Building Resilience: The RIPE NCC’s Draft Activity Plan and Budget 2025

Draft Activity Plan and Budget 2025

The Draft Activity Plan and Budget 2025 outlines the RIPE NCC’s plans for the coming year, along with the associated costs to achieve them. This document is essential in maintaining the trust of our membership by upholding high standards of transparency and accountability. It offers a clear view of how we will allocate resources and sets the direction for the RIPE NCC's activities in 2025. Your feedback is crucial, as it can influence the course we take in the coming year and beyond.

The draft has now been published, and the RIPE NCC is actively seeking input from the membership and wider RIPE community. The consultation is open, and we will also engage in further discussions during the RIPE NCC General Meeting. The document will then be finalised and approved by the RIPE NCC Executive Board before being published in December.

Building resilience

The services we provide are critical for our membership and for the global Internet community. To ensure we can effectively deliver them, next year, we plan to strengthen our internal resilience across all aspects of our operations and ensure our organisation is well-prepared for the next phase of our strategy cycle. In an increasingly complex political and regulatory landscape, we must be fit for purpose, safeguarding the trust placed in us as a Regional Internet Registry and preparing for future challenges.

Our plans are built around three key initiatives: enhancing our security profile to minimise risk; adapting our legal framework and reviewing the structure of the RIPE NCC itself so we function at our best; and improving our services to deliver greater value for our members. We must also work to secure a stable and sustainable income to support these efforts.

With this in mind, we will concentrate on these five strategic focus points for the year ahead:

• Information Security and Compliance: Maintain necessary levels of security and compliance with best practices and applicable regulations
• Registry Accuracy and Resilience: Ensure that the Registry and RIPE Database have the appropriate levels of accuracy, compliance, resiliency, and security as well as improve Registry processes
• Adapting to External Changes: Be resilient in the face of political, legislative and regulatory changes that have the potential to affect our operations
• Data and Insight Leadership: Be a centre of excellence for data, measurements and tools that provide insight on the Internet and its operations.
• Financial Stability: Ensure the organisation’s stability and financial strength

Registry accuracy as a priority

Maintaining a resilient and accurate Registry will continue to be a key focus in 2025. Dealing with the implications of sanctions and conflicts in our service region has meant that a robust, accurate and resilient Registry is needed now more than ever. To support this, we will be providing our Registry Monitoring team with more resources. The team will perform Assisted Registry Checks (ARCs) and conduct in-depth investigations into Registry data accuracy.

The team will play a critical role in bolstering our sanctions screening processes to ensure compliance and build on the resiliency of our Registry. Our goal for 2025 is to complete 3,000 Assisted Registry Checks (ARCs) to ensure the accuracy of our data. To support this, we will add a new FTE to the team. We will also introduce more automation, which will detect changes in company registration details for independent resource holders and ensure these update requests are processed quickly, keeping our Registry up-to-date.

Strategic investments in Information Security

This year, we have made a conscious decision to focus on Information Security as we continue to operate critical services for the membership and the Internet community.

The new Charging Scheme has provided some financial space to be able to do this, and with guidance from the Executive Board, we have put forward a plan to strengthen our security efforts across all our services. Compliance requirements are an essential part of our work – as bad actors and security threats become more frequent, enhanced information security is a must.

In 2025, we will focus on achieving ISO 27001 compliance, strengthening risk management, and improving vulnerability and threat detection processes. To support this, we will add at least one new full-time employee (FTE) to our Information Security, Risk, and Compliance team, alongside an additional investment of 900 kEUR. These funds will be used to enhance our security tooling, implement managed security services, and bring in expert consultancy support to drive organisation-wide improvements in our security processes.

A strong information security framework helps shield us from security breaches and threats, ensuring that essential services like the Registry remain secure and reliable. This commitment to security not only safeguards our members' data but also strengthens trust with our stakeholders, showing that we prioritise the stability and protection of the Internet's infrastructure. By adhering to the highest standards and regulatory requirements, we demonstrate that we are self-regulating and following best practices.

Securing and modernising our technology

We are increasing our technology budget by EUR 200,000 to make improvements to our core Information Services technology such as the LIR Portal, RIPE Database and our Single Sign-On solution. We will also work to achieve ISO 27001 certification and pass the ISAE 3000 Type 2 audit in 2025. Next year, we will continue to modernise the data storage and infrastructure behind several of our services. This is a large project that we expect to lead to significant cost savings.

We will reduce our actual data centre costs from around 850 kEUR per year, given the footprint in the first half of 2024, to 360 kEUR, as we go from 46 racks to 10 by the end of 2025.

Other initiatives include implementing data warehousing for better decision-making and automating processes to improve user experiences in RIPEstat and the LIR Portal.

Delivering value for members

In 2025, we are committed to delivering even more value to our members through ongoing projects, refining processes, and enhancing the membership experience through active engagement. Our goal is to make it easier for members to engage with us through local events, improved website functionality, and extended language support. This includes supporting national engagements and participating in community initiatives like Network Operator Groups (NOGs) and hackathons. Additionally, we will be developing new training courses in various formats to meet the evolving needs of our community.

We will also continue to support Internet measurement tools to give our members and the wider Internet community insights into their own networks and into routing patterns across the globe. This empowers network operators to identify routing problems and solutions and help build a more resilient Internet infrastructure. And we will share our data insights and storytelling with governmental and standards bodies to ensure policies are well-informed with data and take into account the needs of the technical community.

Aiming for long-term resilience

In 2025, our plan does include an increase in the budget, on both the income and costs budgets. With the support of the Executive Board, I feel these increases are essential to navigate the increased pressure of information security and compliance requirements.

Increasing our budget for security measures is essential in supporting the bottom-up, consensus-driven model that the Internet is built on. By strengthening the security of our critical Internet services, we help protect the integrity of the infrastructure that underpins the global Internet.

This commitment to security fosters trust as we can confidently engage with governments and demonstrate our compliance with regulations and maintain our aim of an open, consensus-driven Internet. We are also able to increase transparency and accountability by implementing advanced monitoring, reporting, and auditing systems that keep the membership, the community and governments informed.

We also find it important not only to deliver our services but to continually enhance their functioning and resilience. Members rely on many of our efforts, such as our K-Root and DNS services, to maintain their own networks effectively. We therefore believe that “business as usual” is not good enough – we aim to keep our services state-of-the-art through regular improvements, which require financial investment.

We will hear from our Chief Financial Officer Simon-Jan Haytink in the next article on the 2025 Activity Plan and Budget, where he will speak on the budget in more depth. He will also cover our response to the discussion brought about by the last Charging Scheme consultation, including the new Charging Scheme Task Force’s efforts and where we are allocating budget to reinforce our resiliency for the future.

A future ready RIPE NCC

As we prepare for the next strategic cycle in 2026, we are positioning the RIPE NCC to be resilient, adaptable and ready for the future. By focusing on security, service excellence, and financial stability, we will continue to meet the needs of our members while maintaining the trust of the broader Internet community.

And we will consider our organisational structure and goals more broadly. We will review our Articles of Association and voting procedure to clarify members’ rights. In collaboration with the RIPE Chair, we will work on clearly defining the relationship between RIPE and the RIPE NCC. All of this will help us shape a strategy for the future that works for the RIPE NCC and for our members. And to support the overall Internet Registry system, we are contributing to the revision of the ICP-2 ("Criteria for Establishment of New Regional Internet Registries") document, along with ICANN and the NRO NC/ASO AC, to ensure the environment in which we operate remains robust despite the new challenges that face us.

Join the discussion

I encourage all members to review the Draft Activity Plan and Budget 2025 and share their feedback on the Members Discuss mailing list or at the Autumn General Meeting in Prague from 30 October to 1 November.

Stay informed of our plans and share your thoughts to help us finalise the document. The feedback at the GM and on the list will be taken into account by the RIPE NCC Executive Board when they approve the final Activity Plan and Budget in December.