Here is a quick test.

Raise your hand if you have personally worked with all five RIRs in the last year. Now keep it up if you have read a policy proposal from APNIC or LACNIC in the last six months.

If you are like most network engineers I know, both hands are down.

That is not a criticism. It is a structural observation — and the reason a genuinely serious problem is going largely unnoticed by the people most qualified to notice it.

The internet is fragmenting. Not in the future. Now. At three different layers simultaneously. And the evidence is sitting in plain sight, in public data, in published government decrees, in IXP traffic logs—waiting for someone to look across all five registries at once instead of just their own.

Let me show you what that looks like.

First: the cables

On November 17, 2024, the BCS East-West Interlink cable connecting Sweden and Lithuania was cut. One-fifth of Lithuania’s internet capacity vanished overnight.

Less than 24 hours later, the C-Lion1 cable between Finland and Germany—the only cable physically connecting Finland to the European continent—was severed.

Both incidents are linked to a single Chinese-flagged vessel, Yi Peng 3, which had quietly departed from the Russian port of Ust-Luga two days earlier.

That was not a one-off. Since October 2023, there have been at least seven suspected infrastructure attacks in the Baltic—cables, pipelines, power links. On New Year’s Eve 2025, a fiber link between Helsinki and Tallinn was cut. NATO launched a dedicated operation, Baltic Sentry, specifically in response to this pattern.

And then, three weeks ago, something that should have received far more attention in the network engineering community: China successfully tested a deep-sea cable-cutting device at a depth of 3,500 meters—deeper than any previously known remotely operated vehicle capable of reaching undersea cable infrastructure. The test was confirmed by China’s Ministry of Natural Resources and state-run China Science Daily, and marks the first time any country has publicly acknowledged the existence of such a capability. The device uses a diamond-coated grinding wheel spinning at 1,600 rpm, designed to cut through steel and rubber-reinforced fiber optic cable—at depths that place it beyond the reach of any current repair or response system.

Read that again. A device specifically designed to cut undersea cables. Tested. Confirmed. Published.

China has also recently unveiled a new deep-sea cable-cutting submersible—a vessel with no purpose other than to threaten seabed infrastructure. Its potential use threatens Taiwan’s connections to the outside world in any conflict scenario.

Here is what makes this relevant to every network engineer reading this: 97% of all intercontinental data flows over undersea fiber optic cables. The protocols we manage, the addresses we allocate, the BGP tables we maintain—all of it ultimately runs over glass threads in shallow sea floors, protected by maritime law written in 1884.

1884. Not designed for hybrid warfare. Not updated for it either.

The network engineering community does not run cables. But we understand better than anyone what cutting them means for routing convergence and BGP stability. That knowledge should be in the room when resilience conversations happen. Right now, it largely is not.

Second: the routing table does not lie—but it does not tell the whole story either

Let’s talk RPKI. You probably know it well. Cryptographically sign which AS is authorised to originate which prefix. Reject anything that does not match. Clean concept, decade of work, real adoption progress.

As of March 2026, 55.8% of global IPv4 prefixes are covered by ROAs. Real progress. But look at what is underneath that number.

The RIPE region leads at 70.2%. But here is what surprises most people: ARIN—the North American registry—sits at the bottom with 44.2% coverage. Lower than APNIC. Lower than AFRINIC. And AFRINIC, which spent three years in governance near-collapse, is outperforming ARIN at 64%. Worth noting: a significant portion of ARIN’s address space is legacy-registered and ineligible for RPKI due to older resource agreements, which partially explains the lower figure—it is not purely a question of operators choosing not to adopt.

The APNIC regional average of 50.9% also hides a story of extreme internal divergence: Taiwan is at over 97% validity rates. Indonesia grew from under 1% adoption in 2021 to over 90% by 2026, through a coordinated five-year national campaign. Korea sits at around 2%.

Same registry. Same regional framework. Radically different outcomes.

What does that cost in practice? In July 2024, a Brazilian ISP announced Cloudflare’s 1.1.1.1 prefix as its own. Over 300 networks across 70 countries were misrouted. Cloudflare had valid RPKI records. It did not matter. One Tier-1 carrier had not implemented Route Origin Validation—and the entire protection collapsed because of that single upstream.

That is routing fragmentation. Quiet, technical, and completely invisible unless you are watching all five registries at once.

The five registries are quietly pulling apart

RPKI is just one dimension. Look at what is happening to IPv4 transfer policy across the five RIRs, and you start to see a picture that nobody seems to be drawing.

RIPE NCC operates with a flat annual fee, no needs-based justification required, leasing permitted. It has become a consistent net importer of IPv4 from every other region—the most flexible address market in the world. ARIN charges escalating fees and requires justification, so operators with surplus space offload it to avoid the cost. LACNIC prohibited leasing until recently and became a net exporter for the first time in 2025 as large members moved resources to friendlier environments. AFRINIC had no inter-RIR transfer framework at all until February 2026—effectively isolated from the global address economy for years.

Five policy processes. Five different outcomes. One routing table that does not know or care which RIR issued the address it is routing.

The part nobody in the RIPE region talks about

Here is something worth sitting with. In the RIPE region, you have a direct relationship with your RIR. No intermediary. No national body in the allocation chain. That feels normal, because for you it is.

It is not normal everywhere.

APNIC operates through seven National Internet Registries—bodies that sit between APNIC and local ISPs in China, Japan, Korea, Vietnam, Taiwan, India, and Indonesia. NIRs handle allocations at the national level under their own local policies.

Now. Who controls those NIRs?

VNNIC, Vietnam’s NIR, is formally an administrative agency of Vietnam’s Ministry of Information and Communications. Not a community body. A government department.

CNNIC, China’s NIR, has been directly overseen by the CCP’s Central Cyberspace Affairs Commission since 2014. The same body that runs China’s censorship apparatus. Headed directly by Xi Jinping.

Think about what that means. The organisations allocating IP addresses to Chinese and Vietnamese ISPs are arms of governments that have made national internet sovereignty a strategic priority. They are not neutral technical institutions.

Most RIPE region operators have never had to think about this. Because they have never had to navigate it. Their counterparts in Asia-Pacific navigate it every day.

Eight weeks ago, something significant happened

On March 1, 2026, Russia’s Government Decree 1667 came into force.

It gives Roskomnadzor—operating jointly with the FSB—the permanent legal authority to reroute internet traffic in real time and switch Runet into isolation mode. Not as an emergency power. As a standing legal framework, valid until 2032.

This did not come from nowhere. Russia’s 2019 Sovereign Internet Law required all ISPs to install Deep Packet Inspection equipment on their routers. In December 2024, they tested it: the Dagestan region was disconnected from the global internet for 24 hours. YouTube, Google, WhatsApp, Telegram—gone. Confirmed by NetBlocks monitoring. Not a rumour. A documented test.

Russia holds approximately 38,000 ASNs in the RIPE NCC system. In 2022, Ukraine asked RIPE to revoke Russian internet access. RIPE refused—correctly. Making a technical registry into a geopolitical weapon would have been wrong.

But that principled decision exposed something uncomfortable: RIPE’s neutrality means it cannot prevent a member state from using legitimately allocated resources to build infrastructure designed to sever itself from the global internet on command.

The fragmentation of Runet is happening inside the RIPE region. Built on RIPE-allocated address space. And by design, there is nothing RIPE can do about it.

The layer nobody in network engineering is talking about

Here is where I want to make an argument I have not seen made clearly before.

In January 2025, DeepSeek released a model that shocked the world. Chinese open-weight AI models now account for roughly 30% of all AI downloads globally. Researchers comparing US and Chinese large language models found that while factual content was often similar, the framing diverged—systematically, consistently, measurably. US models anchored answers in international law and multilateral institutions. Chinese models emphasised state sovereignty and national unity. Not as a stylistic choice. As a legal requirement, both China and Vietnam mandate that generative AI aligns with Communist Party positions on sensitive topics.

Now hold that, and come back to CNNIC and VNNIC.

CNNIC controls IP allocation in China. The same government body controls what AI models are permitted to say in China. VNNIC controls allocation in Vietnam. The same ministry oversees Vietnam’s AI framework.

The registry layer and the application layer are controlled by the same hands.

Our infrastructure—the address space we allocate, the BGP routes we manage, the fiber we depend on—is routing packets to AI systems architecturally designed to fragment the information environment along national lines.

If you care about an open, interoperable internet at layers 1 through 3, can you honestly be indifferent to what happens at layer 7? Because those layers are no longer separable. They are controlled by the same institutions.

Why the most qualified people aren’t watching

None of this is hidden. Decree 1667 is published in the Russian federal register. CNNIC’s oversight arrangements have been public since 2014. The Baltic cable incidents made international news. China’s cable-cutting device test was confirmed by its own Ministry of Natural Resources. The AFRINIC litigation was extensively documented.

So why is this not a dominant conversation in the network engineering community?

Because our community is optimised for depth within regions, not breadth across them. You engage with the registry that manages your resources. You participate in the community that governs them. That is rational. For day-to-day operations, it works perfectly.

But internet governance is not day-to-day operations. APNIC’s policy decisions affect the global routing table. AFRINIC’s governance crisis affected global address supply. The Runet isolation framework sits inside RIPE’s address space. These things cross RIR boundaries whether we engage with them or not.

A surgeon who only reads journals from their own country eventually misses something important. This is the same failure mode.

What the RIPE model actually represents

There is something the RIPE community does not say loudly enough, so let me say it clearly.

The RIPE NCC governance model—no NIRs, direct LIR relationships, transparent community-driven policy development, political neutrality held under real pressure—is not the default. It is an exception. And it is one of the clearest proofs in existence of what healthy internet governance looks like.

VNNIC reports to a ministry. CNNIC reports to a party body. AFRINIC spent three years effectively in receivership. ARIN faces growing government pressure. Against that backdrop, the RIPE model is not something to be quietly proud of. It is something to defend loudly.

But here is the thing about AFRINIC. It was not brought down by a government. It was nearly destroyed by a single commercial actor who understood exactly how fragile the governance structure was, and used that fragility as a weapon. The RIPE model is more robust. No institution is immune.

Pride in a governance model without active effort to protect it is complacency dressed up as confidence.

Three things worth doing this week

Not abstract calls to action. Actual things.

Read one cross-RIR policy proposal. The NRO publishes all of them. It takes 20 minutes. The cross-regional perspective is the rarest commodity in internet governance—and it is freely available to anyone willing to look.

Ask someone from the APNIC region what working through a NIR is actually like. The answer is more interesting than the org charts suggest.

Ask yourself whether you have genuinely been looking. Not from inside your regional box. From outside it. The fragmentation is visible in public data. The question is whether you have been watching all five registries—or just your own.

The internet was built on the assumption that technical decisions could be insulated from political interference. That assumption is being tested simultaneously at the physical layer, the registry layer, and the application layer.

The technical community has always seen these shifts before everyone else. The question is whether we are paying attention this time—or whether we are too busy looking inside our own box to notice what is happening outside it.

I am genuinely curious what operators outside the RIPE region think about this. Is the fragmentation visible from where you sit—or does it look different?