Hi Leo, Thank you for the reply, this is one of the structural vulnerabilities in the draft framework. You're absolutely right that current Global Policies are narrowly scoped to IANA functions and resource empowerment. My concern isn't with how Global Policies work today, but rather with how Section 4.1(i) could undermine the ICP-2 evolution framework itself – particularly if we ever need Global Policies that impose obligations on RIRs rather than just IANA.
Section 4.1(i) creates an explicit escape hatch: any RIR can disregard any provision of the ICP-2 evolution framework (including governance obligations, accountability measures, or operational requirements) by invoking "applicable law." This transforms what should be binding commitments into optional guidelines. Consider these hypothetical but plausible examples: 1. Data Localization/Sovereignty Laws Harming Continuity: An RIR might invoke data residency requirements to justify refusing cross-regional coordination or registry data sharing that the framework requires for stability and interoperability or denying data escrows to enable continuity. 2. Competition/Antitrust or other Legal Compliance: An RIR might claim that coordinating with other RIRs (as the framework requires) violates local competition law, using 4.1(i) to fragment unified operations. A court could order that the property of the RIR (including all the IP registrations) could go to the Government or a Plantiff in a lawsuit. 3. National Security Carve-outs: Increasingly, governments claim authority over "critical infrastructure" including internet resources. An RIR could invoke such laws to override governance provisions requiring transparency, due process, or multi-stakeholder participation. Many of the links I provided speak to some real-world examples where some of these examples have already happened. Why This Matters for ICP-2 RIR Governance Draft The 2019 ASO MoU definition you cited is correct but incomplete for this context. While today's Global Policies focus on IANA empowerment, the ICP-2 evolution framework must establish governance obligations that bind RIRs themselves – not just IANA. Section 4.1(i) preemptively exempts RIRs from these obligations whenever convenient. The draft attempts to create enforceable accountability but simultaneously provides an unlimited waiver. Any provision requiring RIRs to maintain registry accuracy, ensure equitable access, provide due process, coordinate operations, or maintain transparency can be ignored by invoking "applicable law." Proposed Solution Rather than a blanket supremacy clause, the framework should: * Acknowledge that RIRs operate under various jurisdictions * Require transparent disclosure when legal conflicts arise * Establish a structured process for addressing genuine legal conflicts * Distinguish between mandatory compliance with actual legal requirements versus voluntary invocation of legal ambiguity as policy cover * Empower revocation of an RIR if these diverge in a way that an RIR can no longer comply with the Global Policy and protect the number registrations as a result for end-users. The current language in 4.1(i) does none of this – it simply grants unilateral authority to disregard any inconvenient obligation. I'm happy to discuss this in detail with you if that would be helpful. Thanks, William From: Leo Vegoda <[email protected]> Date: Saturday, November 8, 2025 at 6:08 AM To: bills <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [ripe-list] Feedback on the Version 2 (DRAFT) RIR Governance Document Hi, On 7 Nov 2025, at 16:35, William Sylvester via ripe-list <[email protected]> wrote: […] Summary of Core Deficiencies 1. The "Local Law" Supremacy Clause (Sec. 4.1(i)): The draft grants RIRs an explicit "carve-out" to ignore any global policy or draft provision if it conflicts with "any applicable law" [Sec 4.1(i)]. This single clause invalidates the entire framework, rendering it advisory rather than binding, and explicitly permits the very capture and fragmentation it was meant to prevent. Can you please expand on this as I don’t understand your concern as it relates to Global Policies. The 2019 ASO MoU defines Global Policy as “number resource policies that have the agreement of all RIRs according to their policy development processes and ICANN, and require specific actions or outcomes on the part of IANA or any other external ICANN-related body in order to be implemented.” (my emphasis) So far, we only have global policies that require IANA action. They empower the RIRs to get resources from IANA. ICANN ASO MoU 2019 | The Number Resource Organization<https://www.nro.net/icann-aso-mou-2019/> nro.net<https://www.nro.net/icann-aso-mou-2019/> [cid:[email protected]]<https://www.nro.net/icann-aso-mou-2019/> Global Policy | The Number Resource Organization<https://www.nro.net/policy/global/> nro.net<https://www.nro.net/policy/global/> [cid:[email protected]]<https://www.nro.net/policy/global/> Can you explain the kind of law and the kind of policy you have in mind? Thanks, Leo
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ripe-list.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
