Summary
- A registry needs several unit costs, not one. Cost per active account measures fee-base scale; cost per completed case measures administrative load; cost per authoritative record measures custody; cost per protected resource or route measures security reach; and cost per service-quality-adjusted unit measures whether low spending bought reliable outcomes. None can substitute for the others.
- The numerator must include direct labour, systems, identity verification, security, legal review, depreciation, shared administration, assurance, correction, incident response, tested recovery and the economic cost of capital committed to continuity. It must exclude or separately label unrelated development, engagement and policy programmes rather than allocating every institutional expense to a registration transaction.
- RIPE NCC's 2024 activity account assigned EUR 9.509 million to “The Registry” within EUR 36.250 million of total operational expense. Its six registry sub-lines ranged from EUR 634,000 for the RIPE Database to EUR 2.367 million for the LIR Portal. The report explicitly says these activity figures are unaudited indications, which makes them a useful management exhibit rather than a ready-made unit-cost statement.
- ARIN reported 17,817 Registration Services tickets resolved, 5,999 calls and 1,721 chats in 2024, while its finance team prepared 32,200 invoices. Dividing total expense by any one of those counts would be misleading: contacts overlap, invoices are not registry decisions, difficult transfer or fraud cases consume more effort, and much technical capacity remains fixed when volume falls.
- A credible Number Resource Society would publish a cost stack, output dictionary, complexity weights, quality and correction measures, capacity denominator, risk allocation and three-year reconciliation. Fees would remain a separate policy decision: unit cost reveals resource consumption, but it does not decide who should pay, whether cross-subsidy is justified or how much reserve is prudent.
The cheapest registry can be the one that has stopped doing the job
Unit cost sounds like an antidote to institutional rhetoric. Divide spending by output, compare operators and reward the lowest result. The appeal is strongest in a territorial system where members cannot ordinarily choose another recognised RIR. A common measure could expose avoidable overhead and make future portability more credible.
The measure can also invert the truth. A registry that verifies identity carefully will spend more than one that accepts documents without challenge. A service that keeps redundant publication, tested backups and skilled responders available will look dearer than one that waits for failure. An institution that finds and corrects old records may report more cases and more expense before quality improves. A cheap but inaccurate authoritative record is not a lower-cost version of the same product.
The economic output is not an allocation email or a database write. It is dependable custody of a globally unique registration position, together with the ability to authenticate changes, explain decisions, correct errors and continue during stress. That output persists between transactions. A resource holder may make no request for years while networks, security systems and counterparties continue to depend on the record.
This makes registry economics resemble a blend of title administration, critical infrastructure and membership service. Some costs vary with requests. Many support standing capacity. Others are incurred to reduce the probability or consequence of a rare failure. The denominator must not treat all three as if they were factory pieces moving through one machine.
Efficiency remains a valid objective. The discipline is to state which obligation is being produced, at what quality and risk. A falling cost per ticket can be good if automation removes repetitive handling without weakening verification. It can be bad if unresolved work is reclassified, complex cases are deterred or controls are postponed.
The proper question is therefore not “what is the unit cost?” It is “which unit, which cost boundary, which quality floor and which period?” Until those are fixed, a precise number is only an arithmetic decoration.
The numerator begins with full economic cost
The most common error is to use the expense line that happens to carry the word “registry”. That line may include direct registration staff but omit shared security, legal advice, finance, management, premises, depreciation and recovery capacity. Another institution may allocate those costs differently. The resulting comparison rewards accounting placement rather than operational efficiency.
A full numerator has layers. Direct cost includes people handling applications, transfers, account changes, registry accuracy and member support; the systems they use; identity and sanctions checks; external records; and case-specific legal or technical advice. Product cost includes portals, authentication, Whois or RDAP, RPKI, reverse DNS, APIs, databases, monitoring and release engineering. Shared operating cost includes human resources, finance, procurement, facilities, data protection, management and governance used by the service.
Assurance is a separate layer. Security testing, code review, audit, control evidence, business-continuity exercises and independent service assurance are not optional overhead simply because no allocation request triggered them. Correction and incident response need their own line so an institution cannot improve its apparent cost by postponing remediation. Depreciation and amortisation should reflect assets consumed during the period; cash spent on a replacement platform should not all distort one year while the old system's remaining cost vanishes.
Finally comes capital and risk capacity. Reserves held for continuity are not an annual expense, and treating the whole balance as one would be wrong. Yet capital committed to an essential service has an opportunity cost. Insurance premiums, standby facilities, backup sites and contracted recovery support are visible costs. Unfunded exposure should be disclosed as risk rather than given a fictional price.
The numerator should reconcile to audited accounts, but it need not mirror them. Management cost accounting reallocates financial-statement lines by function. The bridge shows every adjustment: excluded non-registry activity, allocated shared cost, capital charge, extraordinary incident, donated input and inter-entity service. Without that bridge, “full cost” is an assertion.
This approach prevents two opposite distortions. It stops broad institutional programmes from being smuggled into the price of every registry unit. It also stops essential shared controls from disappearing because they sit outside the registry department.
No single denominator can describe the service
Different units answer different governance questions. An active account denominator shows how fixed cost is distributed across paying relationships. A member-month denominator improves on a year-end headcount by recognising openings and closures. It still does not measure work: one organisation may hold several accounts, one account may contain many resources, and National Internet Registry structures can place many downstream operators behind one direct relationship.
A completed-case denominator measures administrative production. Cases should be separated into new delegations, transfers, mergers and acquisitions, account recovery, contact changes, closures, policy compliance, review and correction. A raw ticket count is weaker because one case can generate several tickets, calls or messages. Automation can also close many simple tickets while senior staff spend days on one contested transfer.
An authoritative-record denominator measures the stock under custody. It may count resource registrations, organisations, maintained contacts, route-origin authorisations, reverse-DNS delegations or signed entities. This captures the standing duty that remains when request volume falls. It must avoid treating a large IPv4 block as intrinsically thousands of times more costly than a small one merely because it contains more addresses.
A service denominator measures technical output: authenticated changes, API operations, queries served, certificates published or recovery tests passed. High public query volume can be driven by automated clients and does not necessarily represent more value. The cost of serving the next query may be tiny while the secure platform needed to serve the first one is substantial.
The answer is a dashboard, not a blended mystery. Publish cost per active account-month, per weighted completed case, per maintained authoritative entity and per unit of reliable technical capacity. Then show the fixed and variable shares. Each ratio should have a dictionary that states inclusions, exclusions, deduplication and period.
Comparability requires stable definitions, not identical regional conditions. A merger case in one RIR should be recognisable as the same class in another even if law, language and evidence differ. If a registry cannot map its work into the common dictionary, it should explain the difference rather than force unlike events into one total.
Complexity weights must be observed, not negotiated for convenience. Counting each case as one creates a perverse incentive to prefer easy work. A routine IPv6 delegation to an established member, a disputed legacy-record change, an inter-RIR transfer involving several legal entities and an account-recovery attempt with suspected fraud are not equivalent production units. Equal counting makes the registry with the hardest inheritance look inefficient.
Complexity weights can correct this, but they introduce discretion. Managers might raise weights to excuse cost growth or lower them to display productivity. The weights should therefore be estimated from observed resource use rather than chosen to produce a preferred result.
A time-driven method is one option. Sample cases by class and record active staff minutes across registration, legal, security and finance. Add measured system and external-verification cost. Use the median and distribution, not only the average, because a small number of extreme cases can dominate. Refresh the sample when policy, automation or fraud patterns change.
Another method uses case attributes: new or known organisation, domestic or cross-border evidence, transfer type, sanctions screening, contested authority, manual identity review, legacy status and appeal. These attributes can predict effort without exposing the identity of the holder. A case can then be expressed in standard work units, with a simple baseline case equal to one.
Weights should never reduce substantive rights. A registry must not define an appeal as twenty units and then discourage appeals to improve its score. High-cost case types are information: they may justify better guidance, specialised teams, shared expertise or a redesigned process. They are not proof that the applicant is undesirable.
The public report needs ranges and confidence. It can say that an inter-RIR transfer consumed a median multiple of a routine change, with the sample size and period, rather than pretending to know an eternal coefficient. Outliers should be described by cause: litigation, incomplete documentation, technical incident or internal rework.
Complexity adjustment makes cost more honest only if quality remains beside it. A fast case mishandled is not a low-cost completed unit; it is unfinished liability.
RIPE NCC publishes a useful cost map, with a warning attached
RIPE NCC's 2024 Annual Report gives an unusually visible activity account. It reports EUR 36.250 million of total operational expense and assigns EUR 9.509 million to “The Registry”. The registry total is split into Registration Services at EUR 2.306 million, Member Services at EUR 1.473 million, Registry Monitoring at EUR 1.284 million, the LIR Portal at EUR 2.367 million, RPKI at EUR 1.445 million and the RIPE Database at EUR 634,000.
The same table assigns EUR 7.851 million to Information Services, EUR 8.276 million to External Engagement and Community, and EUR 9.637 million to Organisational Sustainability, with bad debts and depreciation shown separately in the total. It is already better than a single institutional expense number because members can see that registry custody is one substantial part of a broader organisation.
The report also prints the limitation that should govern any calculation: activity figures are not part of the audited financial report, have not been externally audited and serve as indications of costs. That does not make them unusable. It means an analyst should not present EUR 9.509 million as a fully assured cost pool without the allocation method.
The sub-lines raise productive questions. Does the LIR Portal include only registry-facing functions or also general member services? How are security and compliance allocated between Organisational Sustainability and RPKI? Is depreciation charged to activities or left at the institutional level? Does Registry Monitoring include the cost of corrections it triggers? Which legal costs follow transfer or sanctions cases back to Registration Services?
RIPE NCC also publishes output measures, including Assisted Registry Checks and abuse-contact validation. Those measures illuminate activity but do not share one denominator. A check can inspect a large account. An automated validation can be cheap until it fails and requires manual work. RPKI coverage and database availability describe different products.
The correct next step is not to divide EUR 9.509 million by whichever count is largest. It is to reconcile the activity cost pool, separate fixed platform from case handling, and publish several defined units. The existing table is a strong starting exhibit precisely because its warning prevents false precision.
ARIN's contacts, cases and invoices show the denominator trap
ARIN's 2024 Annual Report supplies an instructive set of volumes. Registration Services received 5,999 customer phone calls and 1,721 customer chats, and resolved 17,817 tickets. The finance team prepared 32,200 invoices with total billings of USD 29.5 million and completed about 2,250 service calls concerning billing.
Each number is real. None is “the” registry output. A member can open a ticket, call about it and later use chat. One ticket may concern a password while another carries a transfer of valuable legacy space. An invoice may charge an annual service plan without any registration decision in that month. A single account can receive several invoices or adjustments. Billing volume measures finance operations, not authoritative custody.
Dividing ARIN's whole operating expense by 17,817 resolved tickets would load Board governance, engineering, security, communications, policy support and fixed services onto a contact-system count. Dividing only Registration Services payroll by tickets would move in the opposite direction, omitting the platform and controls needed to resolve them. Dividing USD 29.5 million of billings by 32,200 invoices would produce average invoice value, not unit cost.
The volumes are more useful when connected in a case model. Count distinct service cases, link their channels, classify complexity, record elapsed and active time, and identify rework. Finance can separately report cost per invoice and collection, including failed payments and concessions. Technical services can report fixed capacity and use. The account denominator can show the scale across which those functions are funded.
ARIN reported a significant reduction in transfer resolution time and created teams for technical service support and registry integrity for 2025. A unit-cost series should preserve the before-and-after evidence. If cost per weighted transfer rises while time, accuracy and fraud resistance improve, the increase may represent value. If cost falls because automation removed duplicate handling with stable quality, that is genuine productivity.
The denominator trap is not a reason to stop counting. It is a reason to keep the links between contact, case, decision, record and invoice instead of selecting the most flattering volume.
APNIC demonstrates scale, layers and the NIR complication
APNIC passed 10,000 direct members in April 2024, but direct membership does not describe every organisation served in the Asia Pacific. National Internet Registries operate in several economies and mediate relationships with downstream members. Counting only direct APNIC accounts understates the service population; adding all NIR members without reconciling definitions can double-count or combine unlike obligations.
The 2025 APNIC Annual Report shows why a transaction denominator is also multidimensional. APNIC reported 1,240 IPv6 delegations, 1,401 IPv4 delegations, 1,214 ASN assignments, 696 IPv4 market transfers and 269 merger-and-acquisition IPv4 transfers. It also reported service quality: a 100% satisfaction rate for resource delegation and transfer services, and an average Helpdesk response of 7.62 hours with 95% of ratings described as excellent or above average.
Those output counts should not simply be added. A delegation and a merger transfer carry different evidence and risk. A satisfaction response is not an independent audit of accuracy. An average response time can hide the tail experienced by the most difficult cases. Yet the combination is far more informative than a transaction total alone.
APNIC's audited 2024 statements supply a financial perimeter rather than a functional cost account. They report AUD 27.724 million of contract revenue, including AUD 26.830 million of membership fees, and AUD 20.072 million of employee-benefit expense among broader expense lines. Foundation-funded project expense is separately labelled at AUD 3.949 million. These figures cannot be converted into core registry unit cost without allocating labour and shared systems between Registry, Development, Engagement, Capability and externally funded work.
The NIR layer requires a two-stage account. APNIC should show the direct service it provides to each NIR—delegation, technical interfaces, assurance, policy coordination and support—then the NIR should report its own downstream unit costs under the same dictionary. The combined cost can be compared with a direct-service model without pretending the intermediate institution is either free or redundant.
Regional scale is therefore not one member count. It is a map of accounts, downstream holders, maintained records, cases and technical services, each connected to the organisation that actually incurs cost and bears responsibility.
Quality belongs in the unit, not in a footnote
A cost ratio without a quality condition encourages silent degradation. The service unit should therefore be quality-adjusted. At minimum it needs accuracy, timeliness, availability, security, correction and procedural fairness. Different outputs require different thresholds.
For a registration decision, accuracy includes correct policy application, authenticated authority, consistent record update and complete evidence. Timeliness should measure the period controlled by the registry separately from time waiting for an applicant. Availability applies to portals, public data, RPKI and reverse DNS. Security includes control operation and incident severity, not merely absence of public compromise. Correction includes detection, notice, remedy and time to restore authoritative state.
Procedural quality is harder to reduce to a percentage but cannot be omitted. A holder should receive reasons for a material refusal or closure, an opportunity to respond and access to review under the applicable rules. A cheap decision that cannot be challenged externalises cost to the member, court or wider routing system.
One method reports cost per conforming unit. A case counts as complete only after required controls are met and no material error emerges within a defined period. Reopened cases and corrections return to the cost pool. Another method presents unit cost beside a quality vector rather than compressing it into one composite score. The latter is less convenient for rankings but more honest.
IANA's numbering-service performance reports demonstrate that precise service dimensions are possible. They distinguish acknowledgment, response, implementation, accuracy, reverse-DNS propagation and system availability. IANA's volume is not comparable to an RIR's retail case load, but the measurement architecture is relevant: the service is not considered successful merely because a request was processed cheaply.
Targets must resist gaming. A median hides extreme delay; an average can be dominated by outliers. Publish median, 90th or 95th percentile, maximum with explanation, and breach count. Sampling of accuracy should be independent from the team whose productivity is assessed.
Quality adjustment makes regional comparison stricter and fairer. An operator may choose a more expensive control environment because its legal exposure or fraud pressure is higher. The report can show the cost and achieved assurance instead of treating every difference as waste.
Correction and rework are part of production cost
Organisations often measure the cost of completing the first decision and place later repair elsewhere. That makes weak initial work look efficient. A registry unit should carry its attributable rework: repeated document requests caused by unclear instructions, internal handoffs, reopened tickets, incorrect records, failed releases, appeals that reverse decisions and incident remediation.
Not all repetition is waste. New evidence may emerge. An applicant may submit inconsistent documents. Policy may require independent second review. A security investigation may correctly take several rounds. The account should classify cause rather than assume every extra touch is institutional failure.
Three rates are useful. First-pass yield is the share of cases completed without internal defect or avoidable return. Correction rate is the share of authoritative records requiring material amendment because of registry error, separated from holder-requested updates. Escape rate is the share of defects discovered after the record or service change became public. Each should carry severity and time to correction.
The cost ledger assigns internal-failure cost to rework before release and external-failure cost to correction after release. It can separately identify applicant-caused delay and legitimate complexity. This gives managers an economic reason to improve forms, validation and release controls rather than merely close more tickets.
Historical cleanup deserves its own programme line. A registry may inherit old records created under different rules or by predecessor institutions. Spending to verify them can raise current unit cost even though current staff did not create the defect. The report should show legacy remediation separately while still including it in the full cost of maintaining trustworthy custody.
Appeals should never be treated simply as failure expense. They are also an assurance mechanism. The report can show cost per appeal, outcome and root cause without discouraging access. A high reversal rate may reveal guidance or first-line problems; a low rate may reflect sound decisions or inaccessible review. The interpretation requires both process and results.
An institution that publishes rework will initially look worse than one that hides it. A common standard corrects that incentive. Over time, the credible low-cost operator is the one that reduces avoidable repetition while preserving independent correction.
Fixed capacity should be priced at practical capacity, not actual traffic
Core registry systems and skilled teams must remain available when demand is low. If fixed cost is divided by actual transactions, unit cost rises during a quiet year even when capacity, quality and risk are unchanged. Management may then cut essential capability precisely when low volume offers a chance to improve it.
Cost accounting should use practical capacity for the fixed layer: the sustainable service volume a properly staffed and maintained system can handle without chronic overtime or unsafe utilisation. The difference between practical capacity and actual use becomes visible unused-capacity cost. Members can then ask whether the gap is temporary insurance, structural overbuilding or the consequence of declining activity.
Technical capacity includes authenticated portal operations, database writes, query serving, certificate publication, monitoring and recovery. Human capacity includes specialist case handling, security response, legal review and communications during incidents. Some roles cannot be fractionally procured at short notice. A minimum team has value even if its measured utilisation appears low.
Practical capacity should not be a fantasy maximum. A system's benchmark under synthetic load can exceed safe production volume. Staff cannot spend every paid hour on cases; training, leave, control review and process improvement are necessary. The denominator should be based on tested operating conditions and a declared service-quality margin.
Unused capacity then receives a reason code. Resilience capacity is deliberate. Transition capacity supports parallel systems during migration. Growth capacity anticipates credible demand. Stranded capacity follows a cancelled programme or obsolete platform. Idle capacity reflects vacancies, delay or poor planning. Only the first three may be justified, and each needs a time horizon.
This treatment is especially important after IPv4 exhaustion changed allocation patterns. Falling allocations do not eliminate the installed base, transfer work, accuracy checks, RPKI, reverse DNS or public registry services. A cost per new IPv4 allocation would explode while describing less and less of the actual duty.
By separating variable case cost from fixed practical capacity, members can see whether a rising ratio is caused by inefficiency, lower volume or a deliberate continuity margin. The arithmetic stops punishing preparedness automatically.
Capital projects must be spread across the service they create
Registry platforms require periodic replacement. Authentication, portals, databases, RPKI, monitoring and internal case systems can absorb several years of staff and supplier cost. A cash account makes the build year look expensive and later years cheap. Ordinary depreciation can smooth purchased assets but may not capture internally developed software, abandoned designs or the management burden of parallel operation.
A unit-cost ledger should maintain a capital-project register. It records approved purpose, expected useful life, total authorised cost, staff time, supplier spend, security review, migration, parallel run, retirement and residual obligations. Cost enters the service unit over the years that receive benefit, while impairment is recognised when promised capability will not be delivered.
This does not mean inventing assets to flatter the current budget. Accounting recognition remains governed by the applicable standards. The management view can separately show economic investment and reconcile it to audited expense and capitalisation. Members should see both cash pressure and long-run service cost.
Migration is often the hidden component. Two platforms may run together; data must be reconciled; staff learn new tools; interfaces change; old licences and contracts persist; users need support; and recovery plans must be retested. A business case that compares only build cost with the old platform's annual maintenance will understate the transition bill.
Benefits also need a denominator. A replacement can reduce handling time, improve authentication, lower error rates, strengthen availability or enable portability. Each claimed benefit should have a baseline and measured post-release result. “Modernisation” is not an output unit.
Failed experiments should remain visible. Some exploration is rational in critical technology. Hiding abandoned work inside general engineering prevents members from learning how often investment assumptions fail. The ledger can classify discovery expense separately from production asset cost and set a tolerance.
A portable Number Resource Society would add exit value. Data standards, documented interfaces and transferable operations may cost more initially but reduce dependency on one operator. That option is a service benefit, not overhead to be discarded by a narrow per-ticket calculation.
Security and continuity are standing products
Security expense is often allocated across departments or described through projects. For unit cost, the key insight is that security and continuity produce a standing state: controlled authority and recoverable service. Their output is not the number of incidents, since a well-run year may have few.
The cost stack should include identity controls, privileged access, logging, vulnerability management, secure development, monitoring, independent testing, incident response, backups, alternate publication, disaster recovery, exercises, insurance and crisis communications. It should identify which services each control protects. Broad corporate controls can be allocated by risk exposure or system use rather than crude headcount alone.
Performance combines leading and outcome measures. Leading measures include control coverage, patch time, recovery-test success, credential review and unresolved high-severity findings. Outcomes include incidents, unauthorised changes, data loss, service interruption and recovery time. A zero-incident claim without control evidence is not assurance.
Continuity capital should be treated carefully. Cash and investments held as reserves are balance-sheet assets, not annual operating cost. The annual unit-cost report can show the cost of maintaining liquidity, insurance and standby arrangements, plus a separate reserve adequacy measure. It should not allocate an arbitrary share of the whole reserve to each transaction.
Stress testing supplies the connection. Estimate the cost and time to restore critical services under loss of premises, key staff, primary systems, banking access or institutional authority. Show funded and unfunded gaps. A region with higher operational or legal risk may rationally carry more capacity. The comparison should reward tested recovery, not the smallest visible budget.
Mutual aid among RIRs can reduce individual cost, but only if commitments are executable. The shared capacity should have activation authority, technical compatibility, access controls, tested handover and an allocation of expense. An informal promise is not equivalent to recovery capability.
The unit produced is therefore a year of service within a stated risk tolerance. Transaction ratios sit inside that envelope. If the envelope is missing, the apparently efficient registry is borrowing from future failure.
Governance and development costs need transparent boundaries
Member meetings, elections, policy support, training, research, engagement and Internet-development programmes can all produce value. Loading them indiscriminately into registry unit cost makes the core service appear more expensive and makes discretionary scope difficult to challenge. Excluding all governance is equally wrong because legitimate authority and review are part of administering rights.
Core governance cost includes the Board time, member authority, election integrity, policy implementation, appeals and public reporting necessary to make registration decisions legitimate and accountable. It should be allocated to the registry function. Broader representation, conferences, grants and development activities should have separate cost and outcome accounts unless a direct service link is demonstrated.
The boundary is functional, not rhetorical. A training course that enables holders to manage RPKI can be a measured adoption intervention. A general conference sponsorship may support community relationships but should not be counted as the cost of issuing a certificate. Policy development that changes allocation rules belongs to the rights system; participation in unrelated public-policy debates may belong to a separately authorised programme.
Shared inputs still require allocation. Communications staff may prepare incident notices, member guidance and conference promotion. Legal staff may handle transfers, employment and external advocacy. Time sampling and service records can assign the direct portion; the residual remains in the programme that caused it.
This separation protects both sides. Advocates of development can defend programmes on their actual beneficiaries and results rather than claiming they are inseparable from every registry transaction. Members seeking cost discipline can compare core custody without pretending the wider Internet gains nothing from coordination and skills.
The published account should include a boundary-change log. If an activity moves from core registry to development, or vice versa, prior-year figures should be restated where practical. Otherwise management can improve the apparent trend by reclassification.
Institutional scope is ultimately a governance choice. Unit cost informs that choice by showing consequence. It should not decide the mission in secret through allocation rules.
Geography, language and law are cost drivers, not excuses
RIR regions differ greatly in size, language, banking access, legal systems, sanctions exposure, connectivity and National Internet Registry arrangements. A global comparison that ignores these conditions will reward the easiest territory. A comparison that treats every difference as incomparable will never discipline cost.
The common account should identify structural drivers. Case data can record language, jurisdiction count, evidence type, payment constraint, sanctions review, NIR involvement and cross-border transfer status. Service data can record economies covered, time zones, languages supported and remote-site requirements. The report need not disclose confidential applicant details; aggregated drivers are enough.
Currency creates another distortion. Native-currency cost should be the primary series. Cross-regional comparison can use a declared exchange-rate convention and purchasing-power analysis, but neither should replace the original account. A favourable exchange movement must not be credited as lower operating effort. Inflation and salary-market changes should be separated from volume, quality and productivity.
Legal cost should follow cause. Routine corporate compliance is shared overhead. Case-specific litigation or court response belongs to the affected service class but may be shown separately because one dispute can dominate a year. Policy changes imposed by law should appear as structural variance. Management error or avoidable delay should remain visible as performance variance.
Language and local presence can improve accuracy and access, not merely raise cost. A centralised operator using one language may display a lower unit figure while shifting translation, legal and payment burden onto members. Total-system cost should include material costs imposed on users when the service design changes.
Adjusted comparison can then ask a fair question: after accounting for observable complexity, how much unexplained cost remains, and what quality was achieved? The adjustment should be public and conservative. It must not become a formula that explains every overrun.
Regional difference is compatible with a common unit dictionary. The point is to expose why costs differ, not to force five institutions into one unexamined average.
A standard registry cost statement can remain readable
The full model sounds complex because the service is complex. The public statement need not be. One page can carry the principal bridge, with detailed definitions and assurance behind it.
Start with six cost pools: direct case handling; authoritative data and technical services; security, assurance and continuity; core rights governance; allocated shared support; and capital consumption. Show separately excluded programmes, extraordinary incidents, legacy remediation and unused capacity. Reconcile the total to audited operating expense and explain every material difference.
Then publish four denominators: active account-months, weighted completed cases, maintained authoritative entities and practical service capacity. For each, state opening and closing counts, additions, removals, deduplication and the organisation responsible where an NIR or shared service is involved. Do not combine them into one synthetic total.
The result table can show direct cost per weighted case, full registry cost per account-month, fixed technical cost per maintained-entity band and unused-capacity cost. Beside it place quality: accuracy sample, first-pass yield, correction and escape rates, response and completion percentiles, availability, serious incidents and recovery-test result.
A three-year variance bridge explains movement through price, volume, complexity, quality investment, capacity, currency, scope and one-off events. Prior years are restated for material definition changes. A confidence note identifies sampled data, estimates and unaudited allocations.
Independent assurance should focus on the bridge and definitions rather than promising that every managerial allocation is objectively unique. Test whether costs reconcile, drivers were applied consistently, samples are supported, exclusions are complete and quality measures have not been manipulated. Members can then debate judgments with reliable facts.
Machine-readable data would permit analysis, but the human account comes first. The aim is not to produce an accounting labyrinth. It is to prevent one simple ratio from concealing rights, risk and institutional scope.
Every reported unit should answer a sentence: “This amount represents these costs incurred to produce and maintain this defined service at this measured quality during this period.” If the institution cannot complete that sentence, it should not publish the quotient as efficiency.
Cost informs price, but does not dictate it. Once unit cost is credible, a tempting final mistake remains: assuming each user should pay exactly the cost attributed to that user. Registry fees are also an allocation of common cost, risk and policy priorities. Fixed infrastructure, historical records, reserves and public data do not map neatly to one invoice.
A charging scheme can cross-subsidise smaller holders, new entrants, difficult payment environments or services with wider network benefit. It can charge by resource holdings, account category, transaction, membership or a combination. Those are distributive choices. Unit cost tells members the consequence and identifies the subsidy; it does not declare the choice illegitimate.
Price can also influence behaviour. A transfer fee may recover handling cost but deter accurate registration if set too high. Charging per support contact may reduce frivolous demand while discouraging early correction. A fee tied mechanically to address count can bear little relationship to registry effort. The Board should state when a fee is cost recovery, risk allocation, behavioural incentive or redistribution.
The cost statement makes this explicit through a price bridge. Begin with full registry cost, add or subtract the approved reserve contribution, separate other programme funding, allocate cross-subsidies, account for investment or other recurring income conservatively, and derive required fee revenue. Then show how the charging scheme distributes that requirement across payer groups.
In a future Number Resource Society with greater operator contestability, unit cost would support bids and portability. A candidate operator could price defined service bundles against common quality and continuity terms. The incumbent could not win merely by excluding legacy cleanup or reserve capacity, and a challenger could not underbid by omitting exit obligations.
Competition would still need safeguards. The cheapest bid may depend on concentrated infrastructure, weaker local access or unrealistic migration. The cost model should require a transition bond, data portability, recovery evidence and a transparent treatment of stranded incumbent assets.
Unit cost is therefore a constitutional aid as much as a financial metric. It reveals what the institution consumes to preserve a right and who bears the difference between consumption and price.
The useful number is a disciplined set of numbers
RIR reports already contain much of the raw material. RIPE NCC maps expense to activities and warns that the allocations are indicative. ARIN reports contacts, tickets, invoices and billings. APNIC reports delegations, transfers, member scale, response time, satisfaction and audited expense lines. LACNIC publishes audited operating categories. IANA demonstrates service measurement tied to timeliness, accuracy and availability.
What is missing is a shared cost statement that connects those facts without pretending they are naturally commensurate. The design should resist both institutional expansion and crude austerity. It should expose broad programmes that have been loaded onto core custody, while ensuring that security, correction and continuity are not cut out to make the transaction figure attractive.
The decisive distinction is between flow and stock. Cases, tickets and invoices are flows. Authoritative records, trained teams, secure systems and recovery capacity are stocks that must be maintained. A registry with falling new allocations can still carry a growing duty to protect the installed base. Any denominator built only from new transactions will misread that transition as inefficiency.
The second distinction is between cost and outcome. Spending more does not prove quality. Spending less does not prove productivity. The report must put reconciled cost beside observed accuracy, completion, correction, availability and resilience. It should show uncertainty rather than hiding it in an elegant composite score.
The third distinction is between cost and legitimacy. Appeals, member authority and reasoned decisions consume resources because the registry administers consequential positions, not disposable commodities. Those controls can be made efficient, but they cannot be treated as waste merely because a database write is technically cheap.
A mature unit-cost account will therefore disappoint anyone seeking one global league table. It will provide something better: a stable set of ratios, a full numerator, defined denominators, quality evidence, complexity adjustment, unused capacity and an auditable bridge. Members will be able to identify real savings without rewarding institutional fragility.
The registry's unit is not an address. It is a reliable, reviewable and recoverable act of custody. The cost statement should finally count it that way.
Sources
- RIPE NCC, Annual Report 2024 - activity cost map, registry sub-lines, total operational expense, registry-accountability activity and the explicit unaudited-allocation qualification.
- RIPE NCC, Financial Report 2024 - audited institutional expense, personnel, depreciation and financial-statement reconciliation context.
- ARIN, 2024 Annual Report - Registration Services calls, chats and resolved tickets, invoice count, billings and finance-service calls.
- ARIN, 2024 audited financial statements - audited operating-expense perimeter, financial position and expense classification.
- APNIC, 2024 audited financial report - contract revenue, membership-fee revenue, employee-benefit expense, Foundation-funded activity and audited financial perimeter.
- APNIC, 2025 Annual Report - delegation and transfer volumes, response time, satisfaction and activity cost reporting used to illustrate multidimensional output.
- APNIC, direct membership reached 10,000 - direct-member scale and the distinction between direct APNIC membership and wider regional service structures.
- LACNIC, 2024 audited financial statements - operating-expense categories, personnel, professional services, travel, technology, depreciation and financial reporting basis.
- Number Resource Organization, RIR Statistics - quarterly number-resource reports and the cross-regional statistical context needed to define workload consistently.
- Number Resource Organization, IANA Numbering Service Level Agreement - service obligations between the five RIRs and the IANA numbering-services operator, including the reverse-resolution amendment.
- Number Resource Organization, 2024 IANA Numbering Services Review Committee Report - independent review role, annual request volumes and conclusion on 2024 service performance.
- IANA, Number Resource Performance - separate measures for acknowledgment, response, implementation, accuracy, reverse-DNS propagation and availability.

