Summary

  • Shared rules that preserve globally unique numbers, accurate registration, compatible routing-security services and orderly inter-registry transfers are infrastructure safeguards. Their necessity should be demonstrated at the level of the particular rule, not presumed for every restriction adopted by the five incumbent registries.
  • Exclusion risk rises when existing RIRs control the recognition of possible entrants, when service-region exclusivity leaves users no credible exit, or when transfer, portability and replacement rules protect an institution more than they protect a coherent registry. The right question is whether a narrower, auditable and non-discriminatory alternative could preserve interoperability.
  • A defensible RIR competition regime would separate the uniqueness layer from the service-provider layer, publish entry and replacement criteria in advance, require independent review of incumbent recommendations, measure the effects of transfer restrictions and make continuity portable even when institutional authority changes.

A deliberately uncomfortable word

Calling something a cartel is usually a conclusion. Here it is a test. The purpose is not to assert that the Number Resource Organization or its five members has committed an offence in any jurisdiction. The purpose is to ask the competition question that a closed, coordinated infrastructure system should be able to answer without indignation: which common restraints are indispensable to producing the shared good, and which restraints merely make it harder to compete with, leave or replace the institutions that wrote them?

The distinction matters because the regional internet registries do not sell an ordinary interchangeable product. They maintain authoritative registration records for globally unique Internet Protocol addresses and autonomous system numbers. Their work supports reverse DNS, address transfers, public registration data, resource certification and the allocation chain between IANA and network operators. Two registries cannot both present incompatible current records for the same block without imposing costs on operators, security systems and counterparties. Coordination is therefore not suspicious at the starting line. It is part of the product.

But necessity at the center can become an alibi at the edge. A rule needed to prevent duplicate allocation does not automatically justify a rule limiting who may operate a registry. Compatibility between registration databases does not automatically justify five incumbents controlling every route to recognition. A common format for inter-registry transfer does not automatically justify closing a region to transfers. A stable RPKI trust arrangement does not automatically require the survival of a particular corporate body.

The legitimate technical standard and the institutional restriction may travel in the same document while doing very different work.

The NRO describes itself as the coordinating body for the world's RIRs, established in 2003 to provide a coordinated Internet number registry system, promote the multistakeholder model and coordinate joint activities. That statement identifies real public goods. It also describes a permanent forum in which all current regional providers can align policy, operational positions and institutional interests. A serious governance model should examine both effects at once.

The cartel test begins with a counterfactual. If the challenged rule disappeared, what exactly would break? Would the same number be allocated twice? Would IANA lose a reliable counterparty? Would a transfer cease to reconcile? Would route-origin authorization become ambiguous? Would a public registration record become less accurate? Or would an incumbent merely face a new registrar, a competing regional operator, a more portable service relationship, a transfer it dislikes, or a credible replacement process? A precise answer separates engineering from incumbency.

That question is especially important because the users of registry services cannot usually switch providers in response to poor governance. Regional service boundaries assign most organizations to one RIR. The registry model offers voice through membership and policy participation, but little ordinary exit. Coordination among providers with weak customer exit deserves more, not less, explanation. The relevant standard is not hostility to cooperation. It is disciplined proof that each restraint is proportionate to the shared technical purpose.

Uniqueness is a common product, not a universal defence

The most powerful argument for coordination is also the easiest to overextend. Internet numbers must be globally unique within their intended scope. The IANA number resources overview explains the hierarchy: IANA coordinates global pools, allocates large blocks to RIRs under global policy, and the RIRs or downstream registries serve networks. RFC 7020 describes the Internet Numbers Registry System as a hierarchical framework whose central goals include conservation, registration and aggregation. No plausible competition reform should sacrifice the accuracy of that hierarchy.

Uniqueness requires a single reconciled answer to several questions. Which registry is authoritative for a block? Which organization is the current registered holder? Which policy governs an allocation or transfer at the relevant moment? Which RIR may alter the associated registration and certification state? Which changes must IANA record? Those are coordination questions. Shared protocols, data fields, authentication controls and cutover procedures make the answers reliable.

Uniqueness does not, however, dictate the identity of the service provider for all time. A land registry can preserve one authoritative title record even if the agency operating the service is reorganized. A payment system can preserve unique account identifiers while allowing regulated entities to change service providers. Telecommunications systems preserve numbering plans while supporting forms of portability. The analogies are imperfect, but they expose the hidden leap in the strongest incumbent argument: one authoritative state does not necessarily mean one irreplaceable institution.

The proper unit of protection is the record and the function. If an RIR is replaced, divided, merged or assisted by another operator, every resource must remain accounted for. The chain of custody must be demonstrable. Conflicting changes must be prevented. Holders need authenticated access. Reverse-DNS delegation and RPKI effects need controlled transition. Open requests and disputes must retain status. Historical records must remain available under appropriate privacy controls. Those conditions are demanding. None says the same corporate entity must continue regardless of performance.

This distinction changes how a restriction is assessed. A requirement that every candidate registry use interoperable RDAP, reliable security controls and reconciled allocation data is closely connected to the product. A requirement that a candidate obtain approval from every incumbent may be less closely connected, especially when an independent technical evaluator could test the same capabilities. A temporary hold on a transfer while two registries synchronize records may be necessary. A permanent refusal to interoperate with an otherwise qualified region may not be. A rule preserving one current registration state is essential.

A rule preventing a holder from obtaining service through an accredited intermediary may require separate justification.

The uniqueness defence should therefore be itemized. The decision-maker should identify the collision risk, the affected function, the probability and consequence of failure, the available mitigations, the duration of the restraint and the reason less restrictive controls would not work. Broad claims about Internet stability cannot substitute for this analysis. If the harm can be prevented through escrow, dual confirmation, staged cutover, audit logs or temporary limits, a categorical exclusion becomes harder to defend.

Coordination is strongest when it is thin: common identifiers, reliable records, open protocols, explicit authority and safe transition. It becomes contestable when it grows thick enough to prescribe who may participate, where resource holders may go, which institutional forms may exist and whether an incumbent can ever be replaced.

Five regional monopolies and one coordination table

The RIR arrangement is decentralized globally and exclusive regionally. AFRINIC, APNIC, ARIN, LACNIC and RIPE NCC are separate legal organizations with different memberships, boards, jurisdictions and policies. Together they cover the world. For many services, an operator's location and use determine the relevant registry. The model avoids one global administrative monopoly, but it does not create head-to-head competition among five providers for ordinary registry service.

That architecture can be justified. Regional communities have different languages, laws, network markets and institutional histories. Local policy development may be more accessible than a single global process. Regional staff understand local documentation, payment conditions and operating needs. A globally unique system does not require a globally centralized bureaucracy.

Yet decentralization should not be confused with competition. Five exclusive territories can coordinate as tightly as one centralized body. A member dissatisfied with fees, dispute resolution, board conduct or service quality usually cannot select another RIR while keeping every other fact constant. Inter-RIR transfers move resources under policy conditions; they are not a general right to move the same organization and resource portfolio to a preferred governance provider. The cost of exit is therefore structural.

Weak exit changes the significance of the NRO table. The NRO Memorandum of Understanding gives the Executive Council coordination responsibilities and requires unanimity for specified commitments of RIR resources. It also addresses recognition criteria for new RIRs and an arbitration route in certain disputes. The agreement says it does not create a partnership, agency or franchise. That legal separation is important, but it does not answer the economic question. Separate corporations can still align rules that affect entry or mobility.

The first competition safeguard should be genuine regional comparison. The RIR Governance Matrix collects differences in bylaws, policy processes, contracts, dispute mechanisms, audits, transfer treatment and other practices. It is useful precisely because it shows that coordination need not erase variation. Members can ask why one RIR provides a clearer appeal, a more portable transfer process or stronger disclosure than another.

The second safeguard should be contestability. A market can face limited day-to-day competition and still discipline incumbents if entry or replacement is credible. In the RIR setting, contestability means that a qualified new operator can be recognized when regional support and operational evidence justify it; that an existing operator can lose status after fair review; and that essential services can move without destroying the records that make the system valuable. If none of those possibilities is operationally real, regional exclusivity becomes permanent by default.

The third safeguard is modular choice. Even if the authoritative registry remains singular, not every related service must be bundled into one institutional relationship. Local Internet registries, national Internet registries, sponsoring organizations and delegated RPKI arrangements already demonstrate that service roles can be layered. The central question is which functions require direct RIR control and which could be offered by accredited, interoperable providers under common safeguards.

An honest description of the system would therefore say: it is a coordinated set of geographically exclusive public-interest registries, with limited competition around some downstream and transfer functions. That description is neither condemnation nor praise. It identifies why ordinary assurances about bottom-up participation are limited public evidence. Where users cannot leave, recognition, review, transfer and service modularity carry the competitive burden.

The recognition gate is an incumbent-interest problem

Entry into the RIR layer has never been a casual licensing exercise. The original ICANN criteria for establishing a new RIR require a large multinational region, community support, self-governance, neutrality, technical expertise, funding, record keeping and coordination. These are sensible concerns. A weak entrant could fragment records, mishandle confidential information or fail to provide durable service.

The difficulty lies in who interprets the criteria. Existing RIRs possess the deepest relevant expertise. They also possess an institutional interest in the shape and number of future RIRs. Their participation is unavoidable; their judgment should not be final merely because it is informed.

The conflict becomes clearer when entry would alter an incumbent's territory, membership, revenue or authority. A candidate cannot usually create a sixth service region from unclaimed geography. It would likely emerge through reorganization of an existing region or through a new definition of regional service. The incumbent asked to evaluate compatibility may also be the institution that loses part of its scope. Even scrupulous decision-makers face a structural conflict.

The proposed reforms recognize the importance of independent consideration but do not eliminate incumbent control. The NRO's proposed ICP-2 Version 2 principles require broad support among resource holders, community commitment, operational capability, independence, open governance, audit and compatibility. The August 2025 second draft RIR Governance Document says each RIR should independently consider a recognition proposal, publish its recommendation and give reasons before ICANN decides under the stated procedure. Publishing reasons is an advance. Five incumbent reviews are still five incumbent reviews.

A credible entry process needs an evaluator outside the immediate economic and institutional interest. That evaluator need not be a competition regulator and should not replace regional consent. It could be a standing technical and governance panel selected through a process in which incumbents, resource holders, independent network experts and ICANN each have limited appointment power. Its job would be to test evidence against published criteria, identify incumbent conflicts, compare less restrictive remedies and issue a public assessment. The RIRs could then provide operational opinions without appearing to judge their own market boundary.

Community support also needs a denominator. “Broad support” is easy to invoke and hard to measure. Does it mean a majority of voting members, a supermajority of active resource holders, support across economies, support weighted by resource use, support among networks rather than intermediaries, or a deliberative judgment after alternatives are presented? Each choice can favor the incumbent or a well-organized challenger. The method should be published before a candidate appears, not designed around the candidate.

Entry criteria must distinguish capability from similarity. A candidate should prove technical reliability, financial endurance, neutral policy implementation, open membership, data protection and continuity. It should not be required to reproduce every incumbent institutional habit. Innovation may involve a different membership model, a more transparent board, a stronger appeals system, a new language structure, service unbundling or a different fee design. If conformity with current RIR practice becomes an unwritten criterion, recognition protects a club rather than a standard.

Finally, refusal should produce a cure path. A candidate should know which deficiencies are technical, which concern support, which concern governance and which concern transition risk. It should be able to remedy them and return without restarting an indefinite political campaign. A closed decision with broad stability language is exclusionary in effect even if every stated criterion sounds neutral.

Standard setting has a safe harbour only when the doors stay open

Competition systems generally understand that standards can create enormous value. Common interfaces reduce transaction costs, permit interoperability and let users combine products. They also understand that a standard can exclude when its development is closed, its terms discriminate, alternatives are suppressed or participation depends on approval by firms that benefit from refusal.

The analogy is useful even though no single competition jurisdiction governs the entire RIR arrangement. The European Commission's 2023 horizontal cooperation guidelines analyze whether standard-setting is open, transparent, accessible and non-discriminatory, and whether entities remain free to develop alternatives. Those are analytical prompts, not a verdict on Internet number governance. They help identify why a technically valuable common rule still needs procedural safeguards.

Applied to the RIRs, a coordination rule is at its safest when participation in making the rule is genuinely open to affected networks; adoption follows a transparent process; the rule is limited to compatibility or integrity; implementation terms are non-discriminatory; compliance can be independently tested; and alternative services remain possible when they do not threaten the common registry state. The rule becomes riskier as one or more of those conditions disappear.

Open mailing lists and public meetings are not enough by themselves. Participation can be formally open while attention, travel, language, employer support and specialist knowledge are scarce. Incumbent RIR staff and long-standing community entities may understand the process better than possible entrants, smaller networks or resource holders whose main business is not governance. A neutral process must account for this participation asymmetry rather than equate silence with consent.

Transparency also has layers. Publishing a final policy shows the text. Publishing proposals, objections, staff assessments, legal concerns, implementation costs and decision reasons shows how the text acquired authority. For rules affecting entry or transfer, the second kind matters. A candidate needs to know whether a restriction responds to measurable integrity risk or to institutional preference. A resource holder needs to know whether a transfer delay protects registry accuracy or dampens market activity.

Non-discrimination requires attention to effects, not merely identical wording. A capital reserve requirement may apply to every candidate but burden a new regional organization more than a mature incumbent with decades of accumulated reserves. A requirement for demonstrated community support may be reasonable but impossible to satisfy if the incumbent controls the dominant meeting venues and member published contact points. A data-sharing condition may be legitimate but exclusionary if incumbents refuse to specify the interface or testing method. Equal words can preserve unequal access.

Freedom to develop alternatives is the most neglected safeguard. No alternative should issue conflicting authoritative registrations. But alternative providers could develop better member interfaces, escrow services, dispute systems, transfer coordination, delegated certification, regional support or operational platforms under accreditation. A common rule should define the integrity boundary and allow experimentation outside it. If every adjacent function is declared inseparable from incumbent status, the standard grows into a moat.

The standard-setting comparison therefore supplies a practical rule: coordination earns deference when it specifies an interoperable result and leaves qualified actors free to achieve it. Coordination deserves scrutiny when it specifies the incumbents that may provide the result and forecloses equivalent routes without evidence.

Scarcity turned transfer policy into market design

IPv4 exhaustion changed the economic character of registry policy. When registries held large unallocated pools, allocation rules largely governed administrative distribution. As free pools dwindled, transfers became a major route through which organizations could obtain address space. Registry rules now influence a scarce-asset market even though RIRs do not describe address blocks as ordinary property and even though registration remains embedded in policy and contract.

The change is visible in public guidance. The RIPE NCC explains that networks use the IPv4 transfer market to mitigate scarcity while IPv6 deployment continues. Its resource transfer policy permits transfers of specified resources, requires registry updates and imposes restrictions such as a holding period for scarce resources. ARIN's transfer guide describes transfers due to reorganizations, transfers to specified recipients and inter-RIR transfers under its policy conditions. These are not peripheral administrative acts. They determine whether a transaction can acquire recognized registration effect.

Transfer restrictions can protect legitimate interests. A holding period may deter rapid flipping of newly received scarce space. Needs assessment may preserve a conservation principle. Identity and authority checks reduce fraud. Dual-RIR approval prevents inconsistent records. Sanctions and legal obligations cannot be ignored. Registry publication makes the current state visible. The competition question is whether each restriction remains fitted to the harm.

The RIPE NCC inter-RIR guidance illustrates both interoperability and exclusion. It says inter-RIR transfers require approval by both registries and that different RIR policy frameworks produce different eligible resource types. It also notes that a region without an inter-RIR policy cannot participate in those transfers. From a registry perspective, this is policy diversity. From the perspective of a resource holder, geography determines access to a wider market.

That asymmetry should be measured. What price difference is associated with an inability to transfer across a regional boundary? How many transactions fail because resource types are incompatible? How long does dual approval take? How many applications are withdrawn? Which rules prevent verified fraud, and which merely reduce volume? How do restrictions affect small networks compared with brokers, large buyers or organizations able to restructure across jurisdictions? Without such evidence, conservation language can obscure distributional effects.

Transferability also disciplines registry service. If resources can move under a reconciled process, an operator has at least some ability to adapt its footprint and relationships. If they cannot move, the regional registry's policy has more power over the economic use of a scarce input. Limits may still be justified, but the justification should be periodically renewed rather than inherited from an earlier allocation era.

The crucial line is between the resource and the record. A transfer market does not need to treat number resources as unregulated chattels. It does need predictable criteria for changing the authoritative record when legitimate conditions are met. Registries can preserve policy obligations, accuracy and anti-fraud controls while reducing arbitrary delay and regional incompatibility. Indeed, accurate transfers may improve the registry by aligning recorded holdership with operational reality.

A cartel test for transfer policy would ask six questions. Is the restriction linked to a documented integrity harm? Is it no broader or longer than necessary? Is eligibility knowable in advance? Is the registry's decision reasoned and reviewable? Does the rule apply neutrally to incumbent members, newcomers and intermediaries? Can two compliant regions interoperate through a common protocol even when their underlying policies differ? A negative answer does not prove unlawful coordination. It identifies where scarcity policy may be serving incumbency rather than the registry.

Portability must be separated into things that can and cannot move

“Portability” can mislead in number governance because several different entities are bundled together. A network may announce a prefix through changing upstream providers without changing the registered holder. A holder may transfer a resource to another organization. A business may move activity across regions. A registry may update its service relationship. A sponsoring local registry may change. A certification service may be delegated. An entire regional registry may be replaced. Each movement has different integrity consequences.

The weakest version of portability is operational choice beneath a stable registration. Provider-independent resources and multihoming can reduce dependence on one connectivity supplier, subject to policy and routing realities. That choice is central to network competition, but it does not let the holder choose the authoritative RIR.

The next level is administrative portability. Could a resource holder keep the same regional registration while choosing among accredited account, support, validation or certification providers? Some functions may be too tightly connected to registry authority. Others may be modular. The burden should be on the system to map the boundary rather than assume an indivisible bundle.

Inter-RIR transfer is a stronger form. The authoritative registration changes regional custody through coordinated updates. Existing practice proves that such movement is technically possible for at least some resources and region pairs. It also proves that interoperability can coexist with differing regional policies. This weakens categorical claims that regional custody can never change, while leaving open which safeguards are needed for each resource class.

Institutional portability is the strongest form. It asks whether the registry function can move from one corporate operator to another while holders keep their numbers, history, authentication and challenge rights. This is not an everyday customer option. It is the foundation of credible replacement. Without it, derecognition is either impossible or so disruptive that the threat cannot discipline an incumbent.

The August 2025 draft governance text is significant because it attempts to define recognition, ongoing operation, derecognition, emergency continuity and handoff. That acknowledges the principle that services and records can outlive an operator. Yet a written possibility is not operational portability. Portability exists only when data can be exported securely, receiving systems can ingest it, authority can be cut over, RPKI consequences are controlled, users can authenticate, disputes retain their posture and an independent party can verify reconciliation.

Portability should not mean fragmentation. At every moment there must be an authoritative state and a known decision-maker. The transition may require a freeze for certain changes, dual verification, signed manifests, staged migration and rollback. Those controls can be designed. Treating the design challenge as a reason never to prepare it gives the incumbent an insurance policy against replacement.

The competition benefit is not limited to removing a failed RIR. Tested portability changes incentives before failure. Boards know continuity does not depend on preserving them. Members know a demand for accountability is not a threat to their numbers. Possible entrants can demonstrate readiness against an interface rather than seek informal acceptance. ICANN and the other RIRs can respond to crisis without improvising a political rescue. A portable function is easier to govern because institutional survival and technical survival are no longer the same proposition.

The replacement paradox

An incumbent can be too essential to discipline. That is the replacement paradox at the heart of the RIR system. The more operators depend on a registry's records and trust services, the more dangerous abrupt intervention becomes. The more dangerous intervention becomes, the easier it is to argue that even serious governance failure must be tolerated. Essentiality, which should support higher accountability, can instead create practical immunity.

The answer is not casual derecognition. Removing a registry's status is a grave act with regional and global effects. The answer is to prepare a continuity route so that institutional review does not hold network operations hostage. Replacement must be difficult on the merits and feasible in execution.

The current reform effort moves toward a lifecycle model. Candidate recognition, continuing obligations, remediation, emergency continuity and derecognition are treated as connected questions rather than as a one-time entry decision. That is an important development. It also creates a new risk: the five incumbents may collectively define the standards by which one of them can be replaced and the conditions under which a new operator can enter. A closed circle can become more complete even while its documentation improves.

Independent review is therefore as important in replacement as in entry. Other RIRs should assess cross-registry risks and provide technical evidence. They should not have an unreviewable collective veto. ICANN has a distinct coordination and recognition role, but it too needs published authority, reasons and constrained discretion. The affected regional community must have a meaningful voice, but a mobilized faction should not be able to appropriate silent holders. No single constituency supplies the whole answer.

A replacement decision should be divided into separate findings. Has the incumbent failed a published obligation? Is the failure material and persistent? Which services are affected? Can remediation work within a defined period? Is temporary assistance sufficient? Does the candidate meet entry standards? Is transition technically ready? Does the regional support measure use a fair denominator? Are resource holders protected regardless of their political view? Can the decision be reviewed by a body that did not investigate or propose it?

Separation prevents one conclusion from doing hidden work for another. Proof that an incumbent failed does not prove a challenger is ready. Proof that a challenger is competent does not prove the incumbent should be removed. Proof that temporary assistance is needed does not prove the assisting RIR should gain the region. Proof that most vocal entities support change does not establish support among affected holders. Each finding needs evidence.

Replacement also requires neutrality among possible entrants. A neighboring RIR may be the fastest emergency operator, but speed should not create a permanent territorial reward. A new regional organization may have stronger local legitimacy but less operational history. A consortium may provide transitional expertise without being an appropriate long-term registry. The system should choose service continuity first and permanent institutional design through a separate process.

The paradox dissolves when the records are portable, the decision stages are separated and review is independent. The registry remains essential. The operator becomes accountable.

Competition can exist around the registry core

It would be a mistake to imagine only two options: five unchanged RIR monopolies or a chaotic market in which anyone allocates any number. The useful design space lies between them. A single authoritative state can coexist with competition or contestability in supporting functions.

Local Internet registries already distribute services downstream. National Internet registries operate in parts of the APNIC region. Sponsoring arrangements connect some independent resource holders to registry services. Transfer facilitators help parties find counterparties and prepare transactions, while the RIR retains approval authority. Hosted and delegated approaches to RPKI show different operational relationships to a common trust system. These arrangements are not all equivalent, and their governance varies, but they demonstrate modularity.

A pro-competitive architecture would publish an explicit registry-core list. The core might include final authoritative registration, reconciliation with IANA and peer RIRs, enforcement of applicable number policy, authoritative reverse-DNS delegation interfaces, defined certification authority and preservation of historical records. Functions outside the core could be opened to accredited providers where security and privacy permit.

Accreditation should itself avoid recreating the club problem. Criteria should be objective, testable and proportionate. Fees should reflect verification cost rather than protect incumbent service revenue. Interfaces should be documented. Rejection should give reasons and a cure path. Providers should be able to serve across regions where legal and policy requirements can be met. The RIR should monitor outcomes, not require institutional imitation.

Service competition could improve accessibility. Smaller networks might choose support in their language and time zone. Organizations with complex transfers might choose a specialist. Resource holders could obtain independent identity assurance or continuity escrow. Members could compare dispute-support services. None of this requires competing authoritative claims over the same resource.

There are real risks. Intermediaries can mis-sell rights, mishandle credentials, create privacy exposure or exploit information asymmetry. Brokers can encourage speculative conduct. Delegated security services can concentrate operational control. Accreditation can become superficial. These risks justify supervision, insurance, audit, revocation and direct holder access to the authoritative registry. They do not justify treating every adjacent service as a natural monopoly.

Modularity also improves resilience. If one user interface, identity provider or support contractor fails, the authoritative record need not fail. If a registry operator enters crisis, accredited providers and tested data interfaces can support continuity. If members dislike a service layer, they can change it without demanding institutional revolution. Competition at the edge reduces the political pressure placed on the core.

The RIRs would benefit from defining this boundary themselves, but the exercise should include users and potential providers who do not already hold privileged positions. An incumbent asked whether its bundle is necessary will naturally see integration benefits. A fair test asks outsiders to propose an equivalent safeguarded service and requires the registry to identify the specific integrity reason for refusal.

Evidence that would distinguish protection from exclusion

Debate about the RIR model often stays at the level of principle. Supporters invoke stability, bottom-up policy and decades of reliable operation. Critics invoke monopoly, club governance and weak accountability. Both can be true in part. The competition test needs operational evidence.

For entry, publish the number and nature of inquiries from possible candidate registries, the criteria discussed, the time taken, the deficiencies identified and whether applicants received a cure path. Confidential exploratory contacts can be aggregated. A system that reports no formal rejected applicant may still deter entry if the route is opaque or obviously dependent on incumbent consent.

For transfers, publish completion times by transfer type and region pair, withdrawals, refusals by reason, fraud findings, review outcomes and intervals in which no interoperable route exists. Report the effect of holding periods and needs tests. Preserve commercial confidentiality while showing whether restrictions actually prevent the harms cited for them.

For portability, publish a service dependency map. Identify which registration, authentication, reverse-DNS, directory, transfer and certification functions can move; which cannot; and why. Record the last continuity exercise and reconciliation result. An assertion that transfer is too risky should be tested against evidence from actual inter-RIR transfers and disaster-recovery exercises.

For service competition, identify which functions members must buy or receive directly from the RIR, which may be delegated, which are offered by downstream registries and which are closed. Explain any exclusivity. Compare prices, service levels and complaint data where meaningful. If bundling subsidizes a public good, disclose the subsidy rather than hiding it inside institutional necessity.

For standard setting, publish participation data by stakeholder class, geography and organizational size. Count not only attendance but authorship, sustained contribution and objections addressed. Disclose staff impact assessments and material conflicts. A standard produced through an open list may still reflect a narrow group if most affected users lack the capacity to engage.

For replacement, publish readiness measures without exposing exploitable security detail. Has data escrow been tested? Can a receiving operator validate holder identities? Can RPKI and reverse-DNS authority transition safely? Are disputed records marked? Is there a funding bridge? Who verifies the cutover? A theoretical power to replace an RIR has little disciplining effect without these answers.

Evidence also disciplines overstatement. A transfer restriction may prove highly effective against fraud. A service bundle may prove materially cheaper than fragmented alternatives. A recognition criterion may protect regional participation that a commercial entrant would neglect. A common technical requirement may be indispensable. The purpose of measurement is not to force liberalization; it is to let successful restraints earn legitimacy.

The most revealing metric is the denied alternative. Whenever a proposal is rejected, the record should state what narrower design was considered and why it failed. That single practice would improve both engineering and competition analysis. It turns “stability” from a conclusion into a comparison.

A twelve-part RIR competition screen

A practical screen can be applied to a recognition rule, transfer policy, portability limit, service bundle or replacement procedure without pretending to decide a legal case.

First, define the common product. Name the unique record, interoperable service or security property the rule protects. Second, identify the restraint. State exactly who cannot enter, transfer, switch, delegate, interoperate or replace. Third, establish authority. Show which public policy, agreement or technical specification authorizes the restraint.

Fourth, demonstrate causation. Explain how removing or narrowing the restraint would damage the common product. Fifth, test alternatives. Consider certification, escrow, staged approval, audit, dual confirmation, temporary limits, open interfaces and post-event review. Sixth, measure duration. Emergency and anti-flipping restrictions should not quietly become permanent.

Seventh, examine the decision-maker's interest. An incumbent may supply evidence but should not be the sole judge of entry into its region or replacement of itself. Eighth, test procedural openness. Affected networks, small providers, possible entrants and technical critics need a realistic ability to participate. Ninth, compare effects. Identical rules may burden newcomers more heavily than institutions with accumulated capital, data and reputation.

Tenth, preserve review. A reasoned decision should be challengeable before a body institutionally separate from the original maker. Eleventh, protect the user during dispute. Registration, routing-security and transfer services should not be used to pressure a holder into supporting either side. Twelfth, schedule reassessment. Scarcity, technology and regional conditions change; a restraint that was proportionate in one era may not remain so.

This screen would not compel recognition of a weak candidate or approval of a risky transfer. It would force the system to state why. A candidate that cannot protect records would fail. A portability proposal that creates conflicting authority would fail. A transfer route that cannot reconcile registries would fail. Those are defensible outcomes because they track the common product.

The screen would be more skeptical of an exclusion justified by institutional familiarity, a support requirement without a denominator, a transfer ban without measured fraud evidence, a bundled service without a core-function analysis or a replacement process that incumbents can veto without independent assessment. Those outcomes may still have explanations. The explanations would need to be public and specific.

No one needs to use the word cartel in the resulting documents. Indeed, the system should aim to make the word unhelpful. It can do that by proving that common rules preserve an open, contestable and interoperable order rather than a protected membership of five.

The future is a protocol for legitimate change

The RIR system's great achievement is continuity. Networks can rely on a registration hierarchy that spans jurisdictions, organizational changes and decades of technical evolution. The next achievement should be legitimate change: a way to admit, compare, assist, discipline and, if necessary, replace institutions without sacrificing the stability that made them important.

That future starts by refusing a false choice. The Internet does not have to choose between coordinated uniqueness and institutional competition. It can preserve one authoritative state while making the operators around that state more contestable. It can require common technical outcomes while allowing different organizational designs. It can support regional governance while offering credible review beyond an incumbent region. It can permit transfers while policing fraud. It can prepare replacement without normalizing political intervention.

The NRO and the five RIRs are well placed to build the change protocol because they understand the dependencies. Their expertise should design the interfaces, evidence standards and continuity tests. Their institutional interest means they should not alone decide whether those arrangements are sufficiently open. Independent assessment is not a rebuke to expertise; it is what lets expertise carry authority in a conflict.

ICANN also needs restraint. Its recognition role should not become a license to centralize number governance or choose regional institutions for political convenience. It should verify that published procedures were followed, that evidence meets the standard, that incumbent conflicts were managed, that regional support was fairly measured and that continuity is ready. Its reasons should be reviewable. The goal is a narrow constitutional backstop, not a global registry manager.

Resource holders need a different kind of protection. Their services should remain stable while institutional questions are decided. They should not lose access, transfer position, reverse-DNS support or RPKI capability because they declined to endorse an incumbent or challenger. Their registration history should follow the function. Their ability to challenge an administrative decision should survive a change of operator. Portability of rights matters as much as portability of data.

Possible entrants need a published door. The door may be demanding. It should test finance, technology, governance, neutrality, regional support, privacy, security and continuity. It should not move when someone approaches. It should not depend on private reassurance from the institutions whose boundaries may change. A rejected candidate should leave with reasons and a possible cure, not with a stability slogan.

Finally, the public needs a narrower vocabulary. “The RIR system” can describe a technical hierarchy, five corporations, several communities, a policy method, an ICANN relationship or an incumbent interest. Those are not interchangeable. A proposal may threaten one while strengthening another. Competition analysis works by separating them.

The RIR cartel test is passed not when every institution agrees, but when agreement remains open to challenge and tied to a demonstrable common need. Shared uniqueness standards are indispensable. Shared immunity from entry, transfer, portability or replacement is not. The difference should be visible in interfaces, reasons, evidence and the real possibility of change.