Timo Hilbrink wrote:
So, since the RIPE NCC applies a risk-based approach, my question would be: What contingency plan is there in place for the RIPE NCC? How quickly can they switch to a self hosted or "hosted in Europe" model, while still providing essential services to the members?
I fully support the concerns raised in this thread regarding the reliance on US-based cloud services, especially in light of recent political developments that undermine the foundations of the Transatlantic Data Privacy Framework. However, I would like to suggest that the issue goes beyond the geographical or legal jurisdiction of providers. Even within Europe, many so-called "EU-hosted" services are ultimately built upon infrastructure or platforms controlled by foreign or commercial entities with limited transparency and potential exposure to external influence. From a risk-based perspective, true operational independence and legal clarity can only be achieved through self-hosting critical infrastructure under the full control of the RIPE NCC itself. This would eliminate dependencies on commercial cloud providers and allow for full auditability, transparency, and compliance with the highest data protection standards. Given the importance of the services RIPE NCC provides to the stability of the Internet ecosystem, I believe there is a strong case for moving toward infrastructure sovereignty – not just geographical, but technical and operational as well. -- nemox.net Rudolf E. Steiner r.steiner@nemox.net http://nemox.net/pdat/res/