Summary

  • Modern electricity regulation offers three precise lessons for number registries: define service outputs and remedies, expose efficient costs and cross-subsidies, and constrain disconnection through notice, cure, complaint stays, restoration and continuity arrangements.
  • Those lessons address the dependency around a record, not the physical nature of electricity. IP addresses are not consumed energy, registry databases do not carry packets, and Regional Internet Registries do not own territorially exclusive wires or balance supply and demand in real time.
  • Ofgem's guaranteed standards and Australian reliability incentives show why availability, transaction time, correction time, stale-state duration and repeat incidents need separate measures. Copying electricity interruption indices without defining the registry function would create false precision.
  • Current ARIN, RIPE NCC and APNIC materials show that non-payment can lead through service stop or termination to directory removal, deregistration, certificate consequences or revocation. The proper analogy is procedural protection calibrated to operational dependency, not permanent immunity from lawful action.
  • Cost-of-service review should make the narrow registry service, reserves and adjacent activities auditable. It should not create a guaranteed return on a digital rate base, a global public-utility commission, state ownership or broad regulatory control over operators.

The comparison begins by refusing equivalence

An electricity connection and an Internet number record can both become essential to an organization that depends on them. That is the reason to compare their institutions. It is not a reason to say they are the same entity.

Electricity is generated, transported over physical systems, balanced continuously and consumed. Distribution networks have geographic service areas, high sunk capital and local natural-monopoly characteristics. A household usually cannot ask another set of wires to reach the same premises tomorrow. These conditions support public regulation of rates, investment, quality and disconnection.

An IP address or autonomous system number is an identifier used by networks. A registry maintains allocation and registration state so globally unique numbers are not assigned to more than one party at the same time. RFC 7020 expressly places the decision whether and how addresses are announced outside the Internet Numbers Registry System. Databases do not carry packets, and a registration entry is not a unit of connectivity delivered each second.

The comparison is therefore institutional and procedural. Both settings can contain a narrow service on which others depend, information asymmetry between administrator and user, a difficult exit, costs recovered from a captive base and adverse actions with consequences larger than the unpaid invoice or incorrect field that triggered them.

Useful comparison begins by identifying that dependency. Bad comparison begins by importing the whole electricity state because the word "essential" appears in both descriptions.

Electricity regulation since the 1990s is not one command model

The modern electricity record does not support a simple claim that essential networks must be state-owned and centrally directed. Since the 1990s, major reforms have often tried to separate monopoly network functions from activities in which competition is possible.

In the United States, the Federal Energy Regulatory Commission's Order No. 888 required covered public utilities to file open-access, non-discriminatory transmission tariffs with minimum terms. It sought to limit the use of transmission control to disadvantage competing power sellers. It did not nationalize every transmission asset.

Europe's 1996 electricity directive began an internal-market framework that separated generation, transmission and distribution functions. The current Directive 2019/944 continues rules on unbundling, network independence, non-discrimination, market access and consumer protection. It accommodates public and private ownership while constraining conflicts around network control.

Great Britain's RIIO price controls and Australia's service incentives add performance-based techniques to traditional cost review. The lesson is plural: specify the indispensable function, constrain monopoly leverage, measure outputs and allow competition where the common network does not require exclusivity.

For registries, that points toward a thinner common record and more replaceable service, not a ministry for Internet numbers.

A functional map shows which parts can travel

The two systems can be placed beside each other without collapsing one into the other.

Question Electricity network Internet number registry Transferable discipline
What must remain continuous? Safe delivery and restoration of supply Unique, accurate and reachable registration state; defined credential and directory services State the essential output and recovery objective
What is measured? Interruption duration, frequency, response, voltage, connection work Query and update availability, correction time, stale-state duration, authentication, export and credential events Publish function-specific service indicators
How are costs recovered? Tariffs or rates linked to efficient network cost, capital and policy Membership, registration, transaction and service fees Disclose activity cost, allocation, reserves and cross-subsidy
What happens before termination? Notice, payment assistance, complaint routes and protected circumstances Notices, cure periods, service restrictions, possible deregistration, revocation or certificate effects Require reasons, cure, review, proportionality and restoration
Who operates the downstream system? Network companies and market actors under dispatch and balancing rules Autonomous networks under local routing and commercial policy Keep administration separate from operator control
Why is monopoly tolerated? Physical duplicate wires may be inefficient One coherent uniqueness state is necessary, but the service provider need not be irreplaceable Preserve one state while enabling provider portability

The last row is decisive. Competing electricity distributors cannot usually use separate wires to deliver indistinguishable service to one premise. Competing registration providers can, in principle, serve portable records if a common uniqueness rule, auditable succession and relying-system interoperability prevent double registration.

The coordination fact does not prove that one institution must remain the permanent service monopoly.

Guaranteed standards turn service language into an obligation

Britain's Quality of Service Guaranteed Standards require electricity distribution companies to meet specified service levels. Covered failures can trigger payments to customers, subject to exemptions. The standards address matters such as restoration, connections and voltage quality. Ofgem describes the payments as compensation for inconvenience, not complete compensation for consequential financial loss.

That distinction is useful for registries. A promise to offer "high-quality service" gives an operator little to test. A guaranteed standard names the function, clock, stopping conditions, evidence, exception and remedy. Registry commitments could cover acknowledgement of an authenticated request, initial review, correction of a proven data error, restoration of access, completion of a portable export, incident notice and publication of a post-incident account.

The remedy need not pretend to insure every business loss. A fixed service credit, fee refund, funded independent review or other bounded payment can create institutional consequence without requiring the registry to price every downstream dependency. More serious loss may remain subject to contract and applicable law.

Exceptions need evidence. A registry should not stop the clock merely by asking a repetitive question or classifying every security event as exceptional. Equally, a user should not obtain automatic compensation for delay caused by missing authentication or a court restriction.

The transferable principle is administrability: the user can tell whether the provider performed and what follows if it did not.

One uptime number conceals the service that failed

Electricity regulators learned to separate aspects of reliability. The Australian Energy Regulator's distribution service incentive work uses standardized interruption concepts and indicators such as the System Average Interruption Duration Index and System Average Interruption Frequency Index. The point is not merely to report whether a company was generally available. Duration, frequency, repeated events and customer exposure can produce different pictures.

A registry needs the same decomposition but not the same formula. Public RDAP might remain available while authenticated updates fail. A portal may work while certificate publication is stale. A database can answer every query quickly and return an incorrect holder. A transfer may complete administratively while a dependent service lags. One percentage cannot describe these failures.

The service account should distinguish read availability, write availability, authentication, registration accuracy, correction latency, transfer latency, export completeness, certificate and repository state, and incident communication. It should publish the number and duration of stale or conflicting states and the recurrence of errors after correction.

External measurement matters. A provider that measures only the front door may miss failures seen by operators in other regions. Sampling needs clear denominators and treatment of planned maintenance. Severe incidents should not disappear inside annual averages.

Electricity's indices teach the need for consistent units and comparable definitions. Copying SAIDI or customer-minutes directly would only replace vague claims with inappropriate arithmetic.

Accuracy deserves a service level of its own

The utility analogy is strongest when it moves beyond availability. Voltage can be present and still fall outside required quality. Registry data can be online and still be wrong.

RFC 7020 calls registration accuracy a core requirement because unique numbers need correct allocation information for operational purposes. A registry service standard should therefore define more than response time. It should measure sampled field accuracy, provenance completeness, age of unverified contacts, time from supported correction request to changed state, time to notify dependent systems and the proportion of corrections later reversed.

Different fields need different clocks. A compromised account or conflicting control proof may require an immediate protective hold. A corporate-successor claim may need document review. A routine contact update can be faster. The standard should publish categories rather than let every request enter an unbounded queue.

An accuracy remedy should repair the state and its consequences. The provider may need to restore access, republish corrected data, notify relying services, reverse a fee, preserve the prior record and explain why the error occurred. A credit without correction is not a remedy; a silent correction without provenance makes later disputes harder.

This is an area where current registry practice could exceed electricity regulation. Digital state is easier to version and compare than a physical outage. The audit trail can show exact transition time and authority if institutions design it to do so.

Cost of service is a question before it is a pricing formula

The US Department of Energy's Electricity Distribution System Baseline Report describes the traditional regulatory compact: a monopoly franchise and obligation to serve in exchange for oversight, recovery of prudent service costs and an opportunity to earn a fair return on capital. Regulators determine a revenue requirement and allocate costs among services and customer classes.

The most useful registry lesson comes before the return calculation. What does the essential service cost? Which activities are necessary for uniqueness, accurate registration, security, continuity and portable access? Which costs arise from education, research, advocacy, conferences, policy development or adjacent technical products? Who benefits, and who pays?

An activity budget can answer those questions only if categories are stable and allocation methods are visible. Staff serving several functions need a reasonable allocation basis. Shared infrastructure needs disclosed treatment. Reserves need a target connected to continuity risk. Capital and operating costs should not be moved between categories merely to defend a fee proposal.

Cost review does not determine legitimate scope. An institution could account perfectly for an activity it should not compel all users to fund. The narrow mandate must come first; accounting then tests whether charges support it efficiently.

That is the transferable core of cost-of-service regulation: make captive payment answerable to the service that justifies captivity.

The fair-return utility bargain does not fit a registry by default

Electricity networks require substations, lines, transformers, control equipment, maintenance and long-lived investment. Traditional rate regulation gives an investor-owned utility an opportunity to recover prudent costs and earn a reasonable return on the capital committed to public service. That bargain supports financing where customers cannot discipline the provider through ordinary competition.

A number registry has real costs: secure systems, skilled staff, authentication, databases, certificate services, legal work, audits, incident response and reserves. It does not follow that every expenditure should enter a digital rate base that earns a guaranteed return. The incumbent might be a nonprofit association. Much of the value may be software, data, contracts and trust rather than irreversible territorial plant.

Creating a utility-style return could reward institutional expansion. More staff, property or proprietary systems could increase the base from which fees are justified. It could also entrench the provider by treating replaceability as a threat to approved investment.

Registry finance should instead begin with efficient-service cost, open interfaces, independent procurement, reserve needs and the expense of tested continuity. If a commercial provider participates, its profit should face competition and contractual choice wherever possible. The common uniqueness layer should not guarantee a return merely because its records are essential.

Electricity regulation teaches why a fair return exists. That explanation is also the reason not to import it when the physical-capital and franchise conditions are absent.

RIPE NCC's budget illustrates both transparency and the next question

The RIPE NCC Activity Plan and Budget 2026 reports a EUR 41.1 million income and expense budget, an expected 20,000 LIR accounts and activity-level descriptions. The 2026 Charging Scheme sets an annual fee per LIR account and additional charges for specified services and resource categories.

Publication is materially better than an unexplained invoice. Members can see planned staff, operating costs, activities and reserves. They can debate a charging scheme and examine audited results.

The utility comparison asks a further question: how much of the total supports the narrow essential record and how much supports other institutional choices? A simple division of budget by LIR accounts would be misleading. Accounts impose different demands. Some activities serve the wider Internet. Reserves protect future continuity. Cost causation and benefit are not identical.

A stronger account would identify the incremental and shared costs of registration, authenticated changes, transfer processing, RDAP, database integrity, RPKI, incident recovery, portability, governance, external contributions and education. It would publish allocation rules and sensitivity to volume. Members could then see whether a flat fee, resource-based fee, transaction fee or general contribution matches the service.

This is not a conclusion that the current budget is excessive or justified. It is a method for converting transparency about totals into accountability for scope and cross-subsidy.

Ring-fencing is more transferable than ownership

Electricity reform often separates control of the common network from generation and supply. The purpose is not aesthetic corporate tidiness. A company controlling indispensable access may otherwise use network information, pricing or delay to favor its competitive affiliate.

The Australian Energy Regulator's electricity distribution ring-fencing guideline addresses functional separation, compliance reporting and executive accountability. EU rules similarly require transmission and distribution functions to be independent from competing generation or supply interests in defined circumstances.

A registry may also operate adjacent activities: brokerage, consulting, certification products, training, conferences, policy advocacy, research or commercial data services. The risk is not that every combination is improper. It is that control of the essential record can confer non-public information, mandatory customer access, cost recovery or discretionary leverage on the adjacent activity.

Transferable controls include separate accounts, role-based data access, published terms, conflict declarations, executive attestation, non-discrimination tests and independent audit. A registry should not delay a transfer because a customer declined its affiliate's service, or finance a contestable product through an unavoidable recordkeeping fee without disclosure.

Corporate separation is one tool, not an automatic answer. A small service may achieve the same protection through functional controls and open interfaces. The electricity lesson is to regulate the conflict created by the bottleneck, not to demand public ownership of everything near it.

Open access means comparable service, not unlimited entitlement

FERC's Order No. 888 made comparability central to transmission access. A utility should not offer itself better terms for the same network service than it offers others. This principle transfers cleanly to number administration.

Comparable registry service means published eligibility, evidence requirements, queues, fees, interfaces, reasons and review. Similarly situated operators should not receive different treatment because one is an institutional insider, conference sponsor, policy entity, broker client or critic. Automated and manual paths should be documented, and expedited service should have transparent criteria and price.

Open access does not mean every request must be approved. A transfer can fail authentication. A correction can lack evidence. A resource request can fall outside current policy. Security restrictions and privacy controls may be necessary. The obligation is to apply defined conditions consistently and provide an accountable reason.

It also does not mean unlimited public access to sensitive records. The common service can offer public operational fields, authenticated holder access and protected evidentiary review under different terms. Comparability applies within the class.

Electricity's open-access history shows that publishing a tariff is not enough if the incumbent controls capacity calculations, information and implementation. Registry comparability likewise needs outcome data: processing times, requests for additional evidence, approval, denial, appeal and reversal by request class. Otherwise a neutral rule can coexist with discriminatory administration.

Disconnection is a sequence, not one switch

Electricity law distinguishes planned interruption, safety disconnection, non-payment, supplier failure and emergency action. Notice, restoration and protection vary with the trigger. Registry discussions often compress a similarly varied sequence into the word "revocation."

The actual acts can include suspending portal access, stopping support, removing public directory data, rejecting updates, ending RPKI service, revoking certificates, deregistering records, terminating an agreement, reclaiming resources and reissuing them. Each has a different mechanism and reversibility. Some may affect relying systems quickly; others may leave routing behavior unchanged until operators act.

A regulatory analysis should map each step, trigger, clock, notice, responsible official, evidence, review, restoration condition and downstream dependency. It should ask whether a less disruptive step can secure payment or integrity before a more destructive one. It should distinguish the registry's technical act from an operator's route decision.

The term "disconnection protection" is therefore comparative. It does not claim that a database action is identical to cutting power to a home. It asks the same administrative question: when an institution controls an essential service relationship, what procedures should precede an avoidable loss of continuity?

Precision reduces both alarm and complacency. The public can see which consequence is real rather than treating every overdue account as an immediate Internet outage or every registry notice as harmless paperwork.

ARIN's non-payment sequence is a concrete test case

ARIN's current Resource Revocation, Returns, and Reinstatement page describes a staged sequence for resources covered by a Registration Services Agreement. At 120 days past the invoice due date, ARIN says it stops services and removes the resources and associated records from public Whois and RDAP. At 180 days, it may terminate the agreement, revoke the resources and return them to inventory. Reinstatement is possible under stated conditions before reissue.

The procedure has features electricity regulators would recognize: invoices, repeated time, a service-stop stage, a later termination stage and a restoration route. The analogy also reveals unanswered design questions.

Does final notice reach more than one operational contact? Can an organization challenge a billing or identity error without the disputed ground advancing toward revocation? Which services stop together at day 120, and why? What evidence proves public-directory removal and restoration? How are networks, critical customers and counterparties warned before potential reissue? What independent review exists where the holder disputes the ground rather than merely needing more time to pay?

These questions do not prove ARIN's rule is invalid. They show how a published sequence can be assessed for notice, proportionality, reversibility, continuity and remedy. The same method should be applied to every registry rather than treating one region's timetable as a universal norm.

RIPE NCC closure shows why the affected service must be named

The RIPE NCC's Closure of Members, Deregistration of Internet Resources and Legacy Resources describes multiple grounds and procedures for terminating a service agreement. Its consequences can include loss of portal access, number-resource services, authority to maintain records, RPKI service, deregistration and revocation of certificates generated through the certification service.

That list matters because "membership termination" sounds corporate while the service consequences are operational. A member may lose voting rights and training access at the same time that registration and certification state change. One notice can therefore bundle association, payment, identity, database and security effects.

Electricity regulation would ask whether every bundled consequence is necessary to the trigger. A payment default may justify collection and eventual service limits. It does not automatically explain the timing of certificate revocation or the safe treatment of records relied upon by third parties. False documents or a court order present different risks and may justify different immediate measures.

A better public schedule would list each effect separately with its rationale, clock, dependency, stay rule and restoration method. Operators could plan continuity, reviewers could assess proportionality and the institution could demonstrate that it did not use the most consequential lever merely because it was administratively available.

The utility lesson is not never to terminate. It is never to hide a cascade of essential-service consequences inside one corporate verb.

APNIC's reactivation period exposes the importance of finality

APNIC's Member Fee Schedule says non-payment leads to termination, allows reactivation within three months subject to fees, and states that resources may then be deregistered and returned for reallocation if the account is not reactivated. The Membership Agreement places this inside a contractual service relationship.

The existence of a reactivation period is a continuity protection. It recognizes that termination need not immediately become irreversible. The difficult question is the boundary after which a later claimant can rely on finality.

Before reallocation, the registry should be able to prove notice, authority, the expiry of cure and review, the final state of dependent services, and the absence of a pending good-faith dispute. The former holder needs to know which act remains reversible. A recipient needs assurance that the resource is not subject to a hidden claim. Operators need enough public status to avoid conflicting reliance.

Electricity restoration generally returns service to the same connection. Number reissue can create a new party with competing reliance, making reversal much harder. That difference argues for stronger process before finality, not for permanent reservation after every default.

The key transfer is staged irreversibility. Early steps should be easy to cure. Final reassignment should occur only after the evidentiary and review record can support third-party reliance.

A complaint stay should be narrow, real and non-punitive

The consolidated EU electricity directive protects vulnerable customers and customers affected by energy poverty from disconnection and includes safeguards where the ground is subject to complaint or out-of-court dispute resolution. The exact household protections do not transfer to companies holding number resources. The procedural insight does.

An operator that timely disputes the factual or contractual ground for an adverse registry act should be able to obtain a bounded stay before irreversible change. The stay should apply to the disputed ground, preserve the last uncontested state where possible and continue only while the operator meets deadlines and does not create an independent security risk.

The institution needs protection from tactical delay. A complaint should identify the contested fact, requested relief and supporting evidence. A reviewer should be able to reject repetition or require security for undisputed fees. Emergency action can remain available for compromised credentials, duplicate control or a valid court order, with rapid independent review.

Filing a complaint should not itself trigger a worse service class, public suspicion marker or loss of unrelated functions. That is what non-punitive means. The operator keeps essential continuity while the institution determines whether its ground is correct.

The stay becomes real only if the reviewer has authority to halt execution. A suggestion box that cannot stop deregistration is not the analogue of protected service; it is documentation after the fact.

A successor provider is useful; a duplicate truth is not

Electricity law uses suppliers of last resort and continuity arrangements when a retail supplier fails. The current EU framework requires continuity for protected classes under defined conditions. A number-registry analogue would be a qualified successor service able to preserve records and essential credentials when a provider fails.

The analogy stops at the uniqueness boundary. Two electricity suppliers can account for energy delivered through the same physical network over successive periods. Two registries cannot publish conflicting authoritative holders for the same resource to the same relying set without undermining coordination.

Succession therefore requires a portable state format, authenticated transition, complete history, protected evidence transfer, conflict check, credential plan, public cutover and rollback rule. The successor should not need the failed institution's discretionary approval if pre-agreed technical and legal triggers are satisfied. An independent custodian may hold encrypted recovery material and activate it only under defined conditions.

Regular exercises should prove the arrangement. A paper promise made by two institutions under common control is weak evidence. An independently operated successor should import a test state, answer queries, process an authorized update and return service without duplicate authority.

The electricity idea worth keeping is that provider failure should not become customer failure. The mechanism must be rebuilt for a globally unique informational record rather than copied from retail supply switching.

Universal electricity service does not imply universal IPv4 allocation

Article 27 of the EU electricity directive describes a territorial right of households, and in some cases small enterprises, to electricity of specified quality at transparent and non-discriminatory prices. This responds to electricity's role in ordinary life and to a network capable of connecting premises under regulated conditions.

There is no equivalent promise that every person or business must receive scarce IPv4 resources from a registry. The remaining allocation pool, historical distribution, technical alternatives and operational needs are different. An obligation to maintain accurate records for existing relationships does not create an unlimited right to a finite identifier block.

The distinction prevents the utility analogy from becoming a new allocation mandate. Registry access should be non-discriminatory within published service classes. Applications should receive reasons and review. Existing holders should receive accurate, portable service. None requires pretending that every requested resource can be supplied.

IPv6 availability does not dissolve the issue either. It is a different identifier space, and many networks operate both protocols. The regulator's lesson is to define the service entity before promising universality.

The public-interest case is stronger when it is narrower: anyone depending on a recognized number record should receive fair administration of that record, and anyone seeking service should face transparent criteria. That is an administrative right. It is not a claim on an unlimited physical supply.

Territorial regulation is the wrong geometry for a global ledger

Electricity distribution regulation is territorial because wires, franchises, safety authorities, consumers and courts are located. Even interconnected wholesale markets remain organized through legal jurisdictions and physical control areas.

Internet number records coordinate networks that cross borders, serve customers in many countries and announce routes globally. The current RIR structure is regional, but the uniqueness requirement is global. A record made valid only inside one state's borders would not solve duplicate use for networks elsewhere.

A country can regulate companies, contracts, data, security and conduct within its jurisdiction. A court can order a registry or operator subject to it to act. Those public powers are real. They do not turn the global number space into national electricity franchises without technical and legal consequences.

Copying territorial utility command could produce multiple state-authorized claims over the same block, barriers to provider portability and political conditions unrelated to uniqueness. Operators would then face a choice between inconsistent official records, while routing would continue through autonomous decisions.

The better transfer is procedural. National law can require due process, consumer or business protection, audit, competition and remedy from actors within reach. International and private arrangements can preserve interoperable uniqueness. Neither level needs to claim the other's geometry.

Electricity regulation works partly because the regulator's territory matches the network service. Number governance must admit where that premise fails.

State ownership is neither required by electricity nor suited to the record

Electricity systems include state-owned enterprises, municipal utilities, cooperatives and investor-owned companies. Modern regulatory rules often apply non-discrimination, service and separation duties across ownership forms. The EU framework expressly recognizes public and private structures while focusing on effective independence and conflicts.

Ownership alone does not produce accurate records, fair process or continuity. A public registry can be politicized, underfunded or slow. A private nonprofit can be transparent and technically strong while still exercising unreviewable leverage. A commercial provider can innovate while creating incentives to overcharge or lock in users. The institutional tests should follow function.

For essential number records, public authorities can set legal boundaries and enforce rights without owning the service. Operators can choose among qualified providers if portability and one coherent uniqueness state are preserved. Independent review, audits, open protocols, reserve requirements and succession can constrain private administration.

State ownership may be appropriate in a particular jurisdiction for a particular public service. It is not a global answer to transnational identifier coordination. Which state would own the record, and what authority would its decision have over operators and courts elsewhere?

Electricity's diversity supplies the caution. The lesson is not public versus private. It is to match authority, incentives, service obligations and remedy to the function that creates dependency.

Heavy utility command would thicken the registry in the wrong places

Electricity regulators approve investment, safety plans, tariffs, connection rules, reliability standards and sometimes resource planning because physical networks, environmental effects and real-time balance create wide public consequences. Importing the same breadth into number registration would invite control over operator business models, routing, leasing, customer geography, financing and network design.

Most of those choices do not need to be common for uniqueness. A registry can verify one coherent holder relationship without deciding how the holder finances a resource or which lawful customers it serves. It can publish a route-origin credential service without ordering every network's route policy. It can preserve contactability without becoming an abuse tribunal for the entire Internet.

Heavy command also raises capture risk. An incumbent registry with mandatory customers and broad policy power can make its own institutional preferences part of the service. A state regulator may then add political priorities. The common layer becomes a vehicle for every issue that lacks another convenient lever.

The electricity analogy should instead narrow the target. Regulate the bottleneck behavior: accuracy, access, service quality, cost allocation, non-discrimination, adverse action, review, portability and continuity. Leave contestable and local choices outside unless evidence shows that they threaten a defined shared invariant.

A thin registry can be strongly accountable. Thickness and accountability are not the same thing.

RPKI demonstrates why consequence must be traced, not presumed

Registry action can affect more than a directory. In the RIPE NCC closure document, termination can end hosted certification service and revoke certificates generated by that service. Other RIRs have their own terms and architectures. These facts make continuity safeguards important, but they do not prove that every adverse registry act disconnects traffic.

RFC 6480 describes the certificate and signed-entity architecture. Relying-party software fetches and validates data; operators choose how validation results affect route policy. A certificate event, repository event, validator observation and router decision occur at different points.

An electricity outage metric can observe whether supply reached premises. A registry incident account needs a chain. Which record or certificate changed? When was it published? Which validators observed the state? Which routes became valid, invalid or not found? Which networks applied rejection or preference? What customer effect followed?

This chain prevents both understatement and exaggeration. A registry cannot dismiss certificate revocation as mere administration. A critic cannot attribute every route change to the registry without operator evidence.

Service commitments should attach to the provider's own act: notice, correct authorization, repository availability, rollback and restoration. Broader harm claims require downstream measurement. Electricity regulation teaches responsibility for service quality; Internet architecture teaches where that service stops.

A registry service covenant can capture the useful lessons

The transferable disciplines can be assembled without declaring a public utility. A registry service covenant would state a narrow purpose, measurable outputs, cost rules, adverse-action protections, portability and oversight.

Its service schedule would define availability and transaction classes, accuracy measures, correction and restoration clocks, incident communication, export completeness and automatic remedies. Its cost schedule would identify essential activities, shared costs, reserves, adjacent services, allocation methods and fee objectives. Its rights schedule would provide notice, reasons, evidence access, cure, complaint stays, independent review, restoration and bounded compensation.

Its continuity schedule would name backup contacts, protected dependencies, credential handling, escrow, successor providers, cutover and duplicate prevention. Its competition schedule would require open interfaces, non-discrimination, conflict controls and separation of unavoidable fees from contestable services. Its oversight map would identify auditors, reviewers, public authorities, courts and remedies.

The covenant would also contain express exclusions. It would not grant ownership of resources to the registry, guarantee allocation to every applicant, authorize control of routing, import household vulnerability categories, create a rate-base return, establish state ownership or permit general regulation of operator business.

Because the duties are contractual and technical where possible, providers can compete on performance while one uniqueness invariant remains common. Public law can add non-waivable protections within jurisdiction. The result is utility-grade discipline without utility-state expansion.

A practical measurement schedule

A serious covenant needs a small set of indicators that operators can verify.

Function Measure Public evidence Consequence of miss
Public registration access Availability and response by region External probes and incident intervals Service credit and incident account
Authenticated change Time to acknowledge and classify a complete request Timestamped receipt Automatic credit after defined exclusions
Accuracy correction Time from sufficient evidence to corrected state Versioned before-and-after record Correction, notice to relying services and review
Transfer or portability Completion time, export completeness and duplicate-prevention result Signed transition receipt and independent test Fee return, funded remediation and rollback support
Credential service Publication freshness, revocation correctness and restoration Repository and validator observations Emergency correction and post-incident review
Adverse action Notice delivery, cure time, stay and independent decision Redacted procedural record Halt, reversal or restoration where rule was breached
Continuity Recovery time under provider-failure exercise Independent succession report Mandatory remediation before expanded reliance
Cost Variance from activity budget and allocation method Audited activity account Fee review and cross-subsidy correction

Targets should be based on observed operations and risk, not copied from electricity rules. Results need distributions, not only averages. Severe cases, repeated misses and affected dependency should remain visible.

The schedule makes accountability concrete without giving the registry a broader mandate. It measures whether the bookkeeper performed the bookkeeper's consequential work.

Reform should start where the analogy is strongest

The first priority is a public adverse-action map for each RIR. List non-payment and other triggers, every notice, each service consequence, certificate and directory effect, review, stay, cure, restoration and point of irreversible reissue. Existing documents provide much of the material but not always in one dependency-centered view.

The second is function-specific service reporting. Build external measures for public access, authenticated updates, accuracy correction, transfers, RPKI publication and incident communication. Publish exceptions and denominator changes.

The third is cost separation. Recast activity budgets around the narrow essential service, adjacent public-interest work and contestable services. Publish allocation rules, reserve targets and fee objectives without assuming that holdings equal cost.

The fourth is a complaint stay and independent remedy capable of halting irreversible action. Start with factual, billing, identity and authority disputes where later correction would be difficult.

The fifth is provider succession. Define a portable record and conduct an independently observed exercise before institutional failure forces improvisation.

None of these steps requires nationalization or a global utility commission. Each can be adopted through contracts, corporate rules, interoperable standards and applicable law. Their value can be tested before larger institutional claims are made.

Electricity regulation is useful here because it has learned to turn dependency into duties. The registry system can borrow the duties while declining the state built for another machine.

Conclusion: copy the safeguards, not the sovereign shape

Electricity regulators know that an indispensable service cannot be governed by good intentions alone. Performance needs units. Monopoly cost needs examination. Interruption needs notice and restoration. A complaint needs a decision-maker who can stop irreversible action. Provider failure needs a continuity arrangement. Conflicts around a bottleneck need separation and non-discrimination.

Those insights apply to essential Internet number records. Registries should publish exact service commitments for access, accuracy, correction, authenticated change, portability and credentials. Fees should be linked to a narrow and auditable service, with reserves and cross-subsidies visible. Termination should be decomposed into its actual effects, preceded by proportionate procedure and followed by restoration where the ground fails. A successor provider should be able to preserve one coherent state.

The analogy ends before ownership and command. IP addresses are not electricity. Registration databases do not transmit traffic. RIRs do not operate territorially exclusive wires, balance a physical system or require a guaranteed return on massive fixed plant. Universal electricity service does not create universal IPv4 entitlement. A national regulator's jurisdiction does not become a global number mandate.

The most sophisticated electricity reforms since the 1990s often separated common networks from competitive services rather than treating public ownership as the only answer. Number governance should take the same functional instinct further: keep the common layer thin, make its provider measurable and replaceable, and leave operator decisions outside.

The right comparison produces neither laissez-faire nor a utility state. It produces a disciplined bookkeeper. Essential records receive utility-grade service protections, while the institution maintaining them remains too narrow to become the government of the networks that depend on its work.

Sources