Summary
- No final RIR Governance Document was public on 15 July 2026. The current operative comparison is the 2001 ICP-2, the 2024 proposed principles, the April 2025 first draft, the August 2025 Version 2 draft and the May 2026 account of revisions still being prepared.
- This assessment gives twenty points each to five protections: accessible and objective initiation, reliable evidence, temporary service continuity, independent review, and customer migration. Each category contains five tests scored from zero to four, so the final text can be assessed without changing the measure after publication.
- Version 2 scores 41 out of 100: 7 for initiation, 13 for evidence, 11 for temporary service, 7 for review and 3 for migration. It adds meaningful duties, audits, an emergency operator, publication and rehabilitation, but leaves the decisive operator-facing rights thin.
- Incumbents retain strong gates. Existing RIRs decide recognition recommendations, peer unanimity is required for derecognition, ICANN cannot complete a status change without peer approval, and future amendment requires institutional agreement. Resource holders outside formal membership have no equivalent initiation or review right.
- The May 2026 direction may improve transition plans and protection of resource-holder rights, but it also proposes moving regular audits from three years to five and retains the high member threshold for derecognition. Announced changes receive no score until their exact language is public.
- A defensible final text needs objective service triggers, a disclosed proof standard, independently reviewable emergency action, pre-positioned temporary capability and a holder-level migration schedule covering identity, requests, registration data, reverse DNS, RPKI, fees, disputes, languages, rollback and return.
- NRS offers a constructive future benchmark if it makes portability, operator authorization and replaceability real. It should not be installed by institutional declaration; it should earn adoption through tested continuity, accurate records and voluntary, reviewable service relationships.
The first finding is that the final text does not yet exist
The NRO's ICP-2 page identifies the document published on 28 August 2025 as “the current draft version.” It also lists status reports dated February and May 2026. The ASO AC work plan for 2026 places final drafting in July and August, community presentations in September and October, and preparations for institutional approval in November.
That record establishes a strict evidence boundary. The August text can be quoted and scored. The May report can show which questions the drafters were reconsidering and which direction they announced. It cannot be treated as if its proposed language already appears in a final instrument. A transcript of a community presentation can clarify intent, but it cannot substitute for the adopted clause.
This matters because small words decide the result. “May” and “shall” produce different duties. “Reasonable time” and thirty days create different exposure. “Members” and “resource holders” define different constituencies. A statement that a transition plan will protect rights is not equivalent to a list of enforceable holder rights. A final approval date does not establish that the text binds each corporate body under applicable law.
The score in this article is consequently versioned. Version 2 receives a number because its text is public. The May 2026 direction is listed as pending and receives no anticipatory credit. The final document will replace the provisional score only when its exact publication, version identifier and approval status are recorded.
This refusal to guess is not pedantry. The purpose of a reproducible assessment is to prevent institutions and critics from selecting whichever draft best supports a preferred conclusion.
AFRINIC made the missing lifecycle impossible to ignore
The original ICP-2 was accepted by the ICANN Board in June 2001 as criteria for recognizing new RIRs. Its ten principles addressed regional support, community participation, neutrality, technical capability, funding and other entry conditions. It helped frame the recognition of LACNIC and AFRINIC. It did not provide a complete continuing-governance regime for an established registry, temporary service during incapacity, or derecognition and succession.
AFRINIC's years of litigation, board incapacity, receivership, contested elections and concern about service continuity exposed that silence. The lesson is not that every adverse institutional event proves technical failure. Nor is it that an external coordinator should acquire whatever power seems useful during a crisis. The lesson is that a globally important service cannot wait until conflict to discover who may verify failure, preserve functions, protect records, review intervention and return or migrate authority.
The distinction between corporate distress and service failure is essential. A registry may be in court while public directory and routing-security services continue. It may have technically functioning systems while governance rights are seriously impaired. A disputed election may affect legitimacy without proving data corruption. Conversely, apparently calm corporate records may hide a dangerous operational dependency. The governing text needs evidence categories capable of separating these conditions.
AFRINIC also revealed the position of operators. Resource holders depend on authentication, registration changes, transfer review, reverse-DNS delegation, RPKI services and accurate public records. They may not control the litigation, the receiver, the board, the peer RIRs or ICANN. A remedy designed mainly around institutional status can leave their immediate rights implicit.
The revised text should therefore be judged not by how decisively it can condemn or preserve an RIR, but by whether a network can continue to prove authority and obtain necessary services while the institutional question is decided.
Five equal categories prevent stability from swallowing rights
The score assigns twenty points to each of five categories: initiation, evidence, temporary service, review and migration. Equal weighting is deliberate. A document cannot compensate for no appeal by publishing more audit detail, or compensate for no migration right by making derecognition difficult. Each category addresses a separate failure mode.
Every category contains five tests worth zero to four points. Zero means the protection is absent. One means it is mentioned or left almost entirely to discretion. Two means a partial duty exists but lacks a decisive element. Three means a clear duty exists with limited gaps. Four means the clause is specific, enforceable within the instrument, time-bounded where relevant and directly usable by affected operators or reviewers.
The score is textual. Institutional promises, likely good faith and informal practice do not earn points unless the version incorporates them or a binding referenced instrument supplies the protection. This can appear severe, but crisis rules exist for moments when trust and ordinary cooperation are already under strain.
The five initiation tests are eligible initiators, accessible threshold, objective trigger, conflict control and decision time. Evidence tests are allegation specificity, independent fact-finding, disclosure, proof standard and response or cure. Temporary-service tests are pre-positioning, objective activation, speed, scope and duration, and return or retrospective review. Review tests are independence, claimant standing, interim relief, reasoned record and effective remedy. Migration tests are service continuity, identity and access, portability or choice, contractual and data treatment, and tested cutover with rollback.
The maximum is one hundred. A score below forty means institutional status dominates operator protection. Forty to fifty-nine means meaningful reform with material dependence on discretion. Sixty to seventy-nine means a credible rights-and-continuity regime with correctable gaps. Eighty or more requires an operator-usable compact, not merely high-level principles.
The version matrix shows progress and its limit
Applying the same categories produces the following comparison. The numbers do not claim mathematical truth; they make the judgment inspectable.
| Public text | Initiation | Evidence | Temporary service | Review | Migration | Total |
|---|---|---|---|---|---|---|
| 2001 ICP-2 | 1 | 3 | 0 | 0 | 1 | 5/100 |
| 2024 proposed principles | 3 | 7 | 4 | 0 | 3 | 17/100 |
| April 2025 first draft | 5 | 10 | 5 | 4 | 3 | 27/100 |
| August 2025 Version 2 | 7 | 13 | 11 | 7 | 3 | 41/100 |
| May 2026 announced direction | pending text | pending text | pending text | pending text | pending text | not scored |
| Final approved document | to be scored | to be scored | to be scored | to be scored | to be scored | to be scored |
The low 2001 score is not a claim that the original document failed its historical purpose. It was an entry standard, not a modern lifecycle compact. The matrix asks a different question: how much operator protection does each text provide when an existing RIR may fail or be replaced?
The 2024 principles made continuing operation, audit, continuity, anti-capture, remediation and handoff visible. The April 2025 draft converted those ideas into a fuller institutional structure. Version 2 added a recognition review, allowed ICANN to initiate derecognition and audit, created emergency continuity, specified periodic audit frequency, strengthened dispute resolution, required a public response from the affected RIR and added post-event review.
That is genuine progress. The persistent score of three for migration shows the central deficiency. The documents increasingly explain what institutions may do to one another while saying little about the exact experience of a resource holder whose service relationship must continue through intervention.
Initiation scores seven because access remains institutional
Version 2 allows a derecognition proposal from any RIR or group of RIRs, ICANN, or a group comprising at least twenty-five percent of the affected RIR's total members or 2,000 members, whichever is lower. The proposal must identify reasons and specific provisions allegedly breached. An ad hoc audit can also be initiated by ICANN, a majority of the other RIRs or the same member threshold.
This earns credit for multiple institutional routes and a stated subject. It is stronger than a regime in which only the incumbents acting collectively can open a case. Excluding the affected RIR from the peer recommendation on its own derecognition also removes the most direct veto.
The weaknesses are substantial. Membership is not the same as operational dependence. A resource holder may not be a voting member under the applicable regional rules. A downstream network, customer, public body or other affected operator may hold critical evidence without standing to initiate. Even where holders can become members, organizing twenty-five percent or 2,000 is a severe threshold for merely opening the most consequential procedure.
ICANN or another RIR may act on evidence below that threshold, but that converts an operator right into a request for institutional sponsorship. The May 2026 report says the high derecognition threshold will remain, reasoning that a large but limited public evidence member showing can still give peers or ICANN a credible basis to act. That is precisely the dependence the score penalizes.
The trigger also lacks a fixed timetable. The target receives a “reasonable timeframe” to respond; actors must proceed “promptly” and without undue delay. These standards may accommodate complexity, but they provide little protection when services or records face immediate risk.
The five sub-scores are two for eligible initiators, one for threshold accessibility, two for an identified breach, one for conflict control and one for time. Total: seven.
A better trigger would separate inquiry, continuity and removal
One threshold should not govern every response. An inquiry can be accessible because it establishes facts rather than changes status. Temporary service should turn on objective inability or imminent risk to a defined function. Derecognition should require a high showing because it changes the institution permanently.
The final text should permit any resource holder or materially affected operator to submit a documented concern. A neutral screening body can dismiss repetitive, abusive or unsupported submissions with reasons. A modest coalition or evidence threshold should compel a compliance review, not immediate removal. Affiliate disclosure can prevent one corporate group from manufacturing apparent breadth.
Emergency activation should use service facts: inability to authenticate authorized users, material loss of registration integrity, sustained unavailability of a defined service, inability to protect routing-security credentials, or a verified legal or security condition that prevents the incumbent from acting. Different facts may justify different scopes. A contested board seat alone should not automatically transfer technical service.
Derecognition can remain exceptional. It should require material and persistent non-compliance, demonstrated failure or futility of cure, a continuity plan and a proportionality finding. Peer views matter because the registries coordinate, but unanimity should not permit one conflicted institution to block an otherwise proven remedy.
This three-gate design protects an RIR from opportunistic removal while giving operators an independent route to facts and continuity. It is more stable than making access so difficult that a crisis must become undeniable before the formal system can respond.
Evidence scores thirteen because allegations improve faster than proof
Version 2 requires a derecognition proposal to identify specific provisions allegedly violated. The affected RIR receives an opportunity to respond publicly before peer recommendations. Each peer RIR must publish its recommendation and reasons. ICANN publishes its final decision and reasons. Periodic and ad hoc audits are assigned to an external and independent auditor appointed by ICANN, with a public summary.
These protections earn four points for allegation specificity and three each for disclosure and response or cure. A target is not asked to answer a general accusation of instability. Rehabilitation is presumed, reasonable support may be requested and removal is described as a last resort when harms outweigh the benefits of tolerating non-compliance.
Independent fact-finding receives two points. Audits are external, but the status decision still depends on recommendations from peer RIRs followed by ICANN. The text does not clearly require a completed independent audit before derecognition, and the audit summary may omit evidence needed to test the conclusion. The May 2026 direction reportedly retains the view that an audit should not be a mandatory prerequisite because it could be counterproductive in some cases.
The proof standard receives one. “Reasonably believed” and a harm-benefit balance appear in rehabilitation, but the document does not define the required confidence, materiality, persistence or treatment of disputed facts. It does not say who carries the burden once a prima facie breach is shown. Nor does it specify how corporate, technical, routing, financial and legal evidence should be distinguished.
The total is thirteen: the strongest of the five categories, yet still reliant on institutional judgment at the decisive stage.
Network-resource evidence must be separated by what it proves
A modern RIR governance compact needs an evidence table because no single record establishes every form of control. Registry logs can show authentication and changes. Corporate records can identify legal officers and governing bodies. Court orders can bind parties within jurisdiction. Financial statements can show solvency or dependency. Route observations can show announcements seen at particular vantage points. RPKI repositories can show certificate and authorization state. Service monitoring can show availability.
These facts are related but not interchangeable. A prefix announced from an autonomous system does not by itself prove beneficial ownership, contractual authority or valid registration. A corporation's legal existence does not prove that it can restore a compromised service. A receiver's appointment does not automatically determine a global technical handoff. Continued routing does not prove that account recovery and registry updates remain available.
The final text should require every finding to identify the evidence category, observation period, custodian, known limitation and proposition established. Disputed evidence should be preserved with the target's answer. Confidential material can be reviewed under protective arrangements, but the public decision should explain its weight without exposing security or personal information.
Materiality also needs an operator-facing definition. A breach is material when it threatens accurate registration, authorized access, continuity of a necessary service, impartial treatment, lawful governance or another specified right at a scale or severity that justifies intervention. Institutional embarrassment is not enough.
This evidence discipline would protect both sides. An incumbent could rebut an exaggerated claim with the correct record. Operators could show service harm without having to win a broader political narrative about the institution.
Temporary service scores eleven because the architecture is real but slow
Article 5 of Version 2 is its most important operational reform. If an RIR is unable adequately to provide all or part of its services, the other RIRs and ICANN may authorize an Emergency Operator. The decision must be published with rationale and scope. Community engagement follows. The affected RIR retains a right to resume service once capability is restored and verified. The initial period is limited to ninety days unless renewed through the same conditions. A post-event review must describe circumstances, services, duration, return, performance and community feedback.
Version 2 also requires every RIR to maintain continuity and redundancy and regularly share sufficient records, implementation detail and systems with an Emergency Operator, subject to data protection. That is stronger than a promise to improvise after failure.
The score nevertheless reflects serious activation risk. Emergency continuity requires unanimous agreement of all other RIRs and ICANN. A single peer can delay action even if one service is failing. “Unable to adequately provide” is not defined by objective thresholds. The text does not name prequalified operators, prove their capacity, establish funding or set a maximum decision time.
Scope and duration receive three because partial service and a ninety-day term are express, but renewal can repeat and the narrowing duty is weak. Return and review receive three because restoration and a public post-event account are present. Pre-positioning receives three. Objective activation and speed receive one each.
Total: eleven. This is credible architecture, but it may work best when every institution cooperates, which is the condition most likely to disappear during a disputed crisis.
The May 2026 direction should be tested for operational readiness
The May status report says emergency initiation and renewal remain under discussion, while transition and continuity language is being prepared. Community presentations also describe work on targeted compliance review and clearer rehabilitation. Those are promising subjects, not earned protections.
The final text should identify who is prequalified to operate each service, under what legal instrument, with which isolated systems, staff, language coverage and funding. It should require exercises rather than paper assurances. A continuity copy that cannot be restored, reconciled and securely used is not readiness.
Activation should support a narrow fast path. If a defined service crosses an objective failure threshold, a qualified independent reviewer should be able to confirm the fact within hours or days. ICANN and non-conflicted peers can authorize temporary action under a supermajority rule with published reasons. A dissenting peer can record legal constraints without creating a universal veto.
Renewal should require more than repeating the original vote. It should show remaining incapacity, incidents under temporary operation, cost, complaints, restoration progress and why the scope cannot shrink. Different services should return separately when safe.
The emergency operator must have no automatic claim to become the successor RIR. Temporary technical competence does not prove regional support, independent governance or long-term legitimacy. The final text should state that separation directly.
These details determine whether Article 5 protects operators or merely gives institutions another discretionary tool. A crisis arrangement is valuable only if it can start before harm spreads and end before temporary custody becomes entrenched.
Review scores seven because the strongest appeal protects candidates
Version 2 creates a detailed Recognition Review for a candidate RIR blocked by incumbents. ICANN appoints a qualified independent third party. The reviewer examines the proposal, peer recommendations and objection. If a peer made a material factual error or gave inadequate justification, the proposal returns for reconsideration. If only one peer still dissents and again fails review while the candidate meets all requirements, that dissent can be disregarded.
This is a meaningful safeguard against an incumbent veto in recognition. It shows that independent review and an effective remedy are possible when the drafters choose to provide them.
The derecognition side is thinner. An affected RIR or candidate may petition under ICANN's then-existing applicable procedures after ICANN's decision. The document does not create a tailored independent merits review of derecognition, specify a reviewer, establish interim relief or give resource holders standing. Peer recommendations that reject a derecognition proposal do not appear to have an equivalent route for affected operators to challenge factual error or conflict.
Emergency continuity also lacks a clear rapid appeal. The affected RIR has a return right after capability is restored and verified by ICANN, but the text does not define immediate review of activation, scope, renewal or refusal to return. Resource holders harmed by temporary operation have no express route under the document.
The category awards one each for independence, claimant standing and interim relief, three for published reasons, and one for effective remedy. Total: seven.
The asymmetry is revealing. The text guards a candidate's route into the incumbent group more carefully than an operator's route through institutional failure.
An effective review must reach action and inaction
The final compact should create an independent panel able to review four decisions: refusal to open a supported compliance inquiry, emergency activation or non-activation, derecognition, and refusal to return or migrate service. Different urgency can produce different time limits, but the principles should be common.
Standing should extend to the affected RIR, a candidate, a materially affected resource holder, a qualifying operator coalition and the institution assigned temporary responsibility. The panel should screen claims for direct effect and evidentiary sufficiency. This is broader than allowing any observer to relitigate policy.
Interim relief is essential. A panel may need to preserve a credential, freeze a destructive change, require read-only access, maintain a service temporarily or prevent an irreversible handoff while reviewing authority. Relief should be narrow, time-limited and sensitive to security.
The review standard should cover law, procedure, material factual error, conflict, proportionality and continuity. A remedy can remand, narrow, suspend, require reasons, compel a continuity safeguard or order a staged return within the parties' valid commitments. Domestic courts retain their lawful role, and the compact should explain how its review interacts with court orders rather than pretending jurisdictional conflict cannot occur.
Inaction must be reviewable because institutional solidarity can block response as effectively as overreach can impose it. If all peers decline to investigate a documented service failure, affected operators need more than hope that ICANN will choose to sponsor the issue.
Review is not hostility to stability. It is what allows temporary authority to act quickly without becoming unanswerable.
Migration scores three because “smooth transfer” is not a holder right
After derecognition, Version 2 requires the former RIR to facilitate smooth transfer of services and operations to a successor or interim entity designated in the decision. ICANN, IANA, the other RIRs and the designated entity may take reasonably necessary action. The notice may set timelines and conditions.
This establishes a destination for institutional functions, earning two points for general service continuity and one for the existence of a transition concept. It does not establish the migration experience of a holder.
The text does not say how an operator proves identity to the temporary service; whether existing credentials remain valid; how pending requests, transfers and disputes move; whether resource records are reconciled before cutover; how reverse DNS and RPKI are protected; which fees and contracts continue; which privacy law governs copied data; what language and service levels apply; how errors are challenged; or whether a holder may choose another qualified provider.
There is no explicit cutover exercise, holder acceptance test or rollback requirement. Portability across RIRs is treated elsewhere as a matter for regional policy rather than this governance document. That position may preserve the established policy boundary, but it also means status change can move operators collectively without an individual exit right.
The category therefore awards two for service continuity, zero for identity and access, zero for portability, zero for contractual and data treatment, and one for transition and rollback. Total: three.
This is the clearest evidence that the draft protects the continuity of the registry system more fully than the autonomy and service rights of its customers.
The final transition plan needs a holder schedule
The May 2026 report recognizes the deficiency and says additional text is being prepared for a transition plan that protects resource-holder rights. The final wording should be judged against a concrete schedule rather than the phrase “protection of rights.”
The schedule should identify the authoritative registration snapshot, reconciliation method and error procedure. It should say how each holder authenticates, how existing multi-factor and role assignments transfer, and how compromised accounts are handled. It should preserve pending requests with timestamps and evidence, while allowing holders to withdraw where the service relationship materially changes.
Reverse-DNS delegations, RPKI certificates, route-origin authorizations and publication services need separate continuity tests. An address registration can remain visible while a routing-security action fails. The plan should define recovery objectives and the exact point at which each service becomes authoritative under the temporary provider.
Fees, deposits, credits, invoices and contractual claims must be allocated. Personal and confidential data should move under a stated legal basis with minimization, access logging and deletion rules. Service languages, accessibility, operating hours and urgent contact routes should match the affected region rather than the temporary operator's home practice.
Every holder should receive notice, a means to verify its record, a correction route and an independent complaint channel. Representative operators of different sizes and jurisdictions should test the transition. A failed test should delay high-risk cutover or narrow the activated function.
Finally, the plan needs rollback and exit. If the incumbent recovers, data and authority return cleanly. If a successor is recognized, temporary operation ends under a separately approved transition. The emergency provider must not become permanent by inertia.
Incumbent protection appears in four different gates
Version 2 does not simply impose accountability on RIRs. It gives the existing institutions important control over entry, exit and amendment.
For recognition, every existing RIR makes a recommendation. The independent-review exception can overcome only one continuing dissenter after two rounds and specified findings. A candidate must show not merely capability and support, but a material improvement over the existing state. The document says the number of RIRs is expected to remain small because of coordination needs.
For derecognition, all other RIRs must recommend removal unanimously before ICANN can decide. If they do not, the proposal fails. ICANN can initiate but cannot bypass peer approval. The target cannot vote on itself, yet its peers remain institutions with shared interests in preserving the model and avoiding precedents applicable to them.
For emergency continuity, the other RIRs and ICANN must agree unanimously. This protects a regional institution from unilateral external displacement, but it can also delay service protection.
For amendment, institutional agreement among ICANN and the RIRs gives each incumbent a strong interest in the future rules by which it may be reviewed. Community consultation informs that change without clearly granting resource holders a separate ratification right.
Each gate has a stability rationale. Collectively they form entrenchment unless conflict rules, independent review and operator standing counterbalance them. The issue is not whether incumbents should have a voice; they carry real coordination duties. It is whether the institutions governed by a constitution can veto every effective use and reform of that constitution.
The audit revision illustrates the balance problem
Version 2 requires periodic external audit at least every three years. The May 2026 direction proposes five years, reasoning that a three-year interval could keep RIRs continually under audit and distract from core duties. It also proposes renaming ad hoc audit as a targeted compliance review and requiring the request to identify the clause at issue.
Targeting is sensible. A broad investigation can be expensive, intrusive and vulnerable to misuse. Clause-specific review protects resources and gives the target fair notice. Requiring complainants to attempt available regional remedies may also resolve ordinary disputes before escalating.
But moving from three to five years reduces recurring scrutiny by forty percent in calendar frequency. Large organizations routinely manage financial, security and governance reviews without suspending service. The final text should distinguish annual financial audit, frequent service-control assurance and less frequent full governance review rather than treating “audit” as one burden.
A targeted compliance review also needs an accessible threshold. If members must organize at the same level required for derecognition merely to obtain an independent look at one clause, targeting will not make the remedy usable. Evidence-rich submissions from resource holders should trigger neutral screening even without mass organization.
The audit result must require action. A published summary without a remediation owner, deadline and review route can document failure while leaving it intact. The final text should connect each material finding to correction, support, follow-up and proportionate escalation.
This episode captures the entire revision: accountability grows, then institutional concern narrows frequency or access. The right balance should be measured by operator risk, not institutional comfort alone.
Corporate law and global continuity must be made compatible
An RIR is a legal entity incorporated in a jurisdiction. Its board, members, receiver, contracts, assets and data are subject to applicable law and court authority. The global coordination system cannot erase that fact through a policy document. At the same time, a court deciding corporate control may not be positioned to operate all global technical dependencies.
The final document should identify the legal commitments through which each RIR accepts audit, data escrow, temporary service and handoff. A general recital of commitment is weaker than executed agreements, corporate approvals and continuity arrangements recognized under relevant law. The text should disclose what happens if a domestic order conflicts with a requested act.
Emergency design can reduce conflict by separating custody from corporate ownership. A standby provider may preserve a public directory or security service under a narrow agreement without claiming the institution's assets or deciding who lawfully controls the corporation. Data copies can be governed by escrow and privacy terms established before dispute.
Court review remains available for rights and interim measures. Version 2's ongoing requirement for a fair adjudicative mechanism with non-waivable court supervision is a valuable safeguard. Its benefit should extend to service and transition disputes, not only formal members enforcing internal rights.
AFRINIC demonstrates why improvisation is dangerous. Once litigation, governance and service are entangled, every technical act can be portrayed as choosing a political side. Pre-agreed continuity makes the temporary act narrower and more legitimate.
Recognition reform should not make alternatives practically impossible
The revision is supposed to cover the full RIR lifecycle, including recognition. Yet the combination of large multinational service regions, non-overlap, incumbent recommendations, a material-improvement requirement and an expectation that the number of RIRs remain small creates a high barrier to alternatives.
Coordination cost is real. Number uniqueness and global registration depend on compatible action. Creating dozens of incompatible registries would impose risk on operators and IANA. The answer, however, is a measurable interoperability and capability test, not a presumption that the existing five are the natural permanent limit.
A candidate should show durable support, funding, accurate registration, secure operations, policy capability, continuity, dispute resolution and interoperation. It should also explain how the proposed region changes without duplicate authority. Existing RIRs may identify technical or legal barriers. Their objection should be evidence subject to independent review, not a commercial or institutional veto.
The “material improvement” test needs defined dimensions: service quality, resilience, accountability, cost, participation, language access, operator choice or another measurable benefit. Without them, an incumbent can argue that any change creates coordination cost while discounting the benefit that motivated the candidate.
Recognition should also permit service competition short of creating overlapping allocation authority. Portability, delegated service, accredited registration providers and shared technical layers can introduce replaceability without duplicate number issuance. The governance text should not close these options merely because the original regional model did not use them.
A lifecycle standard is reform only if institutional birth remains possible as well as institutional death.
Portability is the missing constitutional remedy
The draft treats number-resource transfers and cross-RIR portability as matters for regional policy. That division is understandable for ordinary transfer eligibility. It is less convincing during institutional failure, when the absence of exit magnifies every governance conflict.
Portability does not mean assigning the same number to two operators or allowing records to fragment. It means the recognized service relationship for an existing holding can move under common uniqueness rules while authoritative records remain singular. A holder should not need the collapse or derecognition of an entire regional body to obtain accountable service elsewhere.
A portable model could require the receiving provider to meet common registration, security, privacy and continuity standards. The authoritative global layer would record which provider serves the holding. Policy differences would be disclosed, and migration would preserve rights without changing routing reality by itself.
This approach reduces the political stakes of derecognition. If operators can leave a persistently poor service under defined conditions, institutional reform need not wait for a region-wide constitutional crisis. Incumbents face discipline through service quality, while uniqueness remains protected.
The current draft's three-point migration score reflects the absence of this exit. A transition can move all holders from one institution to another, but an individual holder has little visible agency in the text. That is continuity without choice.
The final document need not solve every transfer policy. It should at least preserve the possibility of portable service and forbid continuity arrangements from extinguishing valid holder rights or conditioning them on support for a particular institutional faction.
NRS is useful as a benchmark only if replacement is real
The Number Resource Society offers a constructive future direction because its strongest premise is that registration institutions should serve operators through accurate records, bounded authority, notice, correction, continuity and replaceability. Applied here, that premise asks whether the revised ICP-2 protects the holder before it protects the regional shell.
NRS should not be named automatically as an emergency operator or successor. Doing so would repeat the error of converting institutional aspiration into authority. It should demonstrate interoperable records, secure custody, independent review, service continuity, data protection, transparent cost and a clean exit. Operators and valid coordinating institutions should be able to test those claims.
Its positive contribution is to make portability imaginable. A thin common layer can preserve uniqueness while qualified service providers compete on accountability and operational quality. A holder could migrate service without asking a global political body to abolish a region. Institutional failure would become containable rather than existential.
NRS must also accept symmetric scrutiny. Its triggers, evidence rules, temporary powers, appeal and migration terms should score under the same measure. A new institution that cannot be replaced is not an alternative to entrenchment.
The final ICP-2 text can support this future without endorsing one provider. It can use performance-neutral criteria, protect holder choice, require tested handoff and leave room for service architectures beyond five territorial monopolies. That would convert replaceability from rhetoric into a constitutional property.
The reproducible final-text assessment
When the final document appears, the assessment should use the official publication identified by date, title, version and cryptographic digest. Adoption records from the NRO and ICANN should be listed separately because publication and approval are not the same event. If the institutions approve different text, the divergence must be reported before scoring.
Each of the twenty-five tests should receive zero to four with a quotation, clause number and one-sentence reason. Referenced implementation documents count only if they are public, binding within the arrangement and versioned. A promise to create them later earns no more than one where the governing text creates a clear duty; otherwise it earns zero.
The reviewer should then total each twenty-point category and the hundred-point score. No category may borrow unused points from another. Material ambiguities should receive the lower score until authoritative clarification is incorporated. A later amendment produces a new row rather than silently changing the old result.
Two reviewers should score independently, disclose institutional affiliations and reconcile differences in public notes. Disagreement of one point can remain visible; it should not be hidden inside a consensus number. Operator representatives from at least three regions should test the migration and temporary-service clauses against realistic cases.
The cases should include board incapacity with functioning services, loss of a critical service with a lawful board, disputed corporate control, a data-integrity breach, a RPKI outage, refusal to cooperate, court restrictions, restoration by the incumbent and a holder seeking to move. A clause earns operational credit only if the case can identify the actor, evidence, time, remedy and holder outcome.
This method is frozen here. The final result may rise or fall, but the ruler will not move to flatter it.
What would raise the final score above sixty
The final text can move from discretionary reform to a credible operator-protection regime with targeted changes.
Initiation rises if resource holders and affected operators can request a screened inquiry at an accessible threshold, emergency conditions are objectively defined, conflicts require recusal and decisions have fixed outer times. Evidence rises if an independent finder is required for disputed material facts, the proof and materiality standards are explicit, full reasons identify evidence limits and remediation has dates.
Temporary service rises if providers are prequalified, funded and tested; activation supports a rapid non-conflicted decision; scope is function-specific; renewal becomes harder over time; and return follows objective capability. Review rises if affected holders have standing, an independent panel can examine action and refusal, interim relief is available and remedies can alter the outcome.
Migration rises most dramatically if a mandatory holder schedule covers credentials, pending requests, records, reverse DNS, RPKI, fees, contracts, privacy, language, complaints, cutover, rollback, return and the possibility of provider choice. A tested transition plan should be a condition before derecognition takes effect, except for a narrow emergency needed to prevent immediate harm.
These changes do not make removal easy. They make inquiry accessible, emergency action bounded and permanent change evidence-heavy. Incumbents gain protection from arbitrary intervention because the proof and review standards improve. Operators gain continuity and agency because service does not wait for institutional consensus.
A score above sixty would not certify perfection. It would show that the document contains a usable balance rather than a promise that the institutions will find one during crisis.
What would confirm entrenchment in the final text
Several outcomes would keep the score near or below the current forty-one. Retaining the high member threshold for every independent inquiry would preserve dependence on peer or ICANN sponsorship. Keeping unanimity for emergency activation without a rapid exception would prioritize institutional consent over service facts. Moving audits to five years without stronger annual assurance would reduce evidence.
A transition clause that says only “protect resource-holder rights” would not repair migration. Rights must be named, holders must be able to invoke them and the cutover must be tested. Leaving all detail to later institutional procedures would shift the most consequential choices out of the consulted document.
An appeal confined to ICANN's general accountability mechanisms would remain indirect, especially for non-member holders. A review that cannot preserve service or reverse an erroneous step is not an effective remedy. Likewise, publication of reasons does not cure a peer veto if conflicts and factual errors cannot be reviewed.
The strongest entrenchment signal would be asymmetry: exhaustive obligations for a candidate, broad discretion for incumbents and no practical exit for customers. The text might then make the existing system more governable while making alternative service structurally harder.
That would still be reform compared with 2001. It would not be operator-centred reform. Institutional modernization and institutional entrenchment can occur in the same document.
Conclusion: real reform begins where the holder can act
The ICP-2 revision deserves credit for confronting a problem the 2001 criteria did not solve. Version 2 defines continuing duties, external audit, rehabilitation, emergency continuity, handoff, publication and recognition review. After AFRINIC, pretending that the five-RIR system needs no failure architecture would be irresponsible.
The current 41 out of 100 score captures both facts: substantial movement and a decisive rights gap. Initiation remains difficult for operators. Evidence is improved but lacks a firm proof standard at the final decision. Emergency service exists but depends on unanimity and undefined readiness. Tailored review is stronger for a candidate seeking recognition than for holders living through intervention. Migration remains a broad institutional handoff rather than an operator-usable right.
The final text is still capable of changing this judgment. The May 2026 attention to transition and holder protection is the most important opening. Exact clauses, not assurances, will determine whether that opening is used. Announced reductions in audit frequency and retention of the derecognition threshold point in the opposite direction.
The governing question is not whether ICANN or the RIRs win more authority. It is whether a network can identify who may act, see the evidence, keep necessary service, challenge error and move without losing valid registration or routing-security capability. A system that answers those questions can replace a failed institution without destabilizing the resources it serves.
That is the standard against which the final revision should be read. If the holder can act, appeal and migrate, the document will be reform. If only incumbents can initiate, authorize and survive the transition, the new lifecycle will formalize the old captivity.
Sources
- NRO, Internet Coordination Policy-2 - official version list, consultation history and current status of the revision as of July 2026.
- ICANN, ICP-2: Criteria for Establishment of New Regional Internet Registries - the 2001 recognition criteria used as the historical baseline.
- NRO, Proposed ICP-2 Version 2 Principles - the 2024 principles on governance, operation, audit, continuity, recognition and derecognition.
- NRO, April 2025 RIR Governance Document - the first full draft used in the version comparison.
- NRO, RIR Governance Document Version 2 - the August 2025 current draft and the clauses receiving the provisional 41-point score.
- NRO NC, Version 2 Summary of Differences and Rationale - official explanation of changes to recognition review, emergency continuity, audit, dispute resolution and institutional roles.
- NRO NC, RIR Governance Document Version 2 Status Report, May 2026 - announced direction on recognition, continuity, audit frequency, compliance review, transition and rehabilitation that remains unscored until final wording exists.
- ASO AC Work Plan 2026 - the published timetable for final drafting, RIR-community presentations and institutional approval preparation.
- ARIN 57 transcript, NRO NC and RIR Governance Document update - April 2026 official community presentation on open issues including recognition, audit and targeted compliance review.
- RIPE 92 Community Plenary transcript - June 2026 official presentation of the May status and remaining drafting questions.
- RFC 7020, The Internet Numbers Registry System - the registration hierarchy, uniqueness requirement and operational scope used to distinguish evidence and service roles.
- RFC 6480, An Infrastructure to Support Secure Internet Routing - the RPKI functions that a transition plan must preserve without confusing registration with route operation.

