Summary
- The NRO Executive Council is a five-region executive body appointed through the RIRs. It acts by consensus, represents the NRO externally, approves resources and costs, refers global policy material, sponsors joint work and carries several ICANN-facing roles.
- That coordination layer is necessary because registry services, IANA accountability, RPKI consistency, ICP-2 review, global policy referrals and emergency continuity cannot be handled by isolated public meetings alone.
- The risk is not coordination itself. The risk is that CEO-layer decisions can influence public policy, spending, technical defaults and conflict handling before the community sees enough detail. The remedy is a visible record of agenda, authority, cost, conflict, community touchpoint, decision and follow-up.
The executive layer is small by design
The Number Resource Organization was created because the Regional Internet Registries needed a way to act collectively without merging into one global registry. The NRO history page records that APNIC, ARIN, LACNIC and the RIPE NCC entered into the NRO Memorandum of Understanding on 24 October 2003, and that AFRINIC later signed after becoming the fifth RIR. The NRO about page describes the organization as a coordinating body for the world's RIRs, with a mission that includes providing and promoting a coordinated Internet number registry system, serving as an authoritative voice for the multistakeholder model and bottom-up policy process, and coordinating joint activities of the RIRs.
That mission requires a body that can speak for the RIR system when five separate institutions need one response. The NRO Executive Council page says the EC consists of one person from each RIR, appointed by each RIR board, and that it acts only by consensus from all five regions. It also says the chair, vice chair and treasurer roles rotate annually, and that the EC holds monthly teleconferences as well as ad hoc face-to-face meetings. This is not a mass forum. It is a small executive coordination layer.
Smallness has value. If an IANA service issue emerges, five CEOs or chief executives can compare consequences quickly. If a global policy file needs referral, they can confirm whether the RIRs have aligned. If an ICANN accountability power is being considered, the EC can decide whether the ASO should act through the Empowered Community. If RPKI consistency requires funding and technical direction across five registries, the EC can sponsor and prioritize a joint program.
But smallness also concentrates agenda power. A body of five executives can decide what deserves joint attention before a public community sees the problem framed. It can classify a matter as operational, legal, financial, policy-related, technical or reputational. It can decide whether the subject needs a public consultation, a joint statement, an internal coordination call, a cost allocation, a legal review or no action. Those labels shape later debate.
The question is not whether the EC should exist. It should. The Internet number system needs cross-registry coordination. The question is whether the public record around EC action is rich enough to let the community distinguish necessary operational coordination from policy influence. A closed coordination layer is legitimate when it protects speed, confidentiality and continuity without hiding the decision path. It becomes suspect when its influence appears only after public options have already narrowed.
The EC therefore needs a record standard matched to its role. Minutes alone are not enough if they list topics without showing authority, cost, conflict and next step. Public debate alone is not enough if the material choices were made before the debate. The executive layer must be visible where it changes the field.
The MoU gives the EC more than meeting authority
The NRO Memorandum of Understanding is not a ceremonial document. It gives the EC defined powers that matter for policy and operations. Section 6 says the NRO EC represents the NRO and its suborganizations in all matters. It says the EC is the sole body empowered to represent the NRO, its components and the RIR community in interactions with external organizations, including national, international or public sector entities as needed.
It says the EC can represent the RIRs on issues specifically delegated by the RIRs to the NRO and can commit RIR resources in support of NRO activities when unanimous agreement has been reached and resources have been or will be made available.
That language gives the EC a central interface role. When governments, ICANN, standards bodies, intergovernmental forums or other Internet coordination bodies engage the RIR system collectively, the EC is the recognized mouth. The EC can also approve spending and resource commitments for joint work. These are not merely administrative acts. External representation and resource commitment can affect which issues are elevated, which positions become system positions, and which technical or accountability projects receive support.
The MoU also says the EC shall ratify or reject proposed global IP number resource policies, with decisions based on open and transparent procedures ratified by the regional address policy fora. That clause must be read carefully. The EC should not be a private substitute for the five regional policy communities. But it is plainly part of the path by which a proposed global policy is handled. If it concludes that a proposal is not ready because regional procedures were not followed or common text is lacking, the proposal may not advance.
The same document gives the NRO Number Council an advisory role to the EC. The NC is responsible for advice concerning ratification of proposed global IP number resource allocation policies and for consultation with external entities on proposed policies. The EC is therefore not alone in policy work, but it remains the executive point that receives advice, represents the organization and commits resources.
Financial authority is equally consequential. Section 13 says NRO expenses must be approved in advance solely by unanimous EC authorization and borne equally by RIR signatories unless another described arrangement applies. It also addresses contributions for legal claims arising from NRO activity and liability insurance after incorporation. Costs shape governance. If a joint activity is funded, it can proceed. If it is not funded, the community may never see the same option set.
This is why EC records should identify authority basis. Was a decision made under external representation authority, resource commitment authority, global policy handling authority, technical activity authority, financial authority or ICANN accountability participation? Each basis has different implications. A cost approval for a joint technical project is not the same as a policy referral. A public-sector statement is not the same as an RPKI product decision. A legal cost decision is not the same as a community consultation.
Without authority labels, the EC can appear as one general coordination body even when it is exercising distinct powers. A mature record should show which power was used and what boundary applied.
Consensus is a restraint and a veto
The EC acts only by consensus from all five RIR regions. That rule is a strong restraint. No single RIR executive can bind the rest of the system. No majority can use the NRO to force a reluctant region into an external position. For a body that represents separate regional institutions, unanimity is a reasonable guardrail.
The same rule also creates veto power. If one EC member entities, the EC cannot act as a five-region system voice. That may be exactly right where an action would commit resources, represent the RIR community or affect a global policy referral. But a veto that leaves no explanation can be hard to distinguish from delay, conflict avoidance or institutional self-protection.
Consensus also changes public accountability. In a regional policy forum, dissent may be visible in mailing lists, public meetings and final calls. In the EC, disagreement may appear only as a decision not taken, a topic deferred, or a mild note that discussion will continue. That may be appropriate for personnel, litigation, security or procurement matters. It is less appropriate when the decision shapes public policy options or system-wide services.
The record does not need to expose every sentence of executive debate. It should expose the accountable result. If consensus was reached, what action was approved? If consensus was not reached, what was the scope of disagreement? Was the disagreement over authority, cost, legal risk, technical readiness, regional community mandate, conflict of interest or timing? Did the EC send the matter to the ASO AC, to the RIR communities, to a staff group, to a public consultation or back to one registry?
A consensus body also needs recusal discipline. The MoU's advisory appeals section contemplates recusal procedures for panel representatives, but EC-level public records should also make conflict handling visible where decisions touch legal claims, vendor relationships, registry crises, policy disputes or cost allocations. RIR executives bring knowledge from their home institutions. They also bring institutional incentives. Both facts are unavoidable. The safeguard is disclosure and boundary setting, not pretending executives have no interests.
For example, if a joint legal strategy affects one RIR more than the others, the EC should say how the affected registry participated and how shared costs were justified. If a technical program benefits some RIR portals more than others, the record should show the funding rationale. If a public statement concerns a dispute involving one member registry, the record should show whether the statement is about system continuity, local corporate governance, member rights or service risk.
Consensus should not become a black box. It should be a high threshold with a traceable reason. The community does not need gossip. It needs to know when one region's risk assessment changed the collective position.
Published minutes are necessary but not sufficient
The NRO publishes EC meeting minutes. The NRO EC Meeting Minutes page states that the EC holds monthly teleconferences and ad hoc face-to-face meetings throughout the year, and that minutes are published. The index lists recent minutes from 2024, 2025 and 2026. That publication practice matters. It prevents the EC from being wholly invisible.
But publication is only the beginning of transparency. A minute can be public and still too thin to support accountability. If it records that a topic was discussed but does not show the decision, authority, cost, community touchpoint or follow-up, it tells the reader that a meeting occurred rather than what power did. Thin minutes can be especially hard to interpret when the EC is handling matters that sit between operations and policy.
The required level of detail should vary by subject. Security-sensitive RPKI work may require redaction of operational specifics. Litigation matters may require privileged handling. Personnel or procurement negotiations may require confidentiality. But even sensitive items can have public metadata: topic category, reason for confidentiality, decision type, next public milestone, cost band where feasible, and whether community consultation will occur before implementation.
For non-sensitive items, the record should be stronger. If the EC approves an NRO activity, the minute should say what authority was used, who executes, what output is expected and when the community will see it. If the EC discusses a policy-adjacent issue, the minute should distinguish whether the EC is merely monitoring, preparing a joint submission, advising the ASO AC, seeking regional input or making an executive decision. If the EC approves spending, the minute should identify the cost principle, such as equal sharing or another agreed method.
The current publication index also raises a timing question. Minutes that appear months after meetings may still be useful, but delayed publication weakens operational accountability when decisions move quickly. A routine lag can be acceptable if publication dates and approval status are clear. A long lag needs a reason. The public should know whether minutes are delayed by approval, redaction, translation, legal review or administrative backlog.
The EC should therefore publish a minute standard. It can specify which items must be recorded, which can be redacted, which require cost disclosure, which require conflict disclosure and which require follow-up status. It can also distinguish draft minutes, approved minutes and confidential annexes whose existence can be acknowledged without revealing protected content.
Transparency does not mean that every executive conversation must be public in real time. It means that the exercise of authority leaves enough trace for the governed community to understand what happened. Minutes are a tool. The standard behind them is the real accountability mechanism.
Operational coordination is real
The case for a closed coordination layer is strongest in operations. The RIR system provides globally relied upon services: number registration, allocation records, public directory services, reverse DNS, RPKI support, statistics, IANA interaction, and continuity across regional boundaries. Many of these services require coordination even when policy authority remains regional. If a problem crosses registries, waiting for five separate public cycles may not be practical.
The NRO's accountability page gives one example through IANA numbering services. During the IANA stewardship transition, the Internet Number Community proposal called for an IANA Numbering Services Review Committee. The page says that the IANA RC is composed of community representatives from each RIR region and advises and assists the NRO EC in periodic review of the service level that PTI/IANA Numbering Services provides to the Internet Number Community. That design places the EC in an operational accountability role, supported by community representatives.
RPKI coordination provides another example. The NRO RPKI Program page says the program was created to provide a more consistent, uniformly secure, resilient and reliable RPKI service and to remove barriers faced by operators who create RPKI objects through multiple RIRs. It identifies the NRO EC as executive sponsor, with strategic goal prioritization, approval and funding responsibilities. It also identifies a program manager, a steering group of RIR experts and subject matter experts.
These are exactly the kinds of problems where executive coordination has value. RPKI users may hold resources across multiple regions. Operators want consistent terminology, features and trust-anchor behavior. IANA service review requires a single interface with PTI. A system-wide security concern cannot always wait for each region to reinvent the same response. The EC can coordinate funding, set priorities and ensure that each RIR's operational reality is part of the plan.
The risk is that operational coordination can set policy defaults. RPKI service consistency can affect which user choices appear normal. Trust anchor configuration work can affect how operators think about centralization and resilience. IANA service review can define what counts as acceptable performance. A joint statement can shape public expectations before a policy forum opens. None of this makes the work improper. It means the record must show where operations end and policy begins.
For operational matters, the EC should publish a boundary statement. It should say whether a decision changes service features, funding, documentation, security posture, user experience, community consultation, or formal policy. If a decision is operational only, it should explain why no policy change is needed. If community input is planned, it should identify the channel. If the operational choice may later require regional or global policy, the record should flag that dependency.
Operational coordination should be defended honestly. The RIR system needs it. But the stronger the operational need, the more disciplined the record should be, because operational necessity can otherwise become the easiest way to narrow public choice.
Technical programs can become governance programs
The RPKI Program is a useful stress test because it sits at the boundary of engineering and governance. On its face, it is about reliable, secure and consistent routing-security support. The NRO page describes goals such as better measuring robustness, improving transparency and security, addressing trust-anchor configuration concerns, standardizing terminology, aligning recommended practices, analyzing gaps in RIR user interfaces and producing a roadmap for core features.
Those are technical and service goals. They also have governance effects. If the five RIRs move toward a common feature set, they reduce regional variation. That may help operators and improve security. It may also shift local decision-making toward a shared baseline. If trust anchor configuration is changed or clarified, the result can affect perceptions of central dependency. If recommended practices are aligned, a regional community may find that the operational default has already been shaped by cross-registry coordination.
The EC's role as executive sponsor is therefore consequential. Strategic goal prioritization, approval and funding are not neutral clerical functions. They decide which technical problems receive joint attention, which timeline is feasible, which community concerns are elevated and which tradeoffs are presented as implementation details.
This does not mean every RPKI feature requires a global policy. It does mean that technical program governance should expose its mandate. The EC should state what is within program scope, what remains with each RIR, what requires public consultation, what requires regional policy, and what would require a global policy. A clear mandate protects the program from overreach allegations and protects the community from discovering late that a technical baseline has become hard to contest.
The same principle applies beyond RPKI. Joint statistics, measurement projects, service-level reviews, emergency continuity planning, data quality efforts and public-sector engagement can all become governance programs when they define system norms. A program can begin as coordination and end by shaping the range of accepted policy options.
The public record should therefore contain program charters, decision logs and community touchpoints. A charter should identify sponsor, budget source, authority, objectives, exclusions, deliverables and review dates. A decision log should show material choices without exposing sensitive operational details. Community touchpoints should show where operators, members and affected users can challenge assumptions before the program hardens.
Technical excellence and governance accountability are not enemies. In the RIR system, they reinforce each other. Operators are more likely to trust a shared technical program when they can see who funded it, who set its goals, how conflicts were handled, where feedback enters and what remains open for policy debate.
Global policy referral is policy influence
The EC's role in global policy is not identical to its role in technical programs, but the same visibility problem appears. The NRO global policy page says that when consensus and similar policy language exist in all five RIRs, each RIR version is merged into one policy statement through the NRO Number Council, which serves as the ASO AC. An identical version must then be ratified by each RIR community. The NRO EC then refers the coordinated proposal to the ASO AC, and the ASO AC reviews the ratification process under the ASO MoU before sending it to the ICANN Board.
That referral sounds procedural. It is still policy influence because referral decides whether a regional consensus product enters the ICANN Board stage. If the EC delays referral, asks for more reconciliation, identifies missing regional steps, or concludes that the proposal is not ready, the public policy path changes. A referral gate can protect the integrity of the process. It can also obscure responsibility if the reason is not recorded.
The EC should publish a referral memo for every global policy file. It should state that identical text exists, list the regional adoption acts, note any unresolved process objections, identify the advice received from the Number Council or ASO AC, and state the EC decision. If the EC does not refer, the memo should explain why and what must happen next. If the EC refers with reservations, the reservations should be visible.
This is especially necessary because the EC and ASO AC have different legitimacy sources. The EC is appointed through RIR boards and consists of executive leadership. The ASO AC/NRO NC has a policy-community representative structure, with members from each RIR region. The EC should not absorb the AC's process-review role. The AC should not absorb the EC's executive coordination role. A referral memo helps keep the roles separate.
The policy influence problem is not limited to formal global policies. The EC can influence policy indirectly by framing issues before they reach the public. If it commissions a study, issues a joint statement, funds a program, creates a consultation, or asks another body to start work, it can define the starting point. Public forums may still debate, but the agenda arrives pre-shaped.
That influence can be beneficial. Executive coordination can bring evidence, cost data and cross-regional context that public forums need. It can prevent five communities from debating with inconsistent facts. It can surface operational risks early. The risk is only that the shaping remains invisible.
The right standard is simple: when EC action changes the policy environment, publish the change. Name the question, the reason for EC involvement, the authority used, the materials considered, the public step that follows and the limits on EC influence. Then the community can decide whether the executive layer helped or overreached.
ICANN-facing roles widen the EC's reach
The EC is not only an internal RIR coordination body. It also has ICANN-facing roles. The NRO EC page says the current NRO Chair acts as Chair of the ASO. It also says the current NRO Secretary acts as the Empowered Community Administration Representative within ICANN's Empowered Community structure and acts only by consensus of all five EC members. The NRO ASO and ICANN accountability page explains that the ICANN Empowered Community allows Supporting Organizations and Advisory Committees to organize under California law to enforce community powers and hold ICANN accountable, and that the ASO and the NRO participate as an ICANN Supporting Organization.
These roles are significant because they give the EC a channel into ICANN accountability mechanics. ICANN's Empowered Community powers are not ordinary commentary. They can affect approval, rejection and enforcement of certain ICANN actions under ICANN's accountability structure. If the ASO participates through an EC consensus mechanism, then the five-person executive layer can become decisive in whether the numbers community uses, supports or declines an ICANN accountability power.
That may be appropriate. The RIR system needs a clear representative for legal notices and decisional entity actions. But the record must be clear because the body acting in ICANN accountability is not simply a public policy mailing list. It is the EC acting through defined roles and consensus.
Every ICANN-facing EC action should therefore identify the community basis. Was the action required by ICANN bylaws timing? Was it a procedural notice? Did it involve a substantive position? Were RIR communities consulted? Was the ASO AC consulted? Did all five EC members agree? Was there any regional objection? What public materials explain the decision?
The need is especially acute when ICANN action is time-bound. The Empowered Community can operate under tight periods. Executive speed may be necessary. But speed should be paired with after-action explanation. If prior consultation is impossible, the EC can publish a record afterward explaining the authority, timing, evidence and rationale.
ICANN-facing roles also create conflict potential. ICANN Board issues may affect RIR interests, ASO responsibilities, IANA numbering services, budget commitments or accountability reviews. The EC may need to represent the RIR community while also protecting institutional relationships with ICANN. A visible record helps show whether the EC acted as a community representative, institutional negotiator, service reviewer or legal entity.
The EC's reach is therefore wider than its size suggests. It sits at the intersection of RIR operations, ASO representation, ICANN accountability, IANA service review and global policy referral. A body at that intersection should not be judged by whether it publishes any minutes. It should be judged by whether its records allow outsiders to follow the authority path.
Costs are policy signals
Cost decisions deserve more attention. The NRO MoU says expenses must be approved in advance by unanimous EC authorization and borne equally by the RIR signatories unless another arrangement applies. It also allows for specific authorization of contributions for legal claims arising from authorized NRO activity. These clauses recognize that collective action costs money and that funding choices must be agreed.
In governance, cost is never merely bookkeeping. Funding a joint program signals that the subject is system-wide. Refusing funding can keep a subject regional. Equal cost sharing may be simple but can distribute burdens differently relative to registry size, budget or benefit. A special cost arrangement may be fairer but more politically sensitive. Legal cost sharing can suggest that a dispute is being treated as a collective NRO matter rather than a local RIR matter.
For public accountability, the EC should publish cost principles for major decisions. It need not expose confidential vendor bids or privileged legal budgets. It can state whether the cost is equal-share, per-capita, service-based, region-specific, grant-funded or otherwise allocated. It can identify whether the decision creates recurring obligations, one-time project spending, staff secondment, legal exposure or contingency funding. It can say when a public report will follow.
Cost transparency is also a conflict-control tool. If one RIR benefits more from a joint activity, equal sharing may still be justified because system resilience benefits all regions. But the reasoning should be visible. If one RIR is in crisis and the others fund support, the record should explain whether the support protects registry continuity, member services, legal defense, emergency operations or policy coordination. The difference matters.
The Joint RIR Stability Fund, referenced on the NRO accountability page, shows that the RIR system recognizes collective continuity support as a governance matter. A fund or shared cost mechanism can be valuable. It can also raise questions about moral hazard, control rights, conditions, transparency and exit. Those questions do not require hostility. They require clear records.
Cost records also help policy communities debate realistic options. A community may favor a technical standard, but if implementation requires joint tooling across five registries, the EC's cost estimate matters. A community may favor a transparency measure, but if it requires legal review in multiple jurisdictions, cost and timing matter. Executive cost data should be brought into public debate early enough to inform choices, not late enough to close them.
The simplest rule is that any EC cost decision with policy, service or accountability consequences should include a public cost note. The note can be concise. It should identify purpose, authority, allocation principle, expected duration, confidentiality limits and review point. Without such notes, spending becomes a hidden way to define priorities.
Conflicts are structural, not scandalous
The EC is made of executives from the RIR system. That is its strength and its conflict risk. Executives understand service operations, budgets, legal exposure, staffing, security and member pressure. They also have duties to their own institutions. A CEO or director cannot become a disembodied global trustee merely by joining a five-person council. The governance design should assume mixed incentives and manage them openly.
Conflicts can be direct. A decision may concern a legal claim involving one RIR. It may involve a joint statement about a crisis at one registry. It may allocate costs for a project that benefits one region more immediately. It may involve a vendor already serving a particular registry. It may concern an RIR's internal governance, member rights, receiver status, election dispute or service failure. In such cases, the affected executive's participation should be recorded with care.
Conflicts can also be indirect. A policy position may favor one regional economic condition. A technical baseline may align with one RIR's existing implementation. A cost model may be easier for larger registries. A public-sector engagement position may fit one jurisdiction better than another. These are not accusations. They are normal consequences of a regionalized global system.
The EC should therefore use a public conflict matrix for material decisions. The matrix need not include private detail. It can identify whether any member registry has a direct operational, financial, legal or reputational stake; whether the stake was disclosed; whether any recusal or limitation occurred; whether independent input was sought; and how the decision protects the broader RIR system rather than the affected institution alone.
This matters most when the EC speaks about accountability. A council of registry executives can credibly defend the bottom-up policy model. It can also sound like the institutions defending themselves if the record lacks independent checks. Community representatives, ASO AC input, IANA RC input, public consultation and independent review can help separate system interest from institutional self-interest.
Conflict management also protects the executives. In a small ecosystem, almost every significant actor has relationships with the others. A rigid rule that treats all connection as disqualifying would paralyze the EC. A transparent rule that identifies material conflicts and shows how they were handled lets the council keep working without pretending neutrality is automatic.
The standard should be proportional. Routine coordination does not need a lengthy conflict statement. Major decisions involving cost, legal exposure, public accountability, registry crisis, technical baseline or global policy referral do. The more the decision can alter public options, the more visible conflict handling should be.
The goal is not purity. It is traceability. The community needs to know whether an EC decision was made for the system, for one institution, or for a defensible combination of both.
What can remain closed
Not every EC discussion should be public in detail. A serious transparency standard must identify legitimate confidentiality. Security-sensitive RPKI incident handling, credential protection, vendor negotiations, personnel matters, privileged legal advice, litigation strategy, sensitive member data, procurement bids and emergency continuity drills may require closed discussion. Publishing too much can harm the very registry stability the EC is supposed to protect.
The point is to avoid using confidentiality as a general category. A closed item should have a public wrapper. The wrapper can state the subject category, authority basis, reason for confidentiality, decision type and next public milestone.
For example, a security item can be described as "RPKI resilience matter, operational security details withheld, EC approved consultation milestone for public release in a defined quarter." A legal item can be described as "collective legal exposure review, privileged detail withheld, no policy position adopted." A procurement item can be described as "joint service contract review, vendor detail withheld, cost principle to be reported after award."
This wrapper approach lets the EC protect sensitive information while still leaving an accountability trace. It also helps the public distinguish secrecy from privacy. A confidential annex can exist without making the entire decision invisible. A redacted minute can identify what kind of decision was made without exposing protected material.
The EC should also use sunset review for confidentiality. Some information is sensitive only while a contract is under negotiation, an incident is unresolved or litigation is active. After the risk passes, more detail may be publishable. A record standard should require the EC to revisit withheld items periodically and release additional detail when safe. This is common discipline in other governance settings and would fit the RIR system's accountability needs.
Closed coordination should also be paired with public consultation when the closed item changes public service. If the EC develops a technical proposal in closed meetings for good security reasons, the service impact should still be exposed before irreversible adoption where possible. If an emergency action must occur first, the EC should explain afterward and invite review.
The community should not demand theater in place of governance. Executive bodies need space to think, negotiate and protect systems. But the EC should not demand trust without records. The legitimacy of closed coordination comes from proving that closure was limited, justified and temporary where possible.
The useful formula is simple: protect details, publish authority. Protect sensitive facts, publish decision category. Protect live risk, publish review timing. Protect legal privilege, publish public consequence. That formula lets the EC remain operational without becoming opaque.
What records should be visible
A credible EC record standard would have ten recurring fields for material decisions. First, subject: what problem is being handled, in plain language. Second, authority: which MoU, ASO, ICANN or NRO role is being used. Third, status: monitoring, discussion, decision, referral, approval, rejection, deferral or closed session. Fourth, rationale: why the EC is the right body rather than a regional forum, the ASO AC, a staff group or ICANN alone.
Fifth, policy proximity: whether the decision affects public policy options, service implementation, technical defaults, cost allocation, legal posture, accountability powers or external representation. Sixth, cost: whether money, staff, vendor work, travel, legal support or recurring obligations are committed, and under what cost principle. Seventh, conflict: whether any RIR has a direct stake and how that was handled. Eighth, community touchpoint: whether regional communities, the ASO AC, the IANA RC, operator groups or public consultation are involved. Ninth, confidentiality: what is withheld and why.
Tenth, follow-up: what happens next and when the public can see the result.
These fields can be compact. They do not require essays for every teleconference. They require structured minutes for decisions that matter. A short entry can do the work: "Approved funding for joint RPKI documentation gap analysis; authority: technical activity and resource commitment; cost: equal shared staff and contractor budget within approved envelope; policy proximity: service consistency, no regional policy change; community touchpoint: public consultation on outputs; conflict: none disclosed; follow-up: draft report by date." That is enough to make the act legible.
For global policy referrals, the record should be even stricter. It should include the regional adoption map, common text confirmation, advice received, EC decision, and any unresolved concerns. For ICANN Empowered Community actions, it should include time window, consensus confirmation, ASO AC or community input where available, and the legal or governance consequence. For registry crisis support, it should include continuity purpose, affected services, cost principle, conflict handling and safeguards against institutional capture.
The EC could publish these fields as an annex to minutes rather than in narrative form. Structured records are easier to search, compare and audit. They also reduce the burden on the secretariat because the same template can be reused.
The standard should apply prospectively and should not be used to invalidate older decisions. The aim is better future traceability. Once the community can compare EC decisions across time, patterns will become visible: which topics recur, how costs are allocated, how often confidentiality is used, how policy-adjacent items move to public forums, and how quickly follow-up occurs.
The EC already publishes minutes. The next step is not radical disclosure. It is making published minutes decision-grade.
Public policy should not inherit invisible assumptions
The most serious risk in a closed coordination layer is that public policy later inherits assumptions that were never openly tested. By the time a proposal reaches a regional forum, the problem may already be framed. By the time a consultation opens, the cost model may already be assumed. By the time the ASO AC reviews a global proposal, the executive view of feasibility may already have narrowed the options. By the time ICANN hears from the numbers community, the EC may already have coordinated a position.
Some prior framing is unavoidable. Institutions do not enter public debate with empty minds. Staff and executives gather evidence, compare operations and identify risks. The governance challenge is to expose the assumptions before they become irreversible. If the EC believes a policy option is operationally infeasible, it should say why and invite challenge. If it believes a cost model is unsustainable, it should publish enough for the community to test the conclusion. If it believes a technical baseline is safer, it should distinguish evidence from preference.
Public policy is weakened when it receives only polished options. A regional community cannot properly deliberate if the EC has already ruled out alternatives without showing the record. Operators cannot assess RPKI tradeoffs if trust-anchor or feature decisions are treated as mere implementation. Members cannot assess accountability proposals if legal risk is invoked without a bounded explanation. ICANN cannot assess ASO positions if the numbers community's internal path is unclear.
The remedy is assumption disclosure. Before a policy-adjacent EC position moves into public debate, the EC should publish the assumptions it used: service risk, cost, legal constraint, security constraint, inter-RIR dependency, timeline, staffing and community mandate. The assumptions should be challengeable. If they remain valid, public debate improves. If they are wrong, the community catches the error earlier.
This is especially useful for issues that combine technology and governance. RPKI consistency, IANA service levels, ICP-2 revision, emergency continuity, public registry accuracy and global policy referral all contain hidden assumptions about risk and authority. Surfacing those assumptions makes the public process more honest.
The EC should not fear this. A strong executive layer can defend its assumptions. A weak one relies on them staying invisible. The RIR system needs the former.
The best defense of the EC is a better record
Critics of closed coordination often ask for less executive influence. That is not realistic and may not be desirable. The RIR system needs executives who can coordinate quickly, fund joint work, speak to ICANN, handle IANA service accountability, sponsor technical programs and respond to crises. Removing the EC's practical role would not create more democracy by itself. It might simply move coordination into less accountable staff calls, bilateral relationships or emergency improvisation.
The better answer is record discipline. A visible EC record would make coordination safer. It would show when the EC is acting under the MoU, when it is carrying an ASO role, when it is approving cost, when it is sponsoring technical work, when it is handling confidential risk and when it is sending a matter back to public communities. It would let observers see the difference between operational necessity and policy preference.
This would also strengthen the public policy process. Regional forums would receive better context. The ASO AC would receive clearer referral files. ICANN would see a more defensible numbers-community record. Operators would know where to send objections. Members would see whether their registry's executive used a consensus position or held one back. Courts and governments would see that the RIR system can coordinate without becoming unaccountable.
The EC's own legitimacy would improve. A small body acting by consensus can look closed even when it behaves responsibly. A structured record changes that perception. It says: here is the authority, here is the decision, here is the cost principle, here is the conflict handling, here is what remains confidential, here is where the community enters, and here is when the result will be reviewed.
That is also a protection against over-personalization. The issue is not whether a particular chair, CEO or director is trustworthy. The issue is whether the office leaves accountable records. Good institutions do not depend on personal trust alone. They create habits that make trust checkable.
The NRO EC sits in a rare position: close enough to operations to understand risk, close enough to ICANN to affect global accountability, close enough to RIR boards to commit resources, and close enough to public policy to shape the agenda. That position is valuable. It is also why the record standard should be higher than ordinary meeting notes.
Closed coordination is legitimate when closure is bounded by traceable authority. The EC should keep the operational speed that the RIR system needs. It should also publish enough to show how that speed was used.
Coordination should not become institutional immunity
The final boundary is accountability. Because the EC coordinates the RIRs, it can easily be tempted to defend the RIR system as a class. Sometimes that is proper. The RIR system is a critical part of global Internet infrastructure, and it deserves defense against misunderstanding, political overreach and demands that would fragment unique number registration. But system defense can slide into institutional immunity if every external concern is treated as a threat and every internal weakness is handled privately.
The NRO accountability page recognizes multiple layers: operational accountability through the IANA RC, ASO and ICANN accountability through the Empowered Community and reviews, and RIR accountability through member-elected boards, local law and the Joint RIR Stability Fund. That layered model is healthier than a single defensive wall. It acknowledges that the RIRs are accountable in different ways to different communities.
The EC should reinforce that layered model. When a concern is operational, involve operational review. When it is ICANN-facing, use the ASO accountability route. When it is regional governance, point to the relevant RIR mechanism while explaining system-wide continuity effects. When it is a global policy matter, use the RIR, ASO AC, NRO EC and ICANN Board path. When it is a technical consistency matter, use a program with public feedback and clear mandate limits.
The danger is using "coordination" as a universal answer. A dispute about member rights should not disappear into an EC statement about system stability. A technical program should not bypass policy communities by calling every design choice implementation. A cost-sharing decision should not be hidden behind collective interest. A conflict involving one RIR should not be absorbed into the NRO voice without safeguards.
The EC can avoid this by publishing routing decisions. For each material issue, the record should say where the issue belongs and why. Does it belong to a regional board, a public policy forum, the ASO AC, the IANA RC, ICANN accountability, a technical program, a legal process or the EC itself? If the EC keeps the issue, what is the authority? If it sends the issue elsewhere, what record follows?
This routing discipline would prevent both overreach and evasion. It would stop the EC from taking matters that belong in public policy. It would also stop institutions from hiding behind public policy when an executive operational decision is actually needed. Accountability improves when the forum is correct.
The EC's future credibility will depend on this distinction. The public does not need an executive council that is powerless. It needs one that can prove the limits of its power.
The closed layer must be auditable from the outside
A closed coordination layer can be legitimate only if outsiders can audit its public consequences. That does not mean outsiders receive every confidential detail. It means they can reconstruct the path from issue to authority to decision to follow-up. If they cannot, then the EC's closed work may be efficient but not accountable.
The audit should be simple. What issue entered the EC? Why did it enter there? Which authority did the EC use? Was consensus required and reached? Were costs approved? Were conflicts disclosed? Was any public body consulted? What was withheld and why? What changed for RIR services, policy options, ICANN accountability or technical programs? What happens next? When will the public know whether the decision worked?
If those questions can be answered from public records, the EC can coordinate robustly while preserving trust. If they cannot, the public is left with faith in a five-person room. Faith is not enough for a system that controls the coordination layer for globally unique number resources.
The EC should therefore treat every material decision as a future audit file. The file can be short. It can be redacted. It can be linked to minutes, program pages, consultation pages, cost notes and follow-up reports. But it should exist. The purpose is not to burden the EC with paperwork for its own sake. The purpose is to make high-consequence coordination reviewable after the fact.
This audit logic aligns with the RIR model. The RIRs often defend bottom-up policy, community accountability and operational transparency. The EC should embody those values when it acts above the regional layer. If the public policy model is worth defending, the executive coordination layer should show how it supports that model rather than substitutes for it.
The NRO EC's closed coordination is not a scandal. It is a structural necessity. But necessity is not a blank cheque. The more necessary the closed layer becomes, the more visible its public edges must be. The council should be judged not by whether it avoids influence, because it cannot, but by whether its influence is bounded, recorded and open to challenge where public consequences follow.
That is the standard for the next phase of RIR governance. Coordinate fast when the system needs speed. Protect sensitive details when disclosure would harm operations. But leave a record strong enough for the community to see who acted, under what power, at whose cost, with what conflicts, and with what effect on policy choices.

