Summary

  • Mobile broadband does not merely consume IPv4 space; it turns address scarcity into an identity-management problem, because many subscribers may share one public IPv4 address through carrier-grade NAT.
  • CGNAT preserves mobile growth, fixed-wireless expansion and handset-heavy service adoption, but it shifts cost into logs, port records, timestamp precision, abuse queues, legal response teams, and customer support.
  • IPv6 reduces the long-run need for public IPv4, yet the transition period remains economically decisive because legacy services, payment systems, games, enterprise VPNs and public-sector networks still treat IPv4 reputation and reachability as important signals.
  • Scarce public IPv4 has become premium access stock for mobile operators, MVNOs, fixed-wireless offers, private APNs, enterprise SIMs and wholesale products, creating scarcity rents that shape capital allocation.
  • RIPE NCC's strongest institutional role is to maintain a thin, accurate, portable registry ledger: holder records, route-origin signals, RPKI, reverse DNS and contact credibility. It should not become a subscriber-attribution bureau or planner of mobile-market design.

The queue starts with one address and too many people behind it

The mobile-broadband problem often arrives as a mundane ticket. A fraud team, police unit, game platform, bank, payment processor or content service writes to a network because a public IPv4 address has done something that needs explanation. The request may be serious: a lawful demand for subscriber attribution in a criminal case. It may be commercial: a payment provider asking why chargebacks, account takeovers or suspicious logins appear to come from the same address. It may be merely irritating: a gamer blocked from a server, a streaming service confused by geolocation, a small business unable to maintain a remote-access tunnel, or a customer who has been rate-limited because another person behind the same carrier-grade NAT gateway behaved badly.

To an outside complainant, the address looks singular. To the access provider, it may be the exit point for hundreds, thousands or tens of thousands of sessions across a mobile packet core. The critical facts are not only the IPv4 address and the date. They are the timestamp, the time zone, the source port, the destination address, the destination port, the transport protocol, the NAT pool, the gateway, the session table, the customer identity link, the retention window, the accuracy of clocks, and the legal basis for disclosure. One missing field can turn a plausible request into an unanswerable one. One imprecise timestamp can map to the wrong subscriber. One overloaded helpdesk can turn a recoverable abuse event into a reputational problem.

This is where IPv4 exhaustion becomes institutional economics rather than engineering trivia. Carrier-grade NAT, or CGNAT, is a practical technique: it lets a network conserve public IPv4 addresses by placing many customer sessions behind shared public address pools. The technique is now part of ordinary access economics. Mobile operators use it because handset growth, data-only SIMs, roaming, connected devices, fixed-wireless access and prepaid plans cannot all receive unique public IPv4 addresses at scale. Smaller access networks and MVNOs use it because obtaining enough clean IPv4 can be expensive, slow or uncertain. Fixed-wireless providers use it because they compete on speed of rollout and customer-acquisition cost, not on the luxury of assigning globally unique IPv4 to every household.

Yet CGNAT does not eliminate scarcity. It changes its location. Instead of scarcity appearing as a shortage of addresses at the edge, it appears as a shortage of clean attribution, clean reputation, port capacity, support capacity, lawful-response capacity and customer patience. A shared address stretches the routing surface but compresses identity. The public IPv4 number still has value, but the meaning of that number changes. It becomes less like a direct line and more like the front door to a crowded building, where the register at the desk matters as much as the sign outside.

RIPE NCC sits at a deliberate distance from this queue. It is not a mobile operator, a police bureau, a consumer-protection office, a payment network, a game platform or a privacy regulator. Its role is narrower: it records number-resource holders, supports registration services across Europe, the Middle East and parts of Central Asia, maintains registry data, enables reverse DNS, provides RPKI services and records policy-based resource movement. That narrow role is valuable precisely because the access-market queue is messy. A registry that tried to decide who used a mobile IP address at a particular second would lose the very quality that makes it trusted: bounded neutrality.

The economic question is therefore not whether RIPE NCC should solve CGNAT. It should not. The question is how a regional Internet registry preserves institutional legitimacy when the access market around its records has changed. IPv4 is no longer simply a scarce identifier to allocate. It is premium operational stock, reputation collateral, lawful-response evidence, capital on a balance sheet, and a constraint on mobile product design. In that setting, the registry must keep the ledger accurate without pretending that the ledger can explain the subscriber behind a NAT gateway.

Address shortage is not identity shortage

The central mistake in mobile-broadband debate is to treat address shortage and identity shortage as the same problem. They are related, but they are not identical. Address shortage asks whether a network has enough public IPv4 numbers to serve its customers, partners and internal needs. Identity shortage asks whether the network, or a lawful requester, can reliably connect a public address and port at a stated moment to the right customer account, SIM, device session or access line. CGNAT reduces the first shortage by intensifying the second.

That distinction matters because each shortage has a different cost curve. Public IPv4 can be acquired, leased, transferred, rationed, reserved for premium tiers, replaced with IPv6 in some applications, or conserved through NAT. Identity under CGNAT must be recorded, stored, protected, queried, explained and defended. It depends on operational systems that are not always glamorous: log collectors, time synchronization, subscriber-management platforms, packet gateways, lawful-intercept interfaces, helpdesk tools, abuse desks, data-retention policies, privacy controls, ticket queues and staff trained to answer requests without over-disclosing. A carrier can conserve addresses with network architecture. It must conserve trust with administrative discipline.

Mobile networks make the distinction sharper than fixed residential networks. A home broadband account may have a relatively stable access line, router, billing identity and installation address. A mobile subscriber may be prepaid, roaming, dual-SIM, using a handset as a hotspot, attached to a small-cell or macro-cell path, moving between gateways, or cycling through sessions in ways that make logs more complex. Fixed-wireless access complicates the line further. It sells a household-like service using mobile-radio infrastructure, sometimes with customer premises equipment, sometimes with network behavior that looks like mobile core traffic to outsiders. The result is a service class that inherits both residential-broadband expectations and mobile-network address scarcity.

Many complaints reveal the confusion. A platform blocks an address after observing account abuse. Innocent subscribers behind the same CGNAT gateway inherit the penalty. A bank asks a customer why the apparent login location changed. A geolocation database maps a mobile NAT pool to the wrong city or even the wrong country. A game server interprets repeated connections from the same address as suspicious automation. A merchant's fraud tool treats an address shared by thousands of mobile subscribers as a risk mark. A corporate VPN rejects a connection because the source appears in a reputation list. The address is not lying; it is saying less than the receiver assumes.

Transaction-cost economics is useful because it asks where the cost of imperfect information lands. Before IPv4 scarcity became severe, many systems behaved as if a public IPv4 address had a tolerably direct link to a site, customer, or at least a small set of devices. That assumption was never perfect, but it was cheap enough. CGNAT breaks the cheapness. The cost is paid by operators in logging and support, by customers in friction, by platforms in false positives, by law-enforcement teams in more exacting data requests, and by markets in higher premiums for clean public address stock.

The registry record helps at one level only. It can tell a requester which network is the registered holder or sponsor of a resource, which route-origin assertions exist, which contact fields appear, which reverse-DNS arrangements are visible, and whether the resource has a coherent registration trail. It cannot say which subscriber used source port 48123 at 10:04:17 UTC. That answer lives inside the access provider's systems, if it exists at all. Confusing the two layers would make the registry look more powerful than it is and less credible than it should be.

This boundary is not a weakness. It is the source of RIPE NCC's legitimacy. The regional registry lowers coordination costs by making number-resource records portable and checkable. It does not lower every cost generated by address conservation. A thin ledger can support accountability by identifying the right network counterparty. A thick attribution authority would create new risks: privacy overreach, inconsistent national legal exposure, disputes over subscriber data, and pressure to turn an infrastructure registry into a quasi-policing institution.

Why mobile and fixed-wireless keep IPv4 pressure alive

IPv6 has been the correct technical direction for a long time, and mobile networks have often been important adopters. Several large mobile carriers can run substantial IPv6 traffic; modern handsets support IPv6; major content platforms are reachable over IPv6; and mobile cores can be engineered around IPv6-first service models. That progress is real. It is also insufficient as a near-term economic release valve for every mobile and fixed-wireless provider in the RIPE NCC service region.

The reason is not simply technical delay. Mobile access sits in a market of inherited systems. Applications, advertising networks, fraud vendors, enterprise VPNs, games, payment processors, emergency-service interfaces, roaming arrangements, wholesale access agreements, customer-premises equipment, older handsets, industrial devices and government systems do not move together. Even when the radio network and packet core can support IPv6, the service relationship may still require IPv4 reachability, IPv4 reputation, IPv4-based filtering or IPv4-only destinations. The operator therefore cannot price its IPv4 needs only by the number of packets that would ideally use IPv6. It must price the risk of losing customers when something still depends on IPv4.

Fixed-wireless access is especially important. It has become a serious alternative for homes, small firms and public sites that are underserved by fibre or cable, or where rapid deployment matters more than perfect network architecture. A fixed-wireless provider may acquire customers faster than it can acquire clean public IPv4 stock. It may rely on CGNAT for mass-market plans while reserving scarce public addresses for premium customers, enterprise APNs, static-IP products, public-sector sites or troubleshooting exceptions. In that business model, IPv4 is not evenly distributed infrastructure. It is a differentiated input that decides which services can command a higher price and which customers can be served without support pain.

Handset-heavy growth adds another pressure. Mobile subscribers expect accounts, games, wallets, work applications, video platforms and government services to function without understanding address translation. They do not perceive CGNAT as conservation. They perceive blocked payments, broken lobbies, failed logins, mistaken fraud warnings and support scripts. If the market is competitive, the operator absorbs those complaints as churn risk. If the market is concentrated, customers may have fewer alternatives, but the operator still absorbs regulatory and reputational risk when shared addressing causes visible harm.

MVNOs and smaller mobile brands face a related problem. They may depend on host-network infrastructure, wholesale packet-core arrangements, outsourced platforms or sponsor relationships for numbering and routing. Their customers see the MVNO brand; the technical path may involve several firms. The public address pool, NAT design, abuse contact and support responsibility may not align cleanly with the retail brand that sold the SIM. When things go wrong, transaction costs rise because the complaint must move across contracts before it reaches the system that can answer it.

IPv4 pressure also persists because the address market is not frictionless. A provider cannot always buy precisely the amount it needs, when it needs it, with the reputation profile it wants, at a price that fits the customer plan. Transferred or leased address space may require due diligence, routing coordination, reputation cleanup, reverse-DNS work, RPKI alignment, contract review and business-case approval. A small mobile provider may find that the administrative and capital cost of acquiring address stock is high relative to its customer base. A large operator may find that even expensive IPv4 is worth acquiring because it protects premium products and lowers complaint volume.

In institutional terms, IPv4 scarcity survives the technical case for IPv6 because markets transition through mixed dependencies. The decisive cost is not the average packet. It is the marginal customer who cannot be served cleanly without IPv4, the legal request that requires exact logs, the enterprise account that demands a stable public address, the MVNO whose host arrangement limits visibility, and the public-sector site whose continuity requirements cannot wait for every counterpart to modernize.

This is why mobile broadband belongs in RIPE NCC governance analysis. The registry does not run the mobile market, but its records anchor the scarce input around which these compromises are built. When IPv4 becomes a premium access resource rather than an abundant technical detail, the registry's thin accuracy becomes more, not less, important.

CGNAT logging is a cost center, not a side note

CGNAT is sometimes described as a box or feature. In mobile economics it is better understood as an accounting regime for identity under scarcity. The gateway translates many private or shared internal addresses into fewer public IPv4 addresses. That translation must be reconstructable when needed. The reconstruction depends on logs: which subscriber session used which public address and port range, at what time, through which gateway, under which policy. Those logs are expensive in ways that are easy to underestimate.

The first cost is volume. A large mobile operator can generate enormous NAT-session data. Retaining every relevant event for an appropriate period requires storage, indexing, compression, access control and deletion discipline. Too little retention weakens lawful response and abuse handling. Too much retention increases privacy risk, legal exposure and operational cost. Different jurisdictions in the RIPE NCC service region have different legal expectations, and a cross-border service footprint may face conflicting demands. The economics are not only about buying disks. They are about maintaining a defensible data estate.

The second cost is precision. Attribution requests are only as good as the fields supplied and the clocks behind them. A request with a public IPv4 address but no source port may be useless in a heavily shared pool. A timestamp without seconds, time zone, or synchronization confidence may be dangerous. A NAT gateway with misaligned clocks can produce an answer that looks formal but points to the wrong subscriber. The operator must invest in NTP discipline, log integrity, gateway metadata, staff procedures and request validation. That is administrative infrastructure, not merely network throughput.

The third cost is privacy. CGNAT logs can become a map of customer activity if mishandled. Even when logs are collected for legitimate technical and legal reasons, they sit close to sensitive behavior. Access must be limited. Queries must be auditable. Disclosure must follow law and policy. Staff must distinguish between a valid legal demand, a commercial abuse request, a platform complaint, and a vague email that wants a name behind an address. The more IPv4 scarcity pushes customers into shared pools, the more privacy-sensitive the identity layer becomes.

The fourth cost is support translation. A legal or abuse team may understand the need for ports and timestamps, but a front-line customer-support team may receive the angry call first. The customer says a bank blocked them, a console game will not connect, a server marked them as abusive, or a public-sector login thinks they are somewhere else. The support script must decide whether the problem is CGNAT, reputation, geolocation, DNS, firewalling, a handset issue, a content-platform policy or a genuine customer compromise. Every misroute of that ticket costs time.

The fifth cost is resilience. A NAT gateway is not just a throughput device. It is a translation dependency for many subscribers at once. Port exhaustion, table exhaustion, gateway failure or overloaded logging can create service degradation that looks strange to customers: some applications work, others fail; some destinations are reachable, others are not; sessions drop under load; long-lived connections behave poorly. A carrier that economizes on public IPv4 can find itself spending the savings on gateway capacity, monitoring and complaints.

These costs are not evenly distributed. Large mobile operators can amortize CGNAT logging across scale. They can build dedicated legal-response teams, buy better equipment, negotiate with platforms and maintain specialized support scripts. Smaller access providers may face a crueler tradeoff. They use CGNAT because they cannot cheaply obtain enough IPv4, but they lack the scale to operate CGNAT logging with the same sophistication. Scarcity therefore creates a small-operator disadvantage: the networks most tempted to conserve public IPv4 most aggressively may be least able to carry the full administrative burden.

That burden is an economic signal. It shows why public IPv4 retains value even when CGNAT can technically stretch it. A clean, dedicated public address lowers attribution complexity, reduces platform confusion and avoids some support tickets. Its price reflects not only routing utility but avoided administrative cost. IPv4 scarcity rent is therefore not limited to market transfer value. It appears in every avoided complaint, every shorter legal response, every premium static-IP plan and every enterprise SIM that buys its way out of the shared pool.

The lawful-response problem is an institutional stress test

Law-enforcement attribution requests make the CGNAT boundary visible. A request aimed at a single public IPv4 address may not identify a single customer unless it includes enough context to disambiguate the NAT translation. Good requesters know this and supply ports, precise timestamps and destination details where law allows. Weaker requests may not. The operator must then decide whether to reject, clarify, narrow, answer partially, or warn that the data is insufficient. That decision sits at the intersection of legal duty, privacy protection and operational competence.

In a simple world, registry evidence would point to the network, and the network would point to the subscriber. In the CGNAT world, the second step can fail. Logs may have expired. The request may be imprecise. The relevant gateway may have been managed by a contractor or host network. Roaming may complicate records. A prepaid account may have weak customer data. A wholesale arrangement may require coordination between retail brand and infrastructure provider. A timestamp may straddle a clock correction. A port range may have been dynamically assigned in a way that requires specialized interpretation.

This is not an argument against law-enforcement access under lawful process. It is an argument for institutional modesty. The registry layer can help identify the accountable network counterparty. It can maintain credible contacts and resource records. It can support route-origin evidence and reverse-DNS delegation. But subscriber attribution is an access-provider function governed by national law, privacy rules, contracts and technical logs. If a regional registry tried to fill that gap, it would either collect data it should not hold or issue answers it cannot verify.

The risk is not only overreach. It is false confidence. A holder record in the RIPE Database can be accurate and still insufficient for subscriber identification. RPKI can improve route-origin validation and still say nothing about a person behind CGNAT. Reverse DNS can be well maintained and still name a gateway, not a handset. Abuse contacts can be current and still lead to a queue that needs port details. Institutional legitimacy depends on users understanding what each evidence layer can prove. A thin ledger is reliable only if it does not pretend to be a thick biography of traffic.

Mobile markets add political pressure. Crimes, fraud and harassment are visible. Shared addressing can frustrate attribution. Officials may ask why an address cannot produce a name. The temptation is to demand that infrastructure institutions produce certainty. But certainty has a cost and a location. The cost belongs in access-provider logging and lawful process, not in registry expansion. A registry that collects subscriber-level data would become a cross-border privacy hazard. A registry that adjudicates access-provider log quality would become a regulator without the safeguards of a regulator.

This boundary also protects operators. If RIPE NCC remains a registry of number-resource holders, operators can be held responsible for their own CGNAT practices under the relevant legal and commercial regimes. If RIPE NCC drifts into attribution authority, every deficiency in mobile logging may be pulled upward into the registry, creating disputes it cannot resolve and incentives it cannot control. The more mobile access depends on shared addressing, the more important it is that responsibility remain layered.

The proper standard is evidence portability. Registry records should help a complainant, court, network, platform or counterparty find the right registered holder and understand the routing and contact context. They should not promise the subscriber answer. The operator should then maintain logs good enough for lawful and commercial obligations. Platforms should learn not to overinterpret a mobile NAT address. Courts and requesters should demand fields that match modern access architecture. Each layer should carry the cost of the information it is best placed to produce.

Customer friction is where scarcity becomes visible

Most customers do not know or care whether their mobile connection uses CGNAT. They care when something fails. That failure is often indirect. A game lobby will not host a session because inbound connections cannot reach the handset. A console reports a restrictive NAT type. A payment service flags repeated logins from a shared address. A merchant refuses a transaction because the address has a poor reputation. An enterprise VPN rejects traffic from a mobile pool associated with consumer use. A mapping service places the subscriber in a distant city. A small-business owner discovers that a camera, point-of-sale system or remote desktop setup needs a public endpoint that the ordinary plan cannot provide.

These frictions are not anomalies. They are the retail expression of address scarcity. CGNAT changes the user's position on the Internet. The connection may be fast, but it is less individually visible. For most web browsing and streaming, that does not matter. For applications that rely on inbound reachability, reputation scoring, stable source addresses, geolocation, per-address rate limits or peer-to-peer connectivity, it matters a great deal. The user experiences a product failure. The operator sees a support cost. The market sees a reason to sell premium address features.

Gaming is a useful example because it is technically revealing and commercially noisy. Multiplayer platforms may rely on NAT traversal techniques, relay infrastructure, matchmaking heuristics and reputation systems. A mobile or fixed-wireless subscriber behind CGNAT may be able to play some games smoothly and fail in others. The failure may depend on ports, relays, peer availability or platform design. To the customer, this looks arbitrary. To the support desk, it creates a difficult explanation: the network is working, but the customer's service expectation assumes a more individually reachable endpoint than the plan provides.

Payments and fraud systems raise a different issue. Fraud vendors often use IP reputation as one signal among many. In a CGNAT pool, good and bad behavior mix. If a shared address is marked risky, innocent customers may suffer. If platforms relax scoring for mobile NAT pools, malicious users may exploit that leniency. The platform must balance false positives against fraud loss. The carrier must answer complaints without controlling the platform's risk model. Scarcity therefore creates external costs outside the network itself.

Geolocation is another source of tension. Mobile routing, NAT-pool design and commercial geolocation databases may not align with where a subscriber actually sits. A shared public address may represent users across a wide area, or a pool may be announced in a way that databases misread. Wrong geolocation can affect streaming rights, banking checks, government portals, advertising, tax logic and emergency assumptions. The registry can record holder information; it cannot make commercial geolocation vendors infer every mobile session correctly.

Enterprise use intensifies the problem. Mobile and fixed-wireless products are increasingly used for branch backup, temporary sites, construction offices, kiosks, logistics, healthcare outreach, public-sector continuity and small-business connectivity. These uses may need stable reachability, predictable reputation, VPN compatibility or static addressing. Operators can provide such features, but they often require scarce public IPv4, dedicated APNs, business plans or private routing arrangements. The address becomes a service differentiator. A public IPv4 assignment that once looked like a default technical convenience becomes paid operational reliability.

The result is a subtle class division inside access markets. Customers with bargaining power can buy their way out of shared pools. Large enterprises can demand static addressing, private APNs or managed routing. Public-sector sites can specify continuity requirements. Retail customers, prepaid users and smaller firms often receive the conserved default. That may be economically rational, but it changes the politics of scarcity. CGNAT hides the address shortage from mass-market pricing until a customer needs the property that scarcity removed.

For RIPE NCC, the lesson is indirect but important. The registry's records help sustain the market in which these product differences are priced. If registry evidence is clean, address transfers, routing security, reverse-DNS arrangements and contactability are easier. If registry evidence is weak, the premium market becomes murkier, and the cost of customer friction rises. The registry should not design retail plans. It should preserve the common reference that lets operators, customers and counterparties price those plans honestly.

Public IPv4 becomes premium mobile inventory

In the abundant-address era, a public IPv4 address was often treated as an ordinary network input. In the mobile-broadband era, clean public IPv4 is premium inventory. Operators decide where to spend it. Mass-market smartphone plans may be placed behind CGNAT. Business customers may receive static public addressing at a higher tariff. Enterprise SIMs, private APNs, machine-to-machine deployments, fixed-wireless routers, government connectivity and wholesale arrangements may receive priority. The address pool becomes a portfolio.

This portfolio logic is rational. A mobile operator wants to allocate scarce IPv4 to uses with the greatest willingness to pay or the greatest operational need. A customer running inbound services, VPN concentrators, remote monitoring or public-sector continuity may value a public address more than a casual handset user. A wholesale partner may demand a product that behaves more like fixed broadband. A fixed-wireless plan aimed at small businesses may need stronger reachability promises than a consumer SIM. Scarcity pushes operators to segment the market.

The economic consequence is scarcity rent. A scarce input earns more than its administrative cost because others cannot easily obtain or replace it. Public IPv4 now earns rent through direct sale prices, lease payments, premium static-IP charges, reduced support burden, improved customer retention, and the option value of future products. An operator that controls a clean pool can decide whether to deploy it internally, lease it, transfer it, reserve it for strategic customers, or use it as margin protection in wholesale negotiations.

This matters for capital allocation. A mobile provider deciding whether to buy IPv4, invest in IPv6 transition, expand CGNAT capacity, acquire a smaller holder, lease address space, or redesign product tiers is making an investment decision under scarcity. The decision is not purely technical. It depends on interest rates, customer mix, expected churn, regulatory exposure, address-market prices, reputation cleanup costs, transfer friction and the expected pace of IPv6 normalization in the provider's own customer base.

For large operators, public IPv4 stock can function like a strategic reserve. It supports premium services and protects against transition risk. For small operators, it can become a barrier to entry. A new mobile brand or fixed-wireless provider may have to pay market prices for addresses that incumbents received under earlier conditions. If it relies heavily on CGNAT instead, it carries higher support and attribution costs. If it buys addresses, it ties up capital that could have funded radio sites, customer acquisition or service quality. Scarcity therefore tilts competition toward firms with older address holdings, stronger balance sheets or better access to leasing markets.

The registry is not responsible for that historical distribution, but its procedures affect how costly it is to move resources to higher-valued use. Transfer policies, due diligence, registration updates, sanctions screening, documentation standards, waiting lists and certificate alignment all affect market liquidity. If the registry is too lax, hijacking and fraudulent claims rise. If it is too discretionary, legitimate movement slows and scarcity rents become more concentrated. The ledger-versus-gatekeeper distinction becomes economically concrete: the registry must verify enough to preserve trust, but not so much that it becomes a capital-control chokepoint.

Mobile broadband makes the tradeoff visible because the address is tied to retail service quality. A delayed transfer is not just paperwork. It can affect whether a fixed-wireless launch has enough public IPv4 for business plans, whether an MVNO can offer a premium tier, whether a public-sector deployment can meet continuity terms, or whether a smaller operator can reduce CGNAT pressure before customer complaints rise. Registry procedure becomes part of the cost of bringing scarce operational stock into productive use.

MVNOs and small operators pay the scarcity bill twice

The mobile market is not made only of national incumbents. It includes MVNOs, regional wireless providers, enterprise-focused SIM providers, fixed-wireless challengers, IoT connectivity firms, community networks, rural access providers and niche wholesale brands. These firms are often praised for competition and service innovation. IPv4 scarcity can punish them in two ways at once.

First, they face higher relative acquisition costs. A large operator can spread address purchases, leasing arrangements, legal work and reputation cleanup over millions of subscribers. A smaller provider may need only a modest pool, but the transaction cost of finding, reviewing, contracting, routing, certifying and maintaining that pool can be disproportionately high. If the provider lacks specialist staff, it pays consultants or accepts weaker terms. If it delays acquisition, it expands CGNAT and inherits the support burden.

Second, smaller providers face weaker bargaining power in shared infrastructure arrangements. An MVNO may depend on a host network's packet core and NAT architecture. It may not fully control public-address allocation, logging detail, abuse contacts or customer-facing explanations. When a platform complaint arrives, the MVNO brand may face the customer while the technical evidence sits with the host. If the host's systems do not produce the needed detail quickly, the MVNO absorbs reputational damage. Scarcity thus travels through contracts.

Fixed-wireless challengers face similar exposure. Their business case often depends on rapid rollout, low installation cost and underserved demand. They may serve households or small firms that expect broadband to behave like a fixed service. If those customers discover that inbound services, games, VPNs or payment systems behave poorly behind CGNAT, the provider must either spend scarce IPv4 on exceptions or accept dissatisfaction. A large incumbent can offer a premium static-IP add-on. A small challenger may not have enough address stock to make that promise widely.

Public-sector and emergency-related uses add further pressure. A small provider serving a municipal site, rural clinic, temporary shelter, emergency operations centre, school, border post or transport facility may need dependable connectivity under conditions where ordinary consumer-grade CGNAT is not enough. The requirement may not be a large bandwidth commitment. It may be stable reachability, address reputation, predictable VPN behavior or a reliable path for remote support. The scarce input is trust, and public IPv4 can still be part of that trust.

These disadvantages matter because they influence market structure. When scarce IPv4 stock is costly and CGNAT administration is complex, scale becomes more valuable. Incumbents gain from old allocations and larger teams. Smaller providers either pay high prices, accept inferior service characteristics, depend on hosts, or shift more aggressively to IPv6 while still supporting IPv4 fallbacks. The market may still have many brands, but the operational advantage of older address holdings persists underneath.

From an institutional-economics view, scarcity rents are not neutral. They shape who can enter, who can expand, who can offer premium service, who can answer legal requests quickly, and who can absorb customer complaints. The registry cannot erase those rents. It can, however, prevent additional artificial rents from arising through opaque records, uncertain transfers or discretionary service treatment. Clean registration lowers transaction costs for everyone; uncertain registration favors those with lawyers, relationships and time.

This is the small-operator case for a thin and predictable RIPE NCC. Smaller networks do not need the registry to plan their business. They need resource records they can rely on, procedures they can understand, contacts that work, RPKI and reverse-DNS services that do not discriminate by size, and transfer processes that verify legitimacy without turning every move into a negotiation with institutional uncertainty. In a scarce market, predictability is a form of competition policy, even when the registry is not a competition regulator.

Leasing and transfers decide where the rent lands

When an input becomes scarce, markets develop ways to move it. IPv4 addresses can be transferred under policy. They can be leased through commercial arrangements. They can be bundled with hosting, connectivity, acquisition deals or managed services. They can be held as reserves. They can also attract fraud, reputation problems and contractual disputes. Mobile and fixed-wireless demand adds a powerful buyer class to this market because access providers need address stock not merely for servers but for customers.

Transfers and leasing differ in economic meaning. A transfer changes registered holdings according to policy and documentation. It can support durable planning, financing and internal deployment. Leasing offers flexibility and speed but may leave the user dependent on contract continuity, reputation history and the lessor's behavior. A mobile operator using leased space for customer access must care about route stability, registry contact alignment, RPKI status, abuse handling, reverse DNS, termination rights, sanctions exposure and reputation cleanup. A cheap lease can become expensive if the pool is noisy, disputed or hard to explain to platforms.

Scarcity rent lands where the control point sits. A legacy holder with unused IPv4 can earn rent by selling or leasing. A broker can earn fees by matching parties and reducing diligence cost. A large operator can earn product rent by turning scarce addresses into premium plans. A registry can unintentionally create or destroy rent by changing the cost, speed and certainty of recognized movement. A platform can impose costs by treating certain address pools as risky. A geolocation vendor can affect service value by mapping pools poorly. The rent chain is longer than the address transaction.

Capital-control risk appears when a registry's necessary verification becomes broad discretion over movement. Fraud prevention, holder authentication, sanctions compliance and policy enforcement are legitimate. But if market actors cannot predict how resource movement will be treated, the registry begins to price itself into the asset. Buyers demand discounts for procedural uncertainty. Sellers hold resources longer. Lessees accept weaker arrangements. Smaller providers delay expansion. Scarcity rents concentrate among those able to navigate the process.

The opposite risk is laxity. If a registry records movement too casually, the ledger loses evidentiary value. Route hijacks, forged authority, broken contact chains and contested claims make the resource less useful. Mobile operators cannot build customer plans on doubtful address stock. Banks, insurers, acquirers and public-sector customers will not treat uncertain registration as reliable infrastructure. Scarcity markets need friction, but the right kind: friction that verifies legitimate control, not friction that substitutes institutional judgment for market use.

RIPE NCC's policy environment is therefore a balancing act. The service region contains mature telecom incumbents, small access providers, cloud networks, universities, public agencies, conflict-affected firms, sanctioned jurisdictions, post-merger portfolios and legacy holdings. A single transfer process must protect the ledger while allowing productive movement. The more mobile access depends on scarce IPv4, the more every delay or ambiguity is felt in retail service design.

Leasing is especially revealing because it can route around formal transfer friction while preserving economic dependence on the registry record. A lessee may announce space, configure RPKI under delegated arrangements, handle abuse, and serve customers while not becoming the registered holder. That can be efficient. It can also blur responsibility. If a law-enforcement request, platform complaint or reputation issue arrives, the chain between registered holder, lessee, route origin and retail customer must be clear enough to act. Registry evidence cannot replace the lease contract, but it can make the surrounding facts easier or harder to verify.

The institutional aim should be simple: make legitimate movement and legitimate use easy to evidence, while making fraudulent movement hard. That aim supports mobile competition better than any attempt to prescribe who deserves addresses. A registry that stays inside that boundary preserves the value of the ledger. A registry that moves beyond it risks becoming the market's hidden capital allocator.

Registry evidence is necessary but deliberately incomplete

Registry evidence matters because the Internet needs shared reference points. A mobile NAT pool may be announced globally, filtered by networks, queried by platforms, named in legal requests, scored by fraud systems and inspected by customers. The first question is often: who is responsible for this address space? RIPE NCC's ledger helps answer that question in its service region by recording resource holders and related registration data. RPKI can help networks validate route-origin assertions. Reverse DNS can provide naming context. Database contacts can direct abuse or administrative requests. Transfer history and registration consistency can support due diligence.

This evidence is valuable because it is common. A bank, host, mobile operator, cloud provider, court, game platform and upstream network can all consult the same basic record. They may interpret it differently, but they are not starting from private rumor. That lowers transaction costs. It lets markets move faster. It makes abuse reporting less random. It gives resource buyers and lessees a starting point for diligence. It helps networks judge whether routing claims align with registered intent.

But the evidence is deliberately incomplete. It is not a subscriber database. It is not a map of handset sessions. It is not a guarantee that a particular customer used a public address at a given moment. It is not proof that a listed contact will resolve every complaint. It is not a commercial geolocation service. It is not a rating of the address pool's reputation. It is not a certification that a lessee has honored every contract. The ledger has strength only because its claims are bounded.

The difference between holder evidence and subscriber evidence is crucial in mobile CGNAT. A shared public address can identify the network counterparty, but not the retail account without access-provider logs. A route-origin authorization can say that a given autonomous system is authorized to originate a prefix, but not that every customer session behind that prefix is lawful or well behaved. Reverse DNS can say something about intended network use, but not which handset created a session. Abuse contacts can create a path for reports, but not guarantee attribution.

There is a temptation in scarce markets to demand that the registry fill every evidentiary gap. This temptation should be resisted. The more claims a registry makes, the more it must verify. The more it verifies, the more data it must collect or judge. The more it collects or judges, the more it becomes a gatekeeper. A registry that tries to answer subscriber questions will face national legal conflicts, privacy obligations, data-security risk and disputes over access-provider log quality. It would be a poor institution for that role.

The better model is evidence portability. The registry should make it easy to carry the facts that belong at the number-resource layer into other settings: holder identity, resource status, relevant contacts, routing-security signals, reverse-DNS delegation, transfer recognition and administrative consistency. Courts, regulators, platforms and customers can then ask the access provider for the next layer of evidence. If that provider fails, the failure is visible where it belongs.

This model also disciplines mobile operators. They cannot hide behind registry ambiguity if the holder record is clean. If a NAT pool belongs to them or is used through an arrangement they control, they must maintain the logs and procedures needed for their service promises. If they use leased or wholesale space, they must be able to explain the chain. If they sell premium public IPv4 access, they must support it. The registry's neutrality does not absolve operators; it locates responsibility.

For RIPE NCC, the boundary is institutionally attractive. A thin ledger is not a timid ledger. It can be rigorous about the things it records. It can require accurate registration. It can support secure routing. It can maintain transparent procedures for resource movement. It can keep contact fields useful. It can reduce ambiguity in disputes about number-resource recognition. Its power comes from saying less, better.

IPv6 changes the destination, not the transition bill

Every serious account of mobile CGNAT must include IPv6. Without IPv6, the discussion becomes a permanent negotiation over a depleted resource. With IPv6, the long-run architecture becomes less dependent on public IPv4 uniqueness for every customer-facing need. Mobile networks have often shown that IPv6 can work at scale. IPv6-only mobile access with translation for IPv4 destinations is a plausible and increasingly normal pattern in advanced deployments. The problem is that transition costs do not disappear just because the destination is technically superior.

IPv6 shifts scarcity but does not instantly remove mixed-market obligations. A mobile operator still needs to reach IPv4-only services. Customers still use applications that assume IPv4 behavior. Enterprise administrators still configure VPNs and firewalls around IPv4. Fraud systems still score IPv4 addresses. Games and peer-to-peer services still meet NAT behavior in uneven ways. Public-sector systems may move slowly because certification, procurement and risk reviews lag technical capability. Some IoT or industrial equipment remains IPv4-centric for years. In that mixed environment, IPv4 remains the compatibility layer that customers notice when it fails.

The operator's transition problem is therefore managerial. It must decide where IPv6 adoption will actually reduce CGNAT load, where IPv4 remains unavoidable, which customers need public IPv4 exceptions, which applications justify support work, and how quickly legacy dependencies can be retired. It must invest in network engineering, customer equipment, documentation, troubleshooting, platform outreach and staff training. It must also maintain address-market options because the transition may take longer in one product line than another.

Fixed-wireless access complicates the timeline. A provider may use modern radio equipment and still serve households with routers, cameras, consoles, business devices and remote-access expectations that assume IPv4. The customer sees a broadband replacement, not a mobile experiment. If IPv6 works for streaming but not for a small firm's legacy VPN, the provider still has a support problem. If a public-sector customer requires compatibility with a partner network that remains IPv4-only, the provider must supply a solution. Transition progress is uneven by use case, not just by network.

IPv6 also changes the value of IPv4 in a non-linear way. As more traffic moves to IPv6, the absolute need for IPv4 may fall, but the remaining need may become more specialized and premium. The addresses still required may be those tied to enterprise access, public services, legacy applications, reputation-sensitive platforms or customer exceptions. That can keep scarcity rent high even as average IPv4 traffic share declines. The last difficult dependencies are often worth more than the first easy migrations.

This is why a simplistic "IPv6 will solve it" answer is economically incomplete. IPv6 is the strategic exit from permanent IPv4 scarcity, but the route to that exit runs through capital spending, support costs, customer segmentation and risk management. CGNAT remains the bridge, and bridges have maintenance bills. In mobile broadband, those bills include logging, attribution, platform friction, premium inventory and customer education.

The RIPE NCC boundary remains the same through this transition. The registry should support accurate IPv6 registration, IPv4 transfer clarity, RPKI and operational evidence across both protocol regimes. It should not pick winners among mobile strategies or treat slow IPv6 adoption as a reason to expand into access-market supervision. It can support the common infrastructure of transition without becoming the planner of transition. That distinction keeps legitimacy intact while allowing operators to face the economic consequences of their own choices.

Emergency service and public-sector continuity expose the hard edge

Mobile and fixed-wireless networks increasingly carry continuity functions. They back up fixed lines, connect temporary sites, support public events, serve remote facilities, enable emergency response, maintain school and healthcare access, and provide connectivity after fibre cuts or during rapid deployment. These uses do not always require large bandwidth. They require reliability, reachability, accountability and support priority. CGNAT can be compatible with some of them; it can be unsuitable for others.

Emergency-related use highlights the difference between ordinary browsing and operational continuity. A temporary command site, clinic, utility crew, local-government office or transport team may need stable VPN access, remote device management, whitelisted addresses, inbound diagnostics or predictable platform reputation. A shared mobile NAT pool may work until a partner system rejects it, a port is unavailable, geolocation fails, or a support desk cannot explain the path quickly enough. The cost of failure is not merely customer annoyance. It may be service interruption in a setting where timing matters.

Public-sector procurement can therefore create demand for scarce IPv4 even while government policy encourages IPv6. A government office may support IPv6 in principle but rely on contractors, legacy platforms, security appliances or partner networks that do not. A school may need remote administration of devices. A rural clinic may use a fixed-wireless backup for systems designed around stable endpoints. A municipal service may need predictable access to a central platform with conservative firewall rules. The public-sector buyer often wants a simple service-level promise, not a lecture on address conservation.

For operators, these customers justify premium inventory. A public IPv4 address, private APN, static route or managed VPN may be priced as resilience, not as a mere technical feature. The address pool becomes part of the service assurance package. If IPv4 stock is scarce, the operator must decide whether to reserve it for such customers, sell it broadly, lease more, or push harder on IPv6-compatible designs. Each option has capital and reputational consequences.

Small providers may be caught between public mission and scarce resources. A rural fixed-wireless provider may be the only realistic connectivity option for a local public site, yet lack abundant address stock. It can deploy CGNAT, but then it must support exceptions. It can lease addresses, but that adds cost and contract risk. It can use IPv6 where possible, but public-sector systems may lag. The provider's social value may be high while its address-market power is low. That is a classic institutional-economics tension: the market price of scarce capital may not align with the social value of the service that needs it.

RIPE NCC cannot solve that allocation problem by deciding which public-sector customer deserves IPv4. Nor should it. Such decisions belong to operators, customers, regulators and procurement regimes. The registry's role is to keep the number-resource layer stable enough that these actors can contract, route, verify and plan. If public-sector continuity depends on a transferred or leased pool, the registration and routing-security evidence should be clear. If an operator claims responsibility for a pool, the contact path should work. If a route-origin authorization exists, it should support rather than muddy operational assurance.

The hard edge of public-sector continuity therefore reinforces the thin-ledger case. Critical uses make accurate registry evidence more important, not more expansive. The higher the stakes behind the access service, the less tolerance there should be for ambiguous number-resource records. But high stakes do not justify moving subscriber attribution, service planning or public procurement into the regional registry.

The thin ledger is the strongest institution

The economics of mobile broadband and CGNAT point to an unfashionable conclusion: the most powerful role for RIPE NCC is a modest one. In a world of shared mobile addresses, scarce IPv4, premium access products, law-enforcement demands, platform scoring and IPv6 transition, the registry should resist becoming the institution that promises too much. Its legitimacy depends on being a trusted ledger, not an all-purpose authority over identity and market design.

This does not make RIPE NCC unimportant. It makes it critical. A thin ledger is not a weak ledger when the market around it is complex. It is the common reference that allows operators to buy, lease, route, certify, name, contact and explain scarce resources. It lowers transaction costs by reducing ambiguity at the resource layer. It allows other institutions to do their work: operators to maintain logs, courts to demand proper evidence, platforms to refine risk models, customers to buy suitable plans, and regulators to govern access-market duties.

The alternative is unattractive. If RIPE NCC were to expand into subscriber attribution, it would face privacy and legal conflicts across a diverse region. If it tried to allocate IPv4 according to mobile-market merit, it would become a capital allocator without the mandate or tools of one. If it judged address-pool reputation, it would become a ratings body. If it made broad claims about what registry evidence proves, it would invite false reliance. Each expansion would make the institution look more useful in the short run and less legitimate in the long run.

The better answer is rigorous restraint. Keep holder records accurate. Keep contact paths credible. Keep transfers understandable. Keep RPKI and reverse-DNS services dependable. Keep evidence portable. Keep procedures predictable enough that small operators are not priced out by uncertainty. Keep public explanations clear about what the registry can and cannot prove. This is the institutional discipline that IPv4 scarcity requires.

Mobile CGNAT will remain part of the access landscape for years because the transition to IPv6 is uneven and the need for IPv4 compatibility is stubborn. During that period, the same public address will continue to represent many subscribers. Complaints will arrive with missing ports. Games will fail in confusing ways. Payment systems will overreact. Public-sector customers will demand continuity. Operators will decide whether to buy, lease, conserve or segment. Scarcity rent will move through product tiers and capital budgets.

In that environment, the public IPv4 address becomes both less precise and more valuable. Less precise, because it may no longer identify a single subscriber. More valuable, because clean address stock reduces the costs created by that imprecision. That paradox is the heart of the mobile-broadband economy after IPv4 exhaustion.

RIPE NCC did not create the paradox, and it cannot dissolve it. Its task is to make sure the resource ledger remains a reliable starting point while refusing to become the end of every argument. The mobile operator's abuse queue may begin with one address and too many people behind it. The registry's answer should be narrower: here is the recognized resource record, here is the routing and contact context, and here is where the next layer of responsibility begins.

That boundary is not bureaucratic caution. It is the condition of institutional legitimacy. Scarcity creates rents; rents attract pressure; pressure invites gatekeepers. A registry that wants to remain trusted must keep proving that it records scarce capital without becoming the master of that capital. For mobile broadband and CGNAT, that is the difference between a ledger the market can use and a gate the market must fear.