--- title: Changing the Node Provider or Data-Center Principal slug: changing-node-provider-or-dc-principal description: NNS proposal procedures for replacing a lost or transferred node provider principal, replacing a corrupted node operator HSM, and updating data-center principal records. tags: - node-provider - maintenance - runbook - governance date: 2026-05-04 related: - node-provider-maintenance - node-provider-onboarding - node-provider-documentation - troubleshooting-failed-nns-proposals --- A node provider's identity on the Internet Computer is anchored in two principals: the **node provider principal** (typically backed by a Ledger hardware wallet) and the **node operator principal** (a key held in HSM or PEM form, used to sign registry calls). When either one is lost or has to be transferred, the registry record has to be updated through an NNS proposal. The same proposal type is used to update the data-center principal that an operator record is bound to. > [!WARNING] > These changes are governance actions, not direct registry calls. > They require a forum post, a proposal summary that explicitly > identifies you, and a community vote. Plan for several days > between submission and execution. For the rewards-side context, see [Node Provider Remuneration](/wiki/node-provider-remuneration/) and the [Reward Configuration Guide](/wiki/reward-configuration/). ## Changing the node provider principal Use this when you have lost access to your existing node provider principal, or are transferring node ownership to another entity. The HSM-backed node operator key can stay in place if you still have it; only the provider-side principal has to change. ### Step 1 — Create the new principal Follow steps 1–4 of [Node Provider Onboarding](/wiki/node-provider-onboarding/) to install the necessary tooling and create a new node provider principal with a Ledger device. Keep your existing node operator key — do not create a new operator record unless the operator key itself has been lost (see *Replacing a lost node operator HSM* below). ### Step 2 — Post on the forum Open a thread on the [DFINITY Developer Forum](https://forum.dfinity.org/) explaining: - Who you are and which existing node provider you operate. - Why you are registering a new principal — transfer, lost device, change of legal entity. - How the community can verify your identity (links to existing on-chain artefacts, verifiable social channels). ### Step 3 — First proposal: register the new principal Follow step 8 of [Node Provider Onboarding](/wiki/node-provider-onboarding/) to submit the NNS proposal that registers the new node provider principal. Include the forum post URL in the proposal summary. ### Step 4 — Second proposal: link the operator record Once the registration proposal is adopted, submit a second proposal that updates the existing node operator record so its `node_provider_id` points at the newly registered principal. Use `ic-admin propose-to-update-node-operator-config`: ```bash ic-admin \ --use-hsm \ --pin \ --slot 0 \ --key-id 01 \ --nns-url https://ic0.app/ \ propose-to-update-node-operator-config \ --proposer $NEURON_ID \ --proposal-title "Update the NO record for '${NODE_PROVIDER_PRINCIPAL}'" \ --summary "Updating the new node provider principal ${NODE_PROVIDER_PRINCIPAL} / '${NODE_PROVIDER_NAME}', as a second step following the execution of proposal ${FIRST_PROPOSAL}" \ --node-operator-id "$NODE_PROVIDER_OPERATOR" \ --node-provider-id "$NODE_PROVIDER_PRINCIPAL" ``` Required variables: - `NEURON_ID` — the neuron ID submitting the proposal. - `FIRST_PROPOSAL` — the proposal ID from step 3. - `NODE_PROVIDER_NAME` — the entity name on file. - `NODE_PROVIDER_PRINCIPAL` — the new Ledger-backed principal from step 1. - `NODE_PROVIDER_OPERATOR` — the existing node operator principal. Track the proposal at [dashboard.internetcomputer.org/governance](https://dashboard.internetcomputer.org/governance). ## Replacing a lost node operator HSM When the HSM that holds the node operator key has been lost or corrupted, the operator key itself has to be replaced. Use the HSM-less variant of the onboarding flow. 1. Run steps 1, 5, 6, 7, and 10 of [Node Provider Onboarding](/wiki/node-provider-onboarding/). Steps 5 and 6 generate a new operator key as a PEM file (`node_operator_private_key.pem`) instead of using an HSM. 2. Submit the NNS proposal that registers the new operator record. In the proposal summary, identify yourself as an existing node provider, explain that the previous operator key was lost or corrupted, and link the forum post. 3. Wait for the proposal to be adopted — expect several days. 4. Build a new IC-OS installation image keyed to the new operator principal. 5. Onboard the affected nodes using the `node_operator_private_key.pem` file rather than the (no longer available) HSM. > [!NOTE] > The Gen-2 deployment flow already supports HSM-less onboarding. > See the [Gen-2 Node Deployment Guide](/wiki/node-deployment-gen-2/). ## Updating the data-center principal The data-center principal recorded against an operator record is updated through the same `propose-to-update-node-operator-config` proposal, with the relevant DC-related fields set on the proposal. Submit a forum post first, identifying yourself and the data-center record being changed, and reference it in the proposal summary. ## Verification For all three flows, verify on [dashboard.internetcomputer.org/governance](https://dashboard.internetcomputer.org/governance) that the proposal has been adopted and executed before considering the change complete. ## Related - [Node Provider Onboarding](/wiki/node-provider-onboarding/) — the underlying step references. - [Node Provider Documentation](/wiki/node-provider-documentation/) — the role overview. - [Node Provider Maintenance Guide](/wiki/node-provider-maintenance/) — the parent runbook. - [Troubleshooting Failed NNS Proposals](/wiki/troubleshooting-failed-nns-proposals/) — if any of the proposals here do not adopt cleanly.