Auditability is often treated as a tidier version of transparency: fuller minutes, clearer communiques, a better annual report, a more orderly archive. That is a modest standard for an ordinary association. It is inadequate for a regional internet registry. A registry sits at the point where a public technical record becomes a private operating dependency. Its entries help counterparties decide who controls an address block, who may request changes, whose claim should survive a dispute and whether a scarce resource can move without years of legal risk. Once IPv4 became scarce, auditability stopped being an administrative virtue. It became part of the economics of the asset.
AFRINIC is the hard case because almost every weak seam in the registry model has become visible there. Allegations of historical address-record manipulation, the long dispute with Cloud Innovation, receivership in Mauritius, failed and contested elections, claims about powers of attorney, ICANN interventions, membership-law ambiguity, transfer restrictions and continuing litigation all converge on a single question: can the African registry remain the trusted record for valuable number resources when the authority behind that record is difficult to verify?
The answer should not be derived from the official RIR story. AFRINIC's public materials say it is a nonprofit, member-based organisation registered in Mauritius and entrusted with distributing and managing IP addresses and autonomous system numbers for Africa and parts of the Indian Ocean. Its policy manual uses the language of bottom-up process, openness, transparency and fairness. The Number Resource Organization has described receivership as a route back to functional governance. Those statements are useful factual exhibits. They are not, by themselves, the analytical frame.
The sharper frame comes from Lu Heng's public notes on authority, belief, liability and registry continuity, from public NRS and LARUS positions about member exposure and registry risk, and from reporting by KrebsOnSecurity, the Internet Governance Project and The Register. Those sources are not neutral in the same way. Some are interested parties; others are outside observers; official materials speak for institutions defending their own legitimacy. The disciplined reading is to test them against the same institutional question: what must be observable before a registry record can support economic reliance?
That test is demanding. A usable registry record requires more than a policy text and a press statement. It requires a chain of authority for every consequential decision: who requested a change, who was entitled to request it, which rule applied, what evidence was reviewed, what discretion was exercised, which conflicts were declared, what appeal existed, what state was preserved during dispute and who bears the loss if the registry is wrong. Without that chain, transparency becomes theatre. Auditability is what turns institutional speech into economically usable confidence.
The price of being believed
Regional internet registries do not route packets. They do not own the routers, fibre, data centres, cloud platforms or customer networks that make the internet work. Their power comes from something more fragile: the shared belief that their records are the legitimate reference point for number-resource control. Lu Heng's note on authority and belief makes the point bluntly. RIRs do not command by force; their databases matter because operators, courts, customers and counterparties treat them as authoritative.
Belief is cheap when the thing being recorded is low-value. In the early allocation era, a registry entry was mainly an answer to a coordination problem: which network had been assigned which unique numbers? Errors mattered, but they usually did not sit on top of a mature market. IPv4 scarcity changed that. Address blocks can be leased, sold, financed, litigated and embedded in customer contracts. They may not be ordinary property in RIR vocabulary, and courts may treat them differently across jurisdictions. Yet they plainly carry economic reliance.
That reliance converts belief into price. A clean registry record lowers the risk premium attached to a block. It reduces transfer due diligence. It helps customers trust operational continuity. It lets a court preserve a stable state while a dispute is decided. A doubtful record does the opposite. Buyers demand broader indemnities. Lessors write tighter termination clauses. Operators hedge with parallel supply. Lawyers enter transactions that should have been routine. The address still routes, but the recognised claim around it becomes more expensive to use.
This is the registry version of a familiar financial principle. A warehouse receipt, securities register or land title does not itself produce the commodity, share or building. It makes control legible enough that others can lend, buy, insure and contract against it. The analogy is imperfect because internet number resources are governed by a distinct technical and contractual system. But the economic lesson is apt. When the register is trusted, value circulates. When the register is doubted, value remains trapped or moves through informal arrangements that are harder to police.
Auditability is therefore not an ornament on legitimacy. It is the mechanism by which legitimacy is priced. If a registry can show how decisions are made and who had authority to make them, market participants can distinguish ordinary administrative risk from institutional fog. If it cannot, they must assume that any adverse decision may be political, discretionary, procedurally vulnerable or reversible in court. The difference is not philosophical. It affects the cost of capital for networks that depend on scarce addresses.
That is why AFRINIC should not be read as a local governance quarrel. The registry record is a confidence layer around scarce digital infrastructure. Once that layer is questioned, the region pays through discounts, delays, litigation and workarounds. A transparent communique may calm supporters for a day. An auditable record can support reliance for years.
Transparency is not auditability
Transparency is a convenient word because it sounds self-validating. A meeting agenda can be transparent. A consultation can be transparent. A statement can claim transparency. None of those facts proves that the economic authority behind a registry decision is auditable. The test is whether an affected member, customer, court or counterparty can reconstruct the decision path without relying on institutional trust alone.
For AFRINIC, the distinction matters because many public fights have concerned not the existence of documents but the authority behind them. Who is a member under Mauritian company law? Who is a resource member under AFRINIC bylaws? Who may vote? Who may hold a power of attorney? Who may request a registry change? Who may approve a transfer? Who may speak for a receiver? Which board act is valid while litigation continues? These are not procedural decorations. They are ownership-adjacent controls in a system that insists it is not about ownership.
The official policy vocabulary does not solve the problem. AFRINIC's Consolidated Policy Manual describes open, transparent and fair policy development, with documented discussions and procedures. That matters, but it answers only part of the question. Public-policy transparency describes how rules are debated. Registry auditability describes how power is exercised under those rules, especially when scarce assets, commercial expectations and disputed authority are involved.
The 2025 election controversy shows the gap. The Register reported that a court-supervised election was suspended and then annulled after concerns about voter documentation and alleged powers of attorney. South Africa's Internet Service Providers' Association told The Register that at least some members encountered claims that votes or authority had been exercised on their behalf without proper authorisation. ICANN complained that the community deserved a transparent report on the investigation. AFRINIC and the receiver did not answer every public question in the reporting available.
Those allegations should not be converted into findings without proof. The validity of each challenged authorisation is a matter for evidence, not inference. But the auditability failure is visible even before final adjudication. If member authority cannot be verified in a way the affected membership accepts, the vote cannot perform its economic function. A board chosen through doubted credentials will struggle to make credible decisions about records, transfers, fees, bylaws or enforcement. In a registry, the vote is not only politics. It is a control path into the ledger.
Public relations asks, "What story should people believe?" Auditability asks, "What can be independently checked?" In scarcity-era registry governance, only the second question is strong enough. A registry that asks members to trust its transparency without letting them verify authority is asking the market to price a slogan as if it were evidence.
How the record became capital infrastructure
The official description of AFRINIC is narrow and technical. It manages IPv4, IPv6 and ASNs; it provides WHOIS, RDAP, reverse DNS, RPKI and related services; it processes member requests under policy; it charges membership and allocation fees. In the old world this language could sound clerical. The record existed so that global uniqueness could be maintained and operators could find one another. That function is real, and the internet still needs it.
The economics changed while the legal and institutional language remained clerical. The Internet Governance Project's 2021 analysis noted that AFRINIC held only a small share of global IPv4 address space, came late to the RIR system and, for a period, was the only region with a significant free pool available at administrative prices. IGP also described the rise of the IPv4 transfer market, using price examples that made a large block worth millions of dollars by 2021. Exact prices move. The structural point does not.
AFRINIC's fee schedule illustrates the mismatch. Annual fees and allocation charges are scaled by prefix size and fund registry operations. They are not market prices for the underlying address capacity. That is not a defect by itself. RIRs were not designed as auction houses. The problem appears when a low-fee administrative allocation regime sits above a high-value secondary market while retaining discretionary review, transfer and revocation powers. The registry may call its role service administration. The holder experiences it as a control point over capital.
Lu Heng's public notes return repeatedly to this gap. In the "Neutral Bookkeeper" argument, IPv4 scarcity turns the registry ledger into capital infrastructure while accountability does not scale with the economic weight of the record. In the liability-focused notes, the asymmetry is sharper: registries can affect recognition, transferability and business continuity while contractual liability may remain small relative to foreseeable commercial harm. The claim is made by a participant with a commercial position. It nevertheless names the right variable.
AFRINIC's own exhaustion materials support the economic background without supplying the conclusion. They describe scarcity, soft-landing phases, hostmaster evaluation, maximum request sizes, utilisation checks and the transition pressure toward IPv6. They also show why the official record became more consequential. When the remaining free pool is rationed by need, compliance and queue position, and when other RIR regions had already exhausted their large free pools earlier, every decision about an AFRINIC-administered block carries more distributional weight. Scarcity makes the clerk's stamp less clerical.
The registry record is not the packet path, but it is part of the asset's usable value. It affects reverse DNS, RPKI assertions, abuse contacts, transfer due diligence, member standing and counterparty confidence. If the record can be changed, frozen, disputed or interpreted through opaque discretion, the asset carries registry-layer risk. If that risk is auditable, it can be priced. If it is opaque, it becomes a discount.
This is why AFRINIC's transparency problem is not mainly reputational. The registry is a low-margin trust machine sitting above high-consequence resources. Its public value is not the warmth of its institutional language. It is the reliability of its record and the checkability of its authority. Once those are doubted, scarcity does not merely make the dispute louder. It makes every uncertainty more expensive.
Provenance and insider risk
The clearest auditability warning came before the Cloud Innovation dispute. In 2019, KrebsOnSecurity reported allegations that IPv4 blocks originally associated with African organisations had been commandeered and sold through companies linked to Ernest Byaruhanga, a former AFRINIC policy coordinator. The reporting relied on work by researcher Ron Guilmette and South African journalists, described altered official AFRINIC documents in relation to Infoplan, and said Guilmette estimated the documented market value at more than $50m. AFRINIC's then chief executive told Krebs that an investigation was under way.
Those allegations must stay in their evidentiary box. A public report is not a final court judgment, and not every disputed historical record is proof of insider misconduct. But the episode is essential because it exposes the value of provenance. In a registry, history is not trivia. Dormant organisations, mergers, acquired assets, old contact handles, forgotten maintainers and staff permissions can become the raw material of economic control. A block with a weak chain of record is an invitation to exploitation.
The policy reaction to such an episode can go in two directions. The narrow response is provenance repair: audit trails, change-control logs, separation of duties, corporate-successor verification, conflict flags, public dispute status and independent review. That response strengthens the ledger. The broad response is discretionary expansion: more audits of commercial use, more power to reopen old justifications, more moral suspicion of leasing or transfer, more capacity for the registry to decide which business models deserve continued recognition. That response may feel like reform, but it shifts the institution from record protection to market control.
The difference is not academic. If records were allegedly manipulated by insiders or through weak authority controls, the remedy is to make the record harder to manipulate. It is not to make every member's later commercial use subject to open-ended registry reconsideration. A system can be strict about fraud without becoming arbitrary about business. It can treat forged authority, false corporate succession and unauthorised changes as serious offences while still accepting that addresses move among customers, regions and services in real networks.
Provenance also matters for public confidence. When the chain of control behind a prefix is unclear, honest members pay the cost alongside bad actors. Buyers hesitate. Lessors add legal buffers. Operators worry that a dormant or inherited record may later be challenged. Courts become cautious. The region's address base carries a cloud that cannot be removed by speeches about stewardship.
The insider-risk point is especially important. A registry can be compromised without a dramatic external hack if a person with internal knowledge understands which records are stale, which companies have disappeared, which contact data is weak and which procedural checks can be bypassed. That risk is not solved by telling the public that the organisation is community-based. It is solved by designing controls that assume insiders, former insiders, consultants, lawyers and sophisticated members may all understand the system well enough to exploit it. Auditability is a defence against familiarity.
The same logic applies to remediation. If a registry discovers that historical records may be tainted, its first duty is not to prove institutional virtue. It is to preserve evidence, identify affected resources, mark disputed states, protect running networks from unnecessary collateral damage and create a path for independent resolution. Quiet correction may be efficient for small clerical errors. It is inadequate for economically material records whose provenance affects market confidence. The public does not need every sensitive detail. It does need assurance that the evidentiary chain exists and can be tested by someone independent enough to matter.
Transfers and the opacity premium
Transfers are where registry auditability meets asset economics most directly. A transfer is not only a database update. It is a moment when value moves, risk is allocated and a new party asks the registry record to recognise a change in control. In an abundant world, a slow or discretionary transfer process is irritating. In scarcity, it can change the price of the asset.
AFRINIC's public policy materials frame transfer activity through community rules and registry processing. Lu Heng's "Policy Mirror" note reads the 2026 framework more harshly, arguing that regional classification, written approval, non-recognition of unauthorised transfers, inbound-policy treatment and abuse-contact escalation convert registry recording into capital control. The note is advocacy, not adjudication. Its economic mechanism is nevertheless worth taking seriously: if the registry can block or condition movement, the registry affects value.
The Register reported in March 2026 that AFRINIC had adopted a policy that in many circumstances prevents members from transferring IPv4 resources it assigns outside the region. AFRINIC's supporters can describe such rules as regional stewardship. Critics can describe them as lock-in. The practical test is observable market behaviour. If AFRINIC-registered resources require heavier warranties, face longer closings, suffer a discount or move through opaque leasing structures because the official route is too uncertain, the policy has created an opacity premium.
A serious registry can defend some gates. It must verify that the transferor controls the block. It must avoid duplicate claims. It must respect court orders and dispute holds. It must maintain accurate contacts and security-relevant records. It may need to prevent fraud, forged authority and attempts to launder stolen resources. These functions are consistent with a ledger. They require evidence and audit trails.
The risk begins when the same transfer path becomes a judgement about commercial purpose, customer geography, moral acceptability of leasing, regional loyalty or continuing need. Those judgements are harder to audit because they depend on institutional discretion. They also invite selective enforcement. A registry that asks a holder to prove present business conformity long after allocation is not merely recording a transfer. It is reopening the economics of reliance.
Auditability would not remove all conflict. It would clarify the category of conflict. A denied transfer should be traceable to a specific defect: lack of authority, unresolved dispute, forged documentation, inaccurate registry data, non-payment tied to a defined remedy, or a narrow rule adopted before reliance formed. If the denial rests on a broad policy theory, the registry should say so and accept independent review. Opaque refusal lets the institution enjoy the economic effect of control while hiding behind administrative language.
Scarcity punishes that ambiguity. Because addresses are valuable, parties will not simply accept delay or uncertainty as public-spirited friction. They will route around it through leases, options, nominee arrangements, side letters or litigation. Every workaround weakens the common record. A transparent transfer system is not a concession to traders. It is how the registry keeps valuable movement inside the auditable ledger rather than pushing it into private shadows.
The regional-development argument does not remove the need for auditability. A rule may be defended as protecting African resources for African networks, but it can still reduce the exit value of resources held by African operators, discourage inbound supply, increase discounting and push activity into less visible structures. A region does not become richer merely because its assets are harder to move. It becomes richer when reliable rules make productive use, investment and legitimate transfer cheaper than avoidance.
Member authority is part of the ledger
Registry governance is often discussed as if it were separate from registry records. It is not. The people who can vote, approve bylaws, elect directors, appoint committees and set policy determine the institution that controls the record. In a scarce-resource registry, member authority is itself a layer of the ledger. If the authority chain is unclear, every subsequent policy decision inherits a legitimacy discount.
Lu Heng's early AFRINIC note on the myth of community ownership argues that low member participation lets a small group of insiders, consultants and repeat officeholders dominate procedures while ordinary ISPs, telecom operators and enterprises stay focused on running networks. That argument is sharply stated and comes from a dissident participant. But the incentive problem is familiar. Associations with diffuse, busy members are vulnerable to organised minorities. Scarcity raises the stakes because control of process can influence control of valuable resources.
The 2025 election sequence turned that abstract problem into a public evidence dispute. The Register reported that AFRINIC, after years without a board, moved toward elections under a court-appointed receiver. A nomination committee involving senior British lawyers was appointed because of concerns about possible interference. ICANN then sought clarification after Cloud Innovation appeared in corporate records in a way that raised questions; the Mauritius court ordered a communique saying that listing was erroneous, while not reconstituting the nomination committee. Voting proceeded, then was suspended and annulled after concerns over voter documentation.
The later election produced a board, but not a clean end to the authority question. The Register reported in September 2025 that eight directors were elected, seven backed by Smart Africa, while critics expected court challenges and a criminal investigation into the June election remained under way. Again, these are reported facts and allegations, not final determinations about every vote or candidate. The economic point is narrower: a registry cannot treat member authority as ceremonial when board control can alter transfer policy, fee policy, bylaws and litigation strategy.
Auditability here means more than counting votes. It means direct notice to resource members, verified representative identity, tamper-resistant powers of attorney, challenge windows, post-vote reporting, conflict disclosures and a clear reconciliation between resource-member practice and registered-member status under Mauritian law. It also means explaining how votes affect resource governance without pretending that every member has equal exposure or equal capacity to participate.
A member vote that cannot be checked does not create strong legitimacy. It creates a document that supporters cite and opponents litigate. For AFRINIC, that is especially dangerous because litigation has already impaired ordinary governance. If the registry wants its board and policies to be economically accepted, it has to make the authority path dull, verifiable and difficult to counterfeit. In a registry, democracy without auditability is not community rule. It is another attack surface.
There is also a distributional reason to care. The members least able to attend every meeting or hire governance specialists are often the operators most harmed by opacity. Large holders and well-funded institutions can monitor elections, litigate, diversify supply and price legal uncertainty into contracts. Smaller ISPs and local enterprises need the registry to make ordinary rights easy to understand and hard to steal. If transparency benefits only those with the time and money to decode procedural complexity, it is not transparency in any economically useful sense.
Courts, receivership and legal continuity
Receivership is usually described as a repair mechanism, and in a limited sense it is. The NRO's 2023 statement welcomed the Mauritius court's appointment of an official receiver and described the receiver's role as preserving the status quo, maintaining the value of AFRINIC's business, overseeing elections, facilitating a proper board and enabling the appointment of a chief executive. That statement is an official exhibit, not a full theory of legitimacy. It shows that even the RIR system accepted the need for court-supervised continuity.
The Internet Governance Project took a more positive view of receivership in 2023, arguing that it demonstrated the resilience of private, contract-based internet governance because ordinary courts and rule of law could preserve operations while governance was repaired. That is a useful corrective to panic. AFRINIC did not disappear because a court became involved. Registry services could continue while institutional control was constrained. The court did not need to become a packet router to matter.
But receivership is also an audit of institutional failure. A healthy registry should not need a court officer to reconstitute its board. A receiver can preserve records, supervise elections and prevent a corporate vacuum from swallowing critical services. A receiver cannot supply the missing economic bargain between resource holders and registry power. Nor should receivership become a shortcut for structural policy changes that would be controversial if made by an ordinary, uncontested board.
Lu Heng's AFRINIC lock-in argument treats a receiver as preservative rather than legislative and warns against irreversible resource-mobility decisions while legitimacy remains contested. The language is partisan and should be read accordingly. The caution is sound. The more valuable number resources become, the more dangerous it is for temporary authority to make permanent decisions about transferability, member rights or the economic nature of resource control. A bridge should not redesign the river.
ICANN's 2026 intervention in winding-up proceedings, reported by The Register, is another example of the continuity problem. ICANN said it sought to help the court understand AFRINIC's unique role and to make clear that numbering resources allocated through AFRINIC are not AFRINIC assets available for distribution in a winding-up. That is a narrow and important proposition. If a registry company were liquidated like an ordinary commercial estate, the continuity of number records would be endangered.
Yet the same argument should not be stretched. Saying that number resources are not AFRINIC's assets does not decide the reliance interests of resource holders. Saying that AFRINIC performs a public coordination function does not decide every transfer-policy dispute. Saying that court supervision protects continuity does not make the incumbent institution immune from review. A transparent continuity principle would separate the records and services that must continue from the policy discretion that may need to be challenged.
Legal continuity is part of the same discipline. AFRINIC is incorporated in Mauritius, but its records affect networks across a service region much larger than the jurisdiction that hosts the company. That mismatch does not make Mauritian courts illegitimate. It makes the evidentiary burden higher. Courts need clear explanations of what AFRINIC administers, what it owns, what members rely on, which services are operationally critical and which disputes can be isolated without destabilising unrelated resources. If the registry cannot translate its function into ordinary legal terms, judges will be asked to manage internet continuity through fragments of corporate and insolvency law. That is a poor substitute for audit-ready governance.
Receivership therefore teaches the central lesson of auditability: preserve the last verified state, isolate disputes, keep publication services running and make authority visible. It should not be used to fuse the survival of the ledger with the survival of every power claimed by the current operator.
Narrative control is not transparency
Institutions under stress often confuse transparency with winning the story. AFRINIC's public communications, ICANN letters, NRO statements, NRS warnings, LARUS releases, ISPA messages and media quotes all compete to define what the crisis means. Each has a constituency. Each selects facts. Each can be useful. None can substitute for an auditable decision record.
The Register's March 2026 report captures the problem. AFRINIC accused Cloud Innovation, Larus and associated advocacy campaigns of driving litigation and procedural roadblocks that it said were intended to disrupt or paralyse the registry. Lu Heng responded that the real problem was structural: high-consequence registry power over economically critical number resources without commensurate legal and financial liability. AFRINIC rebutted asset-style arguments by saying IP addresses are not owned as traditional property. NRS framed the matter as member exposure to chokepoint power.
The public reader should not turn any of those positions into the whole truth. AFRINIC has a legitimate interest in stopping litigation from disabling registry services. Resource holders have a legitimate interest in preventing discretionary power from destroying business continuity. The official RIR system has a legitimate interest in avoiding fragmentation of the number registry. Courts have a legitimate role in testing corporate authority and contractual claims. The problem starts when one actor treats its legitimate interest as a mandate to control the narrative and avoid evidence.
Auditability disciplines narrative because it forces claims back to observable questions. Which lawsuit blocks which function? Which registry decision threatened which resource? Which policy authorised which remedy? Which member gave which power of attorney? Which court order preserved which state? Which transfer rule was in force at the relevant time? Which conflict of interest was disclosed? Which service would fail if a board act were delayed? These questions are less dramatic than institutional slogans, but they are more useful.
The same discipline should apply to critics. A commercial lessor arguing for liquidity has a commercial interest. A member campaign warning about registry power may also seek influence. A court-backed continuity claim can be overstated in marketing. Public argument is not disqualified by interest, but interest makes auditability more important. The answer is not to choose the nicer slogan. It is to demand the chain of evidence behind every consequential claim.
This is why "transparency" can become dangerous if it means only more statements. Too much narrative without enough verifiable authority can reduce confidence, because each side produces more words while the decision path remains obscure. In a market for scarce address resources, the cure is not louder communication. It is quieter, more checkable procedure.
AFRINIC's recovery will be credible when public materials stop asking readers to infer trust from institutional identity and start letting them verify authority from records. The registry does not need to win a permanent morality play. It needs to make the official path safer, more predictable and more legible than the private workarounds. That is a different communication strategy because it is not mainly communication. It is governance as evidence.
Liability alignment and the cost of opacity
The most uncomfortable part of the AFRINIC case is liability. A registry may insist, with some legal force, that number resources are not ordinary property. But the practical effects of registry action can still be severe. A block may support customers, contracts, cloud workloads, security settings, geolocation dependencies, abuse handling, reverse DNS, RPKI objects and revenue. If recognition is threatened, the holder's loss is not limited to the annual fee paid to the registry.
Lu Heng's notes on registry power and liability argue that the RIR model combines high-consequence authority with symbolic contractual downside. His LARUS note points to public RIR agreements that limit liability, bind members to changing policies and preserve termination or revocation paths. The AFRINIC Registration Service Agreement is described there as capping liability at the greater of six months' fees or $100, while allowing resource revocation on termination or expiry. Readers should treat the commercial conclusion as an interested position. The design issue remains real.
Limited liability is not inherently scandalous. A registry funded by membership fees cannot insure every market loss. It should not be treated as a guarantor of speculative gains. But limited liability has an implication registries often avoid. If the institution cannot bear high commercial downside, it should not exercise broad commercial discretion. The less liability it carries, the narrower and more objective its power should be.
Opacity makes the asymmetry worse. If a registry decision is wrong but the path is auditable, affected parties can challenge it, courts can understand it and future behaviour can adapt. If the decision is opaque, the member faces both substantive risk and evidentiary risk. It may not know why the decision was made, which evidence mattered, whether comparable members were treated differently, or what cure would restore ordinary status. That uncertainty becomes a cost even if the registry ultimately prevails.
The Cloud Innovation dispute shows how quickly liability misalignment can become institutional risk. IGP reported that AFRINIC questioned discrepancies between registered usage and actual deployment, original-need narratives and regional service language; Cloud Innovation disputed the interpretation. AFRINIC's threatened remedy, according to IGP's account, included possible termination and reclamation, while AFRINIC also disclaimed liability for losses arising from its notice or actions. Litigation followed, including injunctions and a bank-account freeze that IGP criticised as excessive. The merits belong to courts. The structure is plain: broad power plus limited downside invites high-stakes resistance.
A better model would align liability by narrowing discretion. The registry should be powerful where the invariant is objective: uniqueness, proof of control, accurate contact data, security continuity, fraud prevention, court holds and dispute metadata. It should be cautious where the issue is business model, customer geography, asset monetisation or moral judgment about scarcity. If it wants broader discretion, it needs stronger independent review, clearer remedies and a more credible allocation of loss when it errs.
Liability alignment is not anti-registry. It is how the registry preserves trust. Members are more likely to accept adverse decisions when the rule is known, the evidence is visible, the remedy is proportional and the reviewer is independent. They are more likely to litigate when the registry combines a large practical effect with a small accountability surface. Auditability reduces litigation not by hiding conflict, but by making the conflict harder to exaggerate.
There is a broader institutional-economics point. A party that can change another party's cost of capital should be accountable for the conditions under which it does so. That does not make every registry act a damages claim. It does mean the registry's discretion must be designed as if mistakes are costly, because they are. The cheaper the formal membership fee, the more dangerous it is to pretend the economic exposure is also cheap.
The audit AFRINIC actually needs
The obvious audit would ask whether money was spent properly, whether accounts are accurate and whether controls meet ordinary nonprofit standards. AFRINIC needs that, especially after public concern over legal costs and years of institutional instability. But the deeper audit is not only financial. It is an audit of authority.
A resource-record audit would examine the chain of control for address blocks, especially those affected by historical irregularities, dormant organisations, corporate succession, large transfers, disputed contacts or old maintainer credentials. It would not need to expose sensitive customer data. It would need to show that changes are backed by evidence, approved by properly separated functions, logged in ways that cannot be quietly rewritten and marked when a claim is disputed. The aim is not public shaming. It is to make the ledger credible again.
A transfer audit would examine every meaningful denial, delay, approval and dispute hold. It would identify the rule applied, the evidence requested, the time taken, the reviewer, the conflicts declared and the available appeal. It would distinguish technical defects from policy judgments. It would measure whether comparable cases receive comparable treatment. In an asset-sensitive registry, unequal transfer handling is not a customer-service issue. It is a value-allocation issue.
A member-authority audit would reconcile resource-member practice, bylaw language and Mauritian company-law status. The Register's 2026 reporting on ISPA's bylaw review described a legal concern that AFRINIC resource members may not be registered members under Mauritian law in the way many governance assumptions require. If true, or even if seriously arguable, that gap should be confronted openly. A registry cannot rely on member legitimacy while leaving the legal mechanics of membership unclear.
An election-authority audit would treat powers of attorney, proxy rights, voting credentials, notice procedures and post-vote reporting as infrastructure controls. The 2025 allegations around powers of attorney show why. The point is not to prove every accusation in a public article. The point is that voting authority must be hardened against precisely that kind of dispute. If a member can plausibly say someone voted or claimed authority without permission, the system has failed before the policy debate begins.
A continuity audit would identify which services must survive board disputes, insolvency applications, litigation, staff turnover or loss of bank access. AFRINIC's own public materials identify WHOIS, RDAP, reverse DNS, RPKI and routing-registry services as part of its work. Lu Heng's continuity notes emphasise uniqueness, registration accuracy, publication services, security continuity, running-network continuity and independent adjudication. The sober conclusion is that critical services require last-known-good records, succession planning and dispute isolation. They should not depend on institutional pride.
Finally, a liability audit would map each registry power to the loss it can impose and the remedy available if exercised wrongly. Where the gap is too large, the power should be narrowed or the remedy strengthened. This is the economics of auditability: not merely checking whether a decision was documented, but checking whether the institution that makes the decision is structurally fit to carry its consequences.
Such an audit would also clarify what transparency should not do. It should not publish customer secrets, routing-security material, private commercial terms or sensitive fraud leads merely to satisfy a general appetite for disclosure. The aim is not radical exposure. It is verifiable governance. A registry can protect confidentiality while still publishing categories, timelines, authority checks, conflict rules, appeal routes and aggregated performance data. The right question is not whether every fact is public. It is whether the facts that justify power can be checked by someone independent enough to matter.
What a transparent AFRINIC would make boring
The strongest sign of recovery would be boredom. A good registry should be less dramatic than the networks it serves. Its records should be accurate. Its transfer process should be predictable. Its elections should not require forensic interpretation by outsiders. Its court filings should not be the main channel through which members learn how authority works. Its public statements should be narrower than its evidence, not broader.
For AFRINIC, making auditability boring would begin with resource-state categories that ordinary operators can understand. A block might be active and undisputed, under ordinary contact correction, under corporate-successor review, subject to a transfer request, subject to a court hold, affected by a fraud allegation, or frozen by independent dispute status. Those categories would not decide the merits by themselves. They would prevent the registry from turning uncertainty into hidden discretion.
Transfer processing should become similarly dull. The registry should record proof of control, check for conflicting claims, confirm good-standing requirements, maintain contactability, preserve security continuity and publish decision timelines. If a transfer is refused, the refusal should be tied to a rule that existed before the transaction and should be capable of independent review. If the issue is policy rather than proof, the registry should say so plainly. Markets can price a rule. They struggle to price mood.
Member governance should be made legible enough that low participation does not become a design flaw. Operators are busy; many will never attend meetings unless crisis forces them to. That reality does not excuse capture. It requires direct notice, clean credentials, voting receipts, proxy limits, authority verification and easy challenge procedures. A registry cannot build legitimacy on participation that it has not made safe and meaningful.
Continuity should be separated from institutional survival. Africa needs number-registration services. That does not mean every board position, bylaw theory, transfer rule or enforcement claim must be shielded from review. A transparent AFRINIC would be able to explain which services would continue under a dispute, how records would be preserved, who could make emergency changes, how RPKI and reverse DNS would remain coherent and which decisions would be paused until authority is resolved.
The same discipline should govern public accountability. AFRINIC's supporters may believe hostile litigation has harmed the registry. Critics may believe registry discretion has harmed members. Both can be partly true. A transparent institution would not ask the public to decide the whole story by sentiment. It would provide enough decision records, financial disclosures, litigation-status explanations and member-authority data for specific claims to be evaluated.
Boredom is not weakness. In infrastructure governance, it is the return on auditability. When a registry becomes boring, the asset value moves back to the networks using the resources rather than the factions fighting over the institution. The address record becomes a utility again. That is the point.
The watchpoints now
The first watchpoint is whether AFRINIC's restored board converts formal existence into auditable authority. The Register reported in February 2026 that AFRINIC staff described improved morale, interim management appointments, a forthcoming budget and action plan, and a 2027-2030 strategy. Those are encouraging operational signals if they are followed by documentary discipline. A board is not enough. The question is whether it can show clean minutes, conflict controls, voting legitimacy, bylaw clarity and decision records that survive hostile scrutiny.
The second watchpoint is whether transfer policy increases or reduces the opacity premium. If regional restrictions and written approvals make official transfers slower, more discretionary or less financeable, AFRINIC resources will carry a discount. If the rules are narrow, predictable and objectively administered, the registry can keep more activity inside the official record. The market will reveal the answer through pricing, indemnities, transaction timelines and the amount of activity pushed into private leasing or legal structures.
The third watchpoint is whether the historical record can be cleaned without becoming a mandate for broad commercial control. The 2019 KrebsOnSecurity allegations remain a permanent warning about provenance and insider risk. AFRINIC should be able to show stronger controls over dormant records, corporate succession, maintainer permissions and internal change authority. It should not treat past record weakness as proof that the registry needs open-ended power over every later business model.
The fourth watchpoint is whether member rights are made checkable under both AFRINIC practice and Mauritian law. The bylaw and membership-status questions described in public reporting are not technicalities. They determine who controls the institution that controls the registry record. If resource members believe their votes are symbolic or vulnerable to legal challenge, they will not treat the registry as a member-based authority. They will treat it as a private company with a contested governance surface.
The fifth watchpoint is ICANN and RIR-system failure policy. Revised ICP-2 work may be necessary because AFRINIC exposed a real lifecycle gap: the system knew how to recognise a registry better than it knew how to repair or replace a failing one. But emergency policy must protect the ledger, not create a higher-level gatekeeper with broad discretion over regional registries. A good policy will be narrow, evidence-based and continuity-focused. A bad one will centralise the same opacity at a larger scale.
The final watchpoint is language. Institutions reveal themselves under stress. If AFRINIC and its allies speak mainly of defending the institution, preserving the community and resisting enemies, sceptical members will ask what powers are being defended. If they speak of verified authority, accurate records, limited remedies, independent review, service continuity and liability alignment, the legitimacy premium can begin to return. Critics face the same test. A credible reform position has to protect the ledger as well as limit the gatekeeper.
AFRINIC's problem is not that it lacks transparency in the ceremonial sense. It has pages, policies, communiques, public meetings and outside statements. Its problem is that scarcity has raised the evidentiary burden. A registry record now carries enough economic weight that trust must be reconstructed from auditable authority rather than inherited from institutional status. That is the economics of transparency in the registry layer.
The conclusion is conservative. The internet-number system needs a trusted ledger. It does not need a sacred registry corporation, an unreviewable policy priesthood, or a market free-for-all in which stolen records and forged authority circulate unchecked. AFRINIC can still be the ledger for its region if it makes power visible, remedies proportional, member authority verifiable, transfer decisions objective, historical records traceable and continuity independent of factional control. If it does not, the market will not wait for formal derecognition. It will price the uncertainty and build around it.

