Summary

  • Singapore required mobile number portability when mobile competition began on 1 April 1997. Its first call-forwarding solution preserved the visible number but left the original operator in the delivery path. Full portability later used a centralized database approach, showing why the architecture behind an exit right matters.
  • Hong Kong introduced mobile portability across operators in March 1999 and maintains administration-database specifications. North America's portability system uses neutral administrators and common databases to distribute the current association between ported numbers and provider routing information.
  • Porting changes the provider and routing treatment associated with a number. It does not allocate the same number to two subscribers. A valid process serializes requests, authenticates authority, sets a cutover and makes the prior provider state historical when the new state activates.
  • European, British and Australian rules add the elements that make the right executable: receiving-provider coordination, one-working-day or measured service targets, limited interruption, no direct porting charge, compensation, reactivation after failure, identity checks and reversal of erroneous or fraudulent ports.
  • NRS can apply the same constitutional separation to Internet number registration: the IP prefix or ASN remains stable, the holder remains the same, and one registry-service-provider pointer changes. Registration data, reverse DNS and RPKI then follow function-specific transition rules.
  • A neutral clearing layer must be narrow and replaceable. It orders the transition and preserves the audit trail; it does not own the number, decide routing policy or become a superior registry sovereign.

Singapore opened competition with portability in 1997

Singapore did not wait for mobile competition to mature before considering exit. The regulator required mobile number portability as a licence condition from the start of competition on 1 April 1997. The official information paper gives the reason plainly: allowing subscribers to retain their numbers lowers a barrier to changing operator and supports competition.

That timing matters. Portability was not treated as a benefit to add after carriers accumulated customers whose identities were tied to them. It was part of the competitive settlement. A new provider could ask a subscriber to compare coverage, price and service without also asking them to surrender the number already distributed across their social and commercial life.

The first technical solution was modest. The donor network used call forwarding. The subscriber kept the old visible number, while the recipient assigned another number and calls to the old one were forwarded. Regulators and operators considered other approaches, but standards maturity, roaming, support for messaging, cost and required network change affected what could be deployed in 1997.

The arrangement proves the first institutional point: a unique number did not have to remain commercially captive to the original provider. It also reveals the weakness of incomplete portability. The donor stayed in the path. The subscriber could leave as a customer while traffic still depended on infrastructure controlled by the institution being left.

Registry portability faces the same design choice. A reform can preserve a right in name while leaving every consequential query or security function dependent on the former administrator. That is an interim bridge, not complete exit.

Call forwarding preserved reachability, not independence

The Singapore design used two numbers behind one public identity. The caller dialed the familiar number. The original network translated or forwarded the call to a number associated with the new provider. From the caller's perspective, continuity worked. From the system's perspective, the old carrier remained an intermediary.

That dependency created several limits. The original network carried continuing operational responsibility and cost. Failure or misconfiguration there could affect a former customer. Services other than voice required additional treatment. As messaging became ordinary, a portability arrangement that did not initially carry SMS looked less complete. Recurring portability charges also weakened the economic right by turning exit into an ongoing tax.

Singapore's regulator responded over time. It required SMS portability and ended recurring customer charges. Later it moved toward full mobile number portability using a centralized database and direct-routing approach. The progression is instructive because it separates three meanings often collapsed into one word.

Reachability portability means the old identifier still reaches the user. Service portability means the relevant calls, messages and features work after the move. Provider independence means the former operator no longer remains an unavoidable transit or authority point.

NRS should promise all three at the registration layer. A former RIR returning a referral can help during transition. It cannot be the permanent place from which the new provider derives legitimacy. RDAP discovery, reverse-DNS delegation and RPKI continuity need paths that survive the incumbent's failure or refusal.

Portability is incomplete while the provider being left still owns the only bridge to the future.

Full portability required a common answer

Singapore's 2006 review considered a centralized database and all-call-query approach. The regulator decided to procure a centralized database administrator, and full mobile number portability launched on 13 June 2008 after a migration from the call-forwarding arrangement.

The change did not make mobile operators identical. Each still sold service, operated a radio network, billed customers, managed capacity and competed on plans. The common layer answered a narrower question needed by all of them: where should this ported number be served now?

Once the answer came from shared current state, the original provider no longer had to receive every call merely because it first held the number. An originating network could consult portability information and route toward the recipient. The subscriber's number stopped carrying a permanent technical allegiance to the first carrier.

This is the decisive institutional move. Portability becomes durable when the stable identifier is resolved through neutral current state rather than through the memory of the incumbent. The shared database does not own the customer's number. It records the association on which competing networks rely.

A number-registration clearing layer should have the same narrow role. It should identify the qualified provider currently responsible for maintaining and publishing the registration state of a prefix or ASN. It should preserve the ordered history of changes. It should not run the holder's network, approve its business model or decide how other networks route.

The common answer is justified by uniqueness. Its narrowness is justified by autonomy.

Hong Kong made the receiving operator the practical doorway

Hong Kong introduced mobile number portability across all mobile operators on 1 March 1999. Current consumer guidance retains a simple institutional design: the subscriber applies to the preferred new operator, which passes the information to the original operator for verification. When the port succeeds, the new service begins and the old operator terminates the former service.

The regulator also publishes technical requirements for a database solution and a functional specification for the administration database. Consumer choice and machine coordination are therefore two faces of the same right. The customer needs one front door; the providers need one interoperable account of what the decision means.

The receiving-operator model aligns incentive with responsibility. The new carrier wants the customer and has reason to complete the move. The donor contributes validation but does not control the customer journey. This reduces the opportunity for retention friction and prevents the subscriber from becoming project manager between rivals.

For registry switching, the receiving provider should likewise accept the holder's instruction, verify its representative, open the transaction and coordinate completion. The incumbent can identify a genuine mismatch, active lawful hold or overlapping claim. It should not require the holder to prove that leaving serves the incumbent's policy objectives.

The neutral clearing layer then prevents the recipient's commercial enthusiasm from becoming unilateral appropriation. It checks that the request refers to the current state, that authority evidence meets the rule and that no incompatible transition is already pending. Receiving-provider leadership and neutral ordering are complementary, not contradictory.

North America separated the carriers from the portability administrator

The United States developed local number portability through shared regional databases known collectively as the Number Portability Administration Center/Service Management System. The FCC's technical requirements describe each regional database as operated by a Local Number Portability Administrator neutral and independent from telecommunications carriers.

Earlier FCC orders required an independent, non-governmental administrator not aligned with a particular industry segment. That requirement recognized an obvious conflict. If one carrier controlled the common record, competitors would have to trust the firm from which customers might be departing. Neutrality was not an aesthetic preference. It was a condition for shared reliance.

The documented process is broader than a simple lookup table. It includes provisioning, disconnection, repair, conflict handling, disaster recovery, cancellations, audits, reports and data administration. Interfaces connect carrier order systems and local service-management systems to the common state. A port is therefore managed across its life cycle, including cases in which the happy path fails.

The administrator can also be replaced. The FCC has overseen selection of successor administration rather than treating one vendor as identical to number portability itself. That distinction is essential. A neutral function may be critical, but criticality does not confer immortality on its operator.

NRS should adopt both lessons. Competing registry-service providers should not control one another's exits. The neutral service needs defined business processes beyond activation. And the operator of that service must be substitutable through public requirements, exportable state and rehearsed succession.

A port changes an association, not the digits

Telephone numbering plans allocate blocks and define valid numbers. Carriers receive number resources under national rules and assign numbers to subscribers. Before portability, the leading digits often provided a useful clue to the serving network because the assignee of the block and the current provider were usually the same.

Portability breaks that inference. The number remains syntactically the same, but the current provider may differ from the original block holder. Networks therefore need additional state to route correctly. The common record does not create another number. It says that this number, formerly reached according to its block origin, is now served through a different provider association.

This distinction resolves the duplicate-number objection. Duplication would mean incompatible current claims for the same identifier. Portability means one current claim changes in an ordered transaction. The past association remains in history; it does not remain effective.

The equivalent Internet-number design should separate the resource from the provider that serves its registration. A prefix is still the same bit range after a service switch. An ASN is still the same identifier. The holder remains the same unless a separate transfer changes it. The provider pointer changes.

That pointer should not be confused with route origination. A network may authorize another network to originate its prefix, use multiple origins or leave a resource unannounced. Registry service and routing operation are related but distinct. Portability changes who maintains the recognized registration state, not which path every autonomous system must select.

Stable identity, current service and operational use need separate fields precisely so one can change without silently rewriting the others.

Serialization is the cure for duplicate authority

A trustworthy port begins from an identified current state. The request names the number, donor, recipient, subscriber authority and desired activation. The process validates the request, schedules a change and distributes the result. It does not accept two unrelated activations as equally current.

The number-registration equivalent should use a monotonic version for each resource set. A switch request references the current version. The neutral coordinator permits only one overlapping provider change to reach activation. At cutover it compares the expected version, changes the provider pointer and issues the next version atomically.

If a second request arrives, it cannot race around the first. It waits, is withdrawn or begins again from the new current state. If the holder wants to divide a prefix portfolio, the resource sets must be explicitly non-overlapping before independent changes proceed. If two people claim to represent the holder, the conflict pauses activation while the last verified state remains effective.

Every entity receives a signed receipt. The donor can prove when its service authority ended. The recipient can prove when its duty began. Relying systems can reject a stale version without deciding the entire legal history themselves.

This is not central ownership. It is ordered state. Distributed databases can replicate the result, and independent auditors can verify the chain. What must be logically singular is the answer to which provider state is current for a given version.

Uniqueness is preserved by refusing concurrent incompatible truth, not by refusing provider change.

Donor, recipient and coordinator need different powers

Portability systems work because they divide roles. The subscriber authorizes. The recipient accepts the prospective service relationship and submits the request. The donor validates bounded facts about the existing account and ends service at cutover. The neutral administrator orders and distributes the transition. Regulators define rights, outcomes and enforcement.

Concentrating these powers would recreate lock-in. If the donor both validates and decides whether the port is desirable, verification becomes a veto. If the recipient can activate without neutral ordering, fraudulent or conflicting ports become easier. If the coordinator can adjudicate every ownership dispute, a technical clearing function becomes a court without the necessary authority.

For NRS, the holder authorizes the switch. The receiving registry verifies that it can provide required services and opens the transaction. The incumbent supplies a signed export and may raise only defined holds. The coordinator serializes state and publishes activation. An independent reviewer handles disputed authority or wrongful delay. Courts and lawful public authorities retain their proper jurisdiction.

Each actor should be able to say no only within its function. A recipient may decline a customer under published qualification and legal rules. An incumbent may flag a credential mismatch. A coordinator may reject a stale version or overlapping request. A reviewer may stay a transaction on evidence. None may convert a narrow decision into ownership of the resource.

Separation of powers is not bureaucratic excess. It is what allows exit without turning ease of movement into ease of theft.

The cutover is a governed moment

Porting appears instantaneous to the subscriber only because institutions prepare around a defined activation. Before cutover, the donor still serves the number. After cutover, the recipient does. Networks update routing treatment. Billing and customer-service responsibility change. A period of limited disruption may exist, but the intended boundary is clear.

European rules make that moment enforceable. Article 106 of the European Electronic Communications Code requires a number agreed for porting to be activated within one working day on the agreed date. It limits loss of service, requires reactivation after a failed port and supports compensation for delay or abuse. The right is not merely to receive permission. It is to reach an operational state.

A registry cutover needs the same clarity with more service-specific preparation. The incumbent remains responsible for the last verified state until activation. The recipient pre-stages registration publication and any permitted security material. At the agreed moment, the provider pointer changes. Discovery and relying systems receive authenticated updates. Specialized checks confirm that the new services answer correctly.

If activation fails before the new state is safe, the process restores the last verified state. It does not leave the resource between providers while institutions debate blame. A rollback receipt explains what happened and who owns the next repair step.

The governed moment turns continuity from a hope into an allocation of duty.

Direct routing removes the original carrier from the path

Mobile portability has used several routing architectures. In onward routing, calls may reach the original network first and then be forwarded to the recipient. In all-call-query or direct-routing arrangements, an originating network consults portability information and routes according to the current provider association.

Both can preserve the visible number. They do not create equal independence. Onward routing leaves the original carrier operationally involved and can create inefficient paths, continuing cost and a failure dependency. Direct routing relies more heavily on accurate, available and widely distributed portability data.

The trade-off is not simply central versus decentralized. It is where reliance sits. A shared database can become a critical point, but it can be replicated, audited, procured under neutrality rules and operated with disaster recovery. An incumbent forwarding path is also concentrated, except its conflict is hidden inside the old commercial relationship.

NRS should prefer direct discovery of the current registry-service provider over permanent referral through the former RIR. A bounded referral period remains useful for stale clients, just as call forwarding can bridge a transition. But qualified relying systems should be able to resolve current service independently from a replicated neutral record.

The old provider then leaves the path honestly. It may preserve historical evidence and answer audits. It no longer controls whether current registration queries, corrections or security services reach the successor.

Portability is strongest when departure removes both the bill and the choke point.

Distribution is as important as the central decision

A perfect portability record is useless if networks do not receive it. North American portability architecture therefore connects the shared service to provider systems that provision and distribute current number information. The central decision and local execution form one system.

Internet number registration requires a wider set of relying functions. RDAP clients need to discover the current registration provider. Reverse-DNS delegations may need controlled change. RPKI relying parties must receive coherent publication under the applicable trust arrangement. Transfer counterparties, abuse desks and security researchers may need current contact and status information. None should infer provider authority from an abandoned endpoint forever.

The coordinator should publish authenticated change events through open interfaces. Qualified providers and discovery services can consume them, verify sequence and update local state. Periodic full snapshots allow recovery if an event is missed. Independent monitors compare visible services against the current pointer and report divergence.

Distribution must respect privacy and function. Public relying parties do not need every authorization document. They need the current provider, resource scope, state version and public status necessary to verify service. Restricted evidence can travel only to the holder, providers and authorized reviewers.

The aim is convergence without surveillance. Every relevant system should reach the same current answer, while no central actor receives an unnecessary copy of every private fact.

A neutral clearing layer coordinates state. It should not become an all-seeing dossier simply because many services rely on the outcome.

Ofcom turns portability into a claimable right

In the United Kingdom, a customer who wants to keep a mobile number can obtain a Porting Authorisation Code and provide it to the new provider. Ofcom guidance says the number should normally be ready on the new service within one working day after the recipient receives the code.

The rules address more than timing. Customers should not be charged directly for porting. They retain a period after termination in which they can request the number. Providers must offer reasonable compensation for delay or abuse. If a port fails, the number and related service must be reactivated until completion. The regulator can enforce the conditions, and an independent industry process can address wrongful refusal.

This collection turns portability into an executable right. A code gives the customer a portable authorization. The recipient owns the next step. A clock defines lateness. Compensation gives delay a consequence. Reactivation protects continuity. Independent override prevents the donor from being final judge of its own refusal.

An NRS portability credential should serve the same purpose without becoming a bearer instrument that can be stolen easily. It could combine a transaction-specific authorization, strong holder authentication, named recipient, resource set, expiry and out-of-band confirmation. The old provider verifies that it matches the current holder record; the coordinator prevents reuse.

The essential point is that the holder receives something capable of moving the process forward. A right trapped in the incumbent's account interface is not portable authority.

Fast porting requires strong fraud controls

The qualities that make a number valuable also make it attractive to thieves. A mobile number now receives authentication messages, password resets and alerts for financial, social and government services. A fraudulent port can therefore transfer more than communications reachability. It can provide a path into the subscriber's digital life.

Australia's regulator requires additional identity verification before mobile porting. Depending on the channel, the gaining provider may place a call to the existing number or send a unique code to the device. The published service standards say that 90 percent of ports must complete within three hours and 99 percent within two business days, while erroneous or unlawful ports have a reversal process.

The FCC's 2023 port-out-fraud rules add secure authentication, customer notification, account locks, fraud reporting, remediation and records of the measures used. These controls do not contradict portability. They distinguish the holder's right to leave from an impostor's attempt to take control.

Registry-service portability needs even stronger authorization because a prefix or ASN may support many customers and high-value infrastructure. A request should require multiple factors resistant to compromise, current corporate authority, confirmation through more than one established channel for high-risk moves and a visible cooling period where threat conditions justify it.

Security must not become incumbent discretion. The accepted methods, risk triggers and maximum delays should be public. A holder using valid strong credentials should not be trapped because the provider prefers an undocumented review.

Fast exit and secure exit are not opposites. The mechanism should make legitimate authority easy to verify and illegitimate authority hard to hide.

A transfer lock must belong to the holder

Customer account locks can prevent unauthorized number ports. Their legitimacy depends on who controls them and how they are removed. A lock chosen by the subscriber is a security tool. A lock imposed indefinitely by the carrier because departure is inconvenient is captivity.

NRS should offer holder-controlled portability locks with explicit scope and recovery. A holder could require two officers, a hardware credential or a waiting period before a registry-service change. Critical networks could pre-register emergency contacts and an independent recovery authority. The coordinator would display the lock to every prospective recipient.

Removing the lock should be at least as well authenticated as setting it. Emergency recovery should create conspicuous notices and a mandatory review after use. No provider employee should be able to remove it silently, and no single compromised email address should be sufficient.

Provider- or court-imposed holds are different. They require a legal or contractual basis, a reason, a start time, an expiry or review date and an independent challenge route. They should affect only the transition necessary to preserve the disputed position. They should not suspend routing or unrelated services by default.

The distinction allows security without mandate expansion. The holder can choose friction against fraud. Public authority can impose a lawful restraint. The incumbent cannot label its own preference a security lock and make exit impossible.

A portability right includes the right to protect the port, but also the right to know who locked it and how the lock ends.

Reversal protects identity better than denial

No authentication system eliminates error. Portability therefore needs a route back. Australia's rules refer to reversal where a port is mistaken or unlawful. European and UK rules require reactivation after failure. The North American portability process includes repair, conflict and cancellation functions.

These remedies reflect a sound principle: a reversible transition can permit more confident movement than a system that tries to prevent every risk through incumbent control. If the only safe policy is never to change provider, the provider has converted security into monopoly.

For number registration, reversal should restore the last verified provider state when evidence shows that activation was unauthorized or technically failed. The coordinator retains both versions, the authorization trail and the exact sequence of dependent-service changes. Restoration is another ordered transaction, not deletion of embarrassing history.

Some effects cannot be reversed by changing one pointer. A leaked credential must be revoked. RPKI publication may require repair. Reverse-DNS changes may remain cached. Counterparties may have acted on a false record. The incident process should therefore publish an authenticated correction, notify affected services and preserve evidence for legal and financial remedies.

The existence of reversal does not justify careless activation. It limits damage when preventive controls fail. The standard should measure time to detection, restoration and complete propagation, not merely whether the database pointer was changed back.

Portability protects identity only when the system can admit and repair its own mistakes.

The registry analogy begins with three separations

Mobile portability separates the telephone number from the current carrier. A usable NRS design needs three related separations.

First, the resource identifier must be separate from the holder. A prefix or ASN can remain the same while corporate control changes through a separately authorized transfer. Conversely, registry-service portability can occur while the holder remains unchanged.

Second, the holder must be separate from the registry-service provider. The provider maintains and publishes recognized state. It does not acquire the number resource merely because its systems contain the record.

Third, registry service must be separate from routing operation. A provider change does not command BGP acceptance. It does not force an operator to announce a prefix or determine which autonomous system originates it. Registration and RPKI may influence relying decisions, but the clearing layer should not pretend to be the data plane.

These separations prevent the portability transaction from carrying hidden consequences. The request can say: the resource is unchanged; the holder is unchanged; routing authorization is preserved or transitioned under a named plan; only the registration-service provider changes from A to B.

If another fact also changes, it receives its own evidence and authorization. A merger-related holder transfer should not be smuggled through a service switch. A route-origin change should not be mistaken for proof of title. A disputed record should not be erased because the provider changed.

Mobile portability works because the consumer understands that the number stays while the carrier changes. Registry portability needs the same intelligible sentence.

RPKI must move by authorization, not by disappearance

Telephone portability changes routing treatment for calls. Number-resource portability may interact with RPKI, where certificates and signed route-origin authorizations influence how networks classify BGP announcements. A careless provider switch could therefore make legitimate routes appear invalid even if the registration pointer changed correctly.

The migration plan should preserve the holder's expressed route-origin intent through a controlled transition. The recipient prepares the required certification state. The incumbent continues the last valid publication until the agreed boundary. The cutover checks repository availability, manifest consistency and the expected authorization set from independent vantage points. Revocation or withdrawal occurs only when successor material is safely available under the applicable trust arrangement.

Where the trust model does not permit seamless provider substitution, the limitation should be named rather than hidden. The holder may need a staged credential change or a temporary arrangement with explicit dates. Portability policy should then create pressure to remove that dependency through technical work, not convert it into a permanent institutional veto.

The clearing coordinator records readiness and sequence. It should not sign every route authorization itself. Centralizing all keys would replace provider lock-in with coordinator lock-in and enlarge the consequences of compromise.

Mobile portability teaches that routing support has to follow identifier continuity. It does not imply that every routing-security function belongs in one database. Preserve the intent, order the transition and keep signing authority at the narrowest competent layer.

Reverse DNS and registration data need direct discovery

After a service switch, a person querying registration information should reach the current provider without knowing the resource's institutional history. The former provider can offer a signed referral during transition, but common discovery should identify the recipient directly.

RDAP already supports machine-readable registration queries, while bootstrap and referral mechanisms can direct clients toward services. An NRS portability layer should publish current provider associations in a form that independent clients can verify and cache for a bounded period. A stale response should carry a version that exposes its age.

Reverse DNS requires a different transition. Delegations and served zones should be pre-validated, changed at cutover and monitored across caching periods. The holder should receive evidence that the successor answers correctly. If the provider supplied hosted DNS, the zone content and authority to update it must be portable under an explicit service agreement.

These functions illustrate why one common pointer is necessary but limited public evidence. The pointer orders authority; each service follows its own safe activation. A mature portability transaction contains both levels and does not declare success while a critical dependent service remains broken.

The quality measure should be user-visible continuity. Registration data resolves to the current source. Reverse names continue to answer. Authorized routes do not become invalid because an institution changed. The old provider does not remain a silent dependency.

Provider exit is real only when the functions that made the provider important can follow.

Portability must carry disputes but deny self-help

A mobile carrier may reject or pause a port for defined validation failures. It cannot keep the subscriber merely because retention is profitable. Number registries need the same boundary under more complex claims.

An active court order, documented fraud alert, conflicting corporate authority or overlapping resource claim can justify a hold. The hold should be visible, narrow and reviewable. The last verified state remains effective unless a competent decision requires otherwise. Unrelated services should continue.

Ordinary institutional disagreements should not justify refusal. A registry cannot turn a policy dispute, criticism, pending membership vote or contested fee unrelated to the portability service into a claim over the identifier. Nor should a holder be able to move providers to erase a debt, hide a dispute or evade a lawful order. The facts travel even when the service relationship does not.

Independent review is therefore part of the clearing architecture. The reviewer can confirm a hold, narrow it, require additional evidence, permit the service switch with the disputed status attached or order restoration after an unauthorized activation. The provider maintaining the record should not be claimant, judge and executioner.

Mobile portability became credible because regulators supplied a right beyond carrier preference. Global number governance lacks one national regulator, so the contract and review institution must do more work. That makes explicit procedure more important, not less possible.

Exit and accountability reinforce each other when disputes survive but self-help does not.

Portability is not route hijacking

An opponent may argue that allowing a resource to change registry provider invites conflicting claims or malicious routing. That confuses the service transaction with operational use.

A provider switch does not authorize a BGP announcement. It does not create a route. It does not prove ownership to every court. It changes the institution responsible for a recognized registration service after a defined authorization process. Any routing or RPKI changes are separate, named consequences with their own checks.

The anti-hijacking design is stronger than present informal dependency if it uses robust holder credentials, signed state history, notifications, transfer locks, independent monitoring and rapid reversal. A malicious change becomes conspicuous across replicated records rather than hidden inside one institution's private account actions.

Portability can also reduce the risk created by provider failure. If a registry is incapacitated, captured or unable to maintain security services, the holder can move to a qualified successor without renumbering. The system preserves the resource while replacing the failing administrative surface.

The safe alternative to portability is not permanent trust. It is permanent exposure to one provider. Security analysis must compare both risks.

Mobile systems learned this distinction after fraud appeared. They did not abolish number portability. They added authentication, notice, locks, records and remediation. Number registration should respond the same way: secure the right rather than deny it.

Neutral does not mean unaccountable

A clearing administrator gains visibility and operational importance because every provider relies on its ordering. Neutrality therefore requires enforceable structure.

The operator should be independent from competing registry providers. Its ownership and conflicts should be disclosed. Service levels, change rules, incidents and audit results should be public at a useful level. Sensitive customer data should remain protected. Fees should be cost-related and should not penalize departure.

Rulemaking, operation, qualification and dispute review should not sit in one hand. Providers, holders and technical relying parties need input into interface changes, but no stakeholder class should convert participation into control. Emergency powers require narrow triggers, logging, expiry and review.

The service state should be replicated to independent custodians. At least two implementations should demonstrate import, validation and recovery. A successor operator should be selected and tested before the incumbent fails. Credentials, documentation and event history needed for continuity cannot remain proprietary.

North American portability administration shows that a critical neutral vendor can be selected under public requirements and succeeded. The model is imperfect, but it rejects the proposition that continuity of a function requires eternity for its first operator.

NRS should be judged by the same rule it applies to RIRs. If the Society builds the clearing service, it must make its own replacement possible. A portability institution that cannot be left has contradicted its purpose.

Porting metrics reveal whether the right exists in practice

Legal entitlement can coexist with unusable execution. A system should therefore publish evidence about the path from request to active service.

Core measures include request acceptance, authorization failures, donor response, median and tail completion time, interruption, failed cutovers, reversals, fraud reports, wrongful holds, review outcomes and time to restore the last verified state. Measures should be separated by service class so complex RPKI transitions do not conceal ordinary registration delays or vice versa.

Provider-level reporting matters. A market-wide average can hide one incumbent that delays departures or one recipient that submits poor requests. Public comparisons create reputational pressure while enforcement addresses repeated breach. Privacy can be preserved through aggregation and thresholds.

The system should also measure propagation. How long until discovery points to the new provider? How long until registration data is consistent? Did reverse DNS remain available? Did RPKI relying views converge without unintended invalidity? A database activation time alone is not customer continuity.

Finally, measure concentration. If every holder moves to one provider, portability exists but resilience may decline. If the coordinator's fees or qualifications prevent new providers, the common layer may be protecting incumbents under a neutral name.

Mobile regulators use completion targets because a right without observed performance is hard to enforce. NRS should publish the same kind of operational truth from its first test.

The differences from IP addressing are substantial

Telephone portability usually operates inside a national numbering plan with a regulator able to impose duties on licensed carriers. The number identifies a communications endpoint or subscriber service. Networks cooperate through established interconnection and signaling arrangements.

Internet number resources are globally routed blocks and autonomous-system identifiers. A prefix can be divided, delegated to customers, announced from several origins, held unannounced, transferred across corporate transactions and used across regions. Registration data, route objects, reverse DNS and RPKI have different technical and legal effects. Operators that rely on them may have no contract with the holder's chosen provider.

There is also no single global telecommunications regulator capable of ordering every network to recognize one switch. Recognition must arise through interoperable service, contracts, adoption by relying parties and carefully bounded coordination with existing institutions. Lawful state authority remains distributed across jurisdictions.

These differences rule out a copy-and-paste solution. They do not restore the missing logic that one registry must serve a resource forever. On the contrary, the larger failure domain makes provider substitution more important.

The design must therefore be more explicit than MNP: separate holder transfer from service switch; preserve non-overlapping resource boundaries; support service-specific cutovers; publish cryptographically verifiable sequence; maintain independent review; and test recognition across diverse networks.

Mobile portability supplies the constitutional proposition. Internet engineering must supply the implementation appropriate to its own layers.

NRS should begin with an executable minimum

The first NRS portability service should not attempt every difficult case. It should establish the invariant through a bounded class of uncontested switches.

Eligible resources would have a verified holder, no active freeze, non-overlapping scope and a qualified recipient. The first service could move registration publication and correction authority while retaining a carefully documented transition for reverse DNS and RPKI. At least two independent providers would implement the portable state package and clearing interface.

Tests should include ordinary completion, a donor outage, a recipient outage, repeated ports, overlapping requests, stale versions, compromised credentials, holder-controlled locks, a disputed representative, rollback and coordinator succession. The result should be reproducible evidence, not a demonstration arranged around one provider's assumptions.

Every exclusion should have a reason and review date. Customer delegations, complex RPKI states, active litigation and emergency registry failure can be added as evidence supports them. The portability right remains general even while the first implementation is narrow.

The receiving provider should lead. The coordinator should serialize. The incumbent should export. The holder should confirm. Independent monitors should verify. A reviewer should resolve the defined exceptions. Those roles can be tested before universal recognition exists.

Successful small ports would answer the institutional objection more powerfully than another declaration. They would show one resource, one holder, one current provider and one auditable transition in operation.

Unique identifiers and service competition can coexist

Since 1997, mobile portability has moved from limited forwarding arrangements toward database-supported systems, shorter completion targets and stronger consumer rights. The development was not flawless. Donor dependency, recurring charges, incomplete messaging support, fraud and critical shared infrastructure all required correction.

That history is valuable because it shows portability as governance under pressure, not as a perfect technical trick. Regulators had to decide who leads, how long a provider may take, what the customer pays, what happens when a port fails, how authority is authenticated and who can override an improper refusal. Technical architecture and executable rights evolved together.

The stable principle survived every correction: changing provider does not require changing identity. The number stays unique because the system changes one current association rather than creating a rival copy. The old carrier becomes historical. The new carrier becomes responsible. A neutral layer orders the fact for everyone who needs to know.

NRS should state the same promise for Internet number registration. A network should be able to keep its IP addresses and ASN while changing the qualified provider that maintains registration services. The switch should preserve one current record, one version chain and the operational services necessary for continuity. It should carry disputes, reject theft and recover from error.

The RIR remains free to compete as a provider. It loses only the claim that uniqueness requires captivity. The clearing administrator remains useful while narrow, neutral and replaceable. The holder gains an exit right whose exercise does not ask the Internet to believe two incompatible things at once.

One identifier. One current service state. More than one possible provider. That is not duplication. It is competition disciplined by coordination.

Evidence and analytical limits

This analysis uses official records from Singapore, Hong Kong, the United States, the European Union, the United Kingdom, Australia, India and the ITU to reconstruct portability chronology, roles, routing approaches, databases, service targets, continuity duties and fraud controls. It uses RFC 7020 for the Internet-number uniqueness requirement and NRS and Lu Heng materials for the proposed direction of registry-service portability.

The examples are not presented as one global mobile system. Singapore began with call forwarding and later moved to full database-supported portability. Historical UK arrangements retained onward routing. North America uses neutral administration and common regional databases. National authorization, timing and reversal rules differ. These variations support the distinction between the portability right and the architecture selected to implement it.

Regulator statements establish requirements and reported designs, not perfect performance in every transaction. Published targets are treated as duties, not guaranteed observed results. Fraud rules show that portability creates a valuable control surface; they do not prove that all present attacks are prevented.

The proposed NRS clearing mechanism is a derived institutional design, not a description of a recognized or deployed cross-RIR service. Telephone numbers and Internet number resources have different routing, legal and security environments. No inference is made that a mobile portability database can be applied unchanged to BGP, RDAP, reverse DNS or RPKI. The defensible inference is narrower: uniqueness requires one current authoritative state, and that state can change service providers through an authenticated, serialized, reversible and independently reviewable transaction.