Summary
- The October 2024 ICP-2 principles draft did not merely modernize entry criteria. It proposed continuing compliance, audit, derecognition, continuity, handoff, and amendment rules that would reorder authority across ICANN, the NRO Executive Council, incumbent RIRs, and regional communities.
- Its pivotal authority clause let the NRO Executive Council originate recognition or derecognition proposals and gave ICANN the final decision, while resource holders appeared as evidence for recognizing a new registry rather than as the people whose authorization was required for removing or replacing an existing one.
- A legitimate replacement for ICP-2 must distinguish coordination from constituent power. Derecognition, emergency operation, transfer of service, and regional redesign need narrow triggers, demonstrable resource-holder authorization, independent fact finding, cure rights, service protections, and review of both action and inaction.
Four pages that did the work of a constitution
The Proposed ICP-2 Version 2 Principles, dated 7 October 2024, ran to four pages. Its economy was deceptive. The document stated twenty-four principles under governance, the RIR ecosystem, the RIR lifecycle, recognition, operation, and derecognition. It did not contain the procedural density of a statute or a negotiated service agreement. Yet it answered the questions that constitutions answer: who may initiate a change in institutional status, who may decide it, what conditions an institution must continuously satisfy, how the territory of responsibility is divided, how compliance is assessed, how authority may be withdrawn, and how the foundational text may be amended.
Calling that constitutional does not mean the paper claimed sovereign power. The RIR system remains a decentralized arrangement of separately incorporated organizations, contracts, community practices, technical coordination, and ICANN-related commitments. The term identifies function, not statehood. A text becomes constitution-like when it establishes offices, allocates final decision power, defines membership and institutional status, entrenches amendment rules, and supplies the legal or normative basis for exceptional action. The principles paper did all of those things in outline.
That is why its brevity should have raised the standard of scrutiny rather than lowered it. A broad principle can be useful where institutions already agree about authority and need guidance on implementation. It is dangerous where authority itself is contested. Words such as “derecognition,” “continuity,” “handoff,” “service region,” and “final authority” carry consequences far beyond policy coordination.
They can determine which institution maintains registration records, who accepts changes from resource holders, how reverse-DNS and route-security services continue, whether an incumbent may keep presenting itself as the regional registry, and whether a new or interim body may take its place.
The paper's introduction acknowledged that it was only the first major step. It asked for views on principles rather than line edits and promised that feedback would inform a fuller revised document. That procedural modesty was welcome. It did not solve the deeper issue. A consultation about desirable principles is not automatically authorization for the institutions running the consultation to give themselves new powers. Before discussing the ideal drafting of an exit regime, the system needed to identify the source of its authority to create one.
The hidden constitution was therefore not hidden because the text was secret. It was public, translated, and open for comment. It was hidden in plain sight because apparently technical phrases performed foundational work without a preceding account of constituent consent.
The 2023 request began with an unresolved premise
The immediate mandate came from the NRO Executive Council. In an October 2023 message to the ASO Address Council, the NRO EC said it had considered the AFRINIC situation and sought help with two tasks. One was to prepare procedures for validating and reviewing initial or continuing compliance with ICP-2 and for specifying review outcomes. The other was to strengthen ICP-2 through an update in the 2024-2025 period, with consultation across the RIR communities and engagement with ICANN.
The request identified a real weakness. The 2001 text explains how a candidate can qualify as a new RIR. It does not provide an adequate modern response to sustained institutional failure. A mature registry system cannot depend entirely on goodwill when records, staff, board authority, member rights, or services become endangered. Accountability requires measurable duties and a path from evidence to remedy.
But the request also contained the premise that recognition requirements applied to the maintenance of accreditation. That proposition was consequential. The original ICP-2 is framed as criteria for the establishment and recognition of new RIRs. Treating those entry criteria as continuing accreditation duties may be sensible as policy. It is not the same as demonstrating that ICP-2 already created a power to remove an incumbent, transfer its role, or compel its cooperation. The request moved quickly from a gap in procedure to an assumed continuing supervisory relationship.
There are three different claims here, and they should not be merged. First, the values in an entry standard can remain relevant after recognition. A registry that was expected to be neutral, technically competent, regionally supported, financially viable, transparent, and community-driven should not be free to abandon those qualities on the day after recognition. Second, those values can support a continuing expectation of accountability. Third, a specified institution has authority to enforce that expectation through derecognition and service transfer. The first claim does not establish the third.
The gap matters because institutional power cannot be inferred solely from institutional need. A fire code is necessary, but the need for fire safety does not identify who may seize a building. A professional standard may continue to express expected conduct, but it does not itself determine who may revoke a license or what process is due. In the RIR setting, the necessity of continuity does not tell us whether an NRO body, ICANN, the peer registries, a domestic court, members, resource holders, or some combination may authorize intervention.
The 2023 request was therefore a valid call to design stronger accountability. It was not, by itself, proof that the requested institutions possessed the full authority the design would later describe.
The authority principle concentrated the first move
The most important sentence in the 2024 paper appeared first. Under “Authority,” it said that any proposal to recognize a candidate RIR or derecognize an RIR must originate from the NRO Executive Council after a majority vote. ICANN would have final authority to adopt the proposal, after consulting and giving substantial consideration to each RIR's input.
This was a two-key arrangement, but the keys belonged to institutions already inside the coordination structure. The NRO EC controlled origination. ICANN controlled final adoption. Existing RIRs received an express consultative position. No resource-holder vote, member petition, independent investigator, government request, public-interest complainant, or affected operator had a direct place in the formal chain described by the principle.
The NRO EC's composition makes that allocation especially important. The heads of the RIRs form the Executive Council. A proposal to recognize a new registry can affect the incumbents' service regions, coordination obligations, institutional influence, and costs. A proposal to derecognize one of their peers can affect the remaining registries' operational burdens and expose each of them to the same standard later. Those facts do not make the NRO EC unfit to participate. They make conflict design indispensable.
The 2003 NRO Memorandum of Understanding describes the NRO as a coordinating mechanism through which RIRs act collectively on matters delegated by unanimous written agreement. It empowers the Executive Council to represent the NRO and the RIRs on delegated issues and to commit shared resources when the required agreement exists. That is substantial coordinating authority. It is not an obvious grant from resource holders allowing the Executive Council to terminate the regional status of one signatory and direct the transfer of services upon which those holders rely.
Nor did the 2004 ASO Memorandum of Understanding settle the matter. Its stated purposes include mechanisms for recommendations to the ICANN Board concerning recognition of new RIRs. Recognition is express. Derecognition, emergency replacement, and compulsory service transfer are not. An amended compact could add them. The omission means that the revision needed to explain how the additional mandate would be validly supplied, not simply present the mandate as the natural inverse of recognition.
The authority principle thus selected gatekeepers before it demonstrated the consent of the governed. That ordering is the draft's central constitutional defect.
Recognition and removal are not mirror images
It is tempting to say that whoever can recognize can derecognize. The symmetry is attractive and often wrong. Entry and exit change different reliance positions.
When a candidate seeks recognition, it asks the system to confer a new coordinating status. If the application fails, existing arrangements remain. The candidate may incur costs and a region may lose an opportunity for institutional change, but an existing registry is not necessarily stripped of records, staff functions, service relationships, or membership structures. ICP-2's original task was to test whether a proposed regional body had scale, support, policy openness, neutrality, technical competence, funding, record systems, and confidentiality safeguards sufficient to enter the system.
Derecognition operates on an institution that may have served a region for decades. Its databases contain the history on which allocation and registration claims depend. Its customers may use its certificate services, reverse-DNS processes, routing registries, and transfer procedures. Its members may hold corporate rights under local law. Its employees, creditors, counterparties, and litigants have relationships with the incorporated entity, not with an abstract “RIR function.” Removing status cannot make those relationships disappear.
The difference is not an argument for incumbent immunity. It is an argument for a separate authorization and a higher-quality remedy. If recognition created legitimate expectations that the registry would remain accountable, derecognition creates equally legitimate expectations that intervention will be evidence-based, proportionate, reviewable, and designed around continuity for innocent holders.
An entry decision can often be postponed. An exit decision may be impossible to delay if services are failing, yet too dangerous to rush if the underlying problem is a disputed election, a temporary injunction, a hostile litigation tactic, or a recoverable operational breakdown. It may require temporary assistance without institutional removal, governance rehabilitation without service transfer, or record preservation without altering the region's final structure. The authority to choose among those responses is broader than the authority to say yes or no to a candidate.
The 2024 draft compressed that distinction into lifecycle language. Recognition required a candidate to meet all requirements. Operation required continuous auditable compliance. Non-compliance could lead to derecognition. That is an elegant sequence, but it risks presenting removal as the logical last line of a checklist. A mature failure regime must ask not only whether a condition is unmet, but whether the failure is material, persistent, attributable, curable, service-threatening, and sufficiently proven to justify the particular remedy.
Resource holders appeared at the door, not at the exit
The principles paper did recognize resource holders. Its “Community Support” principle said that resource holders in a proposed service region must broadly support recognition of the candidate. The companion “Community Commitment” principle required a candidate to show that its community would support it financially and participate in governance.
This was faithful to an important idea in the original recognition criteria: a regional registry should not be imposed on the networks expected to use and fund it. A candidate needs more than institutional endorsement. It needs a demonstrated constituency.
Yet the draft did not state the parallel rule for derecognition. It did not say that resource holders in an incumbent's service region must authorize removal, approve an interim operator, consent to a permanent successor, or support a redesigned region. It required bottom-up legitimacy when power entered the region, then relied on institutional authority when power might be withdrawn or transferred.
That asymmetry cannot be justified by urgency alone. Some emergencies will make a prior vote impossible. A sudden inability to provide a critical service may require temporary action. But an emergency exception should be narrow, time-limited, and followed by review and holder participation. It should not become a theory under which resource holders are consulted when convenient but never possess an authorization right.
Resource-holder consent also needs careful definition. Address space and AS numbers serve organizations of very different sizes and legal forms. Membership and holding status do not always coincide. One corporate group may control many member accounts. A large legacy holder may have no ordinary membership relationship. Small networks may be numerous but individually exposed to different service risks than large carriers. Governments may operate networks, regulate them, or speak for public interests without representing private holders.
The solution is not a crude plebiscite. It is a structured authorization record. A removal or permanent redesign proposal should disclose the eligible population, affiliate aggregation, geographic distribution, response rate, support and opposition, treatment of non-response, and the service consequences for each affected class. Majorities should be tested across more than one dimension so that neither address concentration nor account multiplication can manufacture legitimacy.
Most importantly, holder authorization should attach to the remedy, not merely to a finding that governance has failed. A community can agree that an RIR is non-compliant while preferring supervised rehabilitation over removal. It can accept a temporary operator for certificate issuance while rejecting a permanent regional split. Consent to diagnosis is not consent to institutional replacement.
The authorization record should also survive scrutiny after the decision. A neutral verifier should preserve the eligibility list, corporate-control analysis, authority of each signatory, objections to the denominator, and aggregate result under confidentiality protections. The public need not see every holder's identity or commercially sensitive resource details. It does need enough information to know that support was not inferred from meeting attendance, selected letters, or silence.
If urgency makes a prior count impossible, the decision should state that fact, limit the measure to preservation, and set a near-term point at which the affected population can approve, narrow, or terminate it. This is how emergency necessity can coexist with bottom-up legitimacy rather than quietly replacing it.
“Final authority” left ICANN's identity and limits uncertain
The draft said ICANN would have final authority, but “ICANN” can refer to several things in ordinary discussion: the corporation, its Board, its staff, or the wider multistakeholder community. The principles paper's glossary named the corporation but did not identify the decision organ, evidentiary procedure, standard of proof, or review route.
The ambiguity was not theoretical. The ICANN public-comment summary records requests to clarify whether ICANN meant the organization, Board, or community. It also records concerns about oversight of the NRO EC, impartiality among incumbent RIRs, voting thresholds, consultation with governments in the affected region, independent evaluation, and a mechanism through which an RIR could challenge derecognition.
Giving a final decision to the ICANN Board would at least identify an accountable corporate organ. It would not answer the scope question. The ASO arrangements historically concern advice on address policy and recognition. A new power over the status and service region of an incumbent must be connected to ICANN's mission, bylaws, agreements, and applicable accountability mechanisms. The decision record should show that connection rather than assume it.
Reviewability is equally important. ICANN has reconsideration and independent review mechanisms under its bylaws. Those mechanisms examine ICANN conduct through specified standards; they do not automatically adjudicate every factual, corporate, contractual, or domestic-law dispute inside an RIR. A replacement governance text should say who is entitled to seek review, what action is stayed, what evidence is available, whether a regional community or holder can challenge inaction, and how urgent continuity measures are treated while review proceeds.
There is also a structural problem if ICANN both gathers the case and decides it. A credible system separates at least four functions: receiving allegations, establishing facts, recommending a remedy, and making the status decision. ICANN can support or appoint an independent examiner without becoming prosecutor, expert witness, and final adjudicator at once. Peer registries can contribute technical knowledge without deciding disputed facts about a competitor in private.
“Final authority” is therefore a conclusion, not a governance design. It becomes legitimate only when the route to the decision, the bounds of discretion, and the avenue of challenge are specified.
Incumbent consent can protect stability and entrench incumbency
The 2024 authority principle gave each RIR a consultative role, while the NRO EC's majority controlled origination. Its amendment principle went further: ICP-2 could be changed by agreement of ICANN and all RIRs. Unanimity can prevent one institution from rewriting the rules against another. It can also give every incumbent a constitutional veto.
The double character of incumbent consent appears throughout the proposed system. Existing RIRs have knowledge that no outside body can easily replace. They understand cross-registry operations, IANA allocation interaction, common data formats, transfer coordination, route-security dependencies, and the practical difficulty of moving a service population. Excluding them would be reckless.
But incumbents are not disinterested custodians of market structure. Recognition of a new RIR may require a change in service regions. Derecognition of a peer may cause the others to absorb costs or scrutiny. A stronger anti-capture rule may constrain their own governance. An amendment may expose them to audits or member claims. Their expertise supports participation; their institutional interests require checks.
The danger is greatest where veto power and agenda power combine. If incumbents can prevent a proposal from originating, prevent a candidate from entering, shape the evidence, and veto amendments to the very rules that allocate those powers, the system can become self-entrenching even when each decision looks procedurally regular. Conversely, if ICANN can override them without a clear mandate, centralized power replaces cartel risk with supervisory risk.
The answer is not to choose one center. It is to divide powers by function and conflict. Peer registries should assess technical feasibility and continuity. Resource holders and members should authorize changes that alter the institution serving them. Independent examiners should determine contested compliance facts. ICANN should perform a bounded coordination and final-public-decision role under articulated standards. Domestic courts should retain their lawful jurisdiction over corporate property, records, officers, contracts, and member rights. No institution should be able to turn its own interest into decisive evidence.
The draft's amendment rule needed the same treatment. Foundational changes should require broad agreement, but “all RIRs plus ICANN” is not identical to community consent. Each approving institution should show how its members and holders authorized the change. Consultation without a disclosed decision rule can become ceremonial. Entrenchment is legitimate only when the people burdened by the entrenched rule have a credible route to change it.
Continuity was necessary, but it implied an unnamed operator
The 2024 “Continuity” principle required an RIR to maintain procedures, redundancy, and record sharing sufficient for another RIR to perform its services if necessary. On its face, that was prudent resilience planning. No global registration system should discover during a crisis that all knowledge, credentials, and records are trapped inside one organization.
Yet continuity language contains a latent transfer power. Someone must decide that assistance is necessary. Someone must choose which services move. Someone must select the substitute. Someone must define access to non-public records and security material. Someone must decide when the incumbent resumes service. Those are not merely technical steps.
Record sharing illustrates the stakes. Registration accuracy, contact data, transfer history, billing status, authentication arrangements, reverse-DNS delegations, and route-security services can involve confidential or security-sensitive information. A duty to maintain recoverable copies is different from a permission for a peer or central body to use them. The first supports preparedness. The second changes control. The governance text must define purpose limitation, access conditions, audit trails, data minimization, confidentiality, deletion after return, and liability for misuse.
The continuity principle also did not distinguish failure modes. An RIR can be unable to provide one service while its governance remains lawful. It can face a court order that limits a particular action. It can suffer a cyber incident, staff loss, natural disaster, payment interruption, or contested board appointment. Each condition demands a different scope and duration of support. “If necessary” is not a trigger.
By August 2025, the second RIR Governance Document draft made the implied operator explicit. It proposed emergency continuity when an RIR could not adequately provide some or all services, allowed the other RIRs and ICANN to authorize a temporary operator by unanimous agreement, required publication and community engagement, limited an initial period to ninety days, preserved a right to resume after verified restoration, and required a post-event review. Those protections were improvements. They also confirmed how much institutional power had been compressed into the 2024 continuity sentence.
The constitutional question did not disappear when the details improved. Who authorized the peer registries and ICANN to place another entity in the service path? The answer must be more than “continuity is necessary.” Necessity can justify immediate preservation. Permanent or repeatedly renewed control requires a mandate.
Handoff language assumed control over assets it did not define
The “Handoff” principle said a derecognized RIR must cooperate with ICANN and the other RIRs to transfer operations smoothly to a successor or interim entity named in the derecognition decision. It was the most coercive sentence in the paper.
The word “operations” concealed several categories. Some functions arise from recognition and cross-system coordination. Others are performed through the incumbent's staff, software, contracts, facilities, accounts, intellectual property, databases, and corporate authority. Some records concern resource holders; some concern employees or vendors. Some credentials can be rotated or recreated; others may be governed by security rules or local law. A status decision cannot automatically transfer title to every asset needed for continuity.
The public-comment record captured the enforcement problem. Commenters supported continuity but questioned what would happen if a derecognized registry refused to cooperate. Some proposed authority for ICANN and the peers to take necessary steps; others doubted that such a duty could be enforced without the incumbent's consent. That disagreement was evidence of a missing legal bridge, not a drafting inconvenience.
A sound handoff regime begins before failure. It identifies a minimum continuity estate: verified copies of essential registry data, documented interfaces, emergency contacts, tested recovery capabilities, credential-transition plans, and contractual permissions that can be activated under narrow conditions. Each RIR adopts those obligations through valid corporate and member authority. Resource holders receive notice of what may happen to their information and services. Vendors agree in advance to bounded emergency assistance. Independent tests confirm that continuity is practical without disclosing sensitive material.
At the moment of intervention, the decision should identify each transferred service, legal basis, responsible operator, data category, start time, review date, cost rule, and return condition. It should not use “handoff” as a blanket command. If a domestic court controls assets or corporate officers dispute authority, the global coordination bodies must work through lawful orders and pre-existing agreements rather than pretending the recognition decision displaces local law.
Most of all, a handoff must not become an institutional confiscation. The purpose is continuous service to holders, not punishment of an organization or victory for one faction. Temporary possession should remain temporary unless a separately authorized successor decision is made.
Service-region rules quietly enabled political redesign
The principles paper required every service region to be a large multinational geographic area that did not overlap another RIR's region. Coverage was collective: all RIRs were to ensure that every area continually received services. These rules looked like continuity and anti-fragmentation safeguards. They also defined the constitutional map.
A map can change in at least four ways. A new RIR can be recognized for territory previously served by an incumbent. A derecognized RIR's whole region can be assigned to a successor. A temporary operator can serve the region while its future is decided. Or an existing region can be divided, merged, or reconfigured. The draft did not say who could authorize these outcomes or whether holders in each affected part had to agree.
Geography is not a neutral proxy for community. RIR regions contain many jurisdictions, languages, economies, network markets, and regulatory interests. A continental redesign can advantage one coalition while making service more distant for another. Governments may have legitimate concerns about national infrastructure and public administration; they do not thereby acquire ownership of private holders' service relationships. Large operators may carry much of a region's traffic; they do not alone represent smaller networks. Existing members may dominate governance; non-member holders still depend on records and services.
The original recognition logic offers the right starting point: the proposed service population should broadly support the institution expected to serve it. A modern redesign should strengthen that test. It should require evidence of support in both the departing and receiving arrangements, publish geographical and organizational coverage, prevent affiliates from multiplying influence, and explain the treatment of dissenting subregions.
It should also separate temporary service coverage from permanent regional design. During a failure, another RIR or qualified operator may need to provide a narrow service without acquiring a political claim to the territory. The emergency arrangement should not create a presumption that the temporary provider becomes the successor. Otherwise the institution that controls continuity also gains an advantage in the final constitutional settlement.
The map of RIR responsibility is therefore not an administrative schedule. It determines where communities participate, which corporate law governs the registry, what fee and policy systems apply, and which institution manages crucial records. Redrawing it requires explicit regional authorization.
Audit and anti-capture rules needed an independent bridge
The strongest parts of the 2024 draft were its continuing obligations. An RIR was expected to remain financially independent, not-for-profit, well governed, member-controlled, community-driven, neutral, transparent, auditable, technically reliable, resilient, protected against capture, and committed to ecosystem stability. These are serious standards. They address conditions that entry-era ICP-2 could not fully anticipate.
But compliance principles do not enforce themselves. The draft said audits should be external and independent, yet did not say who appointed or paid the auditor, what records could be demanded, what standard applied, how confidential information would be protected, whether findings could be challenged, or what degree of non-compliance justified which response. An auditor can verify facts; an auditor should not quietly become the source of constitutional authority.
Anti-capture is even harder. Capture can mean domination by management, a board faction, affiliated members, a government, a commercial interest, a litigation strategy, or a coalition that exploits low participation. The concept needs indicators: concentrated voting, undisclosed affiliations, barriers to participation, conflicts of interest, manipulation of membership eligibility, refusal to provide records, misuse of registry powers, or persistent disregard of valid governance outcomes. Without definitions, anti-capture can become a label applied to whichever faction loses institutional favor.
The proper bridge from audit to remedy has several stages. A complaint establishes a credible basis for examination. An independent body gathers facts under published powers. The RIR receives the evidence and a right to respond. Findings distinguish technical failure, governance breach, legal constraint, and contested allegations. A remedial plan identifies measurable cure steps. Only material, persistent, or urgent failures proceed toward exceptional action. The final decision applies a stated proportionality test.
This structure protects both accountability and independence. An incumbent cannot avoid scrutiny by invoking regional autonomy. A peer coalition cannot turn concern into removal without proof. ICANN cannot rely on broad coordinating language to skip fact finding. Resource holders can see which failure affects them and what remedy is proposed.
The April and August 2025 drafts added considerable procedure, including periodic and ad hoc audit concepts, rehabilitation, publication, and more detailed status-change rules. Their development showed that the 2024 paper was not enough. It also showed why the principles should never have been treated as a self-executing grant.
Consultation exposed the mandate gap rather than closing it
ICANN's consultation ran from 8 October to 6 December 2024 and received fourteen submissions. A parallel NRO questionnaire received 298 individual submissions, although the NRO summary said roughly half contained highly similar responses and summarized themes rather than treating the ratings as a referendum.
The comments were useful and diverse. Entities supported accountability, service continuity, remediation, transparency, and anti-capture measures. They also asked who within ICANN would decide, whether incumbent RIRs would become gatekeepers, whether ICANN would gain too much power, how all stakeholders would participate, whether regional governments should be consulted, how a derecognized RIR could challenge the decision, and how a handoff could be enforced.
Those concerns should not be reduced to opposition versus support. They revealed that respondents were answering different constitutional models. Some saw ICANN as an essential neutral counterweight to incumbents. Others saw it as an external center that could undermine regional independence. Some trusted peer registries' expertise. Others feared self-interest. Some emphasized members and resource holders. Others wanted governments and wider community bodies to have a formal role. General approval of “accountability” could not select among those models.
The consultation design reinforced the limitation. Entities rated each principle and could add comments. That is suitable for testing sentiment and identifying concerns. It is not an authorization procedure for transferring institutional power. The eligible population was not defined as the resource holders whose services could move. The result was not weighted or tested for regional coverage. No proposed remedy was presented with its exact legal and operational consequences. There was no requirement that each RIR demonstrate member approval under its own governing rules.
Consultation is indispensable, but it cannot bear a weight it was not designed to carry. It informs constituent decision-making; it does not replace it. A final governance compact should disclose how each RIR obtained authority to bind itself, how resource holders authorized exceptional measures, how ICANN validly accepted its role, and how dissent was treated.
That would turn consultation from a legitimacy symbol into evidence of consent.
The 2025 drafts made the constitutional change unmistakable
The April 2025 RIR Governance Document replaced the principles with a fuller text. It defined derecognition as terminating delegated responsibility for a service region. It allowed any RIR or group of RIRs, or at least twenty-five percent of the affected RIR's members, to submit a removal proposal. The other RIRs, excluding the target, had to recommend removal unanimously before ICANN could make the final decision. ICANN could not initiate a proposal. The document also required rehabilitation before last-resort removal and directed a derecognized registry to transfer services to a successor or interim entity.
The August 2025 revision changed the balance again. It allowed ICANN to originate a derecognition proposal, added a numerical alternative to the member threshold, required the proposal to identify specific alleged breaches, gave the target an opportunity to answer publicly, and created an explicit emergency-continuity article. It also stated that ICANN had no removal power without a proposal approved by the other RIRs.
These were meaningful safeguards. They narrowed allegations, opened the response, prevented unilateral ICANN removal, and acknowledged temporary continuity as distinct from permanent derecognition. Yet the evolving allocation of power demonstrated the original concern. The institutions were not merely filling in details under settled authority. They were deciding whether ICANN could trigger a case, how many members could do so, whether peers possessed a veto, who could appoint an emergency operator, and what service transfer meant.
That is constitutional design. It deserves an authorization procedure of the same seriousness as the rules it creates.
The later drafts also used adoption as a source of commitment: current and future RIRs would accept the governance document, and ICANN and the RIRs would jointly amend it after consulting their communities. This contractual direction may be workable. Its legitimacy depends on valid approval inside each participating institution and on protection for holders whose operational dependence is not reducible to corporate membership. A board signature can bind an organization within its authority. It cannot manufacture community consent where governing documents, member rights, or applicable law require more.
The point is not to freeze the RIR system in 2001. It is to update it through a mandate strong enough to survive the first contested case.
A legitimate mandate needs four separate authorizations
The system should distinguish four decisions that the 2024 principles tended to compress.
The first is authorization to investigate. This can be relatively broad. Members, resource holders, operators, staff whistleblowers, governments, peer RIRs, ICANN bodies, and public-interest entities should be able to submit evidence. A screening threshold can deter harassment without requiring a crisis-sized coalition merely to establish facts.
The second is authorization to impose temporary continuity measures. This should depend on objective service conditions: inability to perform a defined function, imminent risk to record integrity, or a verified security or operational failure. The measure should be confined to affected services, time-limited, independently monitored, and reversible. Consultation should occur in advance where possible and immediately afterward where not.
The third is authorization to derecognize. This requires a proven material and persistent failure, exhaustion or demonstrated futility of cure, a public proportionality assessment, independent findings, a right to answer, and review. Resource holders and members should have a decisive role because the remedy changes their institutional service relationship. Peer and ICANN approval can protect global coordination, but neither should substitute for regional authorization.
The fourth is authorization for the permanent successor or regional redesign. It is not automatically included in removal. A successor must independently satisfy capability, independence, governance, and support requirements. If boundaries change, affected holders in each resulting region should be counted and consulted under published rules. Temporary operation must not create a preferred claimant.
These authorizations can use different thresholds. Investigation should be accessible. Emergency measures should be fast but narrow. Derecognition should be difficult but possible. Permanent redesign should require the strongest evidence of durable support. The mistake is to seek one magic majority for all four.
The decision architecture should also recognize inaction. If peers refuse to investigate a credible failure, affected holders need a route to independent review. If ICANN declines a properly approved removal proposal, it should publish reasons that can be challenged under applicable accountability mechanisms. If an emergency operator exceeds scope, the affected RIR and holders need immediate relief. Reviewability must constrain refusal as well as intervention.
The test is whether power remains borrowed and bounded
RIR coordination works because institutions and network operators accept common records, policies, and roles. That acceptance is durable when power is visibly borrowed from the communities it affects and bounded by the purpose for which it was given. It becomes fragile when coordination bodies treat practical necessity as a source of inherent authority.
The 2024 principles paper identified genuine needs. The registry system requires continuing standards, independent evidence, resilience, anti-capture protection, remediation, and a last-resort response to failure. Refusing to design those tools would protect incumbency at the expense of holders. But designing them carelessly could create a supervisory order more centralized and less accountable than the failure it seeks to cure.
A defensible final compact would therefore contain an authority recital. It would identify the agreements, corporate approvals, member decisions, and community authorizations through which each entity accepts the new regime. It would reserve domestic legal questions to competent courts while requiring the parties to maintain advance continuity arrangements. It would define narrow triggers, publish evidence, separate investigators from decision-makers, protect confidential information, require cure where feasible, and provide independent review.
It would also state a non-aggrandizement principle: nothing in the governance text gives ICANN, the NRO, or an incumbent RIR general power over regional registry affairs beyond the specific functions necessary for recognition, verified compliance, temporary continuity, and properly authorized status change. Emergency operation would confer no claim to succession. Audit would confer no management right. Peer consultation would confer no right to veto holder-authorized reform for self-interested reasons. ICANN coordination would not displace corporate law or court authority.
Finally, it would make resource-holder authorization visible. Not every holder must agree, and urgent service preservation cannot always wait. But the permanent exercise of exceptional power should rest on a disclosed constituency, a fair denominator, geographic and affiliate safeguards, and an opportunity to challenge the count and the proposed remedy.
The hidden constitution should become an explicit compact. If the RIR system is to acquire an exit power it did not previously articulate, the grant must be clear enough that no incumbent, recognizer, government, or emergency operator can mistake stewardship for ownership. Accountability is legitimate when the institutions capable of intervention can also be called to account by the people whose networks depend on the result.

