The risk is being told no, and inviting dissent into the independence of ICANN. Not asking, means no risk of being told "no, you do as you're told" which would endanger the whole 3 legged stool. the GAC would immediately question the assumption the US government had that level of signoff, the money flows and lawyers would fire up, it would be come a shitstorm in a teacup.
The least likely outcome of asking the department of state if ICANN is "permitted" to add an HSM outside the USA, is a positive answer.
The most likely path to doing it, is not to assume you have to ask.
It's my personal opinion from beer convos with people in the circuit. As I said I have no firm proofs and you should hedge belief in this by the lack of verifyable facts.
Yes, but we're a long way down "our hands are off it's ICANN now". The exception might be DNSSEC and the verisign contract continuance. I have no complaint against verisign, far from it: their staff are excellent and they are amazingly diligent and risk averse.
But at a contractual level you could ask is there another company which could tender to operate the root publication function, and meet all stakeholder requirements? And, could that company be legally constituted outside the USA?
Possibly. Ex CERN staff have indicated they were dismayed when the address management function went elsewhere in Europe. I know people both sides of this divide, it's ancient history in some ways.
The least likely outcome of asking the department of state if ICANN is "permitted" to add an HSM outside the USA, is a positive answer.
The most likely path to doing it, is not to assume you have to ask.