§ Wiki · Wiki entryView source ·.md

Changing the Node Provider or Data-Center Principal

NNS proposal procedures for replacing a lost or transferred node provider principal, replacing a corrupted node operator HSM, and updating data-center principal records.

·May 4, 2026·4 min read

A node provider's identity on the Internet Computer is anchored in two principals: the node provider principal (typically backed by a Ledger hardware wallet) and the node operator principal (a key held in HSM or PEM form, used to sign registry calls). When either one is lost or has to be transferred, the registry record has to be updated through an NNS proposal. The same proposal type is used to update the data-center principal that an operator record is bound to.

[!WARNING] These changes are governance actions, not direct registry calls. They require a forum post, a proposal summary that explicitly identifies you, and a community vote. Plan for several days between submission and execution.

For the rewards-side context, see Node Provider Remuneration and the Reward Configuration Guide.

Changing the node provider principal

Use this when you have lost access to your existing node provider principal, or are transferring node ownership to another entity. The HSM-backed node operator key can stay in place if you still have it; only the provider-side principal has to change.

Step 1 — Create the new principal

Follow steps 1–4 of Node Provider Onboarding to install the necessary tooling and create a new node provider principal with a Ledger device. Keep your existing node operator key — do not create a new operator record unless the operator key itself has been lost (see Replacing a lost node operator HSM below).

Step 2 — Post on the forum

Open a thread on the DFINITY Developer Forum explaining:

Who you are and which existing node provider you operate.
Why you are registering a new principal — transfer, lost device, change of legal entity.
How the community can verify your identity (links to existing on-chain artefacts, verifiable social channels).

Step 3 — First proposal: register the new principal

Follow step 8 of Node Provider Onboarding to submit the NNS proposal that registers the new node provider principal. Include the forum post URL in the proposal summary.

Step 4 — Second proposal: link the operator record

Once the registration proposal is adopted, submit a second proposal that updates the existing node operator record so its node_provider_id points at the newly registered principal. Use ic-admin propose-to-update-node-operator-config:

ic-admin \
  --use-hsm \
  --pin <hsm-pin> \
  --slot 0 \
  --key-id 01 \
  --nns-url https://ic0.app/ \
  propose-to-update-node-operator-config \
    --proposer $NEURON_ID \
    --proposal-title "Update the NO record for '${NODE_PROVIDER_PRINCIPAL}'" \
    --summary "Updating the new node provider principal ${NODE_PROVIDER_PRINCIPAL} / '${NODE_PROVIDER_NAME}', as a second step following the execution of proposal ${FIRST_PROPOSAL}" \
    --node-operator-id "$NODE_PROVIDER_OPERATOR" \
    --node-provider-id "$NODE_PROVIDER_PRINCIPAL"

Required variables:

NEURON_ID — the neuron ID submitting the proposal.
FIRST_PROPOSAL — the proposal ID from step 3.
NODE_PROVIDER_NAME — the entity name on file.
NODE_PROVIDER_PRINCIPAL — the new Ledger-backed principal from step 1.
NODE_PROVIDER_OPERATOR — the existing node operator principal.

Track the proposal at dashboard.internetcomputer.org/governance.

Replacing a lost node operator HSM

When the HSM that holds the node operator key has been lost or corrupted, the operator key itself has to be replaced. Use the HSM-less variant of the onboarding flow.

Run steps 1, 5, 6, 7, and 10 of Node Provider Onboarding. Steps 5 and 6 generate a new operator key as a PEM file (node_operator_private_key.pem) instead of using an HSM.
Submit the NNS proposal that registers the new operator record. In the proposal summary, identify yourself as an existing node provider, explain that the previous operator key was lost or corrupted, and link the forum post.
Wait for the proposal to be adopted — expect several days.
Build a new IC-OS installation image keyed to the new operator principal.
Onboard the affected nodes using the node_operator_private_key.pem file rather than the (no longer available) HSM.

[!NOTE] The Gen-2 deployment flow already supports HSM-less onboarding. See the Gen-2 Node Deployment Guide.

Updating the data-center principal

The data-center principal recorded against an operator record is updated through the same propose-to-update-node-operator-config proposal, with the relevant DC-related fields set on the proposal. Submit a forum post first, identifying yourself and the data-center record being changed, and reference it in the proposal summary.

Verification

For all three flows, verify on dashboard.internetcomputer.org/governance that the proposal has been adopted and executed before considering the change complete.

Node Provider Onboarding — the underlying step references.
Node Provider Documentation — the role overview.
Node Provider Maintenance Guide — the parent runbook.
Troubleshooting Failed NNS Proposals — if any of the proposals here do not adopt cleanly.

Node Provider Maintenance Guide
Day-to-day responsibilities for keeping node machines healthy on the Internet Computer — monitoring, common maintenance tasks, scheduled outages, and peer support.
Node Provider Onboarding
The technical procedure for becoming an accepted node provider on the Internet Computer, from tool installation through NNS proposal and node operator records.
Node Provider Documentation
How independent operators run the hardware that hosts the Internet Computer — the role, the current onboarding status, the lifecycle from proposal to operation, and the rewards.
Troubleshooting Failed NNS Proposals
What to do when a Network Nervous System proposal you submitted as a node provider fails to validate or fails to adopt.

For agents

The plain-markdown source is available at /wiki/changing-node-provider-or-dc-principal/source.md. Agents should read that rather than parse this page.