When AFRINIC had no stable board, the registry did not stop making economic decisions. Lawyers still had to be instructed or restrained. Court orders still had to be read, answered and turned into operational choices. IPv4 requests, transfer questions, member standing, reverse DNS, WHOIS, RDAP, IRR and RPKI publication still had to be kept from drifting into uncertainty. Staff still had to answer tickets, defend records, preserve systems, communicate with members and keep a regional ledger functioning while the corporate organ meant to authorize strategy, supervise executives and account for money was absent, contested or replaced by court-supervised arrangements. The boardroom did not become irrelevant when it failed. It became more visible because every missing decision had to be priced somewhere else.
That is the economic mechanism at the centre of AFRINIC's crisis. Board oversight is not decoration around a technical registry. It is the control surface that prices legal exposure, enforcement posture, budget discipline, executive authority, member trust, transfer and leasing recognition, and registry neutrality. A board can authorize litigation or settlement. It can restrain management. It can audit records. It can disclose risk. It can approve budgets, appoint executives, remove executives, delegate emergency authority, ratify policy implementation, set the tone for resource review, and decide whether a scarce-resource dispute is handled as a narrow ledger problem or as an institutional war. If the board is not legitimate, every one of those choices becomes easier to challenge and harder to trust.
AFRINIC is the sharpest test because the region's registry crisis joined governance theory to hard facts. Public reporting described earlier address-record corruption involving valuable IPv4 blocks and a former senior staff figure. The dispute with Cloud Innovation turned resource review and out-of-region IPv4 use into litigation capable of freezing bank accounts and threatening ordinary operations. The organisation then spent years without a functioning board or normal chief executive appointment. A receiver appointed under Mauritian court supervision was asked to preserve continuity, arrange elections and keep the registry from becoming either a corporate corpse or a private prize. The June 2025 election process was suspended and annulled after allegations involving powers of attorney and voter documentation. A later election restored a board, but the litigation overhang, bylaw disputes, transfer-policy fights, winding-up arguments and questions about commercial IPv4 leasing did not disappear.
The lesson is narrower than a general story about registry-layer risk. It is also narrower than a general argument about member rights. The board is the place where those risks and rights are converted into executable institutional choices. It decides what management may do, what management may not do, what gets audited, what gets disclosed, what gets settled, what gets appealed, what is delegated, and what must be prevented before it turns into a court-supervised emergency. In a regional internet registry, board legitimacy affects the economic quality of every major registry decision because the board sits between a monopoly ledger and scarce, market-used resources.
AFRINIC does not route packets for a customer in Nairobi, Lagos or Johannesburg. It records who is recognised for number resources, who may ask for changes, whether a block can move, whether an authority document is accepted, whether a dispute is flagged, whether technical publication remains stable and whether the registry is acting as neutral settlement utility or discretionary gatekeeper. Under IPv4 scarcity, those distinctions affect value. A record is not merely a line in a database when it supports hosting revenue, customer contracts, leasing arrangements, acquisition diligence or financing assumptions. The board does not own that value, but it can make it more certain or more fragile.
Official descriptions of AFRINIC provide a narrow factual exhibit, not the article's conclusion. AFRINIC is a Mauritian nonprofit and member-based organisation serving Africa. It manages IPv4, IPv6 and autonomous system numbers, and it provides reverse DNS, WHOIS, RDAP, IRR and resource certification services. Its policy material describes resource rules, exhaustion phases, transfer arrangements and registration requirements. Those facts matter, but they do not answer how a board should supervise a scarce-resource ledger whose recognition can support commercial revenue, collateral value, public trust and court claims.
AFRINIC's recent history supplies a sober answer. Board oversight has to be a narrow ledger discipline, not a theatre for regional rhetoric or commercial revenge. It has to preserve continuity without converting continuity into an incumbency shield. It has to enforce fraud controls without letting fraud repair become retrospective economic planning. It has to fund litigation when necessary while preventing legal budgets from becoming a second policy process. It has to let executives manage a technical registry while making sure that management cannot turn policy ambiguity into existential threats. Above all, it has to keep the registry neutral enough that a member can lose a dispute without fearing arbitrary destruction, and win a dispute without capturing the institution.
The board as the registry's control surface
A regional internet registry looks technical from the outside because its public outputs are technical: prefixes, ASNs, route-origin data, public registration data, reverse delegations, account status and resource-transfer entries. The institution behind those outputs is not purely technical. It is a corporate body with directors, budgets, bank accounts, staff, contracts, legal advisers, auditors, policies, members and courts. The board is where those layers meet. It converts a community policy into implementation choices, a legal threat into a litigation posture, a financial plan into fees and reserves, a staff action into institutional accountability, and a disputed record into a procedure that can be defended.
That makes the board a control surface rather than a ceremonial committee. It can approve an annual budget that puts money into registry resilience or into litigation. It can ask whether a resource-review programme is targeted at fraud, policy compliance, commercial-model policing or regional control. It can require management to document authority checks before accepting representative changes, powers of attorney or transfer requests. It can decide whether a court fight is worth an appeal or should be settled under terms that protect the ledger. It can insist that RPKI, reverse DNS, RDAP and WHOIS services are not used as leverage in ordinary commercial conflicts. It can disclose enough for members to judge risk without publishing privileged legal strategy.
In a healthy registry, most of this is invisible because oversight produces boring outcomes. Tickets move. Authority checks are routine. Transfers are processed under known conditions. Resource-review letters are precise. Staff know which decisions require escalation. Legal advisers understand that the registry is a settlement utility, not a general economic regulator. Board minutes do not change market prices. Members may grumble about fees, but they do not treat a board election as a referendum on the future of their address holdings.
AFRINIC made those quiet assumptions explicit by losing them. When a registry cannot appoint a stable chief executive, cannot convene a normal board, cannot finish elections without court scrutiny and cannot separate one high-value dispute from the organisation's continuity, the market learns what the board had been doing by absence. The board should set risk appetite. Without it, receivers, courts, staff and litigants supply temporary risk appetite. The board should discipline legal spending. Without it, legal spending becomes both a necessity and a grievance. The board should approve communications. Without it, each statement can be attacked as unauthorized, incomplete or factional. The board should supervise executives. Without it, the line between operational discretion and institutional policy blurs.
The point is not that every registry action must wait for directors. A board that micromanages hostmasters would be as dangerous as a board that disappears. Staff should process ordinary requests, maintain databases, publish certification material, run ticket queues and support members. The board's job is to decide the boundaries: when a ticket becomes legal risk, when a record correction becomes a fraud case, when a transfer raises policy interpretation, when litigation threatens continuity, and when member authority must be independently verified.
AFRINIC's scarcity environment makes those boundaries more valuable. IPv4 blocks in the region are not merely administrative entries. They can support hosting revenue, customer contracts, leasing arrangements, acquisition diligence and financing assumptions. A board that treats registry entries as paperwork ignores their economic role. A board that treats them as property owned by the registry overstates its authority. The board must hold the awkward middle: number resources are not corporate assets, but registry recognition around them has capital-like effects.
That middle position requires institutional humility. A board may think it is protecting Africa by restricting address mobility. It may think it is defending the registry by fighting every case. It may think it is restoring integrity by threatening severe sanctions. It may be right in a particular matter. Oversight exists to force the question that management, campaigners and litigants often avoid: what is the least discretionary, most auditable and most continuity-preserving way to reach the necessary decision?
AFRINIC's crisis shows why that question is not academic. A board that cannot ask it, or cannot be trusted when it answers, turns each resource decision into a proxy fight over control of the whole registry.
Absence does not remove power
Board absence does not remove power. It redistributes power to less accountable places. In AFRINIC's case, power shifted among courts, receivers, staff, litigants, outside coordination bodies, member coalitions and public campaigns. Some of that redistribution was necessary. A court-appointed receiver can keep a distressed organisation alive, preserve assets and organise elections. Staff can maintain essential services. Courts can restrain unlawful conduct and interpret corporate obligations. But none of those substitutes has the same economic role as a legitimate board answerable to the membership and tied to the registry's long-term institutional duty.
The receiver's appointment in September 2023 was described by the Number Resource Organization as a path back to functional governance: the receiver would maintain the status quo, preserve the value of the business, oversee elections, facilitate the formation of a board and help appoint a chief executive. That is a continuity measure. It is not a permanent governance model. A receiver can be an emergency bridge between corporate failure and restoration. The more decisions the receiver must make about elections, legal responses, member communications and management, the more visible the original oversight failure becomes.
The absence premium appears first in contracts. A buyer of AFRINIC-administered IPv4 addresses asks whether a transfer will be recognised if litigation resumes or if the board's authority is challenged. A lessor asks whether commercial delegation will be treated as routine network use, policy breach or evidence in a wider ideological fight. A customer asks whether reverse DNS and route-origin publication can be maintained if its provider is caught in a dispute. A bank asks whether address-supported revenue should receive a governance discount. A lawyer asks whether a Mauritian court process can affect a transaction whose economic parties are elsewhere. These questions are not created by routing instability. They are created by governance uncertainty above the routing layer.
Absence also changes staff incentives. In a normal registry, staff can escalate politically sensitive questions to management and management can seek board direction. In boardless conditions, staff must either act under narrower operational authority or defer decisions. Both choices carry costs. Acting may invite claims that the staff exceeded authority. Deferring may delay allocations, transfers, record updates or member support. If each significant action might be attacked later, a rational staff culture becomes cautious. That caution can be prudent; it can also become service degradation.
Legal advisers gain influence in such periods because the institution is living inside court risk. That is unavoidable, but it is dangerous if the legal department becomes the de facto strategy office. Lawyers are trained to win, defend, settle, delay, appeal or narrow claims. A registry board is supposed to ask a different question: what legal posture protects the ledger, members, staff and long-term neutrality at acceptable cost? Without a board, legal prudence can drift into legal dominance. The result is an organisation whose operating plan is written in pleadings rather than in service commitments.
Member communication becomes more fragile as well. During AFRINIC's crisis, members had to interpret public statements from the registry, the receiver, ICANN, Cloud Innovation, industry groups, candidates and commentators. Each statement carried a different interest. Some aimed to protect continuity; some to shape elections; some to defend a litigation position; some to rally members against perceived capture. A legitimate board cannot eliminate disagreement, but it can create a recognised channel for risk disclosure, budget explanation and decision ownership. When that channel is weak, members receive a market of narratives instead of a governance account.
The board's absence is therefore not only a constitutional problem. It is a pricing problem. The same prefix, held by the same organisation and routed in the same way, carries a different risk premium if the registry cannot show who has authority to decide, what process binds that authority and how disputes are confined. Scarcity makes the premium large because the resource cannot be cheaply replaced. A member who loses access to a valuable IPv4 portfolio cannot simply obtain a fresh equivalent from another regional registry. A customer whose provider depends on a contested block cannot easily distinguish technical route health from institutional claim risk.
AFRINIC's later board election in September 2025 reduced part of the absence premium. Directors could convene, interim management could be appointed, a budget and action plan could be prepared, and a 2027-2030 strategy could be discussed. Those are necessary signs of corporate life. But restoration is not the same as credibility. The question after a board returns is whether it can prove that the powers redistributed during absence are being pulled back into accountable, narrow and auditable oversight. If litigation strategy remains opaque, if member authority remains disputable, if transfer policy becomes a factional weapon, or if the board treats court victory as institutional vindication, the premium remains.
That is why board oversight is more specific than a general continuity story. The risk is not only that the registry could fail. It is that the board is the mechanism that determines whether failure is isolated, absorbed, escalated or priced into every decision.
Corruption turned oversight into ledger control
The earlier AFRINIC address-record scandal is often remembered as a corruption story. It is also a board-oversight story. Public reporting in 2019 described allegations that dormant or defunct African IPv4 resources had been commandeered through companies linked to Ernest Byaruhanga, a former AFRINIC policy coordinator and one of the organisation's early hires. Researcher Ron Guilmette and South African journalists traced records and claimed that address space worth more than $50m had been moved or sold through questionable arrangements. AFRINIC's then chief executive said the organisation was aware of the allegations and investigating. Byaruhanga had resigned shortly before the reporting.
For the economics of oversight, the crucial fact is not only the alleged misconduct. It is the institutional vulnerability the allegations exposed. A registry ledger is only as trustworthy as the controls over changes to it. If dormant company records, old acquisitions, inactive contacts, shell entities or staff privileges can be used to move address space, every member is forced to ask whether the registry record is an independently reliable settlement layer or a set of administrative entries vulnerable to insider knowledge.
The board is the body that should convert such a scandal into durable controls. It should require a forensic account of affected categories, not merely a reputational response. It should ask which database privileges were used, how historical company changes were verified, how dormant resources are monitored, what dual-control procedures exist for resource changes, how staff conflicts are declared, how whistleblowers are protected, how member notifications are handled and how auditors test record integrity. It should decide what can be disclosed publicly without compromising investigations and what must be reported to members because they fund and rely on the ledger.
If the board fails to do that, a corruption episode has two harmful afterlives. First, it weakens confidence in the ledger itself. Buyers, holders and counterparties look more carefully at chain of control, old company documents, historic WHOIS entries and unusual route history. Second, it contaminates later enforcement. When a registry with a recent record-integrity scandal begins aggressive review of a large member, the target can argue selective enforcement, and other members can wonder whether the registry is repairing fraud, fighting commercialisation or covering past weakness with overcorrection.
That ambiguity was visible in the years after the reported scandal. AFRINIC's desire to clean up its records and enforce policy was understandable. A registry that cannot correct fraud is not neutral; it is negligent. But oversight should separate fraud correction from policy zeal. Fraud is about false authority, fabricated need, stolen identity, manipulated records or deliberate deception. Policy disagreement may involve out-of-region use, customer leasing, changing deployment plans or interpretation of service terms. The remedies should differ. A board that merges them makes the registry's anti-fraud power look like an all-purpose discretion to revisit reliance.
The distinction matters because IPv4 scarcity turns historical records into capital evidence. A holder's block may support revenue far above annual registry fees. A buyer or lender may treat registry recognition as a condition for value. A registry's letter threatening severe action can therefore change bargaining power immediately, even before a court decides anything. If the board has not built a trusted audit and escalation process, resource review looks less like ledger hygiene and more like a loaded weapon.
Good oversight would not protect bad actors. It would make action against bad actors more credible by narrowing the grounds. A board could require management to classify review cases: suspected fraud, inaccurate contact data, policy non-compliance, contractual ambiguity, transfer irregularity, security risk or court-ordered change. It could require proportionate remedies: record correction, documentation request, supervised transfer, temporary dispute flag, independent audit, prospective compliance plan, suspension of future allocations, or, in severe cases, termination. It could publish anonymised aggregate data so members know whether resource review is routine, targeted or exceptional.
AFRINIC needed precisely that discipline because the old scandal and later litigation involved different kinds of institutional concern. The reported address heist suggested internal control failure and possible misuse of dormant records. The Cloud Innovation dispute involved the scope of AFRINIC's authority over a member's large IPv4 allocation and commercial use. Treating both under a single moral category of abuse may be politically satisfying, but it is economically sloppy. It prevents members and courts from seeing whether the registry is protecting record integrity or asserting a broad right to supervise address economics.
The board's job is to prevent that slippage. A registry cannot ask markets to trust its ledger while leaving members unsure whether the same review process is correcting theft, interpreting policy, resisting leasing, punishing a litigant or preserving regional ideology. Oversight is the price of enforcement credibility.
Cloud Innovation and the cost of enforcement without prudence
The dispute between AFRINIC and Cloud Innovation is usually told as a battle over IPv4 use, commercial leasing and regional obligation. It is also a case study in how board oversight should price enforcement before enforcement becomes existential. Public accounts describe Cloud Innovation, incorporated in the Seychelles, as having received millions of AFRINIC-administered IPv4 addresses and built a business around leasing them, including to customers outside Africa. AFRINIC challenged the use of those resources and raised the possibility of terminating the service agreement and reclaiming addresses. Cloud Innovation treated that as a threat to its business and responded with extensive litigation.
Both sides had rational incentives. AFRINIC, emerging from record-integrity controversy, wanted to show that it could enforce rules and protect a scarce regional pool. Cloud Innovation, facing a possible loss of resource recognition that could destroy substantial revenue and customer relationships, used courts to protect its position. The problem is that the dispute did not remain a member enforcement case. By July 2021, court orders had provisionally frozen up to $50m in AFRINIC bank accounts, and public analyses described multiple cases in Mauritius involving the parties. The registry's enforcement posture had created a continuity risk for the registry itself.
That is where board oversight should have mattered most. Before a registry threatens action that could destroy a large holder's business, the board should require a risk memorandum that looks beyond legal confidence. What is the factual theory? Is it fraud, misrepresentation, breach of need, out-of-region use, leasing, failure to update records, non-payment or something else? What remedy is proportionate to that theory? What is the expected litigation response? What operating funds could be exposed? What member services could be affected? What happens to customers if resources are withdrawn? Could an independent review narrow the facts? Is there an interim remedy that preserves uniqueness and records while the merits are decided? What settlement threshold protects the ledger without rewarding obstruction?
If those questions were asked, they did not prevent the dispute from becoming institutionally dangerous. That is the economic failure. A registry is entitled to enforce contracts and policies, but it must be capitalised, insured, governed and procedurally prepared for the consequences of enforcement. It cannot claim high-consequence power over scarce resources while assuming that a member will accept destruction quietly. Nor can a member claim to defend legitimate reliance while using litigation in a way that threatens all other resource holders. The board's role is to prevent both overreach and hostage-taking.
Legal prudence also requires a remedy ladder. The harshest remedy in a scarce-resource registry is withdrawal or loss of recognition, because it can affect customers, counterparties, security publication and market value. A board should insist that such remedies are reserved for clear, serious and reviewed cases: fraud, deliberate falsehood, persistent refusal to correct material records, court direction or behaviour that directly threatens the registry's core function. Ambiguous commercial-use disputes should start with narrower tools: documentation requests, compliance plans, independent audits, transfer holds, future-allocation restrictions, precise dispute flags and defined appeal periods.
AFRINIC's public policy documents show why discretion must be careful. The policy manual distinguishes allocation, assignment, sub-allocation, transfer, reverse delegation, public registration, ASN use, temporary resources and abuse contact data. The exhaustion material describes need justification, contract checks, Phase 1 and Phase 2 constraints, maximum and minimum allocation sizes and first-come handling. These are operational and policy categories. They do not automatically answer the commercial question of how to treat large historical holders whose customers, geography or leasing arrangements change over time. That is a board-level risk, not merely a hostmaster question.
The dispute also reveals a liability mismatch. AFRINIC and the wider registry system often insist that number resources are not owned as ordinary property and that holders are custodians. That may be correct in legal and policy terms. Yet the consequences of registry recognition are plainly economic. A holder can lease addresses, support customers, sell network services, negotiate transfers and treat address access as part of a business model. If the registry can make decisions that affect those values while disclaiming broad liability, courts become the balancing mechanism. Board oversight should reduce the need for courts by making decisions precise, reviewable and proportionate.
The Cloud Innovation matter became so consequential because it sat at the intersection of enforcement, scarcity and governance weakness. If AFRINIC had a strong board, clear review procedures, independent appeal and protected operating funds, the dispute might still have been severe, but it would have been less likely to threaten the registry's existence. If Cloud Innovation had a trusted forum short of maximal litigation, it might have defended its business without making every member bear the risk. The absence of such design made both sides' escalation rational and costly.
That is the uncomfortable institutional lesson. Enforcement without board-level prudence can turn a registry from neutral recordkeeper into litigating gatekeeper. Non-enforcement without board-level controls can let fraud and inaccurate records persist. The board exists to prevent that false choice.
Receivership as a continuity firewall
Receivership preserved AFRINIC when ordinary governance had failed. It should be understood as a continuity firewall, not as a substitute board. A firewall protects essential functions from a failing component. It does not turn the emergency component into the normal architecture. The Mauritian court order placed a receiver in a role designed to maintain the status quo, preserve the business's value, oversee elections and help restore a board and chief executive. That was a rescue design for a distressed corporate body that happened to carry a critical regional registry function.
The distinction matters because a registry has two layers that must not be confused. One layer is the corporate shell: directors, registered members, bank accounts, bylaws, contracts and legal domicile. The other is the registry function: unique number-resource records, service continuity, public data, reverse DNS, RPKI, IRR, tickets and member support. The corporate shell can be in crisis while the registry function continues, as AFRINIC's staff demonstrated. But the longer the corporate shell remains impaired, the more the function inherits uncertainty. Receivership buys time; it does not make the uncertainty disappear.
A board should learn from the receiver's role by making continuity plans explicit before the next crisis. Which services are critical? Which bank accounts or reserves are needed for payroll, technical operations and essential support? What authority permits staff to maintain RPKI repositories, reverse DNS delegations and public registration data during litigation? What decisions are frozen if corporate control is disputed? Who can communicate service status to members? How are court orders translated into narrow registry actions? What information is preserved for later board review? These questions should not wait for another receivership.
The June 2025 election controversy shows why receivership cannot become normal governance. The receiver and nomination committee were asked to run a process that would restore legitimacy. To address concerns about interference, the receiver appointed senior UK barristers to the nomination committee and selected a professional election-services provider. That formality was meant to harden the process. Yet the election was suspended minutes before the close of voting, then annulled, after concerns about powers of attorney and voter documentation. Public reporting described allegations that votes had been cast on behalf of resource holders who said they had not authorised them, and that one party claimed authority to represent a very large portion of resource holders. ICANN demanded explanations and warned about compliance review. Cloud Innovation then argued for winding up AFRINIC and moving functions to a different framework.
The details of any disputed ballot belong to the relevant investigation and courts. The governance lesson is already visible. A receiver can stage an election, but legitimacy depends on the quality of the member register, representative verification, proxy rules, disclosure, challenge windows and post-election explanation. Those are not mere election mechanics. They are registry controls. The same authority system that decides who may vote can affect who may request changes, support a transfer, challenge a record or speak for a resource holder. If authority documents are suspect in an election, every authority-dependent registry process deserves renewed scrutiny.
Receivership also changes incentives around disclosure. A receiver may be cautious because of court obligations, legal exposure and the need not to prejudice investigations. Members, however, need enough information to know whether the election failure was isolated, systemic, procedural, fraudulent or exaggerated. If the receiver explains too little, rumours fill the gap. If the receiver explains too much without due process, parties claim prejudice. A legitimate board would face similar constraints, but it would carry a continuing duty to members and could build standing reporting mechanisms. A receiver's temporary mandate makes that harder.
The right way to view receivership is therefore double. It proved that the registry function could survive a governance breakdown, which is good. It also proved that survival required extraordinary legal intervention, which is costly. A mature oversight system should reduce the need for that intervention by building continuity into the board's ordinary duties. Emergency authority should be pre-defined. Technical services should have continuity plans. Election controls should be audited before use. Legal exposure should be reserved against. Member communications should distinguish what is known, unknown and legally constrained.
AFRINIC's staff deserve credit for maintaining services through crisis, and the receiver's role provided a path back to formal governance. But an institution should not confuse emergency preservation with recovery. Recovery begins when the board takes the lessons of receivership and turns them into rules that make the next emergency less institution-wide.
Elections are scarce-resource infrastructure
In a scarce-resource registry, an election is not just an association procedure. It is market infrastructure. The board elected through that process will approve budgets, supervise management, handle legal strategy, oversee transfer implementation, interpret or ratify policy outcomes, set disclosure norms, influence enforcement culture and decide whether disputes are settled or appealed. If IPv4 resources are abundant and low value, a flawed election is mostly a legitimacy problem. If IPv4 resources are scarce, leased, transferred and used as business inputs, a flawed election can become a market signal.
AFRINIC's election crisis makes this concrete. The organisation had not had a functioning board since 2022. Courts and receivers had been asked to restore governance. An April 2025 election announcement presented the June vote as a chance to convene a board for the first time in years. The receiver warned of potential interference and created a heavily lawyered nomination process. Before voting, ICANN raised concerns about the nomination committee and about Cloud Innovation appearing as a registered member in Mauritian filings. The Supreme Court of Mauritius allowed the election to proceed and required clarification that the classification was erroneous and attributed to the Registrar of Companies rather than to AFRINIC or the receiver. Voting then proceeded, only to be suspended and annulled after power-of-attorney concerns.
For board oversight, three points stand out. First, the value of control had risen high enough that the election needed professional hardening. Second, even that hardening failed to prevent legitimacy damage. Third, the contested documents involved representative authority, not just political preference. In a member-based registry, proof of authority is the foundation of both voting and registry action. If a person can vote with a contested power of attorney, can a person also request a record change, support a transfer, alter contact details or represent a member in a policy dispute? The answer may differ by procedure, but the risk family is the same.
An accountable board should treat elections as part of registry-security design. The member register should be reconciled against corporate law status, resource-member categories, billing status, authorised representatives and historical changes. Voting authority should be validated before the vote, not discovered at the polling desk. Proxies and powers of attorney should have clear limits, original-document requirements, revocation processes and public statistical reporting. Members should receive confirmations when authority is lodged on their behalf. Disputes should have a pre-election challenge window and an independent decision path. Election records should be preserved for audit. Post-election incidents should be reported in enough detail for members to understand the risk without exposing private data unnecessarily.
These controls are not bureaucracy for its own sake. They reduce the prize value of procedural attack. If an election can be annulled by one disputed document or saved despite many defective documents, the losing side will litigate. If the rules define materiality in advance, the institution can distinguish errors that require correction from errors that void legitimacy. That distinction is essential when a registry has to restore board authority under litigation pressure.
The September 2025 election that produced a board was therefore necessary but not sufficient. Public reporting said AFRINIC elected eight directors, seven of whom were endorsed by Smart Africa. It also reported likely further court challenges, discomfort among some community members about the concentration of support and continuing government and criminal investigations related to earlier events. The new board's first task was not merely to meet. It was to prove that its decisions would be insulated from the legitimacy questions around the path that produced it.
Under scarcity, the board cannot ask members and markets to treat election irregularities as internal politics. A board that controls transfer policy, legal settlement and enforcement oversight can change expected value. Candidate slates will attract support, suspicion and organised opposition from actors focused on resource mobility. The design answer is not to pretend interests are absent. It is to make authority verification so strong and board discretion so narrow that capturing the board yields less private value.
This is why election legitimacy and registry neutrality are linked. The more a board can decide by broad discretion, the more elections become battles over scarce assets. The more the board's role is confined to narrow, audited, member-visible oversight, the less control of the board can be monetised. AFRINIC's election problems therefore point back to the same institutional cure: reduce the economic payload of board capture by narrowing the mandate and strengthening process.
The hardest ledger is the legal budget
The most revealing ledger in a crisis is often not the registry database. It is the legal budget. Litigation tells members which conflicts the institution is willing to fund, which risks it regards as existential and how much ordinary service money is being converted into court strategy. AFRINIC's public dispute environment makes this ledger unavoidable. Reports have described more than twenty lawsuits or linked legal matters at different points, frozen bank accounts, receivership proceedings, election challenges, bylaw fights, winding-up applications, takedown orders, ICANN interventions and disputes over transfer and leasing statements. Each item has a legal cost. Each cost is paid directly or indirectly by a member-funded registry.
The board's duty is not to avoid litigation. A registry that never litigates will invite fraud, abusive pressure and disregard for its rules. The duty is legal-budget discipline: knowing what is being defended, why it is worth the money, what success means, what settlement would cost, how much operational resilience is being sacrificed and what disclosure members need. A board should be able to say, at least in aggregate, how much of the budget supports core services, ordinary counsel, exceptional litigation, election repair, bylaw reform, compliance with court orders, external advisers and reserves. Without that discipline, members cannot tell whether fees fund the ledger or the war.
AFRINIC itself has publicly argued that litigation and procedural roadblocks have delayed restoration, increased costs and obstructed training, research and member initiatives. Critics have argued that litigation is the response to a registry model that concentrates high-consequence power without matching liability. Both claims can be partly true. That is precisely why the board must translate legal conflict into a financial account. If members are captive to one regional ledger, they are entitled to know whether legal spending is protecting continuity, defending excessive discretion, responding to a litigant's maximal tactics or compensating for weak governance design.
A mature board would impose several controls. It would classify cases by purpose: core continuity, resource-status dispute, election challenge, corporate-law compliance, member-rights dispute, communications restraint, debt or fee recovery, and strategic litigation. It would set decision thresholds for appeal and settlement, protect essential operating funds through reserves and insurance where available, and publish member-facing summaries that disclose categories, costs and service impact without waiving privilege.
The 2021 bank-account freeze is the classic warning. A court order provisionally freezing up to $50m in funds turned a dispute over one member's resources into a risk to operations serving thousands of others. Whatever one thinks of the parties' merits, the event shows that legal exposure can become systemic. A board should not wait for such a freeze to ask whether operating accounts, reserve policies, insurance, emergency credit, payment approvals and member communications are prepared for high-value claims. In a scarce-resource registry, high-value claims are not anomalies. They are predictable.
Legal-budget discipline also affects enforcement. If the registry cannot afford the litigation that follows severe resource action, then severe action becomes either reckless or hollow. A board that authorizes termination threats must budget for the defence. It must also consider whether narrower remedies would achieve the ledger goal at lower systemic cost. A targeted dispute flag, independent audit or prospective compliance plan may protect registry integrity while avoiding the financial shock of total withdrawal. This is not weakness. It is prudence under scarcity.
The same discipline applies to external interventions. ICANN's attempts to obtain information, its warning about compliance review, and its later intervention in a winding-up matter are relevant because they affect legal posture and continuity planning. But the board cannot outsource its duty to global bodies. ICANN can explain the system's interest and argue that number resources are not assets available for distribution in liquidation. The AFRINIC board still must tell members how the case affects budget, services, bylaw reform and resource certainty. NRO statements can support continuity. They cannot replace local financial accountability.
Legal spending is also a governance signal to staff. If every difficult question becomes litigation, staff learn to avoid decisions. If the board settles too cheaply without principle, staff learn that enforcement is performative. If the board fights everything, staff learn that the institution values vindication over service. The right balance is boring: clear delegation, early legal review, independent fact-finding, proportionate remedies, settlement authority and transparent cost reporting.
AFRINIC's board will not rebuild trust by winning one case or issuing one budget. It will rebuild trust if legal expense stops being a fog around governance and becomes an accountable ledger of risk decisions.
Executive authority and technical continuity
A board governs through executives, not around them. AFRINIC's inability for years to appoint a normal chief executive is therefore more than a personnel problem. It affected the chain by which policy, finance, legal posture and technical operations are converted into daily decisions. When the executive layer is unstable, staff may continue to perform admirably, but the institution loses the ordinary line of accountability: board to chief executive, chief executive to senior staff, staff to procedures, procedures back to board review.
The technical services involved are not decorative. AFRINIC runs or supports public registration data, reverse DNS, RDAP, WHOIS, IRR and RPKI. These services are relied upon by network operators, security teams, abuse desks, customers, auditors and counterparties. RPKI gives a cryptographic expression to route-origin claims. Reverse DNS supports reputation and operational hygiene. RDAP and WHOIS make resource records visible. IRR objects inform routing policy. None of these services should become bargaining chips in membership disputes or casualties of executive uncertainty.
The board's oversight role is to define what technical continuity means under stress. It should require written service-continuity plans, key-management controls, publication monitoring, change-control logs, emergency contacts, separation between legal disputes and security publication, and escalation paths for disputed resource status. If a member is under review, what happens to existing ROAs? If a court order affects a resource, who updates public records and on what wording? If a transfer is disputed, is it held, flagged or processed subject to later correction? If reverse DNS depends on good standing, how are innocent downstream customers protected? These questions should be answered before the dispute reaches court.
Executive control also matters for communications. During a crisis, staff may know operational facts but lack authority to explain them. Lawyers may authorize statements that are defensible but not useful. A receiver may speak in court-conscious terms. The board should set communication rules that distinguish service status, legal status, policy status and opinion. Members need to know whether tickets are being processed, whether RPKI and reverse DNS are stable, whether bank accounts affect payroll or suppliers, whether an election incident affects member standing and whether a court order changes resource recognition. They do not need promotional certainty or factional narratives.
After the 2025 board restoration, AFRINIC's public signs of executive rebuilding were important. At APRICOT 2026, Mukom Tamon described improved staff morale, interim management appointments covering technology infrastructure and strategy, finance and stakeholder engagement, and work on a budget, action plan and 2027-2030 strategy. Those are practical steps. They show that a board can quickly change the internal operating temperature by making appointments and setting priorities. But interim management also underlines the unfinished nature of recovery. A board has to move from emergency staffing to durable executive accountability.
A good board would resist two temptations. The first is to politicise staff. In a bitter registry dispute, each camp will try to interpret staff actions as evidence of bias. Directors should protect staff who apply clear rules, and discipline staff only through documented processes. The second temptation is to hide behind staff. If management sends an aggressive resource-review letter, accepts a questionable authority document, delays a transfer or issues a contested statement, the board cannot later claim that the matter was merely operational if it had obvious legal and economic consequences.
Executive independence is not independence from oversight. It is independence from factions within a framework set by the board. Staff should not be pressured by large members, candidates, governments, global bodies or directors seeking a preferred outcome in a specific resource dispute. But staff should be bound by board-approved policies on escalation, documentation, proportionality and disclosure. That is the difference between professional administration and discretionary bureaucracy.
The receiver period reinforced the value of staff continuity. Even when the board was absent, registry services did not simply vanish. That proves the operational layer has resilience. It also creates a risk of complacency: if services continued, some may conclude governance does not matter. The better conclusion is the opposite. Staff continuity kept the ledger alive, but board failure imposed costs around budgets, litigation, elections, executive authority and trust. Technical continuity is necessary. It is not the same as institutional neutrality.
AFRINIC's board should therefore treat technical services as the protected core of the institution. Legal strategy, policy disagreement and member conflict should be built around preserving that core, not allowed to invade it. The board that can keep RPKI, reverse DNS and public records boring while legal and policy disputes rage around them will have learned the most important operational lesson of the crisis.
Transfer and leasing recognition after exhaustion
IPv4 scarcity makes transfer and leasing questions economically unavoidable. AFRINIC's own exhaustion materials show the transition from abundance to constraint: Phase 1 began in March 2017, Phase 2 was reached in January 2020, and later public reporting described a remaining pool of 773,376 unallocated IPv4 addresses in early 2026. The policy manual contains transfer provisions and resource rules; the exhaustion material describes need justification, contract checks, maximum and minimum sizes and first-come processing. Against that backdrop, every rule about whether resources can move, be leased, be recognised or be challenged has price effects.
The board does not write every policy text. In the RIR model, policies are meant to emerge through community processes and then be adopted or implemented through defined procedures. But the board shapes the economics of recognition. It approves implementation resources. It oversees staff interpretation. It manages legal risk around contested policies. It decides how much guidance members receive. It can insist that old reliance is treated differently from new applications where policy changed after allocation. It can ask whether a rule protects uniqueness and fairness or functions as capital control over scarce assets.
AFRINIC's controversy over out-of-region use and leasing shows the difficulty. A registry may reasonably worry that addresses issued for African networks at low administrative cost are being converted into global leasing inventory. It may worry that such activity disadvantages new African operators, rewards arbitrage and undermines the legitimacy of conservation rules. A holder may respond that the internet is global, that customer location changes, that leasing is a commercial use of network resources, that prior allocations cannot be retrospectively narrowed without clear policy, and that the registry lacks authority to supervise every downstream use. Both sides can point to genuine economic concerns.
The board's task is not to turn one narrative into a slogan. It is to specify the legal and operational boundary. If leasing is prohibited, under what policy, prospectively or retrospectively, with what evidence and what remedy? If leasing is permitted, what registration, contact, abuse, routing-security and customer-continuity duties accompany it? If out-of-region use is restricted, how is geography measured for cloud services, global networks, VPNs, anycast, content distribution and multinational customers? If transfers are regional, what is the rationale and what liquidity cost is being imposed? If interregional movement is restricted, how does Africa import resources when its operators need them? A board that cannot answer those questions leaves staff and courts to improvise.
The May 2026 dispute over statements by Larus and Cloud Innovation about an IPv4 leasing platform illustrates how recognition itself becomes valuable. AFRINIC publicly rejected any suggestion that a court order had approved or recognised a "shareholder-position" structure tied to leasing or commercialisation of AFRINIC-allocated resources. The Supreme Court of Mauritius later issued an interim order, as reported, requiring restraint against representations that the court had sanctioned or authorised leasing, monetisation, transfer or commercial exploitation of the resources. Cloud Innovation and Larus disputed AFRINIC's characterisation and argued that the order did not decide the lawfulness of leasing or ownership. The important point is that market actors cared enough about perceived judicial or registry recognition to fight over words.
That is what board-shaped economics looks like. A statement about recognition can affect customers' confidence, counterparties' due diligence and litigation strategy. The board must therefore control public assertions about transfers and leasing with unusual precision. It should not overstate court orders, understate uncertainty, imply policy where none exists or let private companies market registry ambiguity as judicial approval. It should also avoid using communications as a substitute for clear policy. If the board wants to challenge a leasing model, it should identify the rule and process. If it wants to protect neutrality, it should say what the registry does and does not recognise.
Transfer policy also interacts with remaining inventory. A board that celebrates the exhaustion of the final IPv4 pool as a chance to focus on IPv6 may be technically sincere. But members still operate in a dual-stack world where IPv4 demand remains material. Once the free pool is gone, transfer and leasing markets become more important, not less. Board oversight must anticipate that shift. The registry cannot rely on rationing logic forever. It needs a settlement model for a post-allocation environment: accurate records, clear transfer finality, dispute flags, historic-chain diligence, security publication, anti-fraud checks and predictable treatment of commercial delegation.
A mandate firewall is crucial here. AFRINIC can promote IPv6 and regional development while still recognising that IPv4 markets exist. It can oppose false claims about court approval while still writing neutral rules for leasing and transfers. It can protect African operators without pretending that immobility creates connectivity. It can enforce against fraud without treating every commercial use as suspect. The board's value lies in forcing these distinctions.
If it fails, the market will make its own distinctions through discounts, indemnities, avoidance and litigation. That is a costly substitute for governance.
The mandate firewall
AFRINIC's board must govern after a crisis in which almost every side can claim to be protecting the internet. The registry can claim it is protecting the African community from arbitrage, capture and misuse. Cloud Innovation can claim it is protecting holders from a discretionary registry that threatens economically critical resources. ICANN can claim it is protecting global numbering coordination. Industry groups can claim they are protecting member democracy. Governments and regional initiatives can claim they are protecting Africa's digital development. Each claim contains some plausible public interest. That is why neutrality requires a mandate firewall.
The firewall is simple in principle and hard in practice. The registry should be strong inside its narrow mandate: unique records, accurate public data, verified authority, transparent changes, technical-service continuity, anti-fraud controls, lawful court compliance and clear implementation of adopted policy. It should be restrained outside that mandate: broad economic planning, moral judgment of business models, factional endorsements, retrospective reopening of reliance without clear grounds, use of security services as leverage, and conversion of regional development language into discretionary control over scarce resources.
The board is the only body that can maintain this firewall at institutional level. Staff can follow procedures, but directors decide how broad the procedures become. Courts can restrain illegality, but they do not design the registry's risk culture. Members can vote, but the board decides whether member voice is translated into disciplined rules or into factional mobilisation. Global bodies can warn about systemic consequences, but the board must govern the local corporate entity that holds the registry function.
Neutrality is not passivity. A neutral registry can still investigate fraud, reject false documents, refuse transfers that fail policy, comply with court orders, publish dispute status, discipline staff, sue when necessary and correct records. What it cannot do is treat institutional preference as evidence. It cannot say that because a business model is politically unpopular, the registry may use any available ambiguity to obstruct it. It cannot say that because a litigant has behaved aggressively, every member associated with that view should be treated as suspect. It cannot say that because the organisation is essential, accountability questions are attacks on stability.
AFRINIC's bylaw and member-rights debates show why the firewall matters. Reports in 2026 described arguments over whether resource members are registered members under Mauritian company law, whether bylaws conflict with the Companies Act and whether new mechanisms such as community resolutions could preserve resource-member participation while aligning the corporate structure with law. These questions sound technical. They determine who can authorize the board, challenge decisions and shape future oversight. A neutral board should not use legal ambiguity to shrink participation, nor should it ignore legal reality to preserve comforting language. It should disclose the conflict, obtain independent advice, offer options and explain the trade-offs.
The winding-up dispute adds another layer. Cloud Innovation's application to dissolve AFRINIC was framed as a route to a more trusted framework. ICANN intervened to argue that numbering resources are not AFRINIC assets available for distribution in liquidation and that the court should understand the registry's systemic role. A board committed to neutrality should take both continuity and accountability seriously. Winding up a registry without a precise transition plan could harm all holders. But resisting winding up cannot become an argument that the current institution is beyond review. The function must be protected even as the institution is disciplined.
That is the continuity firewall paired with the mandate firewall. The continuity firewall says the ledger, technical services and member support should survive litigation, board disputes and corporate stress. The mandate firewall says continuity protection must not become a licence for the board to claim unlimited discretion. Together they protect both sides of the problem: the registry should not be easy to destroy, and it should not be free to overreach.
Neutrality after crisis also requires modest language. AFRINIC does not need to declare final victory over its critics. It needs to show that the board can make narrow, documented decisions even when critics remain. It should avoid public statements that mix legal argument, institutional pride and policy preference into one message. It should separate service notices from advocacy, court updates from market interpretation and member warnings from political rhetoric. A registry that wants to be trusted as a ledger should sound like a ledger when facts are uncertain.
The board's credibility will be measured by whether adversaries can predict process even when they dislike outcomes. If Cloud Innovation loses a legal point, it should know what registry action follows and why. If AFRINIC loses a case, members should know how the board will absorb the result. If ICANN raises concerns, the board should respond with evidence. If members contest bylaws, the board should supply law, options and timetable. Neutrality is not the absence of conflict; it is the presence of bounded conflict.
AFRINIC's crisis made bounded conflict scarce. The board's task is to make it normal again.
A narrower settlement utility
The phrase "settlement utility" is useful because it keeps the board's job small without making it weak. A registry settles who is recorded for a number resource, which authority the registry accepts, which transfer it records, which dispute it flags, which public data it publishes and which technical services continue while a conflict is resolved. It does not settle every commercial question that can attach to the resource. It does not determine the best business model for the African internet. It does not convert regional development goals into open-ended control over historical allocations. It also does not stand aside when false documents, hijacked records or defective authority threaten the ledger.
That narrowness is a form of strength. The narrower the board's mandate, the more confidently it can enforce within it. If the question is whether a person has authority to represent a member, the board can require robust verification. If the question is whether a record change is supported by valid corporate evidence, the board can require dual control. If the question is whether a transfer meets policy, the board can require checklist compliance and review. If the question is whether a court order requires a change, the board can implement the order precisely and note the limits of the change. Narrow decisions are easier to audit, easier to explain and harder to capture.
The alternative is dangerous breadth. A board that treats itself as the guardian of all social value embedded in IPv4 will soon judge business models, geography, political narratives and market outcomes through whatever policy language is available. That invites litigation and capture because the affected member can no longer tell whether the registry is applying a rule or enforcing an institutional preference.
The settlement-utility frame also disciplines settlements. Settlement is not a sign that the registry has abandoned stewardship. It is a tool for preserving the ledger when litigation would consume the institution or create unacceptable collateral damage. A board should ask what settlement terms protect records, authority, public data, technical continuity and future process. It should not ask whether the settlement lets the board declare moral victory. In a scarce-resource registry, a settlement that keeps the ledger stable and narrows future discretion may be more valuable than a legal win that leaves the mandate vague and the budget depleted.
AFRINIC needs this discipline because its crisis connected legal exposure, scarce IPv4 value and corporate legitimacy in one system. A court order about bank accounts could affect registry continuity. A statement about leasing could affect market confidence. An election dispute could affect transfer policy. A bylaw ambiguity could affect who authorizes the board. A staff action in a resource review could become evidence in a larger challenge to institutional neutrality. The board's job is to keep those links from becoming automatic escalation paths.
A narrow ledger does not mean a silent ledger. Members need disclosures that let them understand risk. The board should report what category of dispute is involved, what service continuity measures are in place, what budget exposure exists in aggregate, what decisions have been delegated, what remains before a court, and what the registry will not do until the matter is resolved. The disclosures should be plain and restrained. They should not transform every update into advocacy. The registry's voice should make markets calmer, not more uncertain.
The board should also accept that some questions may remain unresolved for a period. Leasing status, resource-member rights, disputed authority documents and historical out-of-region use may need court, policy or audit work. A board that admits uncertainty and defines interim treatment is stronger than one that pretends uncertainty does not exist.
In that sense, the settlement utility is also a continuity firewall. It gives staff a narrow operating basis while courts, members and policy bodies do their work. It tells customers that technical services will not be casually disrupted. It tells counterparties what the registry records and what it does not warrant. It tells litigants that the board will not convert every case into an existential fight. It tells directors that their authority is real but bounded.
This is the registry function AFRINIC has to recover: not omnipotent, not passive, not theatrical, and not for sale.
What credible oversight would change
The economic test of AFRINIC's board will not be whether all critics become quiet. They will not. It will be whether the board lowers the cost of dealing with the registry. That cost appears in legal retainers, contract indemnities, transfer delays, diligence checklists, member rumours, staff caution, customer questions, court filings and the discount applied to resources administered by a fragile institution. Credible oversight should reduce those costs by making decisions narrower, faster, better documented and less vulnerable to capture.
The first change should be a board-approved risk register for the registry function. It should identify litigation exposure, election legitimacy, member-authority verification, remaining IPv4 inventory, transfer-policy implementation, RPKI continuity, reverse DNS continuity, bank-account resilience, staff retention, bylaw-law conflict, external intervention and reputational risk. Each item should have an owner, status, mitigation and disclosure level. Members do not need every confidential detail. They need evidence that the board is managing risks as a system rather than reacting to each public crisis.
The second change should be a legal-spend framework. The board should publish aggregate legal spending by category, explain budget variance, identify cases that could affect service continuity, state settlement principles and report whether legal costs are delaying training, research, member support or technical investment. Privilege can be protected while members still see the scale and purpose of spending. This is especially important after years in which legal conflict has been presented both as a defence of the registry and as a symptom of its overreach.
The third change should be authority hardening. AFRINIC should treat representative identity as a registry-security issue. Voting contacts, resource contacts, transfer signatories, powers of attorney, proxy holders, company officers and account credentials should be validated through consistent rules. Members should receive notifications when authority is lodged or changed. High-risk authority documents should require independent verification. Election rules should be aligned with registry-account controls where possible. The goal is not to make participation difficult; it is to make capture expensive and detectable.
The fourth change should be a resource-review remedy ladder. The board should approve public categories of concern and remedies. Fraud, false authority and hijacked records require severe and possibly retrospective action. Inaccurate contact data may require correction and deadline. Ambiguous commercial use may require guidance, prospective compliance or independent review. Transfer irregularity may require hold and evidence. Court orders require narrow implementation. Termination or withdrawal should be exceptional, reviewed and accompanied by customer-continuity analysis where feasible. Such a ladder would help members distinguish enforcement from discretion.
The fifth change should be a transfer and leasing position written in settlement-utility terms. AFRINIC does not have to endorse every market practice. It does have to state what the registry recognises, what it records, what policy forbids, what remains unsettled and what due-diligence evidence is required. If the board treats leasing as unlawful, it must identify the rule and remedy. If it treats leasing as permissible but risky, it must state the operational duties. If the matter is before courts or policy bodies, it should say so without implying more certainty than exists. Clarity reduces both false marketing and arbitrary enforcement.
The sixth change should be technical-service ring-fencing. RPKI, reverse DNS, RDAP, WHOIS, IRR and core member support should have published continuity commitments and internal legal-technical separation. A member dispute should not automatically disrupt security publication or reverse delegation unless the rule and process are clear. Court orders should be implemented with precise public notes where disclosure is lawful. Members should know which services are protected even during litigation and which services depend on good standing or specific authority.
The seventh change should be post-election legitimacy reporting. The board should commission and publish an independent summary of election controls, authority checks, incident handling and recommended reforms, with private data removed. If the June 2025 incident remains under investigation, the report can identify categories and reforms without prejudging individuals. The point is to show that a failed election produced stronger controls, not merely a later vote.
The eighth change should be a bylaw-resolution timetable. If resource-member rights and registered-member status are misaligned under Mauritian law, the board should explain the problem in plain terms, publish options, identify legal constraints, invite member comment and set a decision path. Ambiguity around member authority is too economically important to remain a lawyer's footnote. It affects who controls the board that controls the ledger.
The ninth change should be a settlement discipline for high-value disputes. The board should define, in advance, which outcomes are unacceptable because they endanger the registry function, which outcomes are acceptable because they preserve the ledger even if neither side is satisfied, and which outcomes require member consultation because they change the economics of resource recognition. Settlement is not surrender when it protects continuity and narrows discretion. Litigation is not strength when it consumes the budget while leaving the underlying mandate unclear.
The tenth change should be a standing audit of board conflicts and external influence. A board supervising scarce IPv4 recognition will attract pressure from large holders, governments, regional programmes, technical bodies, lawyers, service providers and ideological campaigns. Some of that pressure is legitimate participation. Some of it may be capture. Directors should disclose conflicts, recuse where necessary, publish committee mandates and explain why outside advice was selected. The aim is not to purify governance of interests. It is to make interests visible enough that decisions can still be judged on the registry's narrow duty.
The eleventh change should be a customer-continuity principle. AFRINIC's direct legal relationship is with members, but the practical effect of registry action often falls on customers, universities, hosting users, small businesses, government networks and security teams that are not parties to the dispute. A board that contemplates severe action against a holder should require an analysis of downstream effects, transition windows where lawful, preservation of security publication where possible and precise public dispute markers. A registry can enforce rules without making innocent users the silent collateral of institutional conflict.
None of these changes requires AFRINIC to accept a critic's whole theory or abandon its regional mission. They require the board to behave like the steward of a settlement utility under scarcity. The board should be able to say: here is what we can decide, here is what policy decides, here is what courts decide, here is what staff may do, here is what members can challenge, here is what money we are spending, and here is how the ledger remains continuous.
If AFRINIC can do that, board oversight will become less visible. That would be success. In a well-governed registry, the board's most valuable work is the absence of drama in the market around its decisions.
The boardroom under scarcity
AFRINIC's crisis is often described through personalities, lawsuits and institutional acronyms. The deeper story is about how a small corporate board can become the control point for scarce infrastructure. IPv4 addresses are finite, still demanded and economically useful. The registry does not own them in the ordinary sense, but it records claims, validates authority, processes changes and runs technical publication systems that let the rest of the internet treat those claims as dependable. The board supervises the organisation that does this. Under scarcity, that supervision has capital consequences.
The board can raise or lower the governance discount on AFRINIC-administered resources. It raises the discount when it lets enforcement appear discretionary, litigation spending opaque, elections unreliable, authority documents weak, transfer treatment uncertain, technical services politically exposed or communications rhetorical. It lowers the discount when it makes legal exposure visible, narrows remedies, audits records, verifies authority, protects RPKI and reverse DNS, explains budgets, confines disputes and treats the ledger as a settlement utility rather than as a prize.
This is why the return of a board in 2025 was necessary but not the endpoint. A board can restore signatures, budgets and meeting schedules. It can also reproduce the crisis if it treats formal authority as substantive legitimacy. The market will judge by behaviour. Can a member predict how a dispute is handled? Can a buyer know what evidence a transfer requires? Can a lessor know whether the registry recognises or rejects the arrangement and on what grounds? Can a small ISP see whether fees are funding service or litigation? Can staff escalate high-risk decisions without factional pressure? Can courts receive precise information rather than institutional mythology? Can global coordination bodies support continuity without becoming shadow governors?
The answer has to be built through repeatable oversight, not through one rescue. AFRINIC's old corruption scandal showed the need for record-control oversight. The Cloud Innovation dispute showed the need for enforcement-risk oversight. The bank-account freeze showed the need for financial-continuity oversight. The board and chief-executive paralysis showed the need for succession and delegation oversight. Receivership showed the need for emergency continuity. The annulled election showed the need for authority-document oversight. The later board restoration showed the value of ordinary corporate organs. The continuing litigation, winding-up arguments and leasing disputes show that restoration must be defended by discipline, not by confidence alone.
The wider RIR system should read AFRINIC carefully but not lazily. The lesson is not that one region is uniquely dysfunctional, or that courts should never touch internet governance, or that commercial address markets are always virtuous, or that registries should abandon stewardship. The lesson is that a monopoly ledger under scarcity needs board governance designed for scarcity. The value of the recorded resource changes the incentives of members, staff, litigants and directors. A governance model built for an era of low-value allocations and informal trust has to survive an era of high-value disputes and legal arbitrage.
That also means the board cannot be evaluated only by whether it is representative in a symbolic sense. Representation matters, but representation without constraint can still produce discretionary control. The better test is institutional output. Does the board make resource recognition more final? Does it make litigation less systemic? Does it make staff decisions more reviewable? Does it make member authority harder to forge or borrow? Does it make transfers less dependent on private interpretation? Does it make scarce IPv4 less vulnerable to political seizure and less vulnerable to private capture? A representative board that fails these tests will still raise the registry premium. A less theatrical board that passes them will do more for the region's operators.
For AFRINIC, the practical standard is plain. Protect the ledger, not every authority claim made in the ledger's name. Protect continuity, not managerial discretion. Protect member participation, not procedural confusion. Protect enforcement, not overreach. Protect technical services, not institutional rhetoric. Protect Africa's internet by making the registry boring enough for operators to rely on and narrow enough for markets not to fear.
That is the economics of board oversight. The board is not important because corporate governance theory says so. It is important because someone must decide how much legal risk the registry takes, how much money members spend on lawyers, how far enforcement reaches, how executives are controlled, how members know who speaks for them, how transfer and leasing uncertainty is handled, how scarce IPv4 value is not converted into institutional capture, and how the registry remains neutral when every side claims to be defending the future.
AFRINIC has already shown that a registry can keep operating through extraordinary stress. The harder task is to show that it can govern without turning every hard decision into extraordinary stress. If the board succeeds, the evidence will not be a triumphant declaration. It will be a quieter market: fewer emergency court filings, fewer bespoke transfer caveats, fewer questions about powers of attorney, clearer legal budgets, faster ordinary services, less fear that RPKI or reverse DNS could become collateral, and less temptation for any camp to treat the boardroom as the route to control over the ledger.
That is not a modest ambition. For a scarce-resource registry recovering from receivership, it is the price of neutrality.

