NRO Publishes Preliminary Assessment on RIR Governance Reforms

The Number Resource Organization (NRO) – which represents the world’s five Regional Internet Registries (RIRs) – has published a preliminary assessment of the draft RIR Governance Document, which sets out common principles for how RIRs are recognised, operate, and, in rare cases, derecognised. The assessment, released in October 2025, explains how implementation will work once the new governance framework is adopted and what operational, legal, and technical preparations will be required.

The RIRs- AFRINIC (Africa), APNIC (Asia-Pacific), ARIN (North America), LACNIC (Latin America and the Caribbean), and RIPE NCC (Europe, Middle East, and parts of Central Asia) – manage the allocation of internet number resources, including IPv4 and IPv6 addresses and Autonomous System Numbers (ASNs). The draft governance document seeks to standardise how these regional bodies are recognised, audited, and, if necessary, supported or replaced in case of major operational failure.

What the new governance document proposes
The draft RIR Governance Document introduces new procedures for several key areas:

• Recognition and derecognition of RIRs: It formalises how a new RIR could be established or how an existing one could lose its status. Each RIR would publish public recommendations with clear reasoning for or against such proposals.
• Auditing and compliance: RIRs will need to demonstrate ongoing compliance with operational and policy requirements through regular and ad hoc audits. This will require new documentation to ensure transparency and consistency.
• Emergency continuity: The draft mandates the creation of an Emergency Operator, a third-party entity capable of temporarily providing RIR services if one registry fails. This process would involve complex technical and legal coordination to ensure continuity of critical Internet services such as routing (RPKI) and reverse DNS.
• Rehabilitation procedures: If an RIR faces compliance problems, it could request support from other registries before derecognition becomes necessary. The NRO will develop processes for such cooperation.
• Periodic review: The governance framework itself would be reviewed at least every five years to ensure it remains relevant and effective.

Why this matters beyond the technical community
At first glance, these reforms might seem like a purely administrative matter for network operators. However, they represent a critical part of internet governance – the system that keeps the global internet functioning securely and fairly. Civil society organisations, particularly those involved in digital rights, transparency, and internet freedom, often monitor such developments because RIRs play a foundational role in how the internet is organised and who controls its resources.

For example, the recognition and audit mechanisms proposed in this document could help prevent monopolies or mismanagement in the allocation of Internet resources. They could also ensure that registries remain accountable to their communities, including not only governments and corporations but also technical experts, academia, and civil society groups.

The ‘Emergency Operator’ provision is especially relevant from a public interest perspective. It ensures that if a registry experiences governance or operational breakdown – as was the case with AFRINIC in recent years – internet services depending on it do not collapse, protecting users, businesses, and civil-society-run networks alike.

Civil society’s role
Civil society organisations have traditionally participated in RIR policy discussions through open policy meetings and community consultations. This draft framework highlights the importance of ongoing multistakeholder engagement, where civil society voices can contribute to upholding transparency, equity, and user protection within the Internet’s technical governance structures.

Next steps
Once the draft RIR Governance Document is formally adopted, each of the five RIRs will conduct its own detailed readiness assessment and develop implementation procedures. The NRO will coordinate shared frameworks for auditing, emergency continuity, and periodic reviews.