Summary

  • Russia, Iran, Cambodia and China pursue distinct forms of network sovereignty: centralised emergency routing, domestic-service autonomy, gateway concentration and comprehensive legal-administrative control. Treating them as one model obscures the actual technical powers and risks.
  • A state has jurisdiction over operators, facilities and conduct in its territory, but globally routed IP addresses and autonomous system numbers remain coordination identifiers. Their uniqueness cannot be subdivided along political borders without collisions and contradictory authority.
  • Routing evidence from shutdowns shows that control can occur through route withdrawal, filtering, gateway restriction, degraded data-plane reachability or selective access. Registration data alone cannot prove whether users can connect, and domestic reachability does not create a second legitimate global allocation.
  • Multinational networks, cloud infrastructure, mobile groups, satellite systems and anycast services make country labels especially unreliable. One resource may support facilities and users in several jurisdictions while remaining under one recognized authority.
  • National regulators can require licences, security controls, incident reporting and lawful domestic routing measures without rewriting global resource authority. Orders should identify the operator, conduct, scope and duration rather than treating a prefix or ASN as sovereign property.
  • NRS can advocate a neutral transferable record, provider substitution, auditable history and jurisdiction-aware notices administered by the competent registries and authorized providers. It must not become a registry, a rival state, an immunity device or a private route controller.
  • By 2027, credible governance should be tested through cross-border transfer, national isolation, operator failure and restoration exercises that preserve one authoritative record while allowing domestic law to operate at the service and infrastructure layers.

The first error is to treat every sovereign Internet plan as the same

"Sovereign Internet" is used for several different projects. One state may want resilience if international transit fails. Another may seek centralised filtering. A third may require data localisation. A fourth may promote domestic platforms and exchange points. Most combine security, industrial policy, political control and continuity in different proportions. The name does not tell us which technical levers exist.

Russia's 2019 amendments focus on centralised management of the public communications network in response to threats, required cooperation from telecommunications operators and other infrastructure entities, routing directions and recurring exercises. Iran's National Information Network emphasizes a self-reliant domestic environment able to provide services and content with reduced dependence on international connectivity. Cambodia's 2021 gateway measure envisages designated national gateways for international and domestic Internet traffic, with security, revenue and public-order functions.

China's official position presents network sovereignty as state authority over infrastructure, data, conduct and policy while also acknowledging that cyberspace is globally interconnected and cannot be governed effectively by one country alone.

These are not merely semantic differences. A central routing authority can change paths during an event. A domestic-service network can keep selected applications reachable while the global data plane is cut. A gateway regime can concentrate observation and enforcement at fewer interfaces. A legal-administrative model can control market access, data, content and critical infrastructure without withdrawing national routes wholesale. Each produces a different evidence signature.

Comparison should therefore ask six practical questions. Who can issue binding instructions? Which operators and facilities are covered? Can the state change routing, or only require filtering? Is domestic service expected to continue during external disconnection? What public evidence reveals use of the power? How are globally coordinated identifiers treated before, during and after the action?

The number-resource issue appears in the last question. A state may assume that the prefixes used by domestic operators belong to the national communications space. Operationally, however, those prefixes may be registered through a regional institution, announced by a multinational autonomous system, hosted abroad, used through anycast or transferred when a company reorganizes. Territorial language can obscure that mobility.

A disciplined analysis neither denies sovereignty nor accepts identifier nationalism. States possess lawful powers over domestic networks. Global uniqueness remains a shared technical condition. The governance challenge is to keep those domains connected without allowing one to consume the other.

Internet number resources coordinate authority rather than mark territory

RFC 7020 describes the Internet Numbers Registry System as a hierarchy that supports allocation and registration of globally unique Internet number resources. The five Regional Internet Registries administer resources in service regions, and national or local registries may participate below them. Geography shapes administrative responsibility, but it does not convert each IP address into a parcel of land.

An IP prefix identifies a range used in packet forwarding. An autonomous system number identifies a routing domain for interdomain exchange. The holder can announce a prefix from facilities in more than one country, authorize another network to originate it, use it for roaming or cloud services, or stop announcing it entirely. The number does not contain a sovereign title.

This is easiest to see with anycast. The same service address can be announced from many physical locations so that routing selects a nearby instance. ICANN's own DNS engineering resources, for example, list prefixes used for anycasted services across distributed infrastructure. Asking which country "contains" that address mistakes a routing design for a territorial fact.

Multinational carriers create the same problem at a larger scale. One legal group may operate an autonomous system across several jurisdictions. A regional subsidiary may use space registered to the parent. A cloud provider can assign addresses to customers whose data, users and compute instances move. A satellite operator may connect terminals through gateways in different states. Country-level regulation remains real, but the identifier relationship is not exhausted by one facility address.

Geolocation does not cure the ambiguity. Commercial databases infer location from registration, routing, latency, user data and operator submissions. Results differ and become stale. RFC 8805 allows operators to publish geofeed data, but that is a location statement, not an ownership instrument. A regulator should not infer resource authority from a consumer geolocation lookup.

Nor is a route announcement conclusive title. BGP distributes reachability under operator policy. A hijacker can announce another holder's prefix. Multiple origins can be legitimate or erroneous. RPKI can provide stronger evidence that an origin is authorized for a prefix, but RFC 9255 warns that resource certification does not authenticate the real-world identity of a holder for general purposes.

The public record must therefore combine recognized resource authority, history and bounded supporting evidence. A state can require an operator in its territory to comply with law. It should not treat physical presence, route visibility or geolocation as permission to reassign the identifier.

Russia: centralised threat response reaches routing directly

Russia's Federal Law No. 90-FZ, signed on 1 May 2019, amended communications and information legislation to support stable, safe and integral operation of the Internet and public communications network in Russian territory. The Kremlin's official summary states that telecommunications operators, owners of trans-border lines and Internet exchange points receive responsibilities for centralised traffic management when threats emerge. It also provides for regular exercises involving public authorities and network owners.

The statutory text is unusually relevant to number resources because centralised management includes routing rules and binding directions. It reaches entities associated with autonomous systems and infrastructure through which traffic enters, leaves or crosses the country. The state is not merely asking platforms to remove content; it is creating a capability to influence network paths.

This produces a clear sovereignty claim over domestic operation. Russia can license operators, require equipment within its territory and issue directions under its law. It can prepare local name resolution and domestic service continuity. The legal power is territorial in its addressees and enforcement, even when the resulting traffic effects cross borders.

The number-resource boundary remains. A direction to a Russian operator does not transfer the operator's prefix to the state. A temporary reroute does not alter the globally recognized holder. A domestic route for a prefix must not be presented to the wider Internet as a second conflicting allocation. If the operator later changes provider, reorganizes internationally or restores normal transit, one coherent authority history is needed.

Centralised exercises should therefore include registry integrity. During isolation, the state may maintain domestic reachability through local paths. The globally visible record should continue to identify the recognized holder and any authorized origins. If the domestic environment temporarily accepts routes that the global system would not, those exceptions should remain local and expire. Exporting them would create collision risk.

Russia's model also reveals the difference between control-plane and service continuity. A state can direct routing while foreign applications, certificate repositories, cloud dependencies and software services remain unavailable. Keeping domestic packets moving is not the same as preserving the Internet as an interoperable whole. Number records solve only one part of that continuity problem.

The NRS implication is narrow but valuable. It can document whether Regional Internet Registries retain an externally auditable record through exercises, sanctions, operator distress and restoration, and it can represent affected members when that record is put at risk. It should not attempt to overrule Russian routing directions inside Russia or alter a registry record. Its advocacy should make it harder for a temporary national configuration to become an unexamined permanent claim over global identifiers.

Iran: domestic continuity can coexist with global disconnection

Iran's National Information Network demonstrates a different model. A 2020 high-level architecture approved by the Supreme Council of Cyberspace describes self-reliance, resilience, integrated governance and a domestic environment for services and content. The objective is not only control of international gateways. It is the ability to sustain important activity within a national network even when international connectivity is constrained.

The November 2019 shutdown showed what that architecture can mean in practice. The Internet Outage Detection and Analysis project at Georgia Tech reported that cellular networks disconnected first and most other providers followed over roughly five hours. Its three measurement families did not always move identically: BGP announcements reveal control-plane reachability, while active probing and unsolicited traffic reveal data-plane behavior. Providers appeared to use different mechanisms.

That evidence matters because a country can become largely unreachable without every prefix disappearing from the global routing table. Filtering, access control and gateway action can suppress traffic while routes remain visible. Conversely, some routes can be withdrawn while selected domestic services continue. An observer who looks only at registration or BGP can miss the user experience.

The National Information Network makes domestic reachability a policy objective. Banks, public services, messaging and local content can be designed to operate inside the country. This may improve resilience to cable failure or external pressure. It can also make shutdowns more sustainable for the state because essential domestic functions continue while international communication is curtailed. Both propositions can be true.

Neither proposition changes global uniqueness. Iranian operators still use globally coordinated prefixes and autonomous system numbers when they connect to the wider Internet. Those resources may have upstreams abroad, RPKI objects fetched by relying parties worldwide and customers with cross-border dependencies. A domestic continuity mode does not create permission for another country to reuse the same space, nor does international disconnection make the resource abandoned.

Restoration is the critical moment. Routes, filters, domain resolution, certificate access and application dependencies may return at different speeds. A stable number record helps distinguish the continuing holder from the changing connectivity state. If registration were withdrawn during the blackout, opportunistic announcements and ownership disputes could complicate reconnection.

Regional Internet Registries should therefore preserve a holder's record through a state-imposed disconnection unless recognized authority lawfully changes. Independent monitors can mark observed reachability and restrictions as time-bounded evidence without treating them as title, while authorized operators handle security corrections and provider transitions. NRS can campaign for those safeguards, publish comparisons and represent affected members while avoiding claims about which content Iran must permit. The record remains neutral precisely because its competent custodian does not confuse use, location and authority.

Cambodia: gateway concentration changes the control surface

Cambodia's Sub-Decree No. 23 on the establishment of a National Internet Gateway was adopted in February 2021. The Telecommunication Regulator of Cambodia lists the measure among its sub-decrees. The design centralizes designated gateway functions for connections between networks, with stated objectives involving facilitation, security, public order, revenue collection and protection of national interests.

Gateway concentration matters even before full implementation. A network with many international connections distributes operational and political control among carriers, exchange points and facilities. Requiring traffic to traverse designated gateways can simplify lawful interception, blocking, measurement and fee administration. It can also create common failure points and make routing choices depend more heavily on one institutional centre.

The number-resource temptation is to make gateway compliance a condition of recognized address authority. That would be a category error. Cambodia can license domestic operators and require their traffic to use approved facilities. It can sanction a licensee that violates the rule. The globally recognized allocation remains a separate fact. Deregistering a prefix or treating an ASN as nationally owned would spread the enforcement consequence to networks outside Cambodia.

Gateway rules also confront transit. A Cambodian network may carry traffic for foreign customers or connect to a provider whose autonomous system spans several countries. A route observed at a Cambodian gateway can cover address space used elsewhere. Enforcement based solely on the origin number may therefore be broader than the intended domestic target.

The regulator needs more precise evidence: licensed legal person, domestic facility, subscriber relationship, traffic class and applicable order. Number-resource data can help identify networks and validate claimed authority, but it cannot substitute for the regulatory facts. This is especially important when similarly named subsidiaries or shared autonomous systems are involved.

Continuity planning should assume gateway failure or policy error. Operators need alternative domestic paths, emergency access for public services, clear restoration authority and evidence of route changes. The number record should remain available outside the gateway structure so that a domestic control failure does not erase the basis for external coordination.

NRS can support this separation through advocacy for a Cambodian operator's ability to change registration or certificate service provider without changing the resource identity. The competent RIR and authorized operators, not NRS, would keep records and route-security publication available through another qualified provider where law permits. The Society's role is not to defeat the sub-decree or provide those technical services. It is to represent members and document whether one gateway relationship has become permanent control over every number-resource function.

China: broad network sovereignty is paired with a claim of global interconnection

China's model is broader and more mature than a single isolation statute. Its official statements extend sovereignty to network infrastructure, entities, behavior, data and information within the territory. Laws and regulatory measures govern cybersecurity, critical infrastructure, data, platforms, content and telecommunications. International gateways and market structure sit inside that wider administrative system.

The 2022 State Council Information Office white paper is instructive because it advances two positions together. It says countries should be able to choose their path of cyber development and model of network management on the basis of sovereign equality. It also says cyberspace is globally interconnected, no country can govern it effectively alone, and international rules require participation by governments, international organizations, companies, the technical community and others.

That duality is not merely rhetorical. China can exert extensive control over domestic services while depending on global routing, trade, cloud interconnection, standards and unique identifiers. Chinese operators hold and announce number resources recognized through the regional system. Their customers and peers need those identifiers to mean the same thing outside China as inside it.

The boundary should therefore be expressed as functional jurisdiction. China can decide who may operate a telecommunications service in its territory, how critical systems are secured and which content rules apply. It can require domestic infrastructure behavior. Global resource coordination answers a narrower question: which holder and routing authority are recognized for a number so that other networks do not assign or interpret it incompatibly.

This distinction also protects Chinese operators. If another state claimed that a prefix became local property whenever traffic or equipment entered its territory, multinational Chinese carriers and cloud providers would face duplicate claims. A neutral record constrains all states symmetrically. It does not privilege one national model.

China's support for greater governmental influence in international cyberspace governance can be debated on its merits. The crucial number-resource safeguard is that participation does not become national partition. States can shape global policy through agreed institutions, but a global identifier cannot have several sovereign owners whose decisions bind only their preferred peers. That would no longer be one Internet number space.

NRS should engage regulators without becoming a diplomatic voting chamber over every route. Its legitimacy would depend on transparent research, faithful member representation and public accountability, while transparent resource rules, technical competence and preservation of one record remain duties of the competent registries and authorized operators. National authorities remain entities and evidence providers, not unilateral reissuers of globally unique numbers.

The four models create different technical signatures

Russia's plan emphasizes a state capacity to direct network routing during threats. Iran emphasizes domestic continuity and reduced dependence on external services, demonstrated alongside shutdown capability. Cambodia emphasizes designated gateway control. China combines concentrated legal-administrative authority with large-scale continued participation in global interconnection. These differences should shape monitoring.

For Russia, observers should watch changes in path selection, route visibility, traffic-engineering behavior, interconnection and operator compliance during exercises or restrictions. For Iran, BGP must be compared with active probing, traffic volumes and service-level reachability because the data plane can fail while some routes remain. For Cambodia, attention should focus on concentration of international paths, common points of failure and the actual implementation status of gateway obligations. For China, measurement must separate content filtering, service blocking, data policy and routing behavior rather than assuming one mechanism.

Registration evidence sits beneath all four. It can show the recognized resource holder, resource range, autonomous system, contacts, transfer history and perhaps route-security state. It cannot show that packets reached users at a given hour. Nor can outage evidence alone prove that recognized authority changed.

This is why a governance dashboard should never collapse registration, routing and reachability into one national status. A prefix can be registered, announced and unreachable because of filtering. It can be registered and temporarily unannounced. It can be reachable through an unauthorized origin. It can serve domestic users but not international users. Each state describes a different proposition.

NRS should preserve these distinctions in its evidence-led public research. The core record maintained by the competent registry states authority. Independent observational services can publish time-stamped routing and reachability signals with methods and uncertainty, while registries can annotate government orders as jurisdictional events without recasting them as global title. NRS can compare those evidence classes so readers and competent reviewers can see what changed and what did not.

The approach is more cautious than a red or green country indicator. It is also more useful. Operators restoring service need to know whether the holder, origin authorization, BGP path or data plane is wrong. Political analysis benefits from the same specificity.

National borders do not contain routing domains

An autonomous system is defined by routing administration, not by a border checkpoint. Some systems are national incumbents with infrastructure concentrated in one state. Others belong to multinational carriers, cloud platforms, content networks, universities, research networks or satellite providers. A single system can exchange routes at facilities on several continents.

This makes national ASN policies risky. A regulator can require a locally licensed operator to obtain an ASN and meet security conditions. It should not assume that every ASN observed domestically is subject to complete national control, or that every route originated by a domestic licensee serves only domestic users. The legal relationship must be established separately.

Address space is similarly mobile. Provider-independent space may follow an organization as it changes connectivity. Acquired IPv4 resources can move between regions under applicable transfer rules. IPv6 deployment may span subsidiaries. Disaster recovery can shift services abroad. Anycast deliberately distributes one service address.

Border gateways see packets, not full corporate truth. Source addresses can be spoofed. Tunnels can obscure location. Network address translation can place many users behind a smaller set. Virtual private networks and cloud proxies change apparent origin. Enforcement that treats the visible address as a reliable identity will catch the wrong subject often enough to undermine legitimacy.

Resource records help by stating recognized organizational authority and contacts, but they are not population registers. The information can lag corporate change, and privacy rules limit public fields. Regulators should use formal requests and corroborating evidence rather than scrape a public directory and infer control.

NRS advocacy should insist that service region is different from territorial ownership. A provider may serve a holder because of incorporation, operations or agreed eligibility. If the holder moves providers, the competent registry and authorized providers must carry the authoritative history through the change. The number does not acquire the provider's nationality.

This principle limits private institutions too. A registry cannot treat resources in its service region as corporate property to retain during a dispute. Its authority is stewardship under accepted rules. Portability and a neutral record make that limitation operational.

Transfers expose the collision between political borders and global records

IPv4 scarcity has made transfer a central test. A holder in one jurisdiction may sell or reorganize resources to an entity in another. Regional policies, sanctions, corporate law, insolvency and national security review can all matter. Yet the end state must still produce one recognized holder.

A state may lawfully restrict transfer of assets by a company under its jurisdiction. Another may screen a foreign acquisition. A court may freeze property or decide a corporate succession. Number-resource institutions should respect valid orders within their authority. They should not create simultaneous records to satisfy conflicting claimants.

The competent RIR needs a conflict rule. It should identify the current recognized holder, preserve competing claims and orders, freeze a transfer when a court or other competent authority requires it, and route the dispute to an institutionally independent reviewer. It should not let the party with the nearest router or strongest ministry obtain a duplicate allocation. NRS can advocate those protections, submit evidence on behalf of authorized members and document whether the rule is applied consistently; it does not freeze the transfer or decide the dispute.

Continuity may require the existing holder's routes to remain recognized while the legal dispute continues.

Transferability is not unrestricted commerce. Scarcity, sanctions and fraud justify controls. The term means that when a valid change is established, service providers and jurisdictional relationships can change without destroying the resource history. A neutral record connects the old and new authority.

Cross-border transfers also reveal why national number pools are dangerous. If countries reserve the right to reissue addresses when a holder leaves, the former holder may still be recognized elsewhere. Conflicting announcements and certificates can follow. The cost is borne by global operators trying to choose a route.

The safer national power is a transfer restriction directed at the legal person, not a competing technical assignment. Regulators can block the transaction, require approval or impose conditions. The global registry keeps the number unambiguous until the lawful change completes.

RPKI is a global authorization layer, not a sovereignty certificate

RPKI binds number-resource authority to cryptographic certificates and signed routing entities. It helps networks determine whether an origin is authorized to announce a prefix. Because relying parties around the world retrieve and validate the entities, a national certificate action can have effects beyond the territory.

States may want RPKI to enforce national routing plans. A regulator could require domestic operators to create specific route origin authorizations, remove foreign origins or use a national certificate service. Some requirements may improve security. The danger is treating the certificate as proof that the state owns the resource or that every relying party must adopt the state's political judgment.

RFC 6480 places RPKI within the resource allocation hierarchy. RFC 9255 limits the identity claim. The certificate authorizes statements about specified resources; it does not authenticate all attributes of a legal person and does not transform the resource into territory. A domestic authority should therefore ground certificate directions in recognized resource authority and specific operator obligations.

Isolation creates a repository problem. Domestic relying parties may lose access to external repositories. National continuity plans should support validated caches, multiple repository paths and tested restoration. They should not establish a permanently divergent trust hierarchy that certifies conflicting holders. Local exceptions can be necessary during emergency, but they must be scoped, visible to domestic operators and prevented from leaking as global authority.

NRS can advocate user-controlled keys and portable publication so that a state or one regional provider does not hold every operational power. Emergency continuity and any bounded local use must instead be defined and executed by the competent RIRs, certification authorities and network operators under applicable law. That allocation of responsibility does not prevent a state from regulating certificate operation in its territory. It reduces the chance that regulatory control becomes unilateral global reassignment.

The acceptance test is restoration. After a national isolation event, domestic and external relying parties should converge on one valid resource hierarchy. Temporary local decisions should expire or be reconciled. Conflicting signed entities should not survive because each side considers itself sovereign.

RDAP and public registration need jurisdiction without nationalism

Registration Data Access Protocol services expose structured information about IP networks and autonomous system numbers from authoritative regional sources. Regulators, operators, researchers and incident responders use the data to identify contacts and understand resource relationships. The service is global in utility even when the records come from regional administration.

Sovereign Internet plans may encourage national copies or national fields. Replication can improve resilience, but a copy must preserve provenance and freshness. A national directory that silently overwrites the recognized holder creates ambiguity. It should identify itself as a jurisdictional view and point to the authority from which the resource record came.

Public data also requires privacy and accuracy controls. A state's desire for attribution does not justify exposing personal contacts without necessity. Conversely, privacy should not make it impossible to resolve abuse, sanctions or corporate control through authorized access. The RIR operating the RDAP service can offer tiered access with recorded purpose while maintaining a stable public minimum. NRS can advocate proportionate access and publish evidence about whether those safeguards serve members fairly; it does not operate the access service.

Country codes should be treated carefully. Incorporation, mailing address, operating location and geofeed location can differ. A single "country" field invites overinterpretation. The record should state what each jurisdictional attribute means and when it was verified.

National authorities need a correction route. If a telecom regulator shows that a licensee changed legal name or ceased operation, the registry should investigate promptly. The regulator should not be able to rewrite the record unilaterally. Evidence, holder notice and review protect against both stale data and political seizure.

Transfer between service providers should not change the public identifier or erase history. RIR-operated RDAP can continue to expose a coherent chain while an authorized service relationship changes. This is one area where NRS advocacy for registry portability can reduce dependence without challenging national law; the authoritative record remains with the competent RIR.

Public-sector continuity requires more than domestic routes

Governments justify sovereign Internet measures partly through continuity. Hospitals, emergency services, energy, finance and public administration should not fail because an external cable breaks or a foreign provider withdraws. That objective is legitimate and often neglected by commercial design.

Number-resource continuity contributes by preserving address authority, routing contacts, reverse delegation and route-security state. Yet it cannot keep an application running if authentication, software, cloud compute or data are inaccessible. National exercises must inventory those dependencies rather than declare success when routers exchange domestic paths.

Critical services may use addresses registered to a ministry, a national carrier, a cloud provider or an outsourced contractor. The continuity plan should know who can update registration and certificates if the contractor fails. A provider change should not require renumbering during crisis unless technically unavoidable.

The plan should also distinguish the public service from the carrier. Sanctioning, insolvency or licence loss at a carrier should not strand hospitals behind its resource credentials. The competent RIR, authorized operators and, where necessary, a court-appointed administrator should execute a controlled transition in which recognized authority, customer routes and certificate state move to a continuity provider with evidence and independent review. NRS can support affected members through representation and document whether the process met its published safeguards; it cannot execute the transition.

Domestic isolation exercises should test external restoration. Can the service return without conflicting routes? Are repositories reachable? Do global peers recognize the same origins? Did temporary local address use overlap with public space? A continuity plan that works only while disconnected can create a second crisis on reconnection.

The public should receive outcome evidence: services preserved, duration, dependencies that failed, routing changes, data loss and restoration time. Security details can remain protected. Without evidence, resilience claims can hide censorship or technical weakness.

NRS should advocate responsible record stewardship, not become a rival sovereign

The positive case for NRS rests on restraint. It can advocate one recognized resource record, provider choice and preserved history through provider and jurisdiction changes, and it can publish evidence-led evidence about whether those protections work. Regional Internet Registries and authorized certification providers maintain the record and coordinate certificate operations. NRS should not claim a general right to operate those systems or determine national network policy.

This limited role matters because both states and private registries can overreach. A state may treat addresses as national property. A registry may treat regional stewardship as ownership. A service provider may trap a holder through proprietary data and credentials. A neutral transferable record constrains all three.

Neutrality does not mean ignoring court orders, sanctions or telecom law. The RIR or authorized provider receiving an order should verify the issuing authority, scope, affected legal person, duration and requested action; apply it at the narrowest relevant service layer; preserve global uniqueness; and make independent review available. If an order cannot lawfully bind an external provider, the registry record should show the jurisdictional limit rather than pretend the conflict does not exist. NRS can represent an authorized member, publish analysis and advocate due process, but it neither applies the order nor decides the review.

Provider plurality is central. A Russian, Iranian, Cambodian or Chinese holder should be able to obtain permitted registration and certificate services from qualified providers under transparent rules. A state may impose licensing requirements on providers operating domestically. The holder's number authority should not disappear when one provider loses a licence or banking channel.

The Society also needs democratic legitimacy for its actual advocacy role: its research methods, funding, membership positions and representation authority should be public. Separately, RIR rules for eligibility, transfer, disputes and continuity should be public; affected members, governments, operators and technical experts need defined participation; and an institutionally independent review body must address state requests and provider actions. NRS can campaign for those features without writing or adjudicating the registry rules.

NRS should publish what it cannot decide. It cannot determine whether content is lawful in every country, compel global carriage of a route, authenticate every end user or guarantee physical connectivity. Clear limits are an institutional asset.

A neutral transferable record needs concrete safeguards

The first safeguard is one current authority state. Competing providers can offer service, but only one recognized event changes the holder or authorized representation. Replicas carry signatures, timestamps and provenance so that a national continuity copy cannot silently become a rival master.

The second is portability. A holder can export public registration state, verification evidence, certificate relationships, restrictions and audit history in documented formats. Provider-specific credentials end at cutover. The losing provider cannot retain veto power.

The third is jurisdictional annotation. Orders, freezes and licences are attached with issuing authority, legal scope, effective period and affected service. The public view can protect sensitive material while showing that a restriction exists. An annotation does not rewrite the holder unless the recognized decision standard is met.

The fourth is independent observation. Routing collectors, repository monitors and reachability measurements show what networks actually see. These observations remain distinct from the authority record. Their methods and uncertainty are disclosed.

The fifth is restoration discipline. National isolation, provider failure and emergency certificate actions are rehearsed. Temporary local exceptions expire. External and domestic views are compared until they converge. Unresolved differences trigger review rather than quiet acceptance.

The sixth is anti-capture governance. No state, incumbent provider or voting bloc should be able to reassign resources without evidence and review. Conflict disclosures, reasoned decisions and appeal are mandatory for high-impact actions.

These safeguards are not technologically extravagant. Most are institutional commitments implemented through signed records, interoperable services and tested procedures. The difficult part is accepting that current providers and governments sometimes must surrender control.

States retain substantial lawful powers under this model

Separating global number authority from territory does not strip states of regulatory capacity. A government can license telecommunications operators, set spectrum conditions, protect critical infrastructure, enforce competition law, require incident reports, impose proportionate security standards and apply lawful orders to persons and facilities within its jurisdiction.

It can require a domestic operator to maintain accurate resource contacts and secure its routing. It can demand evidence that a prefix used for a public service is authorized. It can prohibit route leaks, require resilience exercises and sanction false statements. It can condition market access on compliant gateway or interconnection behavior.

It can also block or limit services under domestic law, subject to constitutional and international constraints. The number-resource principle does not decide the legitimacy of each content restriction. It says that blocking a service is different from claiming the underlying globally unique identifier.

States can participate in global policy. Governments have legitimate expertise in public safety, sanctions, consumer protection and national continuity. Their role should be transparent and balanced with operators, technical communities and affected users. Equal participation is not unilateral control.

The model may even improve enforcement. Accurate holder history and provider portability reduce opportunities to hide behind stale registrations. Jurisdictional annotations show which authority acted. Separating a legal order from routing evidence makes it easier to audit whether the intended target, rather than unrelated traffic, was affected.

The limit is symmetry. A state cannot demand respect for its operators' identifiers abroad while treating foreign identifiers as disposable at home. Global uniqueness works because all entities accept the same constraint.

Three scenarios reveal whether the boundary is real

In the first scenario, a government activates an isolation exercise. Domestic operators redirect traffic, international reachability falls and local public services continue. The RIR's authoritative record remains available from independent locations. Existing holder and certificate state do not change merely because paths changed. Temporary domestic route exceptions are logged and expire. NRS may publish an independent, evidence-led account of the exercise, but it neither operates the record nor controls restoration. On restoration, relying parties converge without duplicate claims.

In the second scenario, a telecom operator spanning three countries loses its licence in one. The state can stop local service and require customer migration. It cannot automatically seize the group's entire ASN or address portfolio. The record identifies which legal entity and facilities are affected. Clean resources and foreign operations continue, while local customers transfer under supervised continuity.

In the third scenario, a court freezes a cross-border IPv4 transfer during a sanctions dispute. The competent RIR preserves the current holder, blocks the authority change, records the order and prevents either provider from creating a competing record. NRS can represent an affected member and document the consequences, but it cannot freeze the change or maintain the registry state. Existing routing remains a separate question. When the court resolves the matter, the RIR records the final transfer or cancellation as one auditable event.

Each scenario respects national power while preserving global coherence. Failure is also easy to identify: duplicate registration, silent certificate divergence, indefinite local exceptions, provider credentials surviving cutover or national route orders presented as global title.

The strongest objections clarify the limits

One objection is that numbers are economic resources and therefore can be sovereign property. Scarce IPv4 space certainly has economic value, and states can regulate transactions involving entities under their jurisdiction. Economic value does not change the technical need for one global assignment. Property rules must be translated into a single recognized outcome, not several territorial copies.

A second objection is security. A state facing attack may need immediate routing control. The model permits domestic emergency action. It requires that temporary paths and local exceptions not silently rewrite global authority, and that restoration be tested.

A third objection is foreign institutional dependence. A registry or certificate repository abroad could become unavailable through sanctions or conflict. Provider plurality, portable records, user-controlled keys and independent replicas reduce that dependence without creating a conflicting national allocation.

A fourth objection is democratic legitimacy. Regional technical institutions may appear less accountable than governments. NRS should therefore publish its research and advocacy positions, convene public authorities and affected users, and campaign for registries to disclose decisions and provide institutionally independent appeal. Limited mission is part of NRS's legitimacy. A registry should not decide content policy simply because it manages identifiers, and an advocacy group should not become the registry or appeal tribunal.

A fifth objection is enforcement evasion. Operators may move incorporation or providers to escape national rules. A neutral record does not confer immunity. States can act against domestic facilities, licensees and conduct. Cross-border orders require recognized legal cooperation rather than technical seizure.

A final objection is that the global Internet is already fragmented, so uniqueness is an outdated ideal. Filtering and service divergence are real, but networks still depend on globally intelligible routes and identifiers. Abandoning that layer would add collision and instability without resolving political disagreement.

Evidence standards should constrain claims by every side

Governments should publish the legal authority, activated mechanism, duration and service impact of sovereign Internet measures, subject to necessary security limits. Operators should report route and availability effects. Registries should disclose changes to resource and certificate state. Independent measurement should compare control plane, data plane and application reachability.

NRS publications and member representations should cite recognized records, verified corporate evidence, valid orders and technical observations. They should distinguish direct evidence from inference. A route withdrawal shows a change in global visibility, not the motive. A registration change shows recognized authority, not physical location. A government announcement shows intended power, not necessarily successful implementation.

Country comparisons need the same discipline. Russia's statute directly describes central management and exercises. Iran's architecture describes national self-reliance, while measurement documents actual shutdown behavior. Cambodia's sub-decree establishes a gateway framework, but implementation status and topology should be assessed separately. China's white papers state a sovereignty doctrine and international position; specific network effects require other evidence.

Uncertainty should remain visible. Network measurements have vantage-point limits. Corporate records can lag. Orders may be confidential. A confidence grade should attach to each proposition rather than to a country as a whole.

This evidence standard protects governments from exaggerated claims as well as users from hidden control. It prevents a policy announcement from being treated as a completed technical capability and prevents a transient outage from being labelled deliberate without support.

What credible coexistence should look like by 2027

By 2027, states with national continuity plans should publish identifier principles. They should affirm that domestic routing authority does not create duplicate global allocation, define treatment of operator failure and explain restoration from isolation. Regulators should know which institution holds the recognized record and how to submit evidence.

Number-resource institutions should support independently operated replicas, provider portability, user-controlled certificate keys and tested repository continuity. These features reduce foreign dependency while retaining one authority state. National copies should be signed, current and visibly derivative.

Cross-border exercises should include four moments: normal operation, national isolation, partial restoration and full convergence. Observers should compare registration, route authorization, BGP visibility, data-plane reachability and critical-service availability. Success at one layer should not conceal failure at another.

Transfer rules should handle court orders, sanctions and corporate succession without indefinite captivity. A valid restriction freezes the authority event while preserving the current record. A final decision updates the holder once and travels to all providers.

Public-sector continuity contracts should ensure that ministries, hospitals and emergency networks can change carriers without losing resource evidence. Dependence on one national gateway or one foreign registry should be measured. Renumbering should be a considered technical choice, not the automatic result of provider failure.

NRS should publish evidence-led performance comparisons drawn from disclosures by competent registries, providers, operators and independent monitors: provider-switch time, record divergence, stale replicas, emergency exceptions, certificate restoration, disputed transfers and state-request outcomes. It should identify its sources and report unsuccessful exercises as well as successful ones, without presenting the comparison as an authoritative registry record.

The decisive 2027 test is not whether sovereign Internet plans disappear. They will not. It is whether a country can exercise lawful domestic control, endure an external disruption and reconnect without creating contradictory number authority. Global coordination earns legitimacy by surviving sovereignty, not by denying it.

Sovereignty and uniqueness can coexist only if neither is misdescribed

The debate is often polarized between state control and an imagined borderless network. The real Internet has always included territorial law, licensed infrastructure and public power. It has also depended on identifiers whose usefulness exceeds any one jurisdiction. Both facts must be governed.

Russia shows direct centralised routing authority. Iran shows that domestic service continuity can accompany severe international disconnection. Cambodia shows how designated gateways concentrate the control surface. China shows a broad sovereignty doctrine coupled with continued recognition that global interconnection requires cooperation. No single label captures all four.

The common risk is the conversion of operational control into identifier ownership. A state controls a gateway and begins to treat every observed prefix as national. A regulator suspends a carrier and assumes its entire global ASN should vanish. A continuity network creates local assignments that later leak. A registry mistakes service-region authority for property. Each step weakens the one fact all networks need: which authority is recognized for the number.

NRS can defend that fact through advocacy if it does not present itself as a steward of the record. It should campaign for the RIR's neutral transferable record to survive provider change, court dispute, sanctions, isolation and reconnection, and for certification designs that support security without making one institution a sovereign gatekeeper. Its own evidence-led research should distinguish registration, routing and reachability, while decisions about records and certificates remain with competent registries, authorized operators, courts and independent reviewers.

States do not need to surrender jurisdiction to accept this arrangement. They need to direct regulation at legal persons, facilities, services and conduct with appropriate scope. Global number coordination does not need to judge every national policy. It needs to prevent incompatible assignments and preserve history.

An IP address is not a flag planted in a router. An ASN is not a border. They are shared coordinates that let independently governed networks exchange reachability. Political boundaries can shape who operates, which traffic passes and what services users receive. They cannot safely divide the coordinates themselves.

Sources