Skip to main content

Recent changes to legal framework

We recently updated the LIR Account Agreement and Terms and Conditions for RPKI and the RIPE Database.

We have published the relevant announcements on 13 October 2025 and the updates will come into effect on 13 November 2025.

Most of these changes are in response to the EU regulation Digital Operational Resilience Act (DORA) which came into effect in January 2025.

While the requirements apply to financial institutions, the RIPE NCC aims to facilitate the implementation of this regulation for those entities that are RIPE NCC members to a reasonable extent.

RIPE Database

The following changes to the RIPE Database terms and conditions include:

  • Adding details of how we manage planned maintenance and how incidents can be reported.
  • We also added information about security measures and audits (articles 5.5-5.9)
  • Adding subcontractor, service level and data protection information (articles 8.4-8.6)

Read the announcement

RPKI

The updates to the RPKI Publish in Parent Service, Certification Repository and Certification Service terms and conditions include:

  • Adding details of how we manage planned maintenance, how incidents can be reported and security measures and audits in relation to RPKI (in article 6 of Publish in Parent Service, 4 of Certification Repository and 4.3-4.7 Certification Services)
  • Adding subcontractor, service level and data protection information (in article 8.5-8.7 of Publish in Parent Service, 6.4-6.6 Certification Repository and 7.5-7.7. Certification Services)
  • Addition of three new RPKI object types (ASPA, BGPsec and RSC) which will be implemented at a later stage.

Read the announcement

LIR Account Agreement

The updates to the LIR Account Agreement includes:

  • Adding a definition of the LIR Portal and clarified what an LIR contact is (article 1)
  • Aligning the wording with the relevant clause in the Standard Service Agreement (article 2.2)
  • Clarifying that Members shall be liable for the actions of their LIR contacts (article 3)
  • Adding an article which details how we manage planned maintenance, how incidents can be reported. We also added information about security measures and audits (article 4)
  • Adding subcontractor, service level and data protection information (articles 8.4-8.6)

Read the announcement

We encourage all users to review the updates before they take effect on 13 November 2025.