Hi Erik, I think any policy or membership agreements will not affect the liability of the NCC in front of third parties because operational misconducts of any provider. Is the same way as if we believe that we can be blamed for fake info at the whois, spam, criminal cases, or whatever, unless of course, we setup an explicit rule to go against the law (like "you're free to use the resources for criminal activities"). So, I will say more on the other way around: as many policies/tools we have to verify the authenticity of data and compliance of policies, as less responsible we can be of any liabilities in front of third parties. However, as a community we are *internally* responsible to setup the rules (policies and membership agreement) that we want to be respected, and the way we want to act *internally* if those rules are not respected (never mind if is breaking a policy or not paying the invoices or whatever). I'm not a lawyer, but deal a lot with them, and I'm sure anyway, there are more informed voices even from the NCC that can confirm, and actually it will be interesting to confirm. Regards, Jordi -----Mensaje original----- De: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> en nombre de Erik Bais <ebais@a2b-internet.com> Fecha: domingo, 18 de marzo de 2018, 13:22 Para: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Asunto: Re: [anti-abuse-wg] Decision on Proposal 2017-02 I still have some serious concerns about this proposal. I wonder how this might have an effect on the conduit role of (transit)-networks. And if the RIPE NCC will be requested to report (by the community or by legal court actions) or will be held liable in some way shape or form for the accurate information in case a resource holder will end up in a court case because they are not responsive on abuse complains. As a community we should tread carefully if we want to push the RIPE NCC in the middle of those kind of legal cases or want it to be held accountable on that. Especially in case of Copyright complaints for instance. The RIPE NCC is having agreements / contracts with all resource holders for ownership via End-User Agreements or LIR agreements, however in case of acting on operational topics like abuse handling, that SHOULD NOT be a part of it. Having a working method of abuse handling is a task of the resource holder themselves. If they decide to not act on or not have a valid abuse contact, it is their own responsibility. With all subsequent consequences. The RIPE NCC provides a datamodel in the RIPE DB to populate the field, but it should not get involved in validation of the information. The amount of work involved in validating just that specific field with no guarantee on or added value on actual responsiveness after it is validated, is a waste of community funds. Because those who want to respond on abuse complaints are already having working abuse contacts and those who don't, still won't. I fear that this task will be more or similar resource consuming than implementing 2007-01 .. ( Direct Internet Resource Assignments to End Users from the RIPE NCC ) Especially since it is stated that this should be done on a yearly basis. So in the end, it looks like expensive window dressing which might open up the RIPE NCC with a legal liability. However novel the intent is of authors. I would strongly advice against this. Regards, Erik Bais ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.