Summary

  • A registry sandbox should admit only a defined proposition that cannot be answered safely through simulation alone. Admission is not approval, accreditation or a forecast of permanent status. The applicant must identify the claimed holder benefit, the rule or technical assumption being examined, the affected resource set, the maximum exposure, the evidence to be collected and the exact conditions for stopping.
  • Uniqueness must remain outside the experiment. Every participating prefix and autonomous system number should have one current holder record, one current registration-service provider pointer and one ordered history. A sandbox may test who supplies service or how a holder exercises a right; it may not permit rival authoritative accounts of the same resource.
  • Scope must be bounded in four dimensions: number of holders, quantity and type of resources, functions exposed, and duration. IPv4, IPv6 and autonomous system numbers create different consequences, so one aggregate cap is limited public evidence. Scarce transferable IPv4 space deserves especially conservative limits and enhanced conflict checks.
  • Reversibility is an engineered capability, not a sentence in a contingency document. Before the first live entity enters, the trial must demonstrate export, independent verification, restoration to a qualified provider, preservation of history, continuity of RDAP and RPKI services, and communications that do not require cooperation from the failing entrant.
  • Route security must be separated from registration-service choice. A provider change must not silently create, revoke or reinterpret Route Origin Authorizations. RPKI key custody, certificate issuance, publication and relying-party observation require their own limits, two-person controls, rehearsal and emergency restoration.
  • Public measures should cover correctness, timeliness, exit, complaints, security, portability, cost and unequal effects. The evaluator should publish failures as well as successes, explain excluded observations and give entities a direct route to correction and compensation. Commercial novelty without holder benefit is not success.
  • The sandbox should reduce incumbent privilege, not create a new discretionary gate. Entry criteria, fees, technical interfaces, evidence requirements and graduation standards must apply equally to incumbent services and new providers. A successful trial supports a decision on wider authorization; it does not confer a territorial franchise or permanent control of shared coordination.

A sandbox is a limited permission, not a ceremonial endorsement

The term sandbox has become dangerously elastic. It can describe a regulator-supervised live trial, an isolated technical environment, a marketing programme or an informal conversation with officials. Registry governance needs the narrowest meaning: a time-limited permission to conduct specified activity with real consenting holders under restrictions that would not apply to an ordinary fully qualified provider.

The Financial Conduct Authority's current sandbox description is useful because it states both sides of the bargain. Firms can test live propositions in a controlled environment, usually at small scale, for limited duration and with a limited number of consumers. Participation does not remove the need for appropriate authorization, and the FCA's eligibility criteria ask about genuine innovation, benefit, readiness, safeguards and redress. The lesson is not that financial regulation can be copied into Internet coordination. It is that permission becomes credible when its scope and limits are visible.

NRS should state what sandbox admission does not mean. It is not proof that the entrant is safe at regional scale. It is not a finding that its legal theory is correct. It is not permission to use the Society's name as a commercial guarantee. It is not a promise of graduation. It is not an exemption from duties that protect holder identity, security or uniqueness.

That clarity protects both sides. Entrants receive a fair opportunity to produce evidence without pretending to possess mature authority. Holders can participate without being told that institutional approval eliminates risk. The public can distinguish a controlled inquiry from a quiet transfer of power.

The case for live trials begins where simulation ends

Not every proposal needs a sandbox. A new user interface, report format or monitoring tool can often be judged with synthetic records and public data. Live exposure is justified only when the disputed fact depends on real institutional behavior: whether a holder can switch providers without interruption, whether an unfamiliar authentication method resists organizational complexity, whether a recipient can maintain accurate RDAP service under load, or whether an independent reviewer can resolve a real objection within the promised period.

This necessity requirement prevents the sandbox from becoming a prestige channel for ordinary product development. It also protects holders from risk that produces no unique knowledge. An applicant should explain the proposition in falsifiable terms. “We will modernize registry governance” is not testable. “A receiving provider can complete a holder-preserving service transfer for a bounded set of resources within two business days, with no conflicting current state and with all objections resolved under published grounds” is testable.

The sandbox authority should ask a further question: what decision will the evidence inform? If no authorization rule, interoperability requirement, remedy, service standard or public choice could change, the trial may be theater. Evidence matters because it can alter a defined decision.

Live trials are therefore a last evidentiary step, not the first. The entrant should already have passed conformance checks, adversarial security review, recovery rehearsal, staff vetting and non-live performance exercises. The sandbox exists to expose residual human and institutional uncertainty under limited conditions. It should never be used to discover whether the basic service can start.

The protected core is one authoritative resource state

IANA describes its number-resource role as global coordination of IP addresses and autonomous system numbers, with pools of unallocated resources supplied to the Regional Internet Registries under global policy. That hierarchical history creates dependencies even when a future NRS model introduces registration-service choice. The sandbox must not treat authoritative state as a playground.

For each participating resource, the protected core should contain one verified holder, one resource extent, one current service provider, one status, one ordered record of authorized changes and one reference to applicable constraints. Competing providers may hold copies needed to serve a entity, but none may present an alternative current answer after its authority ends. Every accepted change should be serialized against a known prior version so that simultaneous instructions cannot produce two valid outcomes.

This rule separates plural service from plural truth. An entrant can test customer support, verification, transfer preparation, evidence retention, RDAP publication or delegated security administration without creating another allocation universe. The shared coordination function accepts only changes allowed by the trial instrument and rejects an instruction based on stale state.

The protected core must be technically and institutionally independent of the entrant. If the experimental provider can rewrite the authoritative history, suppress a competing instruction or prevent restoration, the sandbox has delegated the very power it was supposed to contain. The common authority should expose a narrow interface, immutable receipts and independent observation. Innovation can alter service around the core; any proposal to alter the core itself requires a separate and much more demanding inquiry.

Four dimensions define the blast radius

A credible limit cannot be expressed as “a small pilot.” Small in one dimension may be enormous in another. NRS should cap at least four dimensions separately: participating holders, resource quantity and type, exposed functions, and elapsed time.

The holder cap prevents a single entrant from accumulating a politically significant constituency before its competence is known. It should also prevent concentration by entities. Ten nominal entities controlled by one corporate group do not provide ten independent observations.

The resource cap should distinguish IPv4, IPv6 and autonomous system numbers. A count of registry records hides consequence. One IPv4 holding may have high scarcity value and extensive transfer history; one IPv6 allocation may cover a vast numeric range but have a different market profile; one autonomous system number may be central to a network's routing identity. Caps should therefore use resource-specific measures and include maximum operational dependency.

The function cap defines what the entrant may do. A trial of provider portability need not include new allocations, holder changes, RPKI certificate authority operation or policy adjudication. Restricting functions is often more protective than reducing entity count.

The time cap prevents temporary discretion from hardening into fact. The trial should have a start, an ordinary end, review points and an absolute long-stop. Extensions should require fresh reasons and entity consent. A sandbox that continues because no one wants to make a final decision has become an unacknowledged permanent regime.

Resource selection must not hide the hard cases

Selection creates evidence, and biased selection creates flattering evidence. An entrant that chooses only friendly, technically sophisticated holders with simple portfolios may demonstrate competence under ideal conditions while revealing little about ordinary service. A trial that accepts only low-consequence resources may prove safety but not transferability to meaningful use.

The solution is stratification, not immediate exposure to the most dangerous cases. NRS should define classes before recruitment: single-resource and multi-resource holders; small and large organizations; holders with and without active RPKI use; provider-independent and delegated arrangements where relevant; organizations operating across legal jurisdictions; and resources with uncomplicated or contested historical records. Early phases can exclude contested cases while later phases admit a small, separately capped sample after the basic controls work.

IPv4 scarcity requires special discipline. Because addresses can carry material transfer value, a provider trial could be exploited to launder a disputed change of control through what appears to be a service switch. The sandbox should prohibit holder changes unless that is the explicit subject of a separate trial. It should compare holder identity and authority before and after every service move and place enhanced scrutiny on recently transferred space.

Selection rules should be public before applications open. Otherwise administrators can protect a favored entrant through easy cases or burden a disfavored entrant with exceptional ones. Fair comparison requires a stable case mix, transparent exclusions and reporting that identifies how representative the sample is.

Consent must be informed, revocable and organizationally real

Registry entities are often companies, public bodies, universities, networks and associations rather than individual consumers. A checkbox from a contact address does not prove informed organizational consent. The sandbox must verify that the person enrolling resources has authority to expose them to the trial and that technical, legal and executive contacts understand the consequences.

Consent should identify the functions being tested, known risks, data uses, complaint route, expected duration, exit right, restoration provider, possible service restrictions and compensation terms. It should say plainly that admission is not a guarantee. Where a holder relies on customers or public services, the holder should identify internal dependencies before joining.

Revocation is equally important. A entity should be able to leave without proving that the entrant failed. Exit may be scheduled to avoid an unsafe mid-change interruption, but it must not depend on the experimental provider's commercial approval. The restoration route should be triggered by the holder or an independent authority under published conditions.

Consent cannot waive uniqueness, public security or the rights of third parties. A holder may accept limited service risk; it cannot authorize conflicting registration claims that affect routing operators or relying parties. Nor should a small entity be asked to waive negligence, confidentiality or access to an external court as the price of innovation.

Finally, consent records must survive provider failure. If proof exists only inside the entrant's systems, the provider can determine whose authorization is visible after a dispute. An independent custodian should retain signed enrollment, scope, amendments and exit instructions.

Shadow operation should precede every change of authority

The safest first live phase is observation without control. The entrant can receive entity-approved copies of current records, calculate proposed decisions, answer simulated requests under real timing and produce RDAP responses at a non-authoritative endpoint. The incumbent or common coordinator continues to serve the official answer. Differences are measured rather than exposed to the Internet.

Shadow operation reveals more than a laboratory exercise because it encounters real portfolio complexity, contact gaps, historical anomalies and timing peaks. Yet it does not let an erroneous decision alter rights or public services. The entrant should be required to explain every divergence from the authoritative result. Some differences may show entrant error; others may reveal incumbent inconsistency or an unclear common rule.

Graduation from shadow mode should depend on performance across a minimum observation period and across defined event types, not simply on elapsed days. If no service transfers, objections or contact changes occur, a quiet month proves little. The authority can inject signed, clearly marked exercises alongside real traffic to assess rare events without confusing them with actual instructions.

Shadow success does not justify immediate full authority. The next phase can permit a narrow class of low-consequence live changes while retaining pre-approval at the common layer. Later, the entrant may receive bounded discretion for specified acts. Each step should add one power at a time. When multiple powers are added together, evidence cannot show which change caused a failure.

Admission should test readiness, benefit and need

The FCA's published eligibility criteria offer a useful discipline: scope, genuine innovation, consumer benefit, readiness and need for support. NRS can translate those ideas without treating network operators as retail financial consumers.

Scope asks whether the proposal concerns number-registration service and falls within authority that the Society can lawfully limit. Genuine innovation asks whether it changes cost, access, accountability, portability, security or evidence rather than merely applying new branding. Holder benefit asks who gains and which measurable burden falls. Readiness requires a functioning service, qualified staff, independent security findings, adequate funds, restoration capability and participating partners. Need asks why non-live evidence cannot answer the question.

An additional registry criterion is coordination compatibility. The entrant must preserve one current resource state, standard exchange formats, identifier integrity and globally intelligible public service. A commercially attractive service that creates an incompatible authoritative island is not ready for live number resources.

Another criterion is remedy capacity. The applicant must be able to correct records, finance restoration, compensate direct loss where appropriate and submit to independent orders. Innovation without remedy shifts experimentation costs to holders.

These criteria should be scored against published evidence. Reasons for acceptance and refusal should be released with confidential details removed. An appeal should reach an independent reviewer who can correct inconsistent application of the criteria but cannot waive the protected core.

Some activities should remain outside any early sandbox

A sandbox is not safe merely because every activity occurs inside it. Certain powers create consequences too broad or irreversible for an early trial. NRS should publish a prohibited list and explain the route by which an activity might later become eligible.

No entrant should allocate previously unallocated number resources during an initial provider-portability trial. Allocation changes the global scarcity account and can create durable reliance. Nor should an entrant decide a disputed holder transfer, recognize a novel market title, alter an existing court restraint or create a competing trust anchor for general RPKI use.

The trial should not permit retroactive history edits. Corrections can be appended with reasons and authority, but prior records should remain intelligible. It should not permit deletion of evidence needed by a holder, reviewer or court. It should not authorize bulk migration of non-consenting holders or automatic enrollment through membership terms.

Policy-making authority must also remain outside. An entrant can apply published rules and report ambiguity. It cannot use customer contracts to create policy that binds routing operators or other providers. The sandbox authority itself should not rewrite common obligations through confidential side letters.

These exclusions are not claims that the activities can never change. They recognize that experimentation is most legitimate when errors can be contained. Proposals affecting allocation, recognition or global trust require broader authorization, deeper rehearsal and a transition design proportionate to their reach.

Reversibility must be demonstrated before the first entity enters

Institutions often call a change reversible because a contract says records will be returned. That is not reversibility. A safe sandbox requires a working restoration capability demonstrated against the entrant's actual service before live authority begins.

The demonstration should export every participating resource record, holder authority record, contact role, service status, restriction, pending instruction, historical receipt, complaint, RDAP element and relevant RPKI reference. An independent validator should compare the export with the common authority and confirm that a qualified restoration provider can ingest it without manual reconstruction.

Restoration should preserve sequence. If an instruction was accepted before the cutoff but not completed, the successor must know whether to finish, cancel or seek fresh authority. Duplicate execution is as dangerous as lost execution. Every event therefore needs a unique identifier, prior version, status and signed receipt.

The trial should then rehearse three conditions: cooperative exit, sudden entrant unavailability and suspected compromise. Cooperative exit tests ordinary portability. Unavailability tests escrow and substitute access. Compromise tests whether the authority can freeze new changes, preserve evidence, replace credentials and restore a known-good state without trusting the potentially compromised provider.

Rollback should not mean erasing every act performed during the trial. Valid holder-authorized changes may need to survive even when the provider does not. Reversibility restores service and authority to a safe arrangement while preserving truthful history. It does not rewrite the past to make the experiment appear never to have occurred.

One current provider pointer makes service competition intelligible

NRS portability depends on a simple public fact: which qualified provider is currently responsible for registration service for a resource? The common authority should maintain one current pointer and a signed history of changes. Providers can compete for holders without each claiming a separate right to define current state.

During a sandbox transfer, the pointer should pass through explicit stages: requested, independently verified, scheduled, activated or rejected. Public consumers need not see confidential details, but participating providers and the holder should receive consistent receipts. The old provider's authority to alter current state ends at activation, except for a narrowly defined emergency challenge.

The pointer is not ownership. It identifies the service institution currently permitted to submit bounded changes. The holder remains the holder. Routing remains an operator decision. A court can still determine rights. The common authority remains responsible for preventing two simultaneous service claims.

This distinction matters after failure. If the entrant disappears, the common coordinator can redirect service responsibility to the pre-positioned restoration provider without pretending that the holder changed. If the pointer were fused with title, recovery would require a new ownership determination for every entity.

Public documentation should also identify what follows the provider and what follows the resource. Service fees, support arrangements and optional tools may follow the provider. Holder identity, resource history, court restraints and common obligations follow the resource. The sandbox should detect any entrant attempt to convert portable public facts into proprietary lock-in.

RDAP is both a service and an accountability surface

Registration Data Access Protocol service makes public and authorized registration information discoverable in a standardized manner. In a sandbox, RDAP is not merely a technical endpoint. It is where outside users can observe whether provider choice preserves a coherent answer.

The entrant should first serve non-authoritative shadow responses and compare them with the current public result. Differences should be categorized: stale update, field interpretation, redaction rule, referral failure, availability failure or underlying record conflict. Only after acceptable performance should a live delegation change occur for the bounded resource set.

IANA's RDAP materials demonstrate the importance of bootstrap information that directs a query to the responsible service. NRS needs equivalent referral clarity for experimental providers. A user should not have to know that a resource is in a sandbox. The common bootstrap answer should direct the query correctly, and the end of the trial should remove or replace that direction without stale caches creating a long ambiguity.

Privacy and accountability must be tested together. The entrant should not publish personal contacts merely to prove openness, nor hide organizational authority behind broad privacy claims. Each field needs a stated purpose, audience and correction route. Rate limits should protect service without making independent observation impossible.

The public measures should include availability, response validity, update delay, referral accuracy, complaint correction time and consistency with the authoritative holder state. A beautiful interface is irrelevant if a network, researcher or affected organization cannot obtain a reliable answer.

RPKI requires a separate authority boundary

The Resource Public Key Infrastructure follows the number-resource allocation hierarchy. RFC 6480 explains that resource certificates attest to holdings and that Route Origin Authorizations express which autonomous system is authorized to originate routes for specified prefixes. This makes RPKI highly relevant to provider choice and too consequential to be treated as an incidental feature.

A registration-service transfer should not automatically create, revoke or alter a ROA. The provider pointer, resource certificate state, key custody and route authorization are distinct. A holder may choose to move registration service while retaining its existing RPKI arrangement, or later move security service under a separate instruction.

If an entrant is permitted to administer RPKI for a limited cohort, the sandbox needs additional caps and controls. Key generation and custody must be defined. No private key should be copied merely for convenience. Certificate and manifest timing must be monitored. Publication should follow standards such as RFC 8181, which separates the publication engine from the repository and defines publication and withdrawal messages.

The trial should observe relying-party consequences, not just successful command acceptance. A technically valid change can still cause a period in which routes become invalid or disappear from validated views. Measurements should come from multiple independent validators and network vantage points.

Emergency restoration must be rehearsed with pre-created authority, not improvised after compromise. The plan should distinguish restoring the registry service, restoring RPKI publication and changing a trust relationship. Treating all three as one switch creates unnecessary blast radius.

Routing autonomy stays outside the provider trial

Registration evidence and routing behavior are related but not identical. A prefix can be accurately registered while not announced. A route can be announced without a valid ROA. A valid ROA does not compel any network to accept the route. The sandbox must preserve these distinctions in both authority and reporting.

The experimental provider should have no power to originate a route on behalf of a entity unless the provider is separately engaged as a network operator under an ordinary commercial arrangement. Even then, the routing relationship is not part of registry authority. A registration-service contract must not imply permission to change BGP announcements.

Success measures should therefore avoid claiming that ordinary reachability proves registry correctness. Reachability may continue because routing is tolerant of stale or conflicting information. Conversely, a reachability problem may arise from a entity's network change rather than the entrant's registration service. The evaluator should correlate events while preserving causal uncertainty.

Where RPKI is included, the relevant outcome is whether the holder's intended authorization remains accurately and continuously available to relying parties. Route observations can identify consequences, but they do not replace inspection of certificates, manifests, repositories and signed entities.

This separation limits political overreach. A sandbox authority charged with evaluating registration providers should not acquire a general power over routing. The Internet's distributed operational decisions remain outside a temporary institutional permission.

Transfer trials need narrow objections and strict clocks

Provider portability is likely to be the most valuable early NRS experiment. It directly tests whether uniqueness can coexist with customer choice. It also creates obvious incentives for an incumbent to delay and for a recipient to accept weak authority evidence.

The transfer instrument should identify the holder, resources, current provider, receiving provider, intended activation and unchanged facts. It should be authorized through a credential bound to that exact act and current record version. The receiving provider can lead the request, while the incumbent receives notice and a bounded opportunity to entity.

Objection grounds should be exhaustive: a demonstrated authority defect, an applicable court restraint, a conflicting holder-change instruction, a current security incident affecting the request, or another specifically defined condition. Commercial debt unrelated to the service period, criticism of the incumbent, missing documents not required by the public standard or general discomfort with the entrant should not block exit.

Each stage needs a clock. Acknowledgment, evidence response, objection, independent review, activation and final receipt should have separate deadlines. Silence should not create indefinite veto. A missed incumbent deadline can lead to approval when no high-risk indicator exists; a missed entrant deadline can cancel the request without prejudicing a fresh application.

The sandbox should publish aggregate timing and every extension category. Average completion alone can hide a minority of holders trapped for weeks. Distribution, maximum delay and unresolved cases matter more than a polished mean.

Independent observation prevents self-certified success

An entrant should not grade its own trial, and the institution promoting NRS should not be the sole judge of an NRS-branded service. The observer needs technical competence, access to relevant evidence, independence from providers and authority to publish uncomfortable findings.

Independence is structural. The evaluator should disclose funding, prior work, financial interests and relationships with incumbents, entrants and the common coordinator. Its appointment should not be revocable merely because preliminary results are unfavorable. Entities should be able to challenge factual errors without suppressing conclusions.

Observation should occur continuously. A final report reconstructed from provider-selected records will miss short outages, abandoned requests and informal interventions. The evaluator should receive signed event receipts, availability measurements, complaint records, security alerts and version changes as they occur. Sensitive material can be protected while aggregate findings and decisive facts remain public.

Multiple observers may be necessary. A technical monitor can assess state consistency and RDAP behavior. A security assessor can review key custody and incident handling. A governance reviewer can examine reasons, remedies and unequal treatment. A holder panel can report whether formal rights were usable in practice.

No observer should possess operational authority merely because it measures performance. Keeping measurement separate from control makes findings more credible and avoids creating another hidden coordinator.

Public measures must show benefit, not activity

Sandbox publicity often counts applications, meetings and accepted firms. Those figures describe administrative volume, not whether holders are better served. NRS should define outcome measures before admission and preserve failed observations.

Correctness measures include conflicting current states, unauthorized changes, stale public answers, incomplete history and restoration discrepancies. Timeliness measures include request acknowledgment, ordinary change completion, objection resolution, RDAP update and incident notice. Exit measures include successful voluntary departure, time to restore after entrant failure and completeness of transferred evidence.

Security measures should cover credential compromise, privilege misuse, key events, failed integrity checks, RPKI validity effects and time to containment. Holder measures should include complaint rate, correction time, out-of-pocket loss, support accessibility and whether small organizations experience worse outcomes. Competition measures should include total switching cost, technical integration burden and dependence on proprietary tools.

The report should include denominators. “No successful attack” says little if only a few low-risk events occurred. “All transfers completed” can conceal that difficult applications were excluded. Results should identify cohort composition, resource types, functions used, observation period and missing evidence.

Success criteria must include no-go thresholds. One conflicting allocation claim may be more significant than hundreds of fast support responses. The authority should state which events automatically pause new admissions, freeze a function or terminate the trial. A measure that cannot change the decision is decorative.

Stop conditions should be automatic where delay creates danger

Some failures allow investigation while the trial continues. Others require immediate containment. The sandbox instrument should distinguish them in advance so commercial or political pressure cannot redefine severity after an incident.

Automatic stop conditions should include a conflicting current holder or provider state; unauthorized resource or holder change; loss of the ability to restore complete records; compromise of a key that can affect live RPKI objects; concealment or destruction of material evidence; repeated failure to obey an independent correction order; insolvency without funded continuity; and service degradation beyond a stated critical threshold.

A stop need not terminate every function. If RDAP publication fails while authoritative state remains intact, new changes can pause while public service moves to a substitute endpoint. If RPKI administration is compromised, that function can be isolated without forcing holders to change their registration-service provider. Modular containment rewards the authority boundaries designed earlier.

The entrant should receive prompt reasons and a route to challenge factual error, but an appeal should not automatically suspend urgent protection. The independent reviewer can authorize continuation under narrower conditions when evidence supports it.

Restart requires more than a promise. The cause must be identified, affected state reconciled, holders informed, restoration retested and the evaluator satisfied that controls changed. Repeated restart should not become a way to normalize chronic weakness.

Redress turns entities from subjects into rights holders

People accept experimental risk more rationally when correction and compensation are real. The sandbox should establish a direct complaint route that does not require the entity to persuade the entrant to complain about itself.

The first remedy is rapid correction. An independent officer should be able to freeze a disputed change, restore the last verified service pointer, correct an inaccurate public record or order release of evidence. The holder must receive reasons and a signed account of what changed.

Financial redress should cover direct, foreseeable loss caused by breach of sandbox duties. A pre-funded instrument or insurance arrangement is preferable to an unsecured promise from an entrant whose failure created the claim. Caps may be reasonable for voluntary participation, but they should not cover fraud, deliberate concealment or unauthorized use of resources.

Third parties also need standing in limited circumstances. A network falsely shown as holder, an organization affected by inaccurate abuse contacts or a provider displaced by an unauthorized instruction should be able to seek correction. They need not receive confidential entity material to establish a public-record error.

External courts remain available. The sandbox can define rapid specialist relief without demanding that entities surrender legal rights. Institutional legitimacy grows when internal remedies complement rather than displace independent law.

Confidentiality must not become secrecy about public authority

Entrants have legitimate interests in protecting security details, customer information and proprietary methods. Holders have privacy and commercial interests. Yet a trial that exercises authority over shared number resources cannot be judged entirely through confidential exchanges.

The public should know the entrant, allowed functions, cohort size, resource classes, duration, conditions, evaluator, key metrics, incidents affecting authoritative integrity, stop decisions, reasons for graduation or refusal and any conflict of interest. Individual contact details, credentials, security findings that would enable attack and genuinely proprietary implementation details can remain protected.

Reasons should be specific enough to permit comparison. “Operational considerations” is not an adequate explanation for extending or terminating a trial. The authority can describe the relevant standard and factual category without exposing a vulnerability.

Entities should know who can access their information and for what purpose. Evidence supplied for security evaluation should not silently become commercial intelligence for an incumbent. Data retention should be bounded, while records necessary to prove authority, decisions and corrections remain available for the applicable legal period.

The presumption should be transparency about exercises of power and restraint about personal or exploitable detail. Reversing that presumption produces a sandbox that protects institutions from scrutiny rather than holders from harm.

Incumbents and entrants must face the same evidentiary standard

Sandboxes can reinforce monopoly if only newcomers are required to expose performance while incumbents retain authority without comparable measurement. NRS should use the trial to create an evidence standard that eventually applies to every qualified provider.

An entrant may justifiably face tighter caps because its capability is less proven. But correctness, portability, security, reason-giving and remedy obligations should not disappear after graduation. Incumbents offering a materially new service should enter the same sandbox. A familiar corporate name does not make an untested authority safe.

Technical access must also be neutral. Common interfaces, conformance tools, documentation and fee schedules should be available on equal terms. If an incumbent controls the integration knowledge needed to pass, it can convert technical coordination into exclusion.

The authority should publish the cost of participation and identify which requirements protect holders. Excessive bespoke reports, meetings or legal fees can exclude smaller capable providers without improving safety. Standard evidence and automated conformance checks can lower entry cost while preserving rigor.

Neutrality also constrains favorable graduation. A provider should not gain permanent regional exclusivity because it was first to complete a pilot. Successful evidence supports authorization to serve willing holders under common rules. Other providers should be able to qualify through the same route.

Membership input cannot substitute for affected-holder authority

NRS may be membership-based, but a member vote does not automatically authorize risk to a particular holder's resources. Membership and participation answer different questions. Members can approve the general sandbox mandate, budget, oversight design and public standards. Each affected holder must separately authorize enrollment.

The membership body should receive regular aggregate results and have power to revise future trial rules. It should not intervene in individual decisions to favor a constituency. Adjudication needs independence from electoral pressure and provider blocs.

Representation should be tested against actual exposure. Large providers, small networks, public bodies, civil-society users and technical experts may experience different risks. A consultation dominated by organizations with staff available for meetings can overlook holders for whom a mistaken transfer would be existential.

Conflict rules are essential. A provider seeking entry should not vote on its own admission or graduation. An incumbent should not decide whether a competitor's proposition is necessary. Evaluators and appeal members should disclose financial and professional ties.

Membership accountability is strongest when members can inspect aggregate evidence, remove governors for misconduct and amend standards prospectively, while individual rights remain protected from majority convenience. The sandbox should demonstrate that NRS can combine collective oversight with bounded authority rather than use participation rhetoric to blur the principal.

Legal authority and liability must be settled before experimentation

A technical design cannot answer who may authorize a live trial, which contracts bind providers, how court orders are recognized or who bears loss. These questions must be resolved in the relevant jurisdictions before entities enter.

The sandbox instrument should name the granting authority, legal basis, entrant duties, entity rights, applicable law, dispute forum, evidence rules, confidentiality limits, financial security and termination powers. It should explain how the common coordinator acts when an entrant becomes insolvent or a court appoints an administrator.

Cross-border participation requires particular care. A holder may be incorporated in one country, operate networks in several others, receive service from a provider elsewhere and hold resources historically registered through a regional institution. The sandbox should not claim that one contract eliminates mandatory law or the authority of competent courts.

Court orders should be verified and applied narrowly. An order restraining transfer of one resource should not freeze an entire cohort. Conflicting orders require a stated escalation route rather than private selection by the entrant. Emergency continuity authority should preserve service without deciding disputed ownership unless a competent body directs otherwise.

Liability should follow control. The entrant answers for unauthorized acts within its granted authority; the common coordinator answers for accepting invalid state changes it was required to reject; the evaluator answers for professional misconduct within its role. Diffuse responsibility is not resilience. It is a design that ensures every institution can blame another.

A phased ladder produces stronger evidence than one grand launch

The trial should advance through explicit phases. Phase zero covers conformance, security review and restoration rehearsal without live entity state. Phase one uses shadow observation. Phase two permits low-consequence live changes with common-authority pre-approval. Phase three allows a bounded set of ordinary provider actions under continuous observation. Phase four adds one higher-consequence function, if justified, for a separately capped cohort.

Each phase has entry evidence, minimum event coverage, success measures, stop conditions and an end decision. Time alone does not unlock the next phase. Nor does success in one function authorize another. Fast RDAP updates do not prove safe RPKI key administration; accurate contact changes do not prove fair transfer adjudication.

The ladder should allow retreat. A provider can return to shadow mode after a significant defect without losing every future opportunity. This creates an incentive to disclose weakness rather than conceal it to avoid expulsion. Deliberate concealment, however, should trigger stronger consequences than an honestly reported error.

Multiple entrants can participate if the common authority can contain and compare them. Parallel cohorts may reveal whether requirements are genuinely interoperable or tailored to one implementation. Total exposure across all cohorts must remain capped; ten individually small experiments can create one large systemic risk.

At the end, the authority chooses among graduation for defined functions, extension with fresh questions, return to an earlier phase, termination or revision of the common standard. The available decision should never be reduced to approval versus failure.

Graduation is authorization, not constitutional settlement

A successful sandbox shows that a provider performed specified functions for a specified cohort under specified conditions. It does not prove universal safety, establish political legitimacy for unrelated powers or create a permanent territorial entitlement.

Graduation should identify exactly which functions the provider may offer, capacity limits if any, continuing audit duties, financial requirements, interoperability obligations, renewal period and grounds for suspension. Expansion can occur as evidence accumulates. Authority should remain severable so a failure in one optional service does not necessarily end every registration relationship.

The graduation decision should explain adverse findings and why residual risk is acceptable. Suppressing minor failures would deprive later providers and holders of useful knowledge. A mature institution can authorize service while acknowledging limits.

Periodic renewal prevents early success from becoming eternal presumption. Renewal need not recreate the sandbox, but it should review current capability, incidents, portability, financial resilience, complaints and major technical change. A provider that radically alters key custody, ownership or critical suppliers may need a focused new trial.

Most importantly, graduation must preserve exit. If the successful entrant becomes another institution that holders cannot leave, innovation has changed the identity of the gatekeeper rather than the structure of power.

Three illustrative trials show how containment differs by function

Consider first a provider-portability trial. Twenty consenting organizations move a bounded set of uncomplicated IPv6 and autonomous system number records between two qualified providers. Holder identity does not change. New allocations and RPKI administration are excluded. The measures are completion time, objection validity, public-answer consistency, evidence portability and successful voluntary return. The critical stop is any conflicting current provider state.

Second, consider an RDAP service trial. An entrant serves responses for a defined resource cohort after an extended shadow period. The common bootstrap direction changes only for that cohort, and a substitute endpoint is pre-positioned. Measures include availability, conformance, update delay, privacy treatment, referral accuracy and correction. Authoritative holder state remains at the common coordinator, limiting the consequence of an endpoint failure.

Third, consider a delegated RPKI administration trial. A very small cohort of sophisticated holders chooses the entrant to administer specified certificates and ROAs. Registration-service authority does not move. Key arrangements, entity changes and publication are separately observed. Relying-party views are measured from multiple locations. The trial rehearses immediate return to a known qualified service before live authority begins.

These examples should not be combined at the outset. Their risks, evidence and restoration methods differ. Modularity lets NRS learn which service layers can support competition without pretending that one successful interface validates an entire registry institution.

Failure can still produce public value

A trial that ends early is not necessarily wasted. It may show that an assumed interface is ambiguous, a remedy is too slow, a key arrangement is too concentrated or a holder-authentication rule excludes legitimate organizations. Those findings can improve the common standard and prevent a larger failure.

Public value depends on honest reporting. The final account should distinguish entrant weakness, common-authority weakness, unclear rules, entity error and external events. Blaming every defect on the newcomer protects incumbency; blaming the common frame for every defect excuses poor execution.

Entities should receive individual closure: current provider, current holder, resource set, unresolved matters, restored credentials, complaint route and retention period. The public should receive aggregate outcomes and lessons without exposure of private security details.

The authority should also review its own conduct. Did it answer questions consistently? Did informal exceptions favor some entities? Did monitoring identify the incident? Did stop authority work? Did restoration depend on personal relationships not available to future entrants? Institutional learning must include the institution granting permission.

A sandbox that can admit failure without converting it into disgrace is more likely to receive timely disclosure. The standard should be protection and evidence, not a perfect record manufactured by suppressing difficult events.

The deeper purpose is to make authority contestable without making truth plural

Registry monopoly is often defended by invoking uniqueness. The defense contains a valid technical premise and an invalid institutional leap. Internet number resources require a coherent authoritative account. It does not follow that every customer-facing service, verification function, public endpoint, security service and remedy must remain with one permanent institution.

A well-designed sandbox tests where service competition can be introduced while the protected core remains singular. It makes entry possible without asking the entire Internet to trust a new provider at once. It makes incumbents answerable to evidence rather than historical status. It lets holders exercise choice without turning addresses and autonomous system numbers into conflicting claims.

The design is demanding because weak sandboxes socialize risk and privatize acclaim. NRS must instead cap exposure, verify consent, isolate functions, observe continuously, fund restoration, publish measures and preserve external law. Rollback must be demonstrated. RPKI must have its own authority boundary. Graduation must remain limited and renewable.

If those conditions are met, experimentation becomes a constitutional discipline. The Society can learn from real service while refusing to gamble with uniqueness. It can admit competitors without manufacturing rival truths. And it can show that the strongest answer to institutional caution is not permanent exclusion, but controlled, reversible and publicly judged evidence.

Evidence and further reading