Summary
- Regional Internet Registries occupy deliberately limited territorial positions in a globally coordinated hierarchy. For core recognition services, a network operator usually cannot obtain an equivalent result by purchasing a record from another private database.
- That fact does not prove that every RIR is an “essential facility” under every competition statute. Market definition, indispensability, dominance, objective justification and remedy remain jurisdiction- and service-specific questions.
- Dependence nevertheless supports a governance standard resembling bottleneck regulation: public eligibility rules, consistent treatment of comparable cases, reasons for adverse decisions, proportionate enforcement, conflict controls and review by a body not responsible for the original decision.
- Access is not a right to any quantity of scarce resources or to immunity from security and accuracy controls. The strongest standard is non-discriminatory access to a reasoned process, not automatic approval.
- Contracts and member voting matter, but they do not fully protect downstream operators, legacy holders or applicants whose businesses depend on registry recognition while they lack effective voice or a realistic substitute.
The counter that cannot simply be bypassed
Imagine a growing network operator arriving at a service counter. The operator can buy routers from several vendors, place equipment in competing facilities and negotiate transit with many carriers. It can hire consultants to prepare address plans. Yet when it needs recognised registration of Internet number resources in its region, there is one institutional channel, sometimes reached directly and sometimes through an accepted intermediary. A rival consultancy can offer advice, but it cannot make its own ledger equivalent to the regional registry's ledger.
That difference is easy to understate because the RIRs are membership-based nonprofits and the Internet is often described as decentralised. Both statements are true. Neither answers the access question. Decentralisation at the routing layer does not mean every institutional service has a substitute. A network can announce a route, but other networks decide whether to accept it; accurate registry data, reverse-DNS delegation and resource-certification services can materially affect whether the announcement appears credible and manageable. The relevant dependence is therefore not ownership of connectivity.
It is access to a recognised position inside a coordinated registration system.
The phrase “essential facility” comes with legal baggage. In some jurisdictions it describes a narrow competition doctrine under which control of an indispensable input may create a duty to deal on non-discriminatory terms. Other jurisdictions are sceptical of compelled sharing, or deal with the same concerns through abuse-of-dominance rules, sector regulation, contract, corporate law or public-law analogies. This article does not declare that five distinct institutions automatically satisfy one test.
It makes a more careful claim. The functional characteristics that make bottleneck law relevant are present strongly enough to shape governance. Where a recognised regional registry offers a service that an operator cannot realistically reproduce or buy elsewhere, the registry should bear duties calibrated to that dependence. Those duties include open eligibility rules, consistency, reasons, proportionate conditions, conflict management and meaningful review. They arise as safeguards around entrusted infrastructure, even if a court never applies the essential-facilities label.
The distinction protects both sides. It avoids pretending that private bodies possess sovereign power. It also avoids the opposite fiction: that every applicant is simply a shopper free to walk across the street when the only recognised counter refuses service.
Start with the system that actually exists
RFC 7020, published in August 2013, describes the Internet Numbers Registry System as a hierarchy rooted in the IANA function. IANA serves the RIRs; RIRs serve Local Internet Registries and other customers; LIRs in turn serve users and customers. The document identifies five RIRs operating across continent-sized regions and treats allocation-pool management, hierarchical allocation and registration accuracy as central goals.
This architecture matters because uniqueness is not a side feature. Registration seeks to ensure that an address or autonomous system number is not allocated to more than one party at the same time. An operator cannot solve a refusal by asking an unrelated organisation to recognise the same number independently. Competing ledgers would defeat the coordination that gives the registry entry value.
RFC 7020 also draws an important boundary. Whether addresses are announced and how those announcements travel through the routing system are operational matters outside the registry system. An RIR does not own every router and cannot order every network to carry traffic. It manages a recognised registration layer whose reliability assists operators but does not replace their routing choices.
That boundary improves the analysis. The relevant facility is not “the Internet” and the relevant service is not generic connectivity. The inquiry must be broken into functions: initial allocation, transfer registration, holder records, reverse DNS, public directory data, route-origin certification and account administration. Substitution may differ across them. Commercial IP leasing can sometimes meet an operator's practical need for addresses, but it does not necessarily provide the same legal relationship, portability, registry status or control.
A third-party routing-security product can add signals, but it cannot issue the recognised certificate tied to the holder's registry relationship.
The system also changes over time. IPv4 exhaustion increased reliance on transfers and address markets, while IPv6 remains available under policy. Legacy resources have distinct histories. National registries and sponsoring LIRs create additional access routes in some regions. A serious bottleneck analysis therefore asks which service, for which user, in which territory and at which date. A broad assertion that “RIRs are monopolies” is too crude. A broad denial based on the existence of transit competition is equally crude.
Recognition created responsibility as well as position
The 2001 ICP-2 criteria describe what was expected of a new Regional Internet Registry seeking recognition. The criteria emphasise broad support from the regional Internet community, a clearly defined service region, neutrality and impartiality, technical expertise, sound business planning and established procedures. They do not read like a grant of governmental sovereignty. They read like conditions for entrusting a regionally unique coordination role to a capable institution.
That history cuts against two simplistic positions. First, an RIR cannot justify every decision merely by pointing to its recognised status. Recognition followed from stated qualities and responsibilities; it was not a blank cheque. Second, an applicant cannot claim that recognition guarantees every requested allocation. Neutrality operates within policies designed to preserve uniqueness, accuracy and responsible administration.
The most important implication is conditional legitimacy. If broad community support, impartiality and documented procedures helped justify recognition, those qualities should remain visible after the institution becomes established. The absence of a routine competitor makes ongoing safeguards more important, not less. A recognised institution should be able to show how comparable cases were treated, which rule controlled, who decided, what evidence mattered and how an error can be corrected.
ICP-2 is not itself a competition judgment. It does not define a relevant market, calculate dominance or give a disappointed applicant damages. Its value is institutional. It shows that the system understood from the beginning that regional exclusivity required more than technical servers. It required trust that the operator of the registry would serve the region impartially and sustainably.
The criteria also provide a response to the argument that any access duty must come from public statute. Duties can have several foundations. Some may arise under applicable competition law. Others can be embedded in corporate entities, membership documents, service agreements, recognised-policy commitments and review procedures. A private institution can undertake public-facing obligations without becoming a public authority.
The resulting standard should be precise: recognition should carry a continuing obligation to provide fair access to the process for eligible users, to apply published criteria consistently, and to explain adverse outcomes. It should not force the institution to create resources that do not exist, disregard sanctions, accept false records or compromise security.
What “indispensable” should mean here
Competition disputes often turn on whether an input is truly indispensable rather than merely convenient. That discipline is useful for registry governance. The test should not ask whether an operator strongly prefers direct membership. It should ask whether a realistic alternative can deliver an equivalent recognised service within a commercially and operationally tolerable period.
Three forms of substitution need to be separated. Technical substitution asks whether the operator can run its network another way. Commercial substitution asks whether it can buy addresses or managed services from a provider. Institutional substitution asks whether another body can confer the same recognised registration status, record control and related services. A “yes” at one layer does not settle the others.
A start-up can use provider-assigned addresses and avoid a direct allocation. That is a technical and commercial alternative. It may involve renumbering risk, dependence on the provider and limited control over reverse DNS or certification. For some businesses, those costs are acceptable. For a network serving many customers or needing stable multihoming, they may not be. Evidence should replace assumption.
Transfers complicate the picture. A transfer market can supply IPv4 rights recognised under regional rules, but the registry still validates and records the transfer. The market offers a different seller, not a different recognition channel. If the disputed service is transfer registration, the existence of brokers may increase dependence on the registry rather than eliminate it.
IPv6 changes the scarcity argument because new allocations remain possible. It does not necessarily change the recognition argument. An operator may have greater choice between protocols and address strategies, yet still need the relevant RIR to obtain a directly registered allocation under regional policy.
National Internet Registries can be meaningful alternatives in parts of the Asia Pacific. Sponsoring LIRs can serve independent resource holders in the RIPE NCC region. Those routes should be assessed on price, eligibility, continuity, contractual position and control. If the intermediary merely relays the same decisive approval or leaves the operator exposed to the same refusal, it may not be an independent substitute. If it offers a genuine route with comparable recognition and manageable switching costs, the essentiality claim weakens.
This evidence-led approach keeps the doctrine from becoming rhetoric. Dependence must be shown service by service. The reward is a governance model tied to actual operator choices rather than labels.
Market power is not the same as sovereign power
An institution can possess substantial practical power without possessing legislative authority. RIR agreements make that distinction visible. The current ARIN Registration Services Agreement is a bilateral contract concerning registration services and included number resources. It identifies duties, fees, service terms, termination and dispute arrangements. Its power comes through contract, corporate capacity, accepted policies and the wider registry system's recognition of ARIN's records.
That is significant power. If a holder loses registration services or a transfer is not recognised, the economic effect can be severe. Yet the agreement does not become a statute because the service matters. ARIN cannot rely on the symbolism of regional stewardship to avoid the limits of its own contract. Nor can a holder disregard agreed accuracy, payment or policy duties by calling the registry a monopoly.
The same analytical separation applies elsewhere. The RIPE NCC Standard Service Agreement connects membership, services, current policies, fees and termination through a Dutch-law institutional relationship. The APNIC membership agreement does so through an Australian corporate structure with annual renewal and incorporated documents. The AFRINIC RSA sets terms under Mauritius law.
These are not interchangeable regional constitutions. They are evidence that core access is mediated by legal instruments whose wording and governing law matter. The proper question in a dispute is not simply “what did the community intend?” It is also “what power did this corporation possess, what did the parties agree, which policy was validly incorporated, and what mandatory law constrains the result?”
Competition-style duties can fit that private structure. Non-discrimination can be an express or implied service norm. Transparency can be delivered through published criteria and decisions. Review can arise through internal appeal, arbitration, courts or an independent panel. None requires the fiction that an RIR taxes, licenses or commands by sovereign right.
This is more than semantic caution. If power is private, consent and contract boundaries matter. If impact is systemic, ordinary fine print may be limited public evidence. The governance challenge is to hold both propositions at once.
Equal treatment begins with comparability
Non-discrimination is often invoked as if it meant identical treatment. It does not. Registries administer scarce or unique resources amid differences in need, history, risk, sanctions exposure, documentation and policy status. A new IPv6 request, a legacy record, an inter-regional IPv4 transfer and a suspected fraudulent account are not comparable simply because all involve number resources.
The proper duty is to treat materially comparable cases alike and to explain relevant differences. That requires the institution to define the comparison class before defending an outcome. Which policy version applied? What resource type and account status were involved? Were applicants asked for the same evidence? Did the same deadline apply? Was an exception available, and if so, under what published criteria?
Consistency becomes measurable when records are structured around those questions. A registry need not publish confidential applicant documents. It can publish anonymised decision summaries, processing-time ranges, reasons for refusal, exception categories and appeal outcomes. It can audit whether similarly situated applicants receive materially different requests for evidence or delays.
The danger is not limited to deliberate favouritism. Unequal treatment can emerge from informal practice, staff discretion, language barriers, inconsistent escalation, different familiarity with institutional procedures or pressure from influential members. A well-intentioned organisation can still produce biased outcomes if it cannot compare its own cases.
Objective justification is equally important. A difference may be warranted by security risk, inaccurate records, unmet policy criteria or legal restrictions. The reason should be connected to the decision and proportionate to the harm. A registry should not rely on vague institutional reputation when a narrower safeguard would address the risk.
This standard protects the registry from weak accusations as much as it protects applicants. A published comparison framework allows the institution to demonstrate that a refusal was based on a relevant difference rather than status, size, nationality or criticism. Without such evidence, both the applicant and the public are left with assertion.
The best rule is therefore not “everyone gets access.” It is “everyone eligible gets access to the same intelligible decision system, and departures can be explained.”
Transparency must reveal the decision, not private data
Transparency is sometimes treated as a demand to publish every email, contract and security signal. That would be irresponsible. Registry decisions can involve personal data, fraud indicators, sanctions screening, commercially sensitive network plans and security-sensitive records. A bottleneck institution needs confidentiality as well as openness.
The useful form of transparency reveals the rule, the path and the reason. Before an application, the operator should know eligibility, required evidence, target timelines, fees, possible reasons for refusal and escalation routes. During the process, it should know whether the file is complete, which issue remains unresolved and who owns the next step. After an adverse outcome, it should receive a reason specific enough to challenge an error.
Public reporting can operate at a higher level. Registries can disclose application volumes by service class, median and tail processing times, refusal categories, suspension counts, review outcomes and the number of decisions changed. They can identify whether delays arose from applicant evidence, sanctions checks, technical review or internal capacity. Those denominators matter because isolated stories cannot show systematic discrimination.
Transparency should include policy chronology. A decision should identify the policy and agreement version applied on the decisive date. In a system where documents change, a link to the current page may conceal the actual rule. Versioned archives and effective dates are part of fair notice.
Conflicts also require disclosure. A decision-maker may have ties to a competitor, member faction or board dispute. Recusal standards should be published, and the record should show when they were used. This does not imply misconduct; it recognises that trust is fragile where the institution controls a unique channel.
Finally, transparency must be usable across the region. Publishing dense English documents may satisfy formal notice while leaving many affected operators unable to understand the process. Clear summaries, stable translations and accessible hearing arrangements improve substantive equality without changing the underlying rule.
The goal is not radical exposure. It is enough visibility to test whether the institution is doing what it said it would do.
Reasons turn discretion into a reviewable act
A refusal without reasons leaves an operator unable to distinguish policy failure from misunderstanding, delay or bias. It also prevents the registry from learning across cases. Reason-giving is therefore the hinge between transparency and review.
A sufficient reason should identify the decision, the controlling rule, the material facts accepted, the missing or disputed evidence, and why a less restrictive response would not suffice. It need not reveal confidential security methods. It must say more than “policy requirements were not met.”
Reasons discipline the original decision. Staff who know that an outcome must be explained are more likely to separate relevant facts from institutional frustration. Managers can compare rationales. Reviewers can identify whether the wrong policy version was used or a factual inference lacks support. Members can see recurring ambiguity that should be fixed through policy rather than private improvisation.
The depth of reasons should reflect impact. A request for clarification may need a short explanation. Suspension of an account, refusal to recognise a transfer or movement toward deregistration can affect customers and routing operations; those decisions warrant a fuller record and clear notice of review rights.
Urgency can justify acting before a complete hearing where fraud or security harm is imminent. It should not erase reasons permanently. The institution can impose a temporary measure, state the immediate basis, preserve evidence and provide rapid post-decision review. Emergency power becomes dangerous when temporary restrictions drift into indefinite outcomes without a merits decision.
Reason-giving also exposes the boundary between policy and contract. If an adverse decision rests on a community policy, the institution should identify how that policy entered the holder relationship. If it rests on a contract clause, it should not substitute broad mission language. If mandatory law controls, it should say so to the extent lawful.
This specificity is especially important for a private bottleneck. A public authority may have review duties imposed by statute. An RIR must often construct equivalent discipline through its own documents. The absence of a public-law label makes the record more important, not less.
Review must be independent enough to correct the institution
An appeal that returns to the same person, using the same undisclosed record, is escalation in name only. Meaningful review requires a decision-maker with enough independence, authority and information to change the outcome.
Independence can take several forms. A first review may be conducted by a manager uninvolved in the original decision. A later stage may use a standing panel with conflict rules. Contractual disputes may proceed to arbitration or court. Corporate questions may be raised by members through governance mechanisms. Different issues need different forums.
The design should match the claim. A technical eligibility dispute benefits from reviewers who understand addressing policy. A claim of board conflict should not be decided solely by staff. A contract interpretation dispute may require legal adjudication. A competition complaint belongs before the competent authority or court in the relevant jurisdiction. No single ombud role can credibly resolve every category.
Review also needs a usable remedy. The reviewer should be able to require reconsideration, correct the record, lift a suspension, order a fresh conflict-free decision or provide contractual relief where authorised. A report issued after the operator has lost customers may be too late.
Time is therefore substantive. Registries should publish review targets and provide expedited procedures when operational continuity is at risk. A stay may be appropriate where maintaining the status quo causes less harm than immediate enforcement. Conversely, a stay should not preserve a fraudulent registration that threatens others. The decision should record that balance.
The record must travel with the case. Applicants should know what material was considered, subject to lawful redactions, and have a chance to correct decisive factual errors. Review should not depend on personal access to board members or skill in public campaigning.
Member elections cannot replace case review. Voting can change leadership or future rules. It rarely corrects an individual decision in time, and non-member applicants may have no vote. Dependence calls for a route focused on the merits of the affected case.
Proportionality separates stewardship from leverage
A registry often has several possible responses to noncompliance: request information, set a deadline, restrict an account function, suspend a service, decline a new request, correct a record, terminate an agreement or deregister resources. Treating those steps as one undifferentiated power creates avoidable harm.
Proportionality asks four practical questions. What legitimate objective is being protected? Is the measure capable of advancing it? Is a less restrictive measure available? Does the expected benefit justify the operational and third-party harm?
Consider inaccurate contact data. The objective of registration accuracy is central under RFC 7020. A correction notice and defined cure period may solve the problem. Immediate termination could be excessive unless the inaccuracy is deliberate, persistent or tied to fraud. By contrast, fabricated corporate identity used to obtain resources may justify urgent restriction while facts are verified.
Payment disputes present another example. Non-payment can breach a service agreement, and registries need reliable revenue. Yet the response can distinguish invoice collection, account access and public resource status. Where a good-faith dispute exists, escalation and security for payment may be less harmful than abrupt action affecting downstream customers.
Proportionality is not leniency. It strengthens enforceability by connecting consequences to reasons. A holder cannot plausibly claim arbitrariness when the institution documents repeated breach, notice, opportunity to cure, assessed harm and the absence of a narrower response.
The principle should extend to conditions of access. A registry can require proof of legal identity, operational need and policy compliance. It should not demand information unrelated to those purposes merely because the applicant has no alternative channel. Unique position magnifies the need for data minimisation and defined retention.
Competition authorities often examine whether exclusion is objectively justified. RIRs can reduce both legal and institutional risk by performing that analysis before disputes arise. A written proportionality record demonstrates that control of the channel is being used to protect the system, not to win an unrelated argument.
Membership voice helps, but dependence reaches beyond voters
RIRs often answer legitimacy concerns by pointing to open meetings, policy participation and member elections. Those mechanisms are important. They allow operators to shape rules, select leaders and question budgets. They distinguish the institutions from closed commercial gatekeepers.
They are not complete. Participation costs time, travel, language capacity and specialist knowledge. Voting rights may vary by institutional model or membership tier. Large operators may have more staff able to follow proposals. A small applicant can depend heavily on a decision while having little practical influence on the rules.
Some affected parties are not direct members. A customer may rely on resources held by a provider. An independent user may work through a sponsoring LIR. A prospective entrant may be denied before obtaining membership. Legacy holders may have different contractual positions. Their dependence cannot be answered solely by the opportunity of existing members to vote.
There is also a time mismatch. Governance participation changes future policy. An operator facing a current refusal needs a case-specific remedy. Telling it to propose a policy change next year does not correct a factual error today.
This does not make member governance hollow. It assigns it the right role. Members should approve the broad framework, elect accountable leadership and receive aggregate evidence about access outcomes. Independent review should protect individual cases. Courts and competent authorities should remain available for legal claims. Each mechanism addresses a different failure.
The Number Resource Organization provides a coordination context across the five RIRs, but coordination should not become mutual deference without scrutiny. Shared benchmarks for reasons, review times and conflict controls could improve consistency while preserving separate legal institutions. Comparative reporting would let members see whether their region is an outlier.
The central lesson is that voice and exit are not interchangeable. Members may have voice, while exit from the recognised service is costly. Applicants may have neither. Bottleneck safeguards close that gap.
The case against a broad duty to deal
The argument for safeguards must confront its strongest objections. A broad access obligation could invite strategic claims from applicants who do not meet policy, constrain responses to fraud and force registries to support activities that threaten network integrity. Courts are often cautious about compelling a private institution to contract, especially where doing so requires continuing supervision.
Scarcity also matters. IPv4 cannot be allocated as though supply were unlimited. Uniqueness requires the registry to reject conflicting claims. Sanctions and court orders may legally restrict service. Security incidents may require confidential and rapid action. Equal treatment cannot mean ignoring these constraints.
Nor is every registry function indispensable. Training, conferences, measurement tools and many advisory services face substitutes. Even some number-resource needs can be met through provider assignments or commercial arrangements. Treating the entire institution as one facility would overreach.
There is a risk of institutional conservatism too. If every experiment creates exposure, registries may avoid useful services. A duty framed around reasoned access to core recognition should not freeze technical development or convert every product decision into a legal claim.
These objections favour a narrow remedy, not absence of duty. The standard should attach most strongly where three conditions coincide: the service carries unique recognised effect; the applicant cannot obtain a realistic equivalent; and denial materially impairs legitimate network operation. The duty should require a fair, timely and non-discriminatory process subject to objective conditions. It should not require approval contrary to scarcity, law, security or demonstrated policy.
Remedies should begin with process correction. Publish criteria, give reasons, remove conflicts, reconsider promptly and preserve continuity where safe. Compelled service or damages may be appropriate only under the applicable law and proven facts. This graduated approach respects institutional expertise while refusing unreviewable discretion.
The strongest defence against overbroad intervention is a registry's own evidence of fairness. Institutions that can show consistent treatment and effective review give courts and authorities less reason to design remedies for them.
What competition authorities should examine
If a dispute reaches a competition authority, the analysis should resist slogans. The first task is to define the service. Is the complaint about initial allocation, transfer registration, account administration, reverse DNS, certification or access to public data? Bundling all services can conceal both substitutes and bottlenecks.
The second task is market and territory. RIR regions are relevant institutional boundaries, but the commercial effects may cross them. Multinational operators can hold memberships in several regions, yet they cannot necessarily move a regional transaction elsewhere. The authority should examine actual eligibility and recognition rules rather than assume that global corporate presence creates substitution.
Third comes indispensability. The record should include provider-assigned options, sponsoring routes, national registries, transfers, protocol alternatives, switching time, renumbering cost, control differences and customer consequences. A theoretical alternative that destroys the business model may not be realistic; an expensive but ordinary alternative may be.
Fourth is exclusion and justification. What precisely was refused or delayed? Were comparable applicants treated differently? Did the institution rely on accuracy, scarcity, sanctions, security or contractual breach? Was the measure narrower than termination? Was the reason documented before litigation?
Fifth is institutional context. Corporate documents, agreements, policy history and appeal records can show the scope of power and existing safeguards. A competition authority should not infer sovereignty from technical importance, but it should not ignore network dependence because the counterparty is nonprofit.
Finally comes remedy. The objective is reliable access, not judicial management of address policy. A targeted order to apply published criteria, give reasons or conduct conflict-free reconsideration may protect competition better than a command to allocate a specific block. Structural remedies would require much stronger evidence that procedural repair cannot address the harm.
Data quality will determine the result. Without application counts, processing times, refusal reasons and appeal outcomes, authorities may rely on vivid but unrepresentative cases. Registries should publish those denominators before a crisis forces disclosure.
A practical charter for unique registry access
The governance principles can be expressed as an access charter without deciding the legal label in advance.
First, define core recognised services. The institution should identify which functions have no realistic equivalent within its region and distinguish them from optional products. Second, publish eligibility, evidence, fees, expected times and decision criteria in stable, versioned form. Third, treat materially comparable cases consistently and audit outcomes for unexplained differences.
Fourth, provide specific reasons for refusal, suspension and termination, with lawful protection for confidential data. Fifth, use graduated measures and explain why a narrower response would not protect accuracy, security, solvency or legal compliance. Sixth, maintain conflict rules and record recusals.
Seventh, establish tiered review independent of the original decision, with expedited handling where operational continuity is threatened. Eighth, publish aggregate volumes, delays, outcomes and reversals so members and outsiders can test performance. Ninth, design access for language and geographic diversity rather than assuming that formal publication equals comprehension.
Tenth, preserve legal boundaries. The charter does not promise ownership, unlimited resources or immunity from valid policy. It does not prevent sanctions compliance, fraud controls or urgent security measures. It promises that institutional power will be exercised through known rules and a correctable record.
This charter could be adopted through each RIR's own legal structure and reflected in service agreements, staff procedures and review terms. Regional variation would remain. The common baseline would come from the common dependence created by a globally coordinated registry hierarchy.
An annual assurance report should test the charter. It could sample comparable decisions, measure review timeliness, examine conflicts and verify that emergency actions received later merits review. External reviewers should have access to protected records under confidentiality obligations. Public findings can be aggregated.
The cost is modest compared with the harm of opaque exclusion. Much of the needed information already exists inside case-management and billing systems. The institutional choice is whether to organise it as evidence of fair access.
What the public record still cannot prove
The official documents establish architecture, recognition criteria and contractual channels. They do not establish how often applicants are refused, whether similar cases receive similar outcomes or how usable review is in practice. Those are decisive gaps.
No harmonised public dataset reports, across all five RIRs, application volumes by service, complete processing-time distributions, refusal categories, suspensions, appeals and reversals. Published policies explain what should happen; they do not prove what happened in every case. Standard agreements show available terms; they do not identify the version governing every holder.
There is also no universal legal answer. An essential-facilities claim would depend on the jurisdiction, claimant, service, market definition, evidence of indispensability, objective justification and requested remedy. The analysis may differ under US, EU, Australian, Mauritius or other law. The private institutional standard proposed here is deliberately broader than any prediction about one lawsuit and narrower than a right to service on demand.
Further evidence should include anonymised decision files, time-series metrics, user surveys on realistic substitutes, renumbering and switching costs, intermediary contracts, conflict records and outcomes of internal and external challenges. Comparative study should distinguish direct members, sponsored users, national-registry customers and legacy holders.
Uncertainty is not a reason to wait for a definitive case. The safeguards are valuable even if competition law never applies. Reasons reduce error. Comparable-case audits expose inconsistency. Independent review resolves disputes earlier. Proportionate enforcement protects both registry accuracy and innocent downstream users.
At the same time, uncertainty should restrain accusation. A long delay may reflect applicant evidence, sanctions review or capacity rather than exclusion. A refusal may be required by policy. A fee may cover shared infrastructure. The remedy for missing data is disciplined disclosure, not automatic suspicion.
Dependence should change the institution's burden
The Internet numbers system is built around coordinated uniqueness. That design produces enormous operational value, and it necessarily limits institutional substitution. A regional registry is not an ordinary vendor when its recognition cannot be reproduced by a competing ledger.
The consequence should not be to recast the RIR as a government or to give every applicant a claim to scarce resources. It should be to adjust the burden of justification. The more irreplaceable the service and severe the consequence, the more clearly the institution should state its rule, show comparable treatment, explain its reason, use proportionate measures and submit to independent correction.
This is the most defensible meaning of the regional registry as essential facility. It is a functional warning against unreviewable bottleneck power, not a shortcut to a legal verdict. It recognises that private form and public dependence can coexist.
Operators, members and competition authorities should therefore ask a sequence of concrete questions. What service is unique? What alternatives are realistic? Which instrument authorises the condition? How were comparable cases treated? What objective reason supports the difference? Could a narrower measure protect the system? Who can reverse an error, and how quickly?
An institution that can answer those questions demonstrates stewardship rather than merely asserting it. One that cannot should not rely on its nonprofit status, technical history or community vocabulary to close the inquiry. Unique access is a privilege of institutional design. It should carry an equally distinctive discipline of fairness.

