Skip to content

Digital Sovereignty Starts at the Network Layer

Audience: isp6 members, CIOs, CTOs, infrastructure directors, heads of architecture, and technology leaders responsible for cloud strategy, business continuity, and regulatory posture.

Last updated: April 2026

Table of Contents

  1. Introduction — the strategic blind spot
  2. Network operator assigned vs. BYOIP via isp6
  3. Vendor lock-in becomes structural
  4. Reputation is rented, not built
  5. Compliance exposure grows with every regulation
  6. What changes with portable addressing
  7. Next steps
  8. Further Reading

1. Introduction — the strategic blind spot

Most organisations have invested heavily in securing their applications, encrypting their data, and negotiating favourable cloud contracts. Yet very few have asked a fundamental question: who actually controls the network identity our entire digital operation depends on?

For the majority of businesses running on public cloud, the answer is their network operator. The IP address space their services announce to the Internet is allocated from the operator's pool, tied to that operator's account, and surrendered the moment the relationship ends. Every DNS record, firewall rule, certificate, and email reputation signal is anchored to addresses that cannot move with you.

This is not a networking detail. It is a strategic dependency.

isp6 — a RIPE NCC accredited Local Internet Registry — exists so that your organisation does not have to accept that dependency as a fact of doing business on the Internet. Through the isp6 portal, your organisation orders IPv6 Provider Assigned address space drawn fresh from our RIPE allocation, completes identity verification, and receives a pristine /48 or /44 block registered in the RIPE Database within hours. From that point forward, the block is announced by you, from any network you choose.

2. Network operator assigned vs. BYOIP via isp6

Dimension Network operator assigned BYOIP via isp6
Vendor lock-in Structural — migration requires re-numbering Eliminated — announce your prefixes from any provider
Business continuity Dependent on single provider's availability Portable across providers, regions, and data centres
IP reputation Inherited and surrendered with each provider change Built on your own clean allocation, retained permanently
Regulatory posture Dependency on provider's compliance and terms Documented end-user control under a RIPE NCC accredited LIR
Contract leverage Provider holds switching-cost advantage Symmetric — your addresses move with you
Security controls Delegated to provider's routing and RPKI policies Direct control over ROAs, reverse DNS, and BGP policy

isp6 is a RIPE NCC accredited Local Internet Registry. We allocate pristine IPv6 address space that you can announce from any network using BYOIP — self-service, operational in hours, and fully portable between providers. For enterprises that need addresses registered directly to their organisation, we also sponsor Provider Independent allocations through isp6 as the sponsoring LIR. Here's what each risk looks like, and how isp6 addresses it.

3. Vendor lock-in becomes structural

Cloud providers allocate IP addresses from their own pools. Your services, DNS records, allow-lists, and partner integrations accumulate around those addresses. Migrating away means re-numbering your entire network — every DNS zone, firewall policy, SPF record, and ROA entry.

This is not a migration cost. It is a migration barrier — and it gives your incumbent provider leverage in every contract renewal.

Full routing autonomy Configure your own BGP announcements, manage your ROAs for RPKI protection, and set up reverse DNS — all through isp6's subnet dashboard. Your network, your routing policy, your reputation.
Immediate operational use Traditional IP allocation involves paperwork, justification processes, and multi-week lead times. isp6 streamlines this to hours — provisioned, registered in the RIPE Database, and ready to announce.

4. Reputation is rented, not built

IP reputation — the trust signals that determine whether your email reaches inboxes, your traffic is flagged by threat feeds, and your API calls are rate-limited — is tied to address space. With provider-assigned addresses, you inherit whatever reputation history those addresses carry. You also surrender the reputation you build when you leave.

Organisations that depend on email deliverability, financial processing, or API partnerships cannot afford to treat IP reputation as disposable.

Pristine PA allocations isp6 allocates fresh, never-before-used Provider Assigned IPv6 address space from its own RIPE NCC allocation. Your organisation receives a clean block with no inherited reputation issues, registered and maintained with your organisation as the documented end user.

5. Compliance exposure grows with every regulation

The EU's NIS2 Directive, DORA, and evolving cybersecurity frameworks increasingly require organisations to demonstrate control over critical digital infrastructure. Regulators are asking not just where data is stored, but how the network infrastructure that carries it is governed.

An organisation that cannot demonstrate control over its address space may find itself explaining a dependency chain governed by a cloud provider's terms of service — not the organisation's own policies.

Provider Independent options.** For organisations that require address space registered directly to them, isp6 acts as a sponsoring LIR — handling the RIPE NCC application, policy compliance, and ongoing obligations while you hold the PI assignment.
ASN provision. For organisations announcing their own prefixes, isp6 manages the full ASN application and registration process with RIPE NCC — from initial request through to route object creation.

6. What changes with portable addressing

When your IPv6 allocation comes from isp6 as your LIR rather than your network operator's pool, you can announce those prefixes from any network — AWS, Azure, Google Cloud, a colocation facility, or all four. Multi-cloud and hybrid-cloud strategies stop being theoretical and start being operational.

Business continuity plans gain a real foundation: failover means re-announcing prefixes from a different location, not re-numbering under pressure. Your negotiating position strengthens because your provider knows your addressing isn't tied to their platform. And your security posture improves through direct control over routing policy, ROAs, and reverse DNS.

These are not theoretical benefits. They are operational controls that reduce attack surface, support audit requirements, and shift contract leverage in your favour.

7. Next steps

The shift from operator-locked to portable addressing is not disruptive. It does not require re-architecting applications or changing cloud providers. It is an additive step — one that gives your organisation a permanent, portable network foundation that every other infrastructure decision can build on.

isp6 exists to make that step straightforward. Membership is self-service, identity verification is handled in the portal, and your allocation is registered in the RIPE Database within hours — ready to announce from any network on day one.

8. Further Reading

External References

This document is provided for informational purposes. Protocol specifications and cloud provider behaviour are subject to change. Consult the linked RFCs and vendor documentation for authoritative, up-to-date information before making architectural decisions.