdrawal, replacement or succession terms.
For delegation, the sentence might read: a named principal entrusted a specified technical function to a named recipient under an identified memorandum, retained stated policy control, provided a dispute route and preserved a stated means of reassignment. Each element can be tested against the text.
For recognition, the sentence should identify who applied the criteria, which institution satisfied them, what status followed, how continuing compliance is assessed, what review exists and how continuity would be protected if status changed. If no current loss-of-recognition process is public, the sentence should say that the succession element remains uncertain.
For certification, the sentence should identify the issuer, subject, certified proposition, chain, relying party, validity rules, revocation grounds, technical effect and restoration route. It should avoid claims about qualities outside the proposition.
This method prevents authority laundering. Authority laundering occurs when a narrow fact enters one end of institutional prose and emerges as a broad mandate at the other. A technical function becomes authority; authority becomes jurisdiction; jurisdiction becomes immunity; immunity becomes permanence. The eight-part sentence blocks that progression by requiring a document at every transition.
The method also permits strong conclusions. Where an executed text clearly assigns a function and reserves policy control, there is no need for timid language. Where criteria clearly establish institutional recognition, the status can be acknowledged. Where a contract clearly defines services and termination, those effects can be stated. Precision narrows unsupported claims while strengthening supported ones.
Remedies reveal which relationship is actually in dispute
The remedy attached to a word often reveals its true category. A dispute over a delegated technical function between institutional parties may follow the memorandum's consultation or termination provisions. A dispute over RIR recognition may require an institutional review and continuity arrangement involving the recognised community and coordinated system. A dispute over a member's registration rights may proceed under a membership agreement, arbitration clause or host law. A certificate problem may first require rapid technical correction, key rollover or restoration.
These remedies are not interchangeable. A member cannot necessarily invoke an inter-institutional memorandum as though it were a third-party contract. ICANN cannot necessarily resolve every regional contract dispute merely because it participates in global coordination. A certificate relying party does not become the tribunal for the holder's underlying membership dispute. A court deciding contractual rights may not dictate every independent network's routing policy.
Confusion creates procedural gaps. If an RIR says its status is delegated by the global system, it may appear that only an upstream institution can constrain it. If the upstream institution describes the RIR as self-governing and recognised, responsibility may return to regional structures. The member can then find itself between levels, with each institution pointing to another relationship.
A well-designed system should map standing and remedy before crisis. It should say who can challenge a regional enforcement decision, who can challenge institutional recognition, who can seek emergency continuity, and which body can correct a certification failure. It should also state what each reviewer cannot decide.
Liability should follow the same map. A memorandum can allocate responsibilities between its parties. A regional contract can limit or preserve claims between registry and holder. Technical service terms can define restoration duties. No single disclaimer should be assumed to erase responsibilities arising under every other instrument or applicable law.
Succession is the missing test of delegated authority
Delegation implies that the function can, at least conceptually, return to the principal or pass to a successor. Recognition implies that status can, at least conceptually, be withheld, withdrawn or conferred on another qualified institution. Certification implies that trust chains, keys and service can be renewed or re-established. The replacement path tests whether these concepts are real or merely ceremonial.
For an RIR, succession is difficult because the recognised role is embedded in systems, staff, member accounts, contracts, reverse DNS, certificate services, historical records and regional trust. Replacing a name on a list would not preserve continuity. A credible plan would identify data custody, interim operations, key management, account migration, dispute handling, member representation, global coordination and the threshold for returning to ordinary governance.
ICP-2 emphasises continuity, yet the available recognition criteria do not by themselves provide a complete modern code for loss or transfer of recognition. That gap matters. If recognition can never practically change, criteria risk becoming an entry ceremony rather than a continuing condition. If change can occur but no public process exists, crisis discretion may become too broad.
The same issue appears at smaller scale in certification. If technical materials become unavailable because an institution fails, relying networks need predictable continuity. Backup systems and key procedures are operational matters, but the authority to activate them and the legal responsibility for the transition should be known. Technical resilience cannot depend entirely on personal trust during an institutional emergency.
Succession also restrains rhetorical ownership. An institution that can be replaced under defined conditions looks like a steward of a role. An institution whose position is treated as permanent and whose records cannot be transferred begins to resemble an owner, even if public language rejects ownership. Clear succession aligns words with stewardship.
The strongest case for flexible language
There is a serious argument against excessive semantic formalism. Internet institutions developed through engineering practice, voluntary coordination and incremental agreements. Entities often understand delegation as a practical distribution of registration responsibility, not a constitutional theory. Recognition can carry substantive operational consequences even if it is not legislation. Certification is precise within RPKI and should not be weakened by injecting unrelated legal debates.
A rigid universal glossary could make technical documents cumbersome. Every use of “delegate” cannot be followed by a legal treatise. Historical documents should be read according to their context rather than criticised for failing modern drafting expectations. Institutions also need language that can serve engineers, members and policymakers without creating separate texts for every profession.
These objections are persuasive up to a point. The answer should not be a ban on any of the three words. Nor should technical history be rewritten to remove ordinary usage. The better standard is proportional detail. A low-stakes operational instruction can use established shorthand if a nearby definition is clear. A public claim of mandate, a severe enforcement decision or a change in institutional status demands the full instrument and effect.
Local definitions solve much of the problem. A document can say that “delegated” refers to registration responsibility under the agreement and does not convey property. A recognition decision can state the criteria, effect, review and continuity conditions. A certificate service can state exactly what is validated and what relying parties must decide for themselves.
Flexible language is defensible when transitions are explicit. It becomes dangerous when flexibility is invoked only after a broad claim is challenged. Institutions should define the term before relying on its authority, not after.
Practical dependence does not cure missing authority
Another strong defence points to settled reliance. For decades, IANA, ICANN and the RIRs have coordinated number resources at global scale. Networks, governments, companies and technical communities organise around their records and processes. Repeated acceptance is not nothing. It supports legitimate expectations and makes abrupt institutional change risky.
But reliance proves function more readily than it proves the origin or limit of power. A service can be indispensable without possessing every authority attributed to it. A contract can be widely accepted because there is no practical alternative. A technical convention can become universal without resolving liability. Longevity can strengthen stability while making accountability more urgent.
The correct use of reliance is therefore two-sided. It supports continuity and cautions against casual disruption. It also supports stricter transparency because affected parties cannot easily substitute another institution. Where a recognised registry occupies a unique regional role, unclear vocabulary has greater consequences than it would in a competitive market.
Operational success should make documentation easier. Mature institutions have archives, executed agreements, policy records and experienced staff. They can publish a concordance showing where the three terms appear, what each means locally and which instrument controls. They can explain changes without disclosing confidential member information.
The goal is not to reopen every settled allocation. It is to prevent historical shorthand from becoming an unlimited answer to future disputes. A stable institution should be able to show both why it works and why it may act.
A concordance the system should publish
ICANN, IANA, the NRO and the five RIRs should publish a joint but institutionally careful concordance of delegation, recognition and certification. It should not impose one meaning everywhere. It should identify each occurrence in consequential current instruments and state the local meaning.
For every entry, the concordance should provide the exact document, version, date, parties, clause, defined entity and operative verb. It should identify whether the effect is contractual, corporate, institutional, technical or descriptive. It should state who may amend the text and what notice or approval is required.
The next fields should address control: principal, recipient, criteria, conditions, retained powers and duration. A recognition entry should state whether the status is exclusive and how continuing compliance is assessed. A delegation entry should state whether onward delegation is allowed. A certification entry should state the certified proposition and relying-party responsibility.
Remedy fields should identify standing, evidence access, decision-maker, appeal, interim relief, liability and restoration. Succession fields should identify withdrawal, replacement, data continuity, key continuity and treatment of pending disputes. Historical fields should link prior versions and explain changes in meaning.
This would not require a grand constitutional convention. Much of the information already exists across official pages, RFCs, memoranda and agreements. The value would come from joining the evidence without merging the powers. Each institution would remain responsible for its own text; the concordance would expose gaps and contradictions.
The publication should also distinguish unknown from inapplicable. If an instrument has no liability provision because it is descriptive rather than contractual, that is useful context. If no replacement process is public, the gap should be stated rather than filled with institutional confidence. Honest incompleteness is more credible than a seamless but unsupported narrative.
Decision rules for public claims
Five decision rules can improve public writing immediately.
First, use delegation only when the principal and entity can be named, or clearly label the word as historical or technical shorthand. “Responsibility was distributed” may be more accurate than “authority was delegated” when no transfer instrument is being asserted.
Second, use recognition for status conferred or acknowledged against criteria, and do not treat it as proof of ownership or general regulatory jurisdiction. State the practical consequence without inflating the legal one.
Third, use certification only with the proposition certified. In RPKI discussion, distinguish the certificate chain, route-origin statement, registry relationship and network's routing decision.
Fourth, never use an upstream relationship as a substitute for a downstream instrument. The IANA-RIR operational relationship does not by itself decide a member contract. The ASO memorandum does not supply unlisted regional remedies. RIR recognition does not settle every certificate dispute.
Fifth, pair every termination word with a continuity word. Revocation requires restoration; withdrawal requires replacement; expiry requires renewal or transition; derecognition requires an interim operator. Power is credible only when failure has been designed.
These rules allow concise prose. A writer does not need eight clauses in every sentence if the article links to a precise definition and governing text. What must disappear is the unsupported slide from one meaning to another.
What the current evidence cannot establish
The official materials support several firm conclusions. ICP-2 frames new-RIR status through recognition criteria. RFC 2860 demonstrates a bounded technical memorandum with identifiable parties and subject limits. RFC 7020 describes a hierarchical registry architecture and uses delegation in a technical history. The IANA page describes current global number-pool coordination. The ASO memorandum records an executed policy relationship. APNIC and ARIN agreements show that regional contracts can describe related functions through materially different legal vocabulary.
The evidence does not yet supply one dated, authoritative corpus counting every consequential use of delegation, recognition and certification across ICANN, IANA and all five RIRs. It does not show how often decision-makers have relied on the ambiguity in disputes. It does not provide a complete cross-system record of changing definitions.
Nor does the public record identified here provide a complete modern procedure for loss or transfer of RIR recognition. The criteria establish important expectations, including continuity, but the full decision-maker, evidentiary test, review route, interim arrangements and replacement mechanics remain insufficiently joined in one accessible account.
Legal effect also depends on governing law, parties and conduct. A semantic audit cannot declare an agreement valid or invalid. A court may interpret a term narrowly. An institution may have further instruments not considered here. Historical community usage may be accepted in context. Technical terms may carry settled specialist meaning.
These limitations narrow the thesis. They do not erase it. Where institutions claim consequential authority, the burden is to connect the local word to the local instrument. Missing evidence should remain visible rather than being replaced with a broad theory of mandate.
Three words, three burdens of proof
Delegation, recognition and certification all help describe a system that must coordinate without a single global legislature operating every registry and router. Their usefulness explains their persistence. Their prestige explains their danger.
Delegation carries the burden of identifying a principal, a transferable function, a recipient, retained control and succession. Recognition carries the burden of identifying criteria, decision-maker, practical status, continuing accountability and replacement. Certification carries the burden of identifying the proposition, chain, relying party, validity rules and technical remedy.
None of the three, by itself, establishes ownership, sovereign jurisdiction, immunity, permanence or unlimited disciplinary power. Those consequences require their own instruments and legal basis. Nor should semantic caution minimise the institutions' real influence. Coordinated records, unique regional roles and cryptographic services can shape network operations profoundly. Functional power is precisely why the documentary basis must be clear.
The Internet numbers system does not need one grand word to legitimise every layer. It needs a candid stack of bounded relationships. IANA can perform a global allocation function. ICANN and the NRO can maintain a defined policy relationship. An RIR can be recognised for a region. A registry and holder can enter a contract. A certificate service can support verifiable technical statements. Networks can make their own routing decisions. Each proposition is strong when stated on its own evidence.
The test for future claims should be direct. Open the folder. Name the parties. Read the verb. Identify the entity. Follow the remedy. Find the replacement path. If the evidence proves recognition, do not call it delegation. If it proves certification, do not call it institutional accreditation. If it proves a bounded delegation, do not enlarge it through repetition.
Legitimacy does not come from choosing the most authoritative-sounding word. It comes from showing exactly what power exists, where it came from, how it is constrained and what happens when it ends.

