Summary
- Geopolitical fragmentation risk for RIPE NCC should not be understood mainly as a theatrical split of BGP, a new sovereign registry tomorrow or a formal collapse of the regional number-resource system.
- The more likely risk is a gradual thickening of acceptance layers around one still-common record: sanctions regimes, bank risk, public procurement, cloud admission, security vetting, peering trust, local data-sovereignty demands and cyber-war suspicion can make the same address block less equally portable.
- RIPE NCC's institutional problem is therefore not simply neutrality versus law. It is how to keep the ledger thin, accurate and continuous while recognizing that the surrounding market no longer treats every jurisdictional path as equally safe.
- The RIPE NCC service-region page says the service region contains over 75 countries and over 20,000 organisations acting as Local Internet Registries. That scale makes geopolitical pressure routine rather than exceptional.
- The IPv4 run-out page records that RIPE NCC exhausted its remaining IPv4 pool in November 2019. Scarcity turned registry finality, transferability and clean evidence into capital-quality inputs.
- RIPE NCC's 2026 sanctions transparency report is useful as an exhibit, not as the whole thesis. It shows that geopolitical pressure now enters registry administration through law and banking channels, but the broader issue is layered portability decay.
- Measurement services such as RIPE Atlas and RIS are also exhibits. They show that reachability depends on many operational acceptance choices beyond the registry record itself.
- The economic danger is mandate expansion by pressure: a registry asked to solve foreign-policy, procurement, security or market-access problems through number-resource control can become a bloc gate rather than a coordinator of unique identifiers.
- Fantasy neutrality is not a solution. RIPE NCC operates under law, relies on banks, serves governments and private networks, and sits in a region touched by war, sanctions, energy politics, data-sovereignty claims and platform concentration.
- Bloc-level gatekeeping is not a solution either. If the regional record becomes a punishment tool or a strategic border, the common ledger loses the very quality that reduces conflict.
- The defensible middle is narrow and demanding: lawful evidence in, reversible registry consequences out, no unnecessary degradation of existing operational continuity, and no conversion of scarcity into political tenancy.
- The watchpoint for 2026-2029 is not whether the Internet remains technically global in speeches, but whether RIPE NCC records remain practically acceptable across payments, cloud admission, procurement, routing-security controls and peering decisions.
The split that does not announce itself
The most dangerous version of Internet fragmentation is not always the most dramatic one. A clean break would be easy to name. A state could announce a sovereign registry. A bloc could require domestic number-resource records. A network of networks could stop accepting routes from the other side. BGP tables could become visibly divided. A new institution could claim authority over addresses now recorded by RIPE NCC. Such a rupture would be serious, but it is not the main risk facing the European, Middle Eastern and Central Asian number-resource ledger.
The more plausible risk is duller and economically more corrosive. One record remains common. The address block still appears in the RIPE Database. The autonomous-system number still has a recognized entry. A route may still be announced. The holder may still have a member account. Yet the record does not travel through the market with the same force everywhere. A bank hesitates to take payment from one jurisdiction. A cloud platform adds manual review before admitting a bring-your-own-IP range. A public-sector buyer asks whether a supplier's addresses, data path and control plane are exposed to a hostile state. A peering desk treats a network from a conflict-adjacent market as higher risk. A sanctions screen delays a registry act. A security team asks whether routing evidence is enough when the business owner, upstream providers and cable paths point into a politically sensitive zone.
This is fragmentation by acceptance layer. The core ledger does not split. Instead, the layers that decide whether the ledger is useful become thicker. They include sanctions law, payment rails, cloud procurement, submarine-cable resilience, public-service dependency, security vetting, peering trust, lawful-access evidence, data-localisation pressure, cyber-war suspicion and bloc politics. Each layer can be rational from its own perspective. Each reduces the degree to which a single address record is equally portable across the region.
RIPE NCC sits at the centre of that slow process because it supplies a common reference point for scarce Internet number resources. Its records do not command the whole Internet. They do not force every network to route. They do not override bank controls, public procurement rules, cloud risk models or national law. Their value is more modest and more important: they give many actors a shared fact about who is recognized for a resource. Once the surrounding layers treat that fact differently by political geography, the same registry entry begins to have different economic weight in different places.
The institutional test is not to deny this reality. RIPE NCC cannot preserve its role by pretending that geopolitics stops at the registry desk. Nor can it preserve the ledger by accepting every political demand that arrives with urgency. The registry's public value lies in keeping number-resource records thin, neutral, accurate and continuous while resisting both fantasy neutrality and bloc-level gatekeeping. It must remain realistic enough to obey law and protect reliance, yet narrow enough not to become a tool for solving foreign-policy problems through address control.
What the regional record coordinates
RIPE NCC is a regional Internet registry for Europe, the Middle East and parts of Central Asia. Its legal and operational centre is in the Netherlands, with a regional presence in Dubai. Its public service-region material says that the region contains over 75 countries and more than 20,000 organisations acting as Local Internet Registries. Its service list describes registry functions that include allocation and assignment of Internet number resources, maintenance of contractual information, resource transfers, member registry-data review, RPKI, the RIPE Database, reverse DNS and information services such as RIPE Atlas and RIS.
Those facts are often presented as institutional description. Economically, they describe a coordination machine. The RIPE Database helps networks, platforms, counterparties, public authorities and security teams see a common record for IP addresses and ASNs. RPKI helps tie registration to route-origin statements that other networks may validate. Reverse DNS gives another operational surface attached to address ranges. Resource transfers make scarce IPv4 space movable under a recognized settlement layer. Measurement and routing-observation services help the market see that reachability is an empirical condition, not merely a registry entry.
The record is powerful because it is limited. It does not grant a telecom licence. It does not decide which government may buy from which provider. It does not guarantee that a cloud platform will accept a prefix. It does not force a bank to process a payment. It does not certify that a network is politically trusted. It records unique number-resource relationships under a regional policy and service framework. The thinner that function remains, the easier it is for many legal systems and many market actors to rely on it.
The region makes thinness hard. The same registry must serve EU member states, non-EU Europe, the United Kingdom, Turkey, the Gulf, Israel and Palestinian networks, Iran, Central Asia, Russia and Ukraine-related stress, plus cross-border firms operating across several of these environments. Some jurisdictions are tightly integrated into European financial and sanctions systems. Some sit in difficult relationships with them. Some are major cloud, carrier or public-sector buyers. Some are small markets whose operators cannot easily substitute address space, counsel, banking routes or foreign subsidiaries.
This is why geopolitical fragmentation risk is not a remote policy debate. It appears whenever the same regional ledger must be used by actors that do not share the same sanctions exposure, banking access, procurement norms, cyber-security assumptions, lawful-access rules or diplomatic alignment. The record is common; the acceptance environment is not.
IPv4 exhaustion made finality more valuable
Scarcity is the reason this problem now has an economics core. RIPE NCC's public IPv4 run-out material records that the remaining IPv4 pool was exhausted in November 2019. Networks in the service region can no longer receive new IPv4 addresses from RIPE NCC that have not previously been used by another network. The page also notes that many networks respond through the IPv4 transfer market or address-sharing technologies such as CGNAT, while IPv6 remains the long-term answer to the limits of IPv4.
That sequence changed the value of registry finality. In an allocation era, the registry was often seen as a distributor of a scarce but still administratively available resource. After exhaustion, the registry became more important as a record of scarce capacity already embedded in private networks, public services, customer contracts, cloud migration plans, address markets and routing-security statements. A registry entry that once looked like administrative evidence now affects liquidity, business continuity and the price of doubt.
Transfers are central, but the issue is broader than transfer paperwork. A block of IPv4 space can support an access network, a hosting platform, a bank's customer-facing systems, a public hospital network, a university, a cloud-adjacent enterprise or a communications provider serving a politically sensitive market. If the block is cleanly recorded, reachable, certifiable and acceptable to counterparties, it has higher economic quality. If it is surrounded by sanctions uncertainty, bank friction, geolocation suspicion, cloud admission delays, contested corporate authority or routing-security doubt, it becomes less liquid even before any formal registry refusal.
Post-exhaustion economics therefore turns acceptance layers into price layers. The same /24 may have different practical value depending on whether a bank will handle the invoice, whether a public buyer will approve the supplier, whether a cloud platform accepts the origin story, whether a transit provider trusts the routing evidence, whether a sanctions check introduces delay, whether a state-security review treats the holder as exposed, and whether emergency continuity planning assumes the addresses can remain reachable during a conflict. A common ledger reduces uncertainty, but it cannot erase all these surrounding costs.
This is where fragmentation becomes gradual. The registry entry is still there. The block still has a recorded holder. But the cost of making that record useful rises for some holders and some geographies. Scarcity magnifies the effect. When an input can be replaced easily, acceptance friction is annoying. When the input is scarce, acceptance friction becomes capital impairment.
Acceptance layers are the new borders
The word "border" is misleading if it makes readers think only of territory. The new borders around number resources are often procedural. A bank's risk engine becomes a border. A procurement questionnaire becomes a border. A cloud platform's admission team becomes a border. A security review becomes a border. A peering policy becomes a border. A lawful-access or data-sovereignty assertion becomes a border. A sanctions list becomes a border. None of these layers needs to claim control over the RIPE NCC record in order to change the record's usefulness.
Consider payment rails. A member relationship depends on invoicing and payment. A transfer or service request may depend on good standing. A sanctions or bank-risk issue can make a payment path difficult even when the underlying network is still providing ordinary connectivity to customers. The legal rule may be narrow, but the banking response can be wider. The result is not a new registry. It is a registry relationship whose maintenance costs differ by jurisdiction and by perceived political risk.
Cloud procurement is another border. Large platforms increasingly accept customer-controlled address ranges into cloud environments, but admission is risk-managed. A platform wants proof of holdership, clean routing history, correct RPKI state, manageable abuse reputation and evidence that the customer can authorize the announcement. If the customer sits in a sensitive jurisdiction or if the address block's history crosses a sensitive region, the platform may ask more questions. It may be acting rationally. But the economic result is that a record that is valid in the registry is not equally portable into every major computing environment.
Peering and transit decisions create a third border. Networks accept routes according to business relationships, routing policies, filters, reputation, security practice and operational trust. A registry record helps establish authority, but it is not the whole decision. In periods of cyber conflict, operators may apply stricter scrutiny to routes associated with particular states, upstreams, hosting environments or incident histories. Again, the ledger does not split. The acceptance layer tightens.
Public procurement and public-sector dependency add another dimension. Governments buy connectivity, cloud services and managed networks. They also worry about resilience, lawful access, national-security exposure and continuity during conflict. A supplier's number resources may become part of the due-diligence file. Who holds the addresses? Where are they used? Which upstreams carry them? Which cloud or data-centre dependencies exist? Can service continue if one legal or financial corridor closes? Such questions do not ask RIPE NCC to decide public policy, but they make the registry record an input into public-sector trust.
The common feature is that each layer accepts the registry fact, then adds conditions. Fragmentation risk rises when those conditions accumulate unevenly. A regional ledger can survive many local conditions. It becomes less economically common when the conditions grow so thick that some records are recognized in theory but discounted in practice.
Sanctions as one exhibit of the mechanism
Sanctions deserve attention because they make the acceptance-layer mechanism visible. They should not be mistaken for the whole story. RIPE NCC's Q2 2026 sanctions transparency report states that, as a Netherlands-based organisation, RIPE NCC must comply with EU sanctions. It says that where sanctions apply to its services, it freezes registration rather than use of resources in the RIPE Database, blocks acquisition of further resources and transfer of existing ones, and does not deregister resources or terminate the Standard Service Agreement for members. It also says OFAC checks matter for Dutch banking relationships even though RIPE NCC is not itself obliged to comply with US sanctions.
This is a narrow but important exhibit. It shows that geopolitics enters registry administration through law and finance, not only through rhetoric. It also shows that the institution already distinguishes between preserving use and limiting new registry acts. That distinction is essential. If a legal restriction requires RIPE NCC to stop a new benefit, it does not automatically follow that the existing live record should be broken. Continuity and compliance are not the same act.
The report's case table gives scale without needing to make sanctions the centre of the analysis. As of 7 April 2026, it listed 2,110 total alerts for EU and OFAC investigations, 99 cases under investigation, 16 on hold and 24 confirmed as sanctioned and applicable to RIPE NCC services. The affected-resource total included more than 4.8m IPv4 addresses, several IPv6 allocations and 47 ASNs. These numbers are small compared with the whole Internet but large enough to show that geopolitical filters can touch economically meaningful resources.
The broader lesson is not that sanctions policy should be relitigated through the registry. The lesson is that each external regime brings its own operational vocabulary: freeze, hold, investigation, exemption, banking constraint, no grace period, no new resources, no transfer. Once those categories exist, other forms of pressure may imitate the structure. A national-security claim may seek a hold. A public-procurement concern may ask for a certification. A cyber-risk allegation may seek a routing-security consequence. A bloc-level policy may ask the registry to prevent value movement from a disfavoured market.
RIPE NCC's defence is not to deny legal reality. Its defence is scope discipline. Sanctions can require narrow restrictions. They should not become a general model for turning political discomfort into address control. The registry should keep the line visible: lawfully required limits are one thing; discretionary expansion into geopolitical policing is another.
Payment rails turn neutrality into a balance-sheet question
Payment systems are rarely glamorous, but they are a main channel through which political risk enters a membership registry. RIPE NCC can speak the language of neutral coordination, but it still has to invoice, receive funds, reconcile accounts, pay staff, maintain systems and keep banking relationships. Banks in the Netherlands and elsewhere do not treat every counterparty equally when sanctions, correspondent-bank risk, money-laundering controls, reputational exposure or geopolitical pressure are present. The registry may not choose the entire risk posture; the payment system chooses part of it for the registry.
This matters because member standing is not just an accounting status. In a post-exhaustion environment, standing can affect the ability to maintain account access, request changes, support transfers, manage resource records and sustain trust with counterparties. A holder whose payment route fails may still be operating a legitimate network. A bank's caution can nevertheless create registry friction that looks, from the holder's perspective, like political discrimination. The association may have a legal and operational reason for the friction; the economic effect is still uneven.
Large carriers and global firms can often manage this. They may have multiple banking relationships, affiliates in safer jurisdictions, internal counsel, compliance staff and commercial leverage. A small operator in a geopolitically exposed market may have none of those advantages. It may depend on one bank, one owner, one language, one support contact and one address block. The fixed cost of satisfying a payment or compliance question can consume management time and threaten service continuity. Equal policy text then produces unequal practical burden.
Fragmentation risk grows when actors interpret these payment frictions politically. A holder may conclude that the regional registry is no longer neutral. A state may claim its domestic networks are exposed to foreign financial control. A buyer may discount resources from a jurisdiction where payment standing could become difficult. A lender may ask whether the borrower can preserve registry access if correspondent-bank pressure rises. None of this requires a new registry. It requires only enough repeated friction that market actors begin to price jurisdictional exposure into address assets.
RIPE NCC cannot solve global banking risk. It can reduce the damage by separating payment difficulty from unnecessary degradation of the last verified registry state, by communicating categories clearly, by preserving existing continuity where law permits, and by avoiding language that makes bank risk sound like moral judgment. A thin ledger cannot make all members equally bankable. It can avoid turning bankability into a broad permission layer over number-resource continuity.
Cloud admission makes portability private
Cloud platforms have become private acceptance layers for number resources. The rise of bring-your-own-IP practices means that a customer may want to use addresses recorded in a regional registry inside a hyperscale or specialised cloud environment. The platform, in turn, wants evidence that the customer can use the range, that routing-security statements can be aligned, that the address reputation is manageable and that legal exposure is acceptable. The registry record is necessary evidence, but it is not sufficient.
This changes the economics of portability. A block that can move from one data centre to another only after lengthy cloud review is less portable than a block accepted quickly by major platforms. A record that is clean in the RIPE Database but difficult to prove to a platform becomes a cost centre. The questions can be operational: who can change ROAs, who controls reverse DNS, which origin ASNs will announce, what abuse reputation follows the range. They can also be geopolitical: does the holder, parent group, customer base or network path create sanctions, export-control, public-sector or national-security concern?
Cloud admission decisions are not the registry's decisions. That is precisely why they matter. Fragmentation can occur outside the formal governance structure. A global platform may apply one risk model to EU companies, another to Gulf public-sector customers, another to Russian or Iranian exposure, another to a Central Asian intermediary, another to networks carrying government traffic. Each decision can be defensible from the platform's own risk standpoint. Together they create a private portability regime layered on top of the common RIPE NCC record.
The registry's role is not to force cloud acceptance. It should not certify that a customer is safe for every platform or that a public-sector workload has no sovereign exposure. Its role is to make the underlying record as coherent and auditable as possible: clear holdership, current contacts, usable registration data, known transfer history where appropriate, reliable RPKI support, and stable reverse-DNS processes. Clean registry evidence lowers the cost of private acceptance even when it cannot guarantee admission.
The danger is that cloud acceptance pressure feeds back into registry demands. A large platform or public buyer may ask for registry statements that go beyond number-resource coordination. It may want assurances about jurisdiction, beneficial control, political risk, data locality or user base. RIPE NCC should resist becoming the issuer of such assurances. It can state what the ledger knows. It should not turn a cloud platform's procurement logic into a new registry mandate.
Peering trust and cyber-war suspicion
Routing is distributed trust under pressure. Networks decide what to announce, what to accept, what to filter and what to investigate. Registry data, IRR records and RPKI material help, but they do not remove judgement. In ordinary times, that judgement is mostly technical and commercial. In periods of cyber conflict, it acquires a political shadow.
The RIPE NCC region contains several live sources of suspicion: Russia and Ukraine-related stress, sanctions-sensitive markets, conflict in and around the Middle East, state-aligned cyber operations, infrastructure sabotage fears, public-sector dependence on private networks and strategic concern over cloud and carrier supply chains. A prefix associated with one jurisdiction may be examined differently after a major cyber incident. An ASN connected to a state contractor may trigger deeper review. A route leak from a politically sensitive network may be treated less charitably than the same error elsewhere. A traffic path crossing a particular region may attract scrutiny even when the registry record is accurate.
Measurement services help make this less mysterious. RIPE NCC's service list says RIPE Atlas uses a global network of probes to measure connectivity and reachability, and that RIS collects and displays BGP data to improve understanding of the global routing system. These services are not proof of any particular political thesis. They are exhibits showing that reachability is empirical and layered. A route can be visible but distrusted. A path can be available but undesirable for a public-sector customer. A registry record can be correct while operational acceptance narrows.
This is not a call for RIPE NCC to police routing trust. The opposite is true. If the registry starts treating geopolitical suspicion as a basis for discretionary restriction, it will lose its narrow authority. But it should understand how its records are consumed. RPKI changes, reverse-DNS authority, contact accuracy and transfer finality now enter security review. When those registry-facing facts are ambiguous, other actors fill the gap with stronger private filters. Good registry administration reduces the need for suspicion to become policy.
The hard cases will involve plausible security claims. A network may be accused of enabling abuse, espionage support, military traffic, sanctions evasion or infrastructure probing. Some claims will be evidence-backed. Some will be politically convenient. The registry is not well designed to decide the full merits. Its defensible role is to preserve accurate records, require proper authority for registry acts, support narrow lawful measures and avoid turning broad suspicion into a general loss of number-resource continuity.
Submarine cables, public services and address dependence
Fragmentation risk is sometimes discussed as if the Internet were mostly a matter of protocols and policy statements. Physical resilience matters as much. Submarine-cable routes, terrestrial fibre, exchange points, data centres, power systems and cloud regions decide whether a registry record can be turned into reliable service. The RIPE NCC region includes island economies, conflict-adjacent corridors, Gulf and Red Sea routes, Black Sea and Caucasus sensitivities, Central Asian transit dependencies and European data-centre clusters under energy and security scrutiny. Address records sit inside that geography.
Public-sector dependence makes the issue sharper. Schools, hospitals, tax portals, emergency services, municipal systems, defence suppliers, national research networks and regulated utilities may depend on addresses recorded through private operators. A government may not care about the fine distinctions among registry policy, transit routing, RPKI state and cloud admission when a service fails. It will ask whether the supplier can continue to serve the public. If the supplier's number resources are exposed to sanctions, payment friction, cable risk, upstream distrust or foreign cloud limits, the registry record becomes part of a continuity file.
This pressure can be legitimate. Public services deserve continuity planning. A hospital network should not discover during a crisis that a supplier's addresses are caught in a registry dispute or a payment corridor failure. A ministry buying connectivity should understand whether its vendor relies on resources whose portability depends on a politically exposed parent. A national research network should know whether routes and RPKI statements can be maintained if a regional conflict worsens.
The risk is that public-service concern becomes a demand for address control. A state may seek to prevent resources from leaving a domestic supplier. A procurement authority may want domestic proof before recognizing a regional record. A ministry may ask RIPE NCC to treat national continuity as a reason to freeze movement beyond what law requires. That path is tempting because IPv4 scarcity makes resources valuable and hard to replace. It is also dangerous. A regional ledger that becomes a public-sector retention tool for every anxious state would stop being common infrastructure.
The better approach is narrower. Public-sector buyers can require suppliers to document continuity, routing-security authority, redundancy, customer migration plans and registry standing. RIPE NCC can maintain accurate records and respond to lawful, precise evidence. It should not convert general public concern into discretionary address custody. Common ledgers reduce conflict by preserving neutral facts. They do not reduce conflict if every public dependency becomes a claim to political lock-up.
Data-sovereignty demands and lawful-access evidence
Data-sovereignty politics reaches number resources indirectly. IP addresses are not personal data by themselves in every setting, and registry recognition is not the same as data processing location. Yet addresses are increasingly attached to cloud regions, government workloads, security logging, lawful-access demands, geolocation rules and platform controls. A public buyer may ask whether traffic tied to a service will remain in a jurisdiction. A regulator may ask which entity controls a network. A law-enforcement body may need contact data. A data-sovereignty rule may influence which cloud or carrier is acceptable. The address record becomes part of a larger evidence chain.
This creates a subtle institutional temptation. Because RIPE NCC maintains a recognized record, other actors may ask it to answer questions that belong elsewhere. Is a service sovereign? Is a data path local enough? Is the holder politically acceptable? Is the cloud deployment compliant with domestic law? Is a network too exposed to foreign access? These are not number-resource uniqueness questions. They are procurement, security, privacy and public-law questions that may use the registry as evidence.
The registry should be useful without becoming the decision-maker. It can maintain contactability. It can preserve current holder data. It can support role-based operational evidence. It can record transfers and resource relationships. It can keep RPKI and reverse-DNS processes reliable. It can respond to lawful requests within its powers. But it should not endorse a sovereign-cloud claim, certify lawful-access safety or decide whether a network is politically trustworthy.
The economic reason is clear. If the registry begins to supply broad trust labels, those labels will become part of market access. Buyers will ask for them. States will pressure for them. Competitors will challenge them. Holders from disfavoured jurisdictions will be discounted if they cannot obtain them. What began as evidence support becomes a licensing function. A thin ledger then becomes a gate.
There is also a conflict-reduction reason. A common ledger can coexist with national law when remedies remain narrow and reversible. A court order, sanctions rule or lawful request can require a specific registry consequence. A broad sovereignty label is harder to reverse and easier to politicize. It invites counter-labels from other blocs. It turns one shared record into a contest over legitimacy.
The economics of unequal portability
Portability is often treated as a legal or technical status: can the resource move, can it be announced, can the record be updated. In practice, portability is an economic gradient. A resource is more portable when counterparties can verify it cheaply, pay for it without special risk, route it with confidence, use it in cloud environments, satisfy procurement checks and maintain security state. It is less portable when each step requires bespoke proof.
Geopolitical fragmentation thickens that proof burden. A holder in a low-risk jurisdiction may show the RIPE NCC record, align RPKI, update reverse DNS and proceed. A holder in a sensitive jurisdiction may need to prove control, explain ownership, satisfy bank concerns, answer cloud questions, document sanctions status, reassure public buyers and provide routing history. The formal registry rule may be the same. The cost of market acceptance is not.
This creates an economic discount. Buyers and counterparties do not need to believe a resource is invalid in order to price it lower. They need only believe it may be slower to use, harder to finance, more likely to trigger questions or more exposed to future restrictions. That discount can attach to a jurisdiction, a corporate group, an upstream relationship, a cloud-use pattern, a prior sanctions alert, a routing history or a public-sector exposure. The address record remains common. Its market quality diverges.
Small operators are hit hardest. A large carrier can build compliance files, maintain multiple upstreams, keep counsel on call, use several banks, negotiate with cloud platforms and manage reputation. A small ISP, hosting firm or public-sector supplier may have the same legitimate registry relationship but far less capacity to carry the proof burden. Fragmentation then becomes regressive. The holders most dependent on the official ledger are least able to overcome the private layers around it.
The consequence is not merely unfairness. It can push activity into less visible channels. If the official path is slow or uncertain, actors may lease informally, rely on intermediaries, hide beneficial control, avoid record updates, use customer assignments creatively or keep old routing arrangements alive after the business reality has changed. Those workarounds make the ledger less accurate. A registry that tries to become a broad geopolitical gate may therefore weaken the very evidence base that makes the common record valuable.
Mandate laundering under geopolitical pressure
Every institution is tempted to expand its role when outsiders ask for help in urgent language. For a registry, the temptation is especially dangerous because the resource is scarce and operationally embedded. A government, bank, platform, public buyer or security body may not say, "become a geopolitical gate." It may say, "help us prevent risk." The proposed registry act may be narrow on paper: pause a change, require extra proof, block a transfer, alter account access, withhold a certification function, add a warning, create a category. The cumulative effect can be mandate laundering.
Mandate laundering occurs when a problem from one domain is quietly converted into authority in another. A foreign-policy problem becomes a registry hold. A procurement concern becomes a resource-recognition condition. A cyber suspicion becomes pressure on RPKI or contact data. A bank-risk concern becomes a membership-standing problem. A data-sovereignty debate becomes a demand for local control over address movement. The registry can then say it is only responding to external pressure, while external actors can say they are only relying on the registry's technical role. Responsibility is diffused; power expands.
RIPE NCC is particularly exposed because its region contains blocs and non-blocs, aligned and non-aligned states, sanctioned and sanctioning regimes, conflict zones, cloud-intensive economies, small operators, public networks and strategic carriers. Almost every geopolitical demand can be phrased as continuity, safety, legal compliance or market integrity. Some will be legitimate. The problem is not the existence of pressure. It is the conversion of broad pressure into registry consequences without a clear legal basis, narrow scope, time limit and reversal path.
The right test is institutional modesty. Does the requested act protect uniqueness, accuracy or continuity? Is it required by applicable law, a clear policy or a verified authority record? Is the consequence no broader than the risk? Can it be reversed when the evidence changes? Does it preserve the last verified operational state where safe? Does it avoid deciding foreign-policy merit? Does it avoid making scarce IPv4 value dependent on political favour?
If the answer is no, RIPE NCC should resist. Resistance does not mean theatrical defiance. It can mean asking for proper legal form, narrowing the requested act, preserving existing registry state, documenting the reason, time-limiting the restriction, and refusing to add labels or conditions beyond the registry's function. A common ledger earns trust by being boring under pressure.
Fantasy neutrality is not enough
There is a weak version of neutrality that simply denies the environment. It says the registry is technical, the Internet is global, packets route according to engineering, and politics is external noise. That version no longer describes the market in which RIPE NCC records operate. It may never have described it fully, but post-exhaustion scarcity and geopolitical stress have made the gap obvious.
The registry relies on law, banks, members, vendors, staff, physical infrastructure, courts, public trust and network acceptance. It serves a region where war, sanctions, state cyber activity, data-sovereignty policy, energy security, cable risk, cloud concentration and public-sector dependence are real. Its records are used by actors far beyond the narrow number-resource community. Pretending that these layers do not touch the registry would not protect neutrality. It would make the institution look naive.
Neutrality must therefore be practical. It should mean that RIPE NCC does not take sides beyond law, policy and evidence. It should mean equal procedure, not equal absence of friction. It should mean the institution explains what it can and cannot do. It should mean the record remains as thin as possible precisely because the surrounding environment is thick. It should mean the registry preserves operational continuity unless a narrow reason requires a change.
Practical neutrality also requires language discipline. If RIPE NCC describes every compliance or security response as stewardship, it may blur boundaries. If it describes every geopolitical constraint as unavoidable, it may understate institutional choice. If it describes every member burden as routine procedure, it may miss unequal incidence. The better language is specific: legal requirement, bank constraint, authority verification, transfer restriction, contact correction, RPKI maintenance, reverse-DNS continuity, public-data accuracy. Specific language limits power.
This matters because members and governments will test the boundary. A holder under pressure will ask whether neutrality protects continuity. A state will ask whether neutrality excuses inaction. A bank will ask whether neutrality is compatible with risk controls. A cloud platform will ask whether the registry can provide stronger assurance. The only stable answer is not a slogan but a disciplined operating model: accept evidence, keep the record accurate, restrict only what must be restricted, and preserve common facts.
Bloc-level gatekeeping is worse
If fantasy neutrality is weak, bloc-level gatekeeping is worse. A regional registry that begins to sort holders by geopolitical acceptability would lose its economic purpose. It would no longer be a common reference point for unique number resources. It would become a permission layer for address value. In a scarce IPv4 market, that would make RIPE NCC resemble a landlord over operational capital rather than a coordinator of records.
Gatekeeping can arrive subtly. It need not be called bloc policy. It may appear as enhanced due diligence for certain jurisdictions, a presumption against transfers involving certain geographies, pressure to localize resources, stricter service limits tied to political risk, public warnings that affect market confidence, or delayed recognition of otherwise valid changes. Some of these acts may be required in particular cases. The danger lies in turning exceptional constraints into standing posture.
A bloc gate would create predictable harms. Holders in sensitive jurisdictions would search for intermediaries. Buyers would price political risk into address blocks. Public networks would seek domestic assurances that may conflict with the regional record. Competing states might threaten countermeasures. The accuracy of the registry would suffer as actors avoid visible changes. The legitimacy of the institution would shift from neutral coordination to contested control. The common ledger would remain in form while losing market neutrality in substance.
The international politics would also be poor. A common number-resource ledger reduces conflict by allowing rivals to agree on narrow technical facts even when they disagree about almost everything else. That is valuable. It gives courts, firms, networks and public bodies a shared starting point. If the ledger becomes a bloc instrument, rival states have more reason to discount it, duplicate it or pressure it in return. The registry would then help produce the fragmentation it was meant to resist.
The right posture is not to be above politics. No institution is. It is to refuse unnecessary political finality. RIPE NCC can comply with law, process valid orders, maintain payment controls, support security, and keep evidence clean without declaring winners in the region's geopolitical disputes. It can preserve the record as common infrastructure precisely by refusing to make the record solve questions it is not competent to solve.
Thin ledger, thick environment
The useful formula is a thin ledger in a thick environment. The environment is thick because law, finance, cloud platforms, public procurement, cable resilience, routing trust, security vetting and data-sovereignty demands all surround number resources. The ledger should be thin because its job is to keep unique, accurate, continuous records that other actors can use without inheriting a political position from the registry.
Thin does not mean weak. A thin ledger can be exacting about authority. It can require proper signer control. It can insist on accurate contacts. It can preserve transfer history. It can support RPKI reliability. It can maintain reverse-DNS processes. It can document restrictions. It can respond to lawful orders. It can reject fraud. It can keep public data useful. These are strong functions. They are strong because they are narrow.
Thick registry power would be different. It would judge commercial desirability, political acceptability, cloud-safety status, sovereign-data quality, public-procurement fitness or broad security reputation. Those judgements are too expansive for a registry whose legitimacy rests on shared reliance. They would invite lobbying, capture, retaliation and litigation. They would also make the registry's own staff responsible for choices that belong to courts, regulators, banks, platforms, operators and customers.
The line is sometimes hard to draw. RPKI is both registry-linked and routing-security relevant. Reverse DNS is both a registry service and an operational dependency. Public contact data is both a technical aid and a legal evidence surface. Transfer recognition is both record maintenance and capital mobility. The more a function touches external reliance, the more pressure there will be to use it as leverage. That is why the thin-ledger principle must be explicit.
The test should be asked at the moment of pressure: does the requested registry act maintain or correct the record, or does it attempt to discipline a holder for a broader political reason? Does it preserve continuity, or does it create collateral damage to running networks? Does it implement a narrow legal requirement, or does it convert a general policy preference into address control? Does it lower transaction costs, or does it make private actors build workarounds? Thinness is not abstention. It is disciplined minimalism.
What good administration would look like
Good administration under fragmentation risk would begin with categories that distinguish law, evidence, continuity and discretion. A lawful sanctions restriction is not the same as a bank-payment difficulty. A bank-payment difficulty is not the same as fraud. Fraud is not the same as a public procurement concern. A public procurement concern is not the same as routing-security maintenance. If the categories are blurred, pressure expands.
The second feature would be preservation of the last verified state. Where law permits, the registry should maintain existing records, RPKI material, reverse-DNS authority and contactability while contested or restricted changes are assessed. New registry acts may need to pause. Existing operational continuity should not be degraded simply because a case is politically awkward. Continuity is not a favour to the holder; it protects customers, counterparties and the reliability of the common record.
The third feature would be reversibility. A hold, warning, freeze, account restriction or evidentiary category should have a path back when the basis changes. Geopolitical conditions shift. Sanctions lists change. Corporate evidence improves. Bank routes reopen. Court orders expire. A registry consequence without a reversal path becomes quasi-confiscatory in a scarce market even if it was announced as temporary.
The fourth feature would be public clarity without public shaming. The market needs to know the kinds of restrictions that can affect resources and the operational meaning of those restrictions. It does not need unnecessary exposure of sensitive details. Over-disclosure can make the registry a reputational weapon. Under-disclosure can make counterparties guess and over-filter. The right disclosure level explains categories, effects and evidence standards while protecting case details where necessary.
The fifth feature would be burden awareness. Equal rules do not impose equal costs. A small operator in a sensitive jurisdiction may struggle to produce documents, pay invoices, respond in English, maintain counsel or satisfy a platform. RIPE NCC need not exempt such operators from authority checks. It should design procedures that reduce avoidable fixed costs: clear templates, multilingual help where feasible, status explanations, predictable timelines, and support paths that do not require insider knowledge of the registry culture.
The sixth feature would be refusal of broad assurance roles. RIPE NCC should avoid certifying that a resource is geopolitically safe, sovereign-cloud compliant, procurement-ready or acceptable to a bloc. It can say what its record shows. It can say whether a registry act has occurred. It can say whether a restriction category exists. It should not supply trust labels that would turn the ledger into a market-access passport.
Watchpoints for 2026-2029
The first watchpoint is payment friction. If more members or resource holders experience bank-related difficulty, the registry will need sharper separation between payment status, lawful restriction, member standing and record continuity. A rise in payment problems would not itself prove fragmentation, but it would show that the financial layer is becoming a stronger border around the ledger.
The second watchpoint is cloud acceptance. If major cloud platforms, managed-service providers or public-sector cloud frameworks require heavier proof for RIPE-region resources tied to sensitive geographies, portability will become more private. RIPE NCC should not become the cloud platforms' certifier. It should watch whether its own record quality is sufficient to prevent unnecessary private friction.
The third watchpoint is RPKI and routing-security pressure. During cyber conflict, there may be calls to treat certain networks as categorically untrusted. RPKI is a security tool, not a geopolitical punishment system. The registry should be careful that route-origin infrastructure remains tied to verified resource authority and operational correctness, not bloc suspicion.
The fourth watchpoint is public-sector procurement. If governments begin to demand domestic or bloc-friendly treatment of number resources as a condition for public contracts, address portability may be indirectly nationalized. The procurement file may become the place where a regional record is downgraded. RIPE NCC can support evidence but should not become the enforcer of procurement politics.
The fifth watchpoint is local data-sovereignty language. When address records are pulled into claims about data locality, lawful access or sovereign cloud, the registry should insist on precision. It can maintain number-resource facts. It cannot make a data path sovereign by declaration. If it accepts that role, it will be asked to do it for every bloc.
The sixth watchpoint is dispute rhetoric around scarcity. The more valuable IPv4 becomes, the more actors will describe address movement as capital flight, strategic leakage, public dependency risk or national-security exposure. Some concerns will be real. But scarcity does not turn a registry clerk into a landlord. RIPE NCC's authority over the record should not become authority over the political destiny of the value behind it.
The final watchpoint is language. Institutions often expand through words before they expand through rules. If registry communications begin to mix continuity, compliance, security, sovereignty, trust, public interest and market order into one undifferentiated mandate, the boundary is weakening. If communications remain specific about record accuracy, lawful constraints, operational continuity and limited authority, the ledger remains thinner.
The institutional test
RIPE NCC's geopolitical fragmentation risk is not that the regional Internet suddenly disappears. It is that the common record becomes less common in practice. A holder in one part of the region may find the record accepted by banks, clouds, peers, public buyers and security teams. A holder elsewhere may face extra proof at every layer. Both are in the same registry. Both may have valid records. Their economic portability differs.
That difference can be defended in particular cases. Law matters. Security matters. Public continuity matters. Payment risk matters. A registry that ignored all of them would not be neutral; it would be unserious. But a registry that lets all of them accumulate into broad gatekeeping would also fail. It would transform the record from a conflict-reducing fact into a contested permission system.
The durable settlement is therefore narrow and unsentimental. RIPE NCC should protect uniqueness, accuracy and continuity. It should accept lawful evidence and apply narrow, reversible consequences. It should preserve existing operational state where law and safety allow. It should keep the record legible enough that banks, platforms, public buyers and networks do not need to reinvent basic proof. It should refuse demands to solve foreign-policy, data-sovereignty, procurement or security questions by turning number-resource control into leverage.
This is not a low-status role. Thin coordination is valuable precisely because the environment is thick. A common ledger allows rival states, private firms, public bodies and network operators to share a narrow fact even when they disagree about politics. It lowers transaction costs. It reduces duplicate claims. It makes continuity easier. It gives scarce IPv4 resources a recognized evidence base. It keeps routing-security and reverse-DNS dependencies tied to verified authority rather than political improvisation.
The temptation will be to ask more of the registry because the surrounding world is more anxious. That temptation should be resisted. The more geopolitical pressure rises, the more valuable a disciplined ledger becomes. RIPE NCC's future legitimacy will not be measured by whether it can make all acceptance layers thin. It cannot. It will be measured by whether it keeps its own layer thin enough that the rest of the market can still use it as common ground.

