RIPE NCC infrastructure: Why sovereign cloud matters
RIPE NCC allocates millions of euros to exit US hyperscalers by 2028. This infrastructure rebuild represents a definitive shift toward sovereign internet autonomy, rejecting reliance on foreign cloud giants for critical regional resources. The organization's Director General, Hans Petter Holen, confirmed this strategic pivot during RIPE 92, citing geopolitical instability and the need for strict NIS2 compliance as primary drivers.
The initiative targets a complete migration away from providers like AWS and Google, despite their current EU data residency. While previous strategies favored a "Cloud First" approach starting in 2019, the changing global environment demands a self-hosted architecture to secure core services like RPKI. This move ensures that the registry managing resources for over 20,000 members maintains operational independence regardless of external political pressure.
Readers will learn how this greenfield deployment addresses hardware end-of-life issues while eliminating vendor lock-in through minimal dependency virtualization platforms. The discussion covers the financial strategy blending internal savings with membership fees to fund the transition without drastic budget hikes. Finally, the analysis details how this technical infrastructure overhaul satisfies rigorous regulatory alignment standards required for European digital entities in 2026.
The Strategic Imperative for Sovereign Internet Infrastructure
Defining Greenfield Deployment for RIPE NCC Core Systems
Replacing twenty years of accumulated service interdependencies requires a greenfield deployment rather than incremental patches. RIPE NCC defines this specific initiative as a full rebuild of technical infrastructure continuing until 2028, moving away from US-based cloud hyperscalers toward a self-hosted, independent setup. Previous 'Cloud First' strategies relied heavily on external providers like AWS or Google for core functions, a model now deemed insufficient for sovereign needs. The organization announced a 5 million euros investment to execute this greenfield deployment, addressing end-of-life hardware and reducing vendor lock-in risks.
Stability requirements for RPKI drive this architectural reset alongside strict EU regulatory obligations for digital infrastructure entities. Patching existing systems cannot resolve the deep-rooted complexity of interdependent services built over decades. True sovereignty demands abandoning the convenience of managed hyperscaler abstractions for direct hardware control. InterLIR emphasizes that optimizing IPv4 resources remains vital during such transitions, as addressing continuity depends on stable underlying routing infrastructure. No amount of virtualization can fully mask the geopolitical risk inherent in foreign-controlled supply chains.
Applying Geopolitical Risk Analysis to US Hyperscaler Dependence
Regulatory uncertainty surrounding US-based hyperscalers directly threatens EU operational continuity. RIPE NCC currently uses AWS, Google, and Cloudflare for supporting services, yet existing EU data residency measures no longer suffice for core system stability. The primary driver for exiting these providers is the misalignment between American cloud jurisdiction and strict NIS2 compliance obligations. Current contracts offer local data storage, but the legal reach of US legislation creates an unavoidable vulnerability for critical internet resources.
Relying on foreign cloud ecosystems involves more than just data location; it encompasses total administrative control during geopolitical incidents. Operators cannot override sovereign legal mandates issued outside the EU even with strong service level agreements. Regulatory scrutiny now dictates infrastructure topology rather than mere cost efficiency. Maintaining dependence on US hyperscale platforms introduces an unquantifiable risk to the availability of necessary services like RPKI. InterLIR observes that true sovereignty requires eliminating the vendor as a potential single point of legal failure. Organizations managing critical address spaces must evaluate if their current provider relationships can withstand extended periods of cross-border regulatory friction. Migrating core functions to environments where local law exclusively governs access and operation provides the necessary assurance.
Validating the Strategic Shift from Cloud First to Self-Hosted Independence
The 2019 'Cloud First' initiative established a dependency model that geopolitical shifts have since rendered untenable for critical infrastructure. RIPE NCC initiated this strategic pivot in 2019, refining the approach through framework revisions in 2021 and 2023 before determining that external reliance compromised sovereignty. This financial allocation addresses the accumulation of service interdependencies and hardware reaching end-of-life across the network serving over 20,000 members. Spending levels return to those seen between 2010 and 2020 as the organization rebuilds its foundation.
Maintaining EU data residency on US-controlled platforms no longer satisfies emerging regulatory requirements for critical internet resources. The previous strategy failed to guarantee continuity during cross-border legal conflicts regardless of physical data location. Self-hosting stands as the only viable path for entities managing necessary numbering resources like RPKI. InterLIR advises network planners to audit their own reliance on single-vendor cloud stacks for similar vulnerabilities.
Architecting Independence Through Greenfield Deployment
Defining Self-Hosted Virtualization and Geographic Redundancy Mechanics
Proprietary hyperscaler dependencies yield to open platforms, eliminating vendor lock-in risks through self-hosted virtualization. The RIPE NCC rebuild targets virtualisation platforms that minimize proprietary constraints, distinguishing this architecture from standard commercial offerings encouraging long-term dependency. This technical shift supports a greenfield deployment, avoiding patchwork upgrades of legacy systems while addressing twenty years of accumulated service interdependencies. The organization moves away from US-based cloud hyperscalers toward a self-hosted, independent setup. Data centre footprint and geographic redundancy receive explicit attention as part of the move toward a self-hosted, independent setup.
| Component | Hyperscaler Model | Self-Hosted Sovereign Model |
|---|---|---|
| Control Plane | Vendor-managed API | Internal Engineering Team |
| Data Location | Region-locked Contract | Physical Sovereign Jurisdiction |
| Exit Strategy | Complex Migration | Full Asset Ownership |
Operators must recognize that RPKI has seen significant uptake, raising the bar for what members expect from underlying systems. Sovereignty requires complete assumption of operational responsibility for hardware refreshes and physical security protocols. Organizations managing critical internet resources prioritize this shift to satisfy strict NIS2 compliance mandates requiring rigorous risk management and business continuity controls. Capital expenditure replaces recurring operational fees as the primary cost metric.
Implementing SOC 2 Type II and NIS2 Controls in Rebuilt RPKI Systems
External validation mandates rigorous incident reporting protocols that rebuilt systems must automate to satisfy member expectations for routing security. The greenfield approach allows architects to embed these checks directly into virtualisation platforms, bypassing legacy constraints of patched hyperscaler environments. NIS2 directives require strict risk management frameworks governing business continuity for digital infrastructure entities. The following control matrix illustrates the shift from shared responsibility to full operational sovereignty:
Operational overhead required to maintain internal audit trails without third-party abstraction layers presents a tangible limitation. The project addresses service interdependencies that have accumulated over more than 20 years of infrastructure evolution. The tradeo ff increases administrative burden, yet the result is total elimination of foreign legal jurisdiction over critical internet holdings. This architectural purity prevents external policy changes from disrupting BGP stability. No single external entity controls the next hop availability for necessary services.
Risks of Legacy Rollback and Rising Stakeholder Expectations
Rolling back to pre-cloud infrastructure is impossible because stakeholder expectations around security, stability, and durability have grown considerably. A return to legacy systems is not viable for the organization. Technical debt accumulated over twenty years of service evolution creates complex interdependencies that a direct rollback cannot resolve without catastrophic service interruption. Stakeholder expectations regarding security and stability have grown considerably, driven by the successful deployment of technologies like RPKI.
| Risk Factor | Legacy Rollback Attempt | Greenfield Deployment |
|---|---|---|
| Service Continuity | High probability of failure | Controlled migration path |
| Compliance Status | Non-compliant with NIS2 | Built for regulatory adherence |
| Architecture | Patchwork of old dependencies | Clean-slate design |
Significant capital expenditure required for a clean-slate rebuild outweighs hidden operational risks of maintaining obsolete hardware. Ignoring the shift toward sovereign, self-hosted models exposes critical internet assets to geopolitical jurisdiction risks that data residency clauses alone cannot mitigate. The cost of inaction exceeds the investment in independence.
Achieving NIS2 Compliance and Regulatory Alignment
NIS2 Directive Requirements for Digital Infrastructure Entities
Strict risk management protocols now govern necessary digital infrastructure providers across the European region under the NIS2 directive. Mandates for incident reporting and business continuity controls force digital platform entities to rethink their operational foundations. The RIPE NCC explicitly cites NIS2 compliance as a primary catalyst for exiting US-based hyperscaler dependencies in favor of sovereign architecture. Auditing self-hosted environments presents greater complexity than the shared responsibility models offered by commercial vendors. This rigorous approach supports the organization's preparation for EU regulatory obligations. InterLIR supports this shift by providing stable IPv4 resources that integrate directly into sovereign, compliant network architectures.
Applying SOC 2 Type II Controls to RPKI System Rebuild
RPKI, the routing security technology RIPE NCC operates, received a SOC 2 Type II assurance report in January 2026. External validation confirms the high bar members expect from underlying systems regarding routing security. Compliance with NIS2 directives requires strict risk management frameworks that govern business continuity for digital system entities. The following control matrix illustrates the shift from shared responsibility to full operational ownership.
Risks of End-of-Life Hardware and Accumulated Service Interdependencies
Replacement of aging assets addresses hardware that has reached or passed end-of-life rather than extending their service window. This strategy mitigates risks associated with legacy infrastructure that can no longer be adequately maintained. Complexity arises from twenty years of accumulated service interdependencies within the existing architecture. Tangled connections between virtualization layers and supporting services make isolated upgrades impossible without triggering cascading failures. The initiative explicitly targets virtualization platforms with minimal dependency to prevent future lock-in scenarios.
| Risk Factor | Legacy State | Greenfield Target |
|---|---|---|
| Hardware Status | End-of-life | Current generation |
| Architecture | Patched interdependencies | Clean-slate design |
| Vendor Control | High dependency | Minimal lock-in |
Rejecting the path of least resistance offered by hyperscaler ecosystems reduces vendor lock-in. The project aims to resolve service interdependencies that have accumulated over more than 20 years of infrastructure evolution through a greenfield deployment.
Executing a Cloud Exit Strategy with Financial Precision
Defining CAPEX and OPEX Shifts in Cloud Exit Budgeting
Converting recurring hyperscaler fees into a fixed infrastructure fund transforms operational cloud spending into capital investment. This financial restructuring shifts the burden from unpredictable monthly utility bills to predictable asset depreciation over the 2026 to 2028 timeline. Network operators recognize that capital expenditure now secures sovereign control, whereas previous operational expenditure merely rented temporary capacity. Funding this migration relies on a mix of internal cost savings, membership fees, and potentially the organisation's Clearing House Reserve. The following allocation model illustrates the strategic distribution of resources:
- Hardware Acquisition: Replacing end-of-life servers with sovereign assets.
- Facility Upgrades: Ensuring geographic redundancy without vendor lock-in.
- Virtualization Layers: Deploying independent platforms free from hyperscaler constraints.
Maintaining low membership fees while funding necessary independence creates friction. Leadership acknowledges member sensitivity regarding fees, yet the alternative involves continued exposure to geopolitical volatility. The organization aims to apply efficient processes and automation to handle heavy workloads without necessitating a proportional expenditure increase. Financial stability remains achievable alongside NIS2 compliance goals.
Executing the 2026 to 2028 Infrastructure Rebuild Timeline
Hardware reaching or passing end-of-life requires immediate replacement during phase one of the greenfield deployment. Operators must install sovereign hardware to replace aging assets, moving away from US-based hyperscalers toward a self-hosted setup while establishing the geographic redundancy required for NIS2 compliance. Decoupling virtualization layers from twenty years of accumulated service interdependencies defines the subsequent phase. This clean-slate approach prevents legacy configuration drift from contaminating the new sovereign architecture. Teams migrate core systems to reduce dependence on external providers, prioritizing services like RPKI which have seen significant uptake.
- Procure and rack independent server hardware within EU data center footprints.
- Deploy lightweight hypervisors that eliminate proprietary vendor lock-in risks.
- Reconfigure BGP peering sessions to point toward the new autonomous system.
- Validate incident reporting pipelines against strict regulatory timeframes.
Rapid decommissioning clashes with stability assurance within the rigid 2026 to 2028 timeline. Rushing the exit from US hyperscalers risks service interruption. Delaying invites further geopolitical exposure. The organization plans to reduce dependence on providers like AWS, Google, and Cloudflare for core systems. Continuous service availability remains the priority as the permanent infrastructure reaches full operational capacity.
Validating Fee Stability Against Member Sensitivity Concerns
Leadership states the organization does not wish to see further budget growth despite member sensitivity around fees. This constraint mandates a rigorous validation process where the rebuild cost is absorbed within the existing fee framework. Maintaining strict fee stability while funding immediate sovereign infrastructure requirements presents a complex challenge. For the fiscal year 2026, the annual contribution fee per Local Internet Registry (LIR) account is fixed at a set amount.
| Validation Step | Financial Constraint | Operational Impact |
|---|---|---|
| Budget Alignment | Fixed annual fee | Limits CAPEX velocity |
| Reserve Usage | Clearing House limits | Delays non-critical path |
| Cost Savings | Internal efficiency only | Requires service pruning |
New members establishing additional LIR accounts face a one-time sign-up fee alongside their annual contribution. This specific revenue stream remains distinct from core operations. Differentiation allows the registry to maintain baseline stability while funding the exit strategy through targeted entry costs. Managing the financial impact of the infrastructure rebuild avoids necessitating a proportional expenditure increase in the registry sector. Rebuilding addresses hardware that has reached or passed end-of-life. Preventing inefficiencies inherent in maintaining legacy systems beyond their useful life drives this decision.
About
Alexei Krylov, Head of Sales at InterLIR, brings critical market insight to the discussion on technical infrastructure sovereignty. As a specialist managing IPv4 resource distribution across global markets, Krylov directly observes how geopolitical shifts impact network availability and asset value. His daily work involves navigating Regional Internet Registry (RIR) policies and facilitating secure IP transfers, making him uniquely qualified to analyze RIPE NCC's strategic pivot away from US hyperscalers. At InterLIR, a Berlin-based marketplace dedicated to IPv4 address liquidity, Krylov helps clients secure clean, reputable IP blocks necessary for independent network operations. This article connects RIPE NCC's move toward self-hosted infrastructure with the broader industry need for geographic diversity and regulatory compliance. By using his background in B2B sales and civil law, Krylov explains why controlling core internet resources is no longer just a technical preference but a business imperative for organizations relying on stable, sovereign connectivity in an increasingly fragmented digital environment.
Conclusion
Scaling sovereign infrastructure reveals that operational continuity fractures when legacy decommissioning outpaces the readiness of permanent replacements. The rigid 2026 to 2028 timeline creates a narrow window where rushing migration risks service interruption, yet delaying invites unacceptable geopolitical exposure. Organizations cannot simply swap providers without absorbing the rebuild cost within existing financial frameworks. Since the annual contribution fee per Local Internet Registry account remains fixed at €1,800, leadership must prioritize internal efficiency over expansive capital expenditure. This constraint forces a strategic pivot where service pruning becomes the primary funding mechanism for hardware refreshes rather than seeking external revenue increases.
I recommend halting all non-critical path upgrades immediately to preserve clearing house reserves for core migration tasks. The organization should treat the current fee structure as an absolute ceiling, validating every rebuild component against strict baseline stability requirements before approval. This approach ensures the exit strategy from substantial hyperscalers does not destabilize the very members it serves. Start by auditing your current hardware inventory this week to identify units that have already passed end-of-life and flag them for immediate replacement using only internal efficiency savings. This targeted action secures the foundation for a sustainable transition without violating the mandated budget alignment.
Frequently Asked Questions
The project requires a total investment of 5 million euros to complete. This [5 million](https://www.techzine.eu/news/infrastructure/142315/european-internet-registry-set-to-exit-us-hyperscalers/) euro sum covers capital and operational expenses needed to migrate away from US hyperscalers by 2028.
Funding combines internal savings with membership fees rather than external borrowing. The organization aims to execute this [5 million](https://www.techzine.eu/news/infrastructure/142315/european-internet-registry-set-to-exit-us-hyperscalers/) euro project while avoiding drastic budget hikes for its concerned member base.
Geopolitical instability and NIS2 compliance needs drive the shift to self-hosted systems.
The initiative replaces twenty years of accumulated service interdependencies with new hardware.
The organization targets full completion of the migration effort by the year 2028.