Summary
- A single fixed notice period is too crude for number-resource revocation because the same legal act can mean a paperwork correction, a routing emergency or a shutdown affecting downstream customers.
- Notice should be graded by four variables: curability, customer and third-party risk, urgency of the threatened harm, and the evidentiary strength of the alleged breach.
- Emergency suspension can be justified only when the registry identifies the immediate risk, limits the interruption to what is necessary and opens a fast post-action review.
- The best notice record tells the holder what rule is invoked, what facts are relied on, what action would cure the problem, what service effects are contemplated and when the appeal clock will begin.
The clock is part of the remedy
Revocation is often described as the end of a compliance path. That language hides the practical event. For an address holder, a registry revocation can change who is shown in registration data, who can create route-origin attestations, who can maintain reverse DNS, who is treated as the responsible contact for abuse reports and whether customers trust the continuity of a network. Even if the packets continue to move for a period because routing is decentralised, the registry act changes the public authority structure around those packets.
That is why notice is not a courtesy attached to an already-made decision. The length, content and trigger of notice are part of the remedy itself. A short clock tells the holder that the institution views the defect as urgent, easily verified or impossible to cure. A long clock tells the holder, customers and reviewers that the institution expects correction without immediate network disruption. If the same period is used for all defects, the calendar stops conveying judgment.
Internet-number governance has inherited several clocks from contract practice: invoice deadlines, membership notices, database-update requests, audit responses and termination letters. Those clocks were not all designed for revocation of operationally relied-upon resources. A membership fee default, an outdated postal address, a suspected fraudulent document and an ongoing abuse pattern do not pose the same risk and do not need the same response time.
The first governance question is therefore not whether notice is required in the abstract. It is what kind of notice fits the remedial purpose. A registry should be able to act quickly when continuation creates immediate harm. It should also be unable to compress a curable administrative dispute into a shutdown simply by labelling the breach serious. The notice period should make the distinction visible before the institution touches continuity.
Curability is the first sorting question
A defect is curable when the holder can correct it by supplying information, updating records, paying an arrear, providing a missing authorization, replacing an invalid contact or stopping a bounded practice. The more curable the defect, the weaker the case for immediate revocation. The institution may still need deadlines, but the deadline should be tied to the work required and to the holder's ability to perform it.
Curability is not the same as triviality. A false corporate record can be serious and still curable if the right company documents are available. An expired contact can be dangerous and still curable if the holder appoints a new abuse contact. A technical misconfiguration may require coordination with customers, transit providers and routing-security systems. Calling those problems curable does not excuse them. It identifies the remedy that best protects the registry and the public: correction before destruction.
A non-curable defect is different. If the alleged basis for holding the resources never existed, if the holder used forged documents to obtain them, or if the registry can prove that the holder is not the legal entity entitled to them, a cure period may not solve the entitlement problem. Even then, the notice period should explain why ordinary correction is unavailable and what transition protection is being offered to uninvolved customers.
The practical test is simple. The notice should answer: what act would satisfy the registry? If no act can satisfy the registry, the notice should say so and explain why. If the answer is a document, an update, a payment, a customer-remediation plan or a compliance undertaking, the institution has implicitly admitted that the problem is curable. The calendar must then be long enough for that act to be performed and evaluated in good faith.
Customer risk is not the same as holder risk
A resource holder may be the contracting party, but the networks behind the holder may include access customers, enterprise customers, schools, hospitals, cloud users, small resellers, government services, payment systems and security teams that rely on stable registration. Notice that looks generous to a registry lawyer may be operationally impossible for those downstream users. A holder can read a letter in one day; migrating customers may take weeks.
The customer-risk inquiry should not become a veto against enforcement. Some holders will invoke customers to avoid accountability. The question is narrower: what foreseeable third-party harm will the registry action cause, and can that harm be reduced without allowing the alleged breach to continue unchecked? A staged notice can require immediate risk controls while delaying registry-level termination long enough for affected networks to move, validate routes and update contacts.
This distinction matters most where the alleged breach concerns the holder's business model rather than a live technical threat. If a registry believes resources are used contrary to regional or policy limits, customers may still be lawfully using services they bought in reliance on public registration. Revocation can turn a compliance dispute into a continuity event for people who never saw the original agreement. A reasonable notice period measures that exposure.
The notice should therefore ask for a customer-impact statement where the holder controls customer facts, but it should not let the holder write the whole risk record. The registry can examine routing tables, delegation data, abuse contacts and known downstream assignments. It can require a transition plan. It can impose reporting duties during the cure period. What it should not do is pretend that the only risk is the inconvenience of the contracting holder.
Urgency must be evidenced, not asserted
Urgency is the factor most often invoked to compress notice. It is also the easiest to inflate. A breach may be serious in principle but stable in operation. A practice may have existed for years without a new event. A registry may discover a problem late and then call its own accumulated delay an emergency. A calendar built on urgency must therefore ask what changed.
There are real emergencies. Hijacked credentials, forged transfers, active routing abuse, sanctions exposure, court orders, imminent dissipation of contested resources or security incidents may justify immediate restraint. But each has evidence. The institution can identify a transaction, route event, legal order, forged instrument, risk window or affected prefix. The more specific the evidence, the more defensible the short clock.
By contrast, a notice that says only that non-compliance threatens the integrity of the registry has not proved urgency. Integrity is a legitimate institutional interest, but it usually supports enforcement, not necessarily emergency enforcement. The difference between enforcement and emergency enforcement should be recorded before action. Otherwise every breach becomes urgent because every breach can be described at a high level as a threat to the system.
The record should include the date the registry first had reliable notice of the facts, what investigative steps occurred, what harm is expected if the resource remains unchanged during the ordinary cure period and why a narrower interim measure would not suffice. If the institution waited months while investigating, a holder and a reviewer are entitled to ask why the last few days are suddenly decisive.
Evidence quality should lengthen or shorten the path
A registry should not use the same calendar when the evidence is a final court order and when the evidence is an unresolved complaint. Evidence can be direct, inferential, confidential, contested or incomplete. The notice period should adjust to that evidentiary posture. Strong direct evidence may support shorter response. Weak or complex evidence requires more time for disclosure, explanation and rebuttal.
The source of evidence matters. A holder's own signed statement, a public corporate filing, a verified routing entity, an authenticated registry log and a judicial order have different reliability from a competitor complaint or a screenshot supplied by an interested party. A reasonable notice need not reveal protected sources, but it must tell the holder enough to understand the factual case. Without that, the period is not a cure period; it is a countdown.
Evidence quality also includes completeness. If the registry relies on data from its own systems, the holder may need logs, timestamps, versions and the identity of the record being compared. If the case concerns customer use, the holder may need the sample, date range, matching method and uncertainty. If the registry will not disclose the method, it should not demand a detailed cure from the holder on a compressed calendar.
This is a governance issue, not only a litigation issue. The holder, the registry and any reviewer need a common record. When the evidence is thin, more notice time lets the institution test the claim before irreversible action. When the evidence is overwhelming and the harm imminent, a shorter period can be defended without pretending that all revocations are alike.
A four-track notice model is more honest than one magic number
The most workable approach is a graded model. Track one covers administrative defects that are curable and low risk: missing contacts, stale records, late forms, ordinary fee problems or incomplete supporting material. These deserve a written notice, a clear cure act and a period long enough for ordinary business processing, with reminders before escalation.
Track two covers serious but curable compliance concerns: disputed eligibility, potential misuse, incomplete customer records, repeated failure to answer audits or policy conflicts that require business changes. These cases need a longer period, a meeting or written exchange, disclosure of the evidence relied on, a staged cure plan and escalation only if the holder fails to engage or the evidence becomes urgent.
Track three covers high-risk conduct that is partly curable but may harm others during cure: active abuse tied to resource control, suspicious transfers, security incidents, unauthorized contact changes or court-identified risks. Here the registry may impose interim restrictions, lock specific changes, require rapid answers and protect evidence while leaving ordinary routing and customer continuity intact unless the risk cannot be contained.
Track four covers emergency suspension or revocation. It should be reserved for non-curable entitlement defects, imminent legal compulsion, proven fraud, active technical harm or situations where every lesser measure would fail. It should require senior approval, a written emergency record, immediate post-action disclosure and a rapid independent review. Calling something track four should be hard because the institution is asking the community to trust speed over ordinary correction.
The notice must say what will actually happen
Many adverse letters fail because they describe breach in detail but leave the operational consequence vague. A holder is told that resources may be revoked, services may be suspended or membership may be terminated. Those are not equivalent. The notice period cannot be evaluated without knowing what action the institution is considering.
A registry action can include suspension of portal access, refusal to process transfers, removal of reverse DNS delegation, cancellation of routing-security services, changes to registration status, publication of a dispute marker, termination of membership, deregistration of resources or reassignment after a later step. Some measures are reversible; others create market and operational consequences even if reversed later. Notice should name the contemplated measure and the conditions for avoiding it.
The notice should also say what remains in place during the cure period. Will route-origin attestations remain valid? Will reverse DNS continue? Will abuse contacts stay visible? Will the holder be able to update customer data? Will new transfers be frozen? Will the registry publish the dispute? These details matter because a cure period that disables the tools needed to cure is not a meaningful period.
Good notice separates the legal consequence, the registration consequence and the operational consequence. The holder should not have to infer them from institutional vocabulary. A reviewer should be able to read the notice and see why the chosen consequence fits the breach. If the institution cannot specify the consequence before the deadline begins, the deadline is premature.
Notice must reach the people who can act
Service of notice is often treated as a formal event: the letter went to the account address, so the clock began. That may satisfy a contract clause, but registry continuity requires more practical discipline. A notice about potential revocation should reach legal contacts, account contacts and operational contacts when those channels exist. The message should identify the seriousness of the event without relying on a subject line that resembles ordinary ticket traffic.
Holders also change through mergers, insolvency, delegated operations and managed-service arrangements. A registry may have old contacts because the holder failed to update them; that failure can be part of the breach. But if the institution knows that a different contact is operating the network, it should not exploit an old contact record to create default. Notice is meant to produce correction, not trap the holder.
Language and time zone also matter. RIRs serve cross-border communities. A notice sent before a holiday, to a region where the contact language differs from the drafting language, may technically start a clock while practically reducing the response period. For serious revocation, the registry should count business days in a way that matches the affected entity or provide an initial acknowledgement period before substantive materials are due.
Delivery evidence should be part of the file. The registry should record addresses used, timestamps, bounces, portal reads, courier status, follow-up calls and any acknowledgement. If the holder later claims ignorance, the review body can decide from a record rather than from accusation. If the delivery record is weak, the institution can restart the clock without losing the compliance case.
A cure period should not disable the cure tools
The cure process often requires access to the very systems that enforcement threatens. A holder may need to update registry contacts, correct customer assignments, generate letters, create routing-security entities, coordinate reverse DNS or submit evidence through the registry portal. If the institution locks those tools at the beginning of the notice period, it turns cure into performance without instruments.
There may be reasons to freeze some actions. A disputed holder should not be able to transfer contested resources away while review is pending. A suspected credential compromise may require portal restrictions. But a freeze should be tailored. The registry can block transfers while allowing contact correction. It can preserve evidence while accepting documents. It can require staff approval for updates rather than closing all access.
The notice should list permitted and restricted actions during the cure period. It should also name a case channel through which the holder can submit corrections if ordinary tools are locked. Otherwise the holder will be accused of non-compliance for failing to perform through a door the registry closed.
This point is especially important for smaller operators. Large networks may have counsel, multiple registry contacts and escalation paths. A smaller holder may depend on ordinary portal access and a single technical employee. If the cure path is not operationally usable, the period is cosmetic. Governance should measure the real ability to cure, not the theoretical existence of a deadline.
Emergency action needs a post-action clock
Sometimes the registry must act before full notice. That should not end the due-process inquiry; it should start a different clock. Emergency action is defensible only if the institution gives rapid post-action reasons, discloses the evidence that can be disclosed, explains why pre-action notice was impracticable and offers an expedited path to modify or lift the measure.
The post-action clock should be short because the holder is already suffering the consequence. A registry cannot justify immediate action by urgency and then let review move at ordinary administrative speed. If the risk is urgent, so is review of the risk. If the institution needs confidentiality, it can use redacted reasons, counsel-only material, independent reviewer access or summaries that protect security while allowing rebuttal.
Emergency action should also be narrow. If a suspicious transfer is the problem, the emergency measure may be a transfer lock rather than revocation. If forged documents are at issue, the institution can freeze reassignment while investigating entitlement. If active abuse comes from a customer, the measure may require customer disconnection or mitigation rather than removal of unrelated resources.
A post-action record prevents emergency power from becoming ordinary power with fewer steps. It asks whether the same result could have been achieved with less disruption, whether the evidence remains strong after the holder responds and whether the measure should expire unless renewed by a reasoned decision. That expiry discipline is the difference between emergency suspension and indefinite punishment.
The registry should preserve a reviewable decision file
Notice periods become meaningful when a later reviewer can reconstruct what the institution knew and why it chose the calendar it chose. The file should contain the alleged rule, the facts relied on, the date of first reliable notice, evidence of delivery, the cure requested, the risk assessment, customer-impact information, internal approvals and the reasons for any accelerated step.
The file should separate factual confidence from policy judgment. The registry may be certain that a document is missing but uncertain about whether the omission warrants revocation. It may be certain that customers exist but uncertain about their migration needs. It may be certain that an agreement allows termination but uncertain about the proportional remedy. Blending those questions makes review harder.
A good file also protects the registry. If a holder later claims surprise, the institution can show notice. If a court asks why immediate action was necessary, the institution can show the risk record. If the community fears arbitrary enforcement, the institution can publish anonymised lessons without exposing private details. Documentation is not bureaucracy for its own sake; it is the evidence that speed was justified.
The file should close with a decision at the time of action. It should not invite staff to reconstruct reasons after challenge. If a reason was decisive, it belongs in the notice or decision. If it was discovered later, it may support a new action, but it should not be backdated into the old calendar.
What enough time means
There is no universal number of days that answers the question. Enough time is the period that gives a diligent holder a real chance to perform the specified cure, gives affected customers a reasonable transition path, protects the registry against the identified risk and preserves a record for review. That period may be brief for a narrow emergency and much longer for complex correction.
A registry should publish presumptive ranges rather than a single rule. The ranges can be rebutted by urgency, non-curability, customer exposure or evidence quality. The notice should state which range is being used and why the case fits it. That one sentence disciplines the decision because it forces the institution to classify the problem before the countdown begins.
Resource holders should not treat notice discipline as immunity. A holder that ignores letters, hides customers, changes records during investigation or refuses to propose a cure weakens its claim for time. The strongest demand for notice comes from a holder that engages quickly, preserves evidence and supplies a credible transition plan. Governance works when both sides know what the period is for.
The public interest is continuity with accountability. Too much notice can let real harm continue; too little notice can turn a registry into an avoidable source of outage and litigation. The graded approach is less dramatic than a bright line, but it fits the nature of the system. Internet-number revocation is not one event. It is a set of possible interventions in an operational dependency chain. The calendar should be as carefully engineered as the remedy.
Direct and indirect harm need separate clocks
The notice period should also distinguish direct harm from indirect harm. Direct harm is the harm that follows from the alleged breach itself: an unauthorised transfer, false entitlement document, active abuse channel, missing contact or unpaid fee. Indirect harm is the harm that follows from the registry remedy: loss of customer confidence, broken operational contactability, uncertainty in routing-security support or a rushed migration. A sound calendar weighs both.
Institutions sometimes discuss only direct harm because that is what enforcement is meant to stop. Holders sometimes discuss only indirect harm because that is what makes the sanction look dangerous. Neither account is complete. A revocation may be justified by direct harm and still need a longer transition because indirect harm is high. A holder may face serious indirect harm and still deserve rapid restraint because direct harm is imminent.
The notice file should therefore include two risk statements. The first asks what will happen if the alleged breach continues during an ordinary cure period. The second asks what will happen if the proposed sanction takes effect at the proposed date. The remedy should be the option that reduces total system risk, not merely the option that maximises institutional control.
This two-risk method also clarifies emergency claims. If direct harm is urgent but indirect harm is also high, the correct response may be a narrow lock, monitoring order or customer-protection condition rather than full revocation. If indirect harm is low because no customers, routes or dependencies exist, a shorter period may be easier to defend. The calendar becomes evidence-based rather than rhetorical.
Published presumptions prevent private bargaining over time
A graded model works best when presumptive periods are published. Secret discretion invites bargaining. A well-connected holder may obtain more time through informal escalation, while a smaller holder receives the default threat. Published presumptions do not remove judgment, but they make departures visible.
The registry can publish ranges rather than exact numbers. Administrative curable defects receive one range, serious curable defects another, high-risk interim measures another and emergencies a special path. Each range should include the factors that justify extension or compression: customer exposure, evidence volume, language need, history of non-response, imminent harm and holder cooperation.
Publication also helps staff. Compliance teams can point to a public ladder instead of reinventing deadlines case by case. New employees learn that revocation is not a single template. Senior leaders can ask why a case is outside the presumptive range. Reviewers can test consistency without pretending that every case is identical.
The presumptions should be revised from experience. If many holders cure within a week for one defect, the range can narrow. If customer migration routinely takes longer, the range can expand. If emergency labels are overused, the standard can tighten. Public presumptions create a feedback loop between enforcement practice and community accountability.
Court involvement does not replace registry judgment
A registry may face court orders, injunction applications, insolvency proceedings or external legal demands. Court involvement can change notice analysis, but it does not make registry judgment disappear. The institution still must decide what it can do, what it must do, what it should preserve and what it should tell affected holders and customers.
If a court orders a specific act by a specific date, the registry's calendar may be constrained. The notice should cite the order, identify what discretion remains and explain the operational steps the registry will take. If a court dispute merely exists in the background, the registry should not use litigation atmosphere as a substitute for urgency. A pending case is not automatically an emergency.
Court-tested registry continuity also teaches caution. Once a revocation fight moves into litigation, the public record can widen beyond the original compliance issue. Questions of process, bias, evidence, proportionality and customer impact may become central. A careful notice period is therefore litigation risk management as well as fairness. It shows that the institution considered the operational consequences before imposing them.
The registry should avoid claiming that court risk forces a harsher remedy unless the legal record actually does so. Courts can compel action, restrain action or demand better reasons. A notice system that already records evidence, urgency and customer impact gives the institution a stronger position whichever way external review arrives.
Member accountability requires aggregate notice data
Members and the wider technical community cannot evaluate notice fairness from anecdotes alone. One holder says the deadline was impossible. The registry says the holder ignored repeated warnings. Both may be partly right. Aggregate reporting can reveal whether the notice system is working.
A registry can publish annual numbers without exposing confidential cases: count of notices by category, median cure period, extensions granted, emergency measures, revocations after cure failure, cases resolved by correction, cases stayed by appeal and cases involving customer-transition conditions. It can also report how often holders failed to respond and how often registry errors were found.
Those numbers would let the community ask better questions. Are emergency notices rare? Are curable defects usually cured? Are small holders receiving less time than large ones? Are extensions granted on principled grounds? Does one category produce repeated disputes? The point is not to shame staff. It is to make the calendar governable.
Aggregate data also reduces the temptation to litigate policy through individual cases. If the community sees systemic imbalance, it can revise rules. If the data show that the registry uses revocation sparingly, holders cannot easily portray every notice as arbitrary. Transparency turns notice from private pressure into accountable enforcement practice.
A practical calendar for mixed cases
Mixed cases are the hardest. A holder may have a stale contact, a disputed customer practice, an unpaid amount and a suspected transfer problem in the same file. One clock will be wrong for at least part of the case. The registry should split the calendar by issue.
The notice can require immediate preservation of records and a transfer freeze. It can give a short period for acknowledgement and contact correction. It can give a medium period for documents within the holder's control. It can set a longer plan for customer transition if the disputed practice must stop. It can reserve emergency action for newly discovered evidence of fraud or active harm.
Each issue should have its own consequence. Failure to update a contact might support portal restrictions. Failure to produce documents might support adverse inference on entitlement. Failure to mitigate active abuse might support service limits. It should not be necessary to leap from any missed step to total revocation unless the missed step is truly decisive.
This issue-by-issue calendar is more work at the beginning and less work later. It prevents the holder from claiming that every deadline was impossible. It prevents the registry from treating one easy default as proof of total non-compliance. It gives reviewers a structured record. Most importantly, it matches remedy to risk.
Reasonable time is a proof obligation
The final principle is that the registry should be able to prove reasonableness. It should not rely on the holder to prove that the deadline was unreasonable after the fact. The institution chose the deadline; it should record the basis. Curability, customer risk, urgency and evidence are not slogans. They are the four proof points for the calendar.
A short period is defensible when the cure is simple, direct harm is imminent, evidence is strong and indirect harm is low or protected by a narrower measure. A longer period is required when the cure is complex, customers need transition, urgency is unproven or the evidence is contested. Emergency action is defensible when delay itself creates the harm and post-action review is immediate.
This proof obligation does not weaken registry authority. It concentrates it. Staff can still enforce. Boards can still approve severe action. Reviewers can still uphold revocation. The difference is that the calendar no longer floats free from the facts. The institution can show why this holder received this time for this defect.
That is the answer to the title question. How much time is due? Enough time for the remedy the registry claims to be offering, shortened only by evidenced urgency and lengthened by curability, customer exposure and uncertainty. A registry that can explain that answer before revocation is much less likely to become the source of the continuity risk it is trying to prevent.
A holder response should be graded too
Notice discipline should not focus only on the registry. The holder response should be graded by seriousness and usefulness. A short acknowledgement that the notice was received is not a cure. A denial without documents is not a transition plan. A serious response identifies which facts are accepted, which are disputed, what documents will be supplied, what customer exposure exists and what interim controls the holder will accept.
The registry should state these expectations in the notice. It can require acknowledgement quickly, evidence later and a transition proposal only if the evidence supports a likely adverse outcome. This staging prevents confusion. The holder knows that silence will count against it, while the registry cannot treat a partial but timely response as total default without explaining why the missing item was decisive.
A graded response system also helps review. If the registry later shortens the period because the holder failed to engage, the file will show whether the failure was real. If the holder claims it was cooperating, the file will show what it provided and when. The calendar then reflects conduct during the notice period, not assumptions about character.
Continuity is a public reason for precision
Internet-number disputes are easy to personalise: institution against holder, compliance team against appellant, registry policy against business model. Notice rules should resist that framing. The reason to calibrate time is public continuity. The registry is maintaining a shared coordination layer. The holder is operating services that others may depend on. Both are temporary stewards of something larger than the dispute.
Precision serves that public interest. It lets the registry stop real harm without overreaching. It lets holders correct real defects without using delay as a shield. It lets customers plan rather than panic. It lets reviewers test the decision without rebuilding the file from accusation and memory.
The strongest notice is therefore not the longest notice. It is the notice that correctly identifies the problem and gives the right time for that problem. Some deadlines should be short because the risk is immediate and proof is strong. Some should be long because the cure is real and customers need protection. The institution earns trust by showing that it knows the difference before it acts.
The final notice should read like an operational order
A mature revocation notice should be usable by people who are not lawyers. Counsel may review it, but network operators, account administrators, customer managers and executives must be able to act on it. That means the document should read like an operational order as well as a legal notice. It should name the affected resources, the proposed registry action, the earliest effective date, the cure acts, the evidence package, the interim restrictions, the customer-continuity expectations and the appeal path.
This format reduces avoidable failure. A holder that receives a vague accusation may spend the first week asking what the registry wants. A holder that receives a clear order can begin preserving logs, assigning staff, informing customers, producing documents and proposing a cure. If it does not do those things, the registry's later case is stronger. Clarity is not leniency; it is enforceability.
The notice should also include a live case contact with authority to answer procedural questions. Routine support queues are poorly suited to severe enforcement. If the holder asks whether a document will satisfy a requirement, whether portal access remains open or whether customer notice is needed, the answer should come from the enforcement file and be preserved. Informal answers that are later denied create unnecessary disputes.
Finally, the notice should identify the decision point. Is the registry asking for information before deciding, giving a final cure period before a decided sanction, or announcing an emergency action already taken? Holders often receive letters that blur those stages. The calendar cannot be evaluated unless the stage is clear. If the decision is not yet final, say what will decide it. If it is final, say what review remains. If it is emergency action, say when the post-action review occurs.
The operational-order model brings the article's four variables together. Curability appears as the task list. Customer risk appears as continuity conditions. Urgency appears as the effective date and interim measures. Evidence appears as the package and record. A registry that cannot fill those fields may still have a concern, but it is not ready for ordinary revocation. It may be ready for investigation, a narrow lock or an emergency order with fast review. The format forces that choice before the holder's clock starts.

