Hi Leo,

Thank you for the reply, this is one of the structural vulnerabilities in the draft framework.  You're absolutely right that current Global Policies are narrowly scoped to IANA functions and resource empowerment. My concern isn't with how Global Policies work today, but rather with how Section 4.1(i) could undermine the ICP-2 evolution framework itself – particularly if we ever need Global Policies that impose obligations on RIRs rather than just IANA.

Section 4.1(i) creates an explicit escape hatch: any RIR can disregard any provision of the ICP-2 evolution framework (including governance obligations, accountability measures, or operational requirements) by invoking "applicable law." This transforms what should be binding commitments into optional guidelines.

Consider these hypothetical but plausible examples:

1. Data Localization/Sovereignty Laws Harming Continuity: An RIR might invoke data residency requirements to justify refusing cross-regional coordination or registry data sharing that the framework requires for stability and interoperability or denying data escrows to enable continuity.
2. Competition/Antitrust or other Legal Compliance: An RIR might claim that coordinating with other RIRs (as the framework requires) violates local competition law, using 4.1(i) to fragment unified operations. A court could order that the property of the RIR (including all the IP registrations) could go to the Government or a Plantiff in a lawsuit.
3. National Security Carve-outs: Increasingly, governments claim authority over "critical infrastructure" including internet resources. An RIR could invoke such laws to override governance provisions requiring transparency, due process, or multi-stakeholder participation.

 

Many of the links I provided speak to some real-world examples where some of these examples have already happened.

 

Why This Matters for ICP-2 RIR Governance Draft

The 2019 ASO MoU definition you cited is correct but incomplete for this context. While today's Global Policies focus on IANA empowerment, the ICP-2 evolution framework must establish governance obligations that bind RIRs themselves – not just IANA. Section 4.1(i) preemptively exempts RIRs from these obligations whenever convenient.

The draft attempts to create enforceable accountability but simultaneously provides an unlimited waiver. Any provision requiring RIRs to maintain registry accuracy, ensure equitable access, provide due process, coordinate operations, or maintain transparency can be ignored by invoking "applicable law."

Proposed Solution

Rather than a blanket supremacy clause, the framework should:

• Acknowledge that RIRs operate under various jurisdictions
• Require transparent disclosure when legal conflicts arise
• Establish a structured process for addressing genuine legal conflicts
• Distinguish between mandatory compliance with actual legal requirements versus voluntary invocation of legal ambiguity as policy cover
• Empower revocation of an RIR if these diverge in a way that an RIR can no longer comply with the Global Policy and protect the number registrations as a result for end-users.
  
  

The current language in 4.1(i) does none of this – it simply grants unilateral authority to disregard any inconvenient obligation.  I'm happy to discuss this in detail with you if that would be helpful.

Thanks,

William

 

Hi,

Global Policy | The Number Resource Organization nro.net