Summary

  • A Number Resource Society can add value by defining the smallest common contract needed for authoritative registration, provenance, transfer recognition, continuity and audit across otherwise independent registries.
  • The common rule should govern ledger interoperability, not regional allocation philosophy, membership politics, speech, unrelated conduct or commercial terms. Every power requires a demonstrated cross-ledger necessity.
  • Exit must be technically and institutionally credible: portable records, standard data export, successor recognition, continuity escrow, bounded transition, dispute resolution and no punitive loss of legitimately held resources merely because an organisation changes service provider.
  • Expansion should pass a necessity, subsidiarity, reversibility and exit-impact test, with approval across affected communities. If a proposed rule makes departure materially harder, that effect is evidence of constitutional change rather than an implementation detail.

A society needs a reason to exist

Institutional designs often begin with membership, officers and committees before they define the shared problem. A Number Resource Society should begin elsewhere: independent registries and resource communities need to recognise enough of one another's records for the Internet's numbering system to remain coherent. A holder should not become ambiguous because two ledgers use different identifiers. A transfer should not create duplicate authority. A service failure should not erase provenance. Routing and directory users need to discover which registry speaks authoritatively for a resource.

These are interoperability problems. They justify common schemas, validation, provenance, handoff and dispute rules. They do not by themselves justify a central body deciding who may speak at a regional meeting, what fees a registry charges, which commercial model a holder adopts or which policy ideology every region follows.

The distinction should be constitutional. The NRS exists to make separate authoritative ledgers work together and survive institutional change. Its authority is derivative of that task. Every common rule should state the interoperability failure it prevents. If the proponent cannot identify a cross-ledger failure, the matter remains with the registry, community, contract or jurisdiction that already has authority.

Beginning with purpose prevents the society from treating coordination as a general mandate. It also supplies a test for future expansion. Institutions accumulate powers because common administration is convenient. A clear reason to exist makes convenience limited public evidence.

Interoperability is narrower than uniformity

Two ledgers can interoperate without adopting identical policy. They need shared ways to identify resources, registries, holders, status, provenance and authoritative events. They need rules against duplicate recognition and procedures for resolving conflicts. They may still differ in allocation criteria, membership structure, service levels, fees, evidence requirements and democratic practice.

Uniformity can reduce friction, but it carries political cost. A standard designed around the largest registry's practice can make regional experimentation expensive. A global minimum can become a ceiling if compliance tools assume one model. The NRS should therefore standardise interfaces and meanings only where divergence would break reliable recognition.

The analogy is not merely technical. Interoperability rules allocate authority. Defining which event establishes control, which signature is trusted and which registry resolves a conflict determines institutional power. These choices require public reasons and safeguards. But their seriousness does not make every regional choice a common matter.

A good common rule says what another ledger must be able to understand, not how the originating community must reach every decision. It requires a verifiable event and minimum evidence while allowing regions to choose higher standards. It enables a handoff without dictating daily governance. The target is reliable plurality: enough sameness to coordinate, enough difference to preserve local accountability.

The ledger is not the resource

An Internet number is usable through routing, contracts, equipment and recognition. A registry ledger records authoritative relationships and supports coordination; it does not create ownership in the ordinary property sense. This distinction should shape NRS power. Control over the record is consequential, but it should not be used to claim plenary authority over every use of the resource or every activity of the holder.

The common contract should define what the ledger attests: resource range, authoritative registry, recognised holder or custodian, status, relevant dates, provenance and cryptographic evidence where appropriate. It should identify what the ledger does not attest, such as universal legal title, network quality, lawful content or commercial reliability.

Scope clarity protects users. A relying party can understand which conclusions are safe. It also prevents policy expansion. If the NRS tries to enforce unrelated conduct by altering authoritative registration, it converts essential coordination infrastructure into a general sanctioning mechanism.

Some conduct directly threatens ledger integrity—fraudulent authority, duplicate entries, forged transfers or refusal to complete an authorised handoff. Common remedies are justified there. Other disputes belong to courts, regional policy or service contracts. The ledger should not become leverage for matters it was not designed to decide.

A contract with exit is stronger than a promise of restraint

Founders can promise that the NRS will remain narrow. Future leaders face different incentives, crises and constituencies. Constitutional limits need an enforcement mechanism. Exit supplies one by preserving the ability of a registry, service operator or recognised community to leave without destroying the users and records that depend on it.

Exit is not a threat to coordination. A credible exit right improves consent because continued participation reflects current value rather than technical captivity. It gives members leverage against mission expansion, discriminatory fees and procedural capture. It forces common rules to remain portable enough for a successor to implement.

The right must be more than a clause saying a member may resign. If leaving causes loss of recognised resources, broken routing security, inaccessible records, contractual penalties or years of uncertainty, exit exists only on paper. The NRS contract should specify data, keys, audit evidence, pending disputes, service obligations and timelines before conflict arises.

Exit also disciplines entry. New members know the minimum commitments and the cost of handoff. Relying parties know continuity does not depend on one corporate entity. The society becomes a framework for cooperation rather than an irreversible merger.

Resource holders should not be hostages to institutional exit

A registry's decision to leave should not extinguish the legitimate expectations of resource holders. They may have invested in networks, contracts and routing based on authoritative registration. The common contract must separate institutional membership from holder continuity.

Records should transfer to a recognised successor or interim operator under a published process. Holders should receive notice, access to their data, a means to correct errors and an appeal against misclassification. Routine services should continue during transition. No one should need to renumber merely because governing organisations dispute one another, except where the underlying resource authority itself is invalid.

The NRO RIR Governance Document Version 2 provides a useful contemporary reference. It treats RIR services as including allocation, registration, directory and related technical services, and addresses emergency continuity, successor operation and handoff after derecognition. An NRS exit contract should generalise the continuity insight while keeping authority narrow.

Protecting holders does not mean freezing every existing entitlement. Successor services can apply valid policies prospectively and correct fraud. The principle is that organisational exit changes the service relationship through due process; it does not create an opportunistic confiscation event.

Portability is the operational form of exit

Exit becomes credible through portability. Records must be exportable in documented formats with identifiers, provenance, signatures, status history and unresolved claims. The successor must be able to verify completeness without trusting the departing operator's private systems. Relying parties need a clear cutover event.

Portability should be tested regularly, not designed during crisis. A neutral conformance suite can verify that a registry produces and consumes the minimum exchange package. Escrowed snapshots and key-transition procedures can support continuity when the operator is unavailable or hostile. Tests should protect live data and avoid creating a central honeypot.

The standard must include semantics, not merely files. If one registry uses “allocated” where another distinguishes delegated, assigned and reserved, a syntactically valid export can still mislead. Versioned vocabularies, extension fields and explicit unknown states preserve meaning without forcing uniform internal models.

Portability also applies at smaller scales. A holder moving between authorised service arrangements should be able to carry the authoritative history needed for recognition, subject to regional policy and anti-fraud checks. The NRS should not promise free transfer of every resource across every region; it should ensure that allowed changes are not blocked by proprietary record captivity.

Exit should be possible without a fork in truth

The greatest risk is two institutions claiming authority for the same records after separation. The contract needs a cutover protocol that produces one recognised state. It should define notice, final snapshot, freeze window, transfer acknowledgement, key rotation, publication and dispute treatment. Relying parties must know which signatures to accept at each stage.

Where departure is cooperative, both sides can sign the transition. Where it is contested, a pre-authorised neutral mechanism may designate an interim operator and publish a reasoned notice. The power should be tightly limited because recognition determines practical control. Evidence, hearing, appeal and time limits are essential.

Pending transactions require special handling. A final snapshot should identify whether each request is submitted, validated, approved or completed. The successor should not restart every case or accept unverifiable approvals. Applicants need a route to prove position.

A fork may be unavoidable during litigation or technical failure. The NRS should publish conflict status rather than falsely presenting certainty. Temporary relying-party guidance can minimise harm while preserving later correction. The aim is not metaphysical finality; it is a controlled, visible path back to one authoritative account.

The common layer needs a strict power inventory

The NRS constitution should enumerate powers rather than grant authority over “number-resource governance” generally. Permitted functions might include maintaining interoperability specifications, accrediting conformance tests, coordinating authoritative identifiers, publishing ledger-status metadata, administering continuity escrow, facilitating recognised handoffs and resolving narrowly defined inter-ledger conflicts.

Each power needs a subject, trigger, decision-maker, evidence standard, remedy and review. Powers not listed remain elsewhere. Implied authority should be limited to what is strictly necessary to execute an enumerated function, not what makes administration efficient.

The inventory should state prohibited uses. The NRS should not set unrelated speech rules for holders, determine network content, impose commercial prices, choose regional directors, rewrite local allocation policy or condition ledger recognition on political alignment unrelated to integrity. It should not use emergency authority to achieve ordinary harmonisation.

Enumeration creates clarity for courts, boards, staff, members and relying parties. It also makes amendment honest. A proposal to add a function cannot be described as clarification if it changes the inventory. Expansion then faces the constitutional process and exit-impact review it deserves.

Necessity is the first expansion test

A proposed common rule should identify a concrete interoperability failure. Has divergence caused duplicate authority, unverifiable provenance, failed handoff, incompatible transfer recognition or systemic continuity risk? Evidence may include incidents, conformance failures and documented near misses. General concern or reputational preference is limited public evidence.

The proponent should show why existing bilateral agreements, regional rules or voluntary standards cannot solve the problem. Central action may be necessary where every ledger must interpret the same event or where one weak interface creates network-wide ambiguity. It is less justified where only a subset needs coordination.

Necessity also limits remedy. A problem in key-transition metadata may justify a shared key protocol, not a broad power to approve every internal security practice. A failed handoff may justify escrow and audit, not common control of staffing. The rule should address the failure at the lowest level capable of solving it.

Emergency claims face the same test with compressed evidence and mandatory later review. Urgency can justify temporary common action, but not a permanent mandate adopted through crisis momentum. Necessity should be demonstrated again before renewal.

Subsidiarity protects regional legitimacy

Subsidiarity asks whether the decision can be made effectively closer to the affected community. Regional registries differ in law, membership, resource conditions and operating history. Those differences are not defects to be standardised away. They are sources of accountability and experimentation.

The NRS should act only where separate decisions cannot produce reliable interoperability. It can define a minimum transfer event while regions decide whether and under what conditions transfers are allowed. It can require authoritative contacts while regions decide evidence and review. It can define handoff packages while local institutions govern fees and service channels.

The burden of proof belongs to centralisation. Proponents should map which elements truly need common treatment and which can remain extensions. Regional communities should be able to implement higher protections unless they break shared recognition. Conflicts should be resolved in favour of local authority where interoperability remains intact.

Subsidiarity also shapes participation. A common proposal must be understandable and contestable in every affected region, not negotiated by a global technical core and presented for ratification. Regional objections should receive reasons. A narrow common layer is legitimate partly because it leaves meaningful choices where people already have accountable institutions.

Reversibility is an engineering and governance requirement

Common rules can create deep dependencies. Registries build systems, vendors certify products, holders rely on identifiers and contracts reference standards. Even a formally amendable rule becomes difficult to reverse once these investments accumulate. The NRS should evaluate lock-in before adoption.

Versioning, extension points, migration paths and dual-operation periods can preserve reversibility. A pilot may test a new common field without making it mandatory. A sunset can end an emergency extension. Data should remain interpretable across versions. Proprietary dependencies should be avoided or licensed for successor use.

Governance reversibility requires review triggers and authority to roll back without unanimous institutional crisis. The standard should state what failure permits suspension, how records remain valid during rollback and who bears transition cost. Where rollback would endanger continuity, adoption deserves a higher threshold.

Reversibility does not mean instability. Frequent incompatible changes would undermine trust. It means the society does not make expansion irreversible by design and then cite irreversibility as a reason to retain it. Stable cooperation is strongest when entities know errors can be corrected without destroying the ledger.

Every new rule needs an exit-impact statement

Ordinary impact analyses estimate software, legal and operational work. An NRS proposal should add a distinct question: how does this rule affect the ability to leave, transfer service or operate through a successor? A rule that centralises keys, accumulates non-exportable history, creates punitive termination payments or conditions recognition on continuing membership increases exit cost.

The statement should quantify dependencies where possible and describe who controls them. Can a successor reproduce the function from documented standards? Are data and keys portable? Do contracts permit assignment? How long would transition take? Would holders lose service or rights? Does the rule give the NRS leverage over unrelated disputes?

Increased exit cost is not always fatal. A shared security service may create real efficiency and safety. The proposal should show necessity, provide mitigation and meet a higher approval threshold. Entities should understand that they are changing the constitutional balance, not merely adding a feature.

Exit-impact review also exposes cumulative lock-in. Several modest rules can together make departure impossible. Periodic assessment should model exit from the entire common layer, not only each amendment in isolation.

Fees can make formal exit fictional

The society needs funding for standards, testing, continuity and dispute functions. A fee structure can also entrench membership. Large termination charges, forfeited reserves or continuing obligations after departure may make exit unaffordable. Conversely, allowing members to leave without paying shared transition costs can burden those who remain.

The contract should separate ordinary dues, accrued liabilities and actual handoff cost. Exit charges should reflect demonstrable transition expense, not lost future revenue or punishment. Estimates, calculation methods and appeal should be public. A departing registry can be required to fund necessary data preparation while the society bears common readiness infrastructure already financed by members.

Fee voting requires conflict controls. Incumbent members may design charges to deter a potential competitor or dissident. Independent review and caps tied to cost can help. Smaller registries need proportional models that do not make common compliance an entry barrier.

Financial reserves should support emergency continuity and be governed for that purpose. They should not become leverage to force policy conformity outside enumerated powers. Money can create captivity as effectively as proprietary software; exit design must address both.

Conformance should test interfaces, not ideology

The NRS may need to certify that ledgers produce reliable records and accept shared events. Conformance criteria should be objective, versioned and limited to interoperability. Tests can verify schema, signatures, provenance, conflict handling, portability packages and service continuity.

Certification should not grade whether a regional community made the “right” allocation choices. Nor should it require institutional forms unrelated to the common interface, beyond baseline governance necessary to trust authority. If a governance weakness creates direct ledger risk, the society should identify the connection and use proportionate remediation.

Testing bodies need independence and appeal. A registry should receive failure evidence and time to cure. Results should distinguish critical incompatibility from advisory improvement. Suspension of recognition is an extreme remedy because holders and relying parties bear the effect.

Open test specifications reduce gatekeeping and allow registries to prepare. Multiple qualified testers can prevent monopoly, while a shared results format preserves comparability. Conformance is a technical assurance function with political consequences; keeping its scope narrow protects both.

Disputes should be classified before they are centralised

Not every disagreement between registries is an NRS dispute. A contract payment, employment issue or regional allocation decision belongs elsewhere. Common jurisdiction should cover conflicts about authoritative status, interoperable events, conformance, handoff and obligations under the NRS contract.

The first stage should classify jurisdiction with reasons. Parties can challenge classification before the merits are heard. This prevents the dispute body from expanding authority case by case. Applicable standard, evidence and remedy should be known.

Technical conflicts may benefit from expert panels; governance conflicts require independent members with no stake in the ledgers involved. Panels should disclose interests, publish reasoned decisions and protect confidential holder data. Precedent should be persuasive and limited to the common contract.

Remedies should restore interoperability: correct a record, recognise a handoff, repeat a test, extend a cure period or compensate direct transition cost. Punitive measures affecting unrelated services are suspect. The dispute system exists to keep the shared ledger layer trustworthy, not to discipline every disagreement among institutions.

Derecognition must remain a last resort

A registry or operator that persistently fails common obligations may need to lose recognition. Because that act affects an entire service population, it should follow graduated remediation. Notice, evidence, cure plan, monitoring and independent review should precede termination except in immediate continuity emergencies.

The current NRO governance work offers a useful model of recognition, ongoing obligations, remediation, emergency continuity and derecognition. The NRS should learn from its emphasis on handoff while avoiding a broad mandate. Derecognition concerns capacity to maintain interoperable authoritative records, not ideological disagreement.

The decision should identify which obligation failed, why lesser measures cannot protect the ledger and how holder continuity will be preserved. An interim operator should have a narrow term and no advantage in later selection. Data integrity, keys, pending cases and appeals need a public transition plan.

Exit chosen by a member and derecognition imposed for breach use similar technical machinery but different legitimacy. Voluntary departure should not carry stigma or punitive conditions. Forced removal requires stronger evidence and review. Conflating them would make the right of exit illusory.

Emergency continuity should not become permanent administration

If a registry suddenly cannot operate, an emergency service may need access to escrowed data and limited authority. The trigger should be objective: extended unavailability, loss of key control, court-ordered incapacity or another defined threat to authoritative service. Political disagreement alone is limited public evidence.

Emergency authority should cover essential registration, directory, security and transaction preservation. It should avoid new allocations or irreversible policy choices unless necessary to prevent greater harm. Holders need notice and a route to correct records. Every action should be auditable.

The appointment expires on a fixed condition or date. Transition either returns to the recovered operator, moves to a recognised successor or enters a formal derecognition decision. The emergency provider should not decide its own permanence and should be excluded from using privileged access for competitive gain.

Regular exercises can test the mechanism with synthetic data and controlled snapshots. Preparedness reduces the temptation to grant broad powers during crisis. A contract with exit must work when cooperation is weakest, not only when all parties sign the handoff cheerfully.

Rulemaking should require regional public authority

Common standards affect holders and relying parties across regions. An NRS technical committee alone should not create binding obligations. Proposals need publication, impact and exit analysis, regional discussion, stable text, reasoned disposition of objections and an identifiable approval threshold.

The threshold should reflect scope. Minor backward-compatible interface corrections may use delegated technical authority with notice and appeal. New mandatory fields, sanctions, fees, jurisdiction or exit constraints require approval across affected member institutions and their public processes. Emergency rules expire unless ratified ordinarily.

The NRO's account of global policy provides an instructive principle: identical global proposals are considered through each regional process before coordinated recommendation. NRS rulemaking need not copy every detail, but no central committee should manufacture regional consent from attendance at one international meeting.

Records should show how each region considered the proposal and whether material objections were resolved. A region may not possess an absolute veto over every optional standard, but mandatory common authority should not arise through a simple aggregate majority that lets large regions govern smaller ones.

Amendment should not be easier than entry

Founding documents often receive intensive consultation, while later amendments pass through ordinary meetings. This invites mission expansion after entities have invested. Changes to purpose, power inventory, exit, sanctions, voting, data use or derecognition should meet a constitutional threshold at least as demanding as original entry.

The proposal should use redlines, rationale, alternatives, legal analysis, technical assessment and exit-impact statement. Member registries need enough time for regional consultation. Significant changes after consultation return for further review. Ratification results and reasons should be public.

Unanimity can protect members but also freeze necessary correction. A carefully designed supermajority combined with an exit or opt-out mechanism may be better for some amendments. Core ledger semantics often require universal compatibility; optional extensions can allow plural adoption. The rule should match the technical need rather than use one voting formula for all questions.

Constitutional amendments should carry transition and dissent treatment. A member that cannot accept expansion should be able to leave under the pre-amendment exit terms during a defined window. Otherwise the majority can change the bargain and charge the dissenter for escaping it.

Opt-outs can preserve plurality when they preserve truth

Not every shared feature needs universal adoption. Optional extensions allow registries to experiment and form subsets. The test is whether non-participation creates ambiguity in authoritative records. A new reporting field may be optional with an explicit unsupported value. A conflict-resolution rule for duplicate authority cannot be optional without risking a fork.

The standard should define extension discovery, fallback and version negotiation. Relying parties should know which capabilities a ledger supports. Optionality must not create hidden discrimination, where holders from one region are silently treated as less authoritative.

Opt-outs should be reviewed if network effects make them practically impossible. A formally optional service can become mandatory when every major relying party requires it. The NRS should then decide whether to adopt it openly, preserve alternatives or constrain private gatekeeping.

Plurality is not fragmentation when boundaries are explicit. Optional layers can demonstrate value before constitutionalising it, lowering the stakes of experimentation and keeping exit credible.

Competition and succession need neutral rules

A credible exit regime raises the possibility of a successor or alternative operator. Selection should not be controlled by the incumbent society leadership or emergency provider without safeguards. Criteria should focus on continuity, competence, regional accountability, data protection and conformance.

The contract should clarify who authorises succession: affected community, member registry, regional Board, court, NRS body or some combination. Different triggers may require different authority. Voluntary service transfer differs from institutional collapse. Holder input and public reasons matter because the decision changes a critical dependency.

Incumbents should provide necessary data and cooperation but need not transfer unrelated assets or confidential business information. Intellectual property required for interoperable service should be licensed or replaced through documented standards. Procurement and conflicts should be public.

Neutral succession prevents continuity rules from becoming a path to capture. It also tests whether interoperability is real. If no qualified successor can operate without the incumbent's private knowledge, the society has allowed lock-in to defeat its own constitutional promise.

The audit should simulate departure

Annual compliance can look healthy while exit remains impossible. The NRS should periodically run a controlled portability exercise: export a representative ledger subset, validate provenance, import into an isolated successor environment, rotate keys, reconcile pending events and publish results. No live authority changes.

The exercise should include adversarial conditions such as missing staff, disputed records, software-version differences and partial corruption. Findings produce remediation deadlines. Reports can protect sensitive details while stating whether continuity objectives were met.

Governance audit should accompany technical testing. Are exit fees calculable? Are contracts assignable? Is the decision authority available and conflict-free? Can holders obtain notice and appeal? Are regional communities able to review the transition?

A society that never tests exit will optimise only for staying. Simulation makes the constraint operational and reveals cumulative dependencies before a crisis. It is the equivalent of a fire drill for institutional freedom.

Board elections should test attitudes toward scope

Directors of participating registries and the NRS itself will face pressure to expand common authority. Members should evaluate whether candidates understand necessity, subsidiarity, portability and holder continuity. The relevant question is not whether they favour cooperation in the abstract, but how they distinguish coordination from centralisation.

Board records should show votes on material expansion, exit-impact findings, conflicts and treatment of regional objections. Candidates should disclose interests in vendors, successor operators or services that benefit from common mandates. Recusal rules apply where expansion creates direct commercial advantage.

Election cannot legitimate powers never granted. Directors remain bound by the inventory and amendment process. Electoral accountability supplements constitutional limits by allowing members to judge stewardship of the bargain.

Non-member affected users still require consultation and appeal. The NRS gains legitimacy from its narrow function, regional public authority and continuing consent, not from one electoral layer alone.

A model NRS covenant

The founding covenant should state purpose: preserve reliable interoperability, provenance and continuity among independent number-resource ledgers. It should list powers and prohibitions, define common data and event semantics, require conformance, protect holder continuity and establish narrowly tailored dispute authority.

It should guarantee voluntary exit under published notice, cost and handoff terms. Portability packages, key transition, escrow, pending cases, successor recognition and audit should be specified. No legitimate holder loses recognition solely because an institution leaves. Forced derecognition follows evidence, cure, independent review and continuity planning.

Rulemaking should classify technical corrections, ordinary standards and constitutional changes. Each receives proportionate public review. Every expansion must pass necessity, subsidiarity, reversibility and exit-impact tests. Optional extensions are preferred where truth remains coherent. Emergencies expire.

Fees reflect service and transition cost, not captivity. Data use is limited to ledger purpose. Audits simulate exit. Amendments that increase lock-in give dissenting members a window to leave under prior terms. Reasons, votes, conflicts and implementation outcomes remain public. This covenant is not anti-institutional. It gives the institution a durable mandate by making its limits usable.

Entry should not require surrendering future disagreement

A registry joining the NRS should accept the existing interoperability covenant, conformance duties and continuity obligations. It should not be required to endorse every political statement, future standard or regional practice of other members. Entry criteria tied to broad ideological alignment would convert a technical society into a club and make critical infrastructure recognition contingent on conformity.

The accession record should identify which standards are mandatory, which extensions the entrant supports, any time-limited remediation and how its community authorised participation. Existing members should evaluate technical and governance capacity under published criteria. Competitors should not be able to block entry merely to preserve influence.

Accession terms must use the same exit framework as founding membership. A probationary member may need additional testing, but its holders still require continuity. Bespoke side agreements should be published where they affect recognition so that future disputes do not turn on private bargains.

Entry and exit are mirror tests of institutional purpose. If entry demands control beyond interoperability, scope is already too broad. If exit destroys recognition, consent was never durable. A sound society makes both transitions orderly because its common value lies in the interface, not in permanent political allegiance.

Transparency must include machine-readable authority

Public minutes and standards are necessary, but relying systems also need an authoritative, verifiable account of membership, supported versions, recognised keys, transition states and current service responsibility. The NRS should publish this information in open machine-readable form alongside human explanations.

No single unpublished service should be the only source. Signed snapshots, stable identifiers and multiple distribution points can support resilience. Changes should carry effective times, prior state and reason codes that link to public decisions. Emergency states need expiry and review metadata.

Machine readability should not expose holder data beyond the ledger's legitimate purpose. The authority index describes institutions and interfaces; detailed records remain governed by appropriate access and privacy rules. Security design should prevent an attacker from using the index as a central control point.

This layer makes scope auditable in real time. A relying party can see whether the NRS has recognised a handoff under an enumerated power rather than infer authority from institutional announcements. Technical transparency reinforces legal and political limits because the actual state can be compared with the public covenant.

Exit rights need a remedy before the handoff fails

A member that believes the society is obstructing departure should not have to complete a chaotic unilateral exit before seeking relief. The contract should permit expedited review of disputed fees, data completeness, successor qualification, key release and transition milestones. The reviewer may order cooperation, preserve a snapshot or appoint a limited neutral custodian.

Relief should protect holders and relying parties while avoiding an incentive for strategic departure threats. The applicant must identify a concrete breach or imminent continuity risk. Decisions should be fast, reasoned and appealable, with confidential treatment for exploitable details.

The society itself needs remedies when a departing member withholds records or creates conflicting claims. Those remedies should target handoff performance, not unrelated assets or speech. Security bonds or insurance may cover demonstrated transition cost if proportionate and accessible to smaller members.

Rights become constitutional only when an institution other than the alleged breacher can enforce them in time. An exit clause reviewed after records fork and services fail is historical commentary. Effective interim relief keeps the bargain practical at the moment it is most contested.

Conclusion: interoperability should make freedom practical

The Internet numbering system needs common truth without a single political centre. Registries must recognise authoritative status, preserve provenance, coordinate allowed transfers and survive institutional failure. A Number Resource Society can provide the common contract that makes this plurality reliable.

Its legitimacy depends on stopping at the edge of that task. Shared infrastructure is tempting leverage. Once every registry and holder depends on common recognition, leaders may seek to enforce broader conduct, harmonise regional choices or make membership irreversible. Promises of restraint are weaker than architecture that permits departure.

Exit, portability and succession turn scope limits into operational facts. Necessity and subsidiarity keep ordinary regional choices local. Reversibility and exit-impact review expose lock-in before adoption. Holder continuity prevents institutional conflict from becoming confiscation. Public regional approval keeps common rules connected to the communities they govern.

The NRS should be judged not by how many rules it can coordinate, but by how little central authority it needs to keep multiple ledgers truthful together. A contract with exit makes cooperation more demanding and more credible. It allows institutions to share what the network requires while retaining the freedom to refuse what it does not.

Sources