The Second RIR Governance Document Still Lacks Real Accountability.
Before we start discussing the second draft, we need to first give a well-deserved acknowledgement to the ASO-AC for its dedication and leadership in reviewing and updating the Regional Internet Registry (RIR) governance policy. The journey from ICP-2 to this second governance draft represents meaningful progress which is not just in structure, but in clarity and responsiveness to community needs. The work is substantial, and the community recognises it.
Moving towards the second draft of the RIR Governance document which is being positioned as a major step toward a more structured and resilient global Internet numbers governance model, which in essence is true but APRALO’s November 2025 response makes few things clear:
- The draft introduces processes but not strong governance.
- It creates frameworks but leaves the rules undefined.
- Without safeguards, accountability becomes optional.
While the draft improves on earlier iterations, it still contains structural weaknesses that could weaken the bottom-up model the RIR system is built on.
Undefined “Implementation Procedures”
The draft defers key operational and oversight rules to future “Implementation Procedures” to be created later by ICANN and the RIRs.
- No minimum standards.
- No transparency guarantees.
- No requirement for community review.
These risks handing the power to design accountability rules to those meant to be held accountable. APRALO calls for a mandatory accountability baseline inside the core document, not in a future annex that could be quietly shaped later.
Audits exist but without “Scope, Limits or Transparency”
Audits are a necessary accountability tool, and their inclusion is welcome.
But the current design is dangerously vague:
- There are no caps on how often audits can be triggered, risking audit overload without purpose
- No clear timelines exist for when audits must begin or conclude, this could stall accountability
- There is no requirement to publish audit outcomes, limiting community oversight
- Community-initiated audits require an unusually high participation threshold (25% or 2,000 members)
Such ambiguity could either flood RIRs with audits or prevent meaningful community-led reviews altogether. APRALO stresses the need for defined triggers, caps, timelines, and public reporting to make audits effective instead of ornamental.
Remediation is prioritised, without guardrails
The draft prefers rehabilitation over immediate derecognition which is a sensible idea in principle. But with no timeframes, milestones, or reporting requirements, remediation could become an endless holding pattern.
Without hard deadlines and transparency, a failing RIR could remain in limbo for years while the community stays in the dark. APRALO urges time-bound remediation with published plans and visible progress reporting.
Appeals process is linked to ICANN existing processes
Appeals currently fall under ICANN’s existing review mechanism, which can change at any time and may not suit RIR-specific scenarios or their respective communities.
A governance system needs a dedicated, independent, and reliable appeals mechanism. Without it, decisions risk appearing discretionary rather than accountable.
No requirements for diversity or regional balance
The document assumes community participation but does not guarantee representation, especially for smaller or underserved regions or communities. A global system cannot claim legitimacy if oversight bodies can be regionally skewed by default. Diversity in all forms whether geographic, linguistic, gender and stakeholder must be required, not implied.
Emergency Continuity: Stability vs Risk
One of the draft’s most important proposals is a mechanism to transfer RIR operations to an “Emergency Operator” in case of severe failure, which is again a good safety valve.
APRALO suggests that this provision should be further refined with objective triggers, defined time limits, and strong communication expectations. Doing so would provide confidence that emergency measures are used appropriately and consistently, while maintaining trust in the RIR system.
Final Verdict: The draft is a step forward but not enough
Yes, the revised draft of the RIR Governance Document begins to address long-standing concerns, it formalises audits, introduces recognition/derecognition procedures, and acknowledges the need for operational stability.
But the structural gaps identified by APRALO show the draft still leans too heavily on vague promises and side-procedures. Without clear, enforceable standards, mandatory community participation, and strong transparency safeguards, the new framework risks becoming “governance with invisible rules.”
If the community does not demand stronger provisions now, we may look back in a few years and view this framework as a missed opportunity. Strengthening it today could ensure shared responsibility, transparency, and a strong community voice. Without these improvements, the governance model may gradually evolve in ways that limit oversight and accountability.
This is not a theoretical concern. For many in Asia-Pacific and other regions, real accountability and inclusive governance are essential for maintaining trust, ensuring fair resource distribution, and protecting regional autonomy in Internet-number governance.
More information:
- ICP-2 Review
- Second Draft of the RIR Governance Document public comment proceeding
- APRALO Submission to the Second Draft of the RIR Governance Document public comment proceeding
Next decisional point:
- ASO to review comments received to the Second Draft of the RIR Governance Document public comment proceeding which closed on 7 November 2025