The proxy at the registry desk
Imagine an AFRINIC board election in its last practical hour, not as a constitutional ritual but as a desk problem. A representative of a resource holder arrives to vote. The organization being contested is not an ordinary club. It maintains the public record for IP addresses and autonomous system numbers used across Africa and the Indian Ocean. Its board influences staff supervision, budgets, membership rules, legal strategy, resource review, election rules, and the treatment of scarce IPv4 assets whose commercial value can be measured in money. The representative expects the vote to be routine. Instead, the election officials have to deal with a power of attorney already lodged on the member's behalf.
That moment is not proof of fraud. It could be a paperwork error, a disputed authorization, a campaign tactic, a forged instrument, or a weak verification system discovering its weakness too late. In a registry election, the right to speak for a member is itself a control point. A proxy can convert a passive operator into an active vote. A bundle of proxies can convert a scattered membership into a bloc. A questionable document can turn registry governance into a contest over who captured the member's voice before the member noticed.
The June 2025 AFRINIC election made that risk visible. Reporting from the period described allegations that powers of attorney had been used or attempted for members who disputed the authority. The South African Internet Service Providers' Association said it had observed cases in which a representative tried to vote and learned that someone else had already claimed voting authority. Other reporting described claims that one party held powers of attorney for a very large share of resource holders. Those were reported allegations and contested accounts, not legal findings that every document was fraudulent or that every proxy holder acted unlawfully.
The distinction matters. Conflict-of-interest governance does not begin only when a court finds fraud. It begins when a person, company, committee, contractor, staff member, candidate, funder, policy advocate, or litigant has an interest that could reasonably affect a registry decision. A conflict can exist without a bribe. It can exist without a forged signature. It can exist without criminal liability. A broker wants address holdings to become more liquid. A large resource holder wants certainty and may want transferability. A small access provider wants allocations, low fees, and continuity. A candidate wants votes. A lawyer wants a mandate. A receiver wants to complete an election and restore a board. A government-backed regional coalition wants continuity and influence. A contractor wants to satisfy the appointment terms and avoid blame.
None of those interests is inherently illegitimate. Some are necessary. A registry without interested members would be a registry without knowledge. The danger starts when interests remain invisible while the institution asks everyone else to trust the result. The proxy at the desk is therefore a useful opening scene because it compresses the whole AFRINIC problem. A registry that administers scarce address resources must know who is acting for whom, who benefits from the action, who should step aside, and how the record will show that the decision was not privately steered.
AFRINIC's governance crisis has included nearly every conflict surface a regional registry can face. Public reporting in 2019 described allegations that valuable IPv4 resources had moved through entities linked to an AFRINIC insider and family members. The long dispute with Cloud Innovation placed the registry's enforcement interest against a large resource holder and address-leasing business. Mauritian court proceedings affected bank accounts, ordinary operations, board restoration, and receivership. The 2025 election cycle raised concerns about nomination-committee independence, powers of attorney, candidate slates, member classification, company-register material, and outside institutional intervention. Policy fights over regional use, transfers, resource review, abuse contacts, and member categories carried economic consequences.
The lesson is not that every interested participant is corrupt. That would be false and analytically useless. The lesson is that a post-exhaustion registry exercises discretion over scarce, monetizable, operationally embedded resources. Once that is true, conflict control becomes part of the registry's economic infrastructure. If interests are not disclosed, separated, and constrained, even formally legal acts can look like private influence over a public record.
Conflict is the question before misconduct
Anti-corruption controls and conflict-of-interest controls overlap, but they do not ask the same question. Anti-corruption controls ask whether a decision was bought, falsified, concealed, or abused. They focus on evidence, approval chains, record integrity, reversibility, and whether a ledger change can be reconstructed after the fact. Conflict-of-interest governance asks an earlier question: whether the people shaping or deciding the matter had a personal, commercial, legal, political, or institutional stake that should have been disclosed or screened before the decision was made.
That difference is the boundary between this problem and the adjacent problem of corruption-risk controls. If a staff member can change a resource record without adequate evidence or review, the corruption-risk issue is record integrity. If the same staff member has a hidden interest in a company that profits from address leasing or transfer outcomes, the conflict issue is whether that person should have been near the file at all. A perfect record of a conflicted decision is still a governance failure. The record may show what happened, but it does not make the judgment neutral.
This distinction matters in AFRINIC because the most damaging legitimacy problems did not all depend on a court finding that someone stole something. In the address-heist reporting, the allegations were about old records, valuable blocks, shell or associated companies, and private monetization of address resources. There, conflict risk and corruption risk sat close together. If a person connected to registry records also has undisclosed links to businesses monetizing those records, disclosure and exclusion are not decorative. They are a condition of institutional trust.
The Cloud Innovation dispute was different. It was not primarily a hidden-staff-interest story. Cloud Innovation was a visible member and large holder whose business model depended on the recognition, use, and leasing of AFRINIC-numbered resources. AFRINIC challenged aspects of that use and asserted enforcement authority. Cloud Innovation disputed the interpretation and treated revocation risk as a threat to service continuity and business value. Courts then became part of the operating environment. The conflict question was not whether one side was pure and the other corrupt. It was whether the registry had a credible, disclosed, reviewable way to handle a dispute in which institutional self-protection, legal exposure, resource-holder value, address-market ideology, and member continuity collided.
The election episodes add a third category. A candidate does not become illegitimate merely by having interests. In a membership organization, candidates almost always have interests. A person may be linked to a resource holder, a broker, a national policy coalition, a government digital initiative, an internet governance association, a litigation strategy, a registry contractor, or a voting-rights campaign. The issue is whether members can see those interests and judge them. If proxies are solicited, the solicitor's interest should be clear. If a candidate is endorsed by a coalition, the coalition's objectives should be visible. If a nomination-committee participant has advised on member classification or election mechanics, the disclosure and recusal analysis should be recorded.
Conflict governance is therefore not a moral accusation. It is an information system. It tells members which private incentives surround a public decision. It makes recusal possible before the losing side has to litigate. It protects honest actors by showing how their interests were handled. It gives courts and counterparties evidence that the institution acted with procedural discipline. It reduces the probability that every adverse decision will be reinterpreted as capture.
The economics are direct. When conflict management is weak, counterparties attach a risk premium to registry discretion. A buyer discounts a block because transfer recognition may be challenged. A lender discounts collateral because registration may become unstable. A small operator discounts its relationship with the registry because an audit, election, or policy dispute may become unpredictable. A candidate discounts board legitimacy because the election could be attacked. A court discounts institutional self-description because the decision record does not show who was conflicted and who stepped aside.
That premium is not paid only by speculators. It is paid by networks that need addresses, by customers whose services depend on stable routing, by members whose fees fund legal defense, and by the region that carries the reputation cost when a registry is perceived as commercially or politically manipulable. Conflicts matter before misconduct is proved because the registry's product is confidence in a constrained public record. Confidence is damaged not only by theft, but by undisclosed interests around decisions that move value.
Scarcity made private incentives impossible to ignore
AFRINIC's conflict problem cannot be understood without IPv4 scarcity. Before scarcity, registry governance could look like administrative housekeeping. A registry received pools of addresses, evaluated need, updated records, and maintained uniqueness. The marginal market value of a particular ledger entry was not the center of the system. Scarcity changed that. IPv4 addresses became priced inputs. A block could be sold, leased, financed, routed, blacklisted, disputed, insured, or treated as a strategic reserve. A registry decision that once looked clerical could now affect balance sheets.
AFRINIC held a particularly sensitive position. It was the last regional registry to enter the post-exhaustion world. Its own exhaustion notices recorded the transition into soft-landing phases, with Phase 1 beginning in 2017 and Phase 2 announced from 2020. Independent analysis of the 2021 dispute emphasized that AFRINIC had held a small share of global IPv4 space, yet for a period remained one of the few places with meaningful free-pool resources available at administrative prices. That gap between administrative fee and market value created arbitrage. It also created temptation, resentment, and competing theories of legitimacy.
One theory treated regional allocation rules as a mechanism for preserving African development capacity. Another treated the addresses as globally useful operational inputs that should flow to higher-valued use. A third treated registry discretion as a dangerous form of capital control over a scarce asset. A fourth treated strict enforcement as necessary after earlier allegations of address misappropriation. Each theory had public-interest language. Each also had constituencies with material interests.
Large holders had an interest in certainty and mobility. New entrants had an interest in continued access. Brokers and leasing firms had an interest in liquidity and stable recognition. Registry staff and policy insiders had an interest in rules that preserved institutional relevance. Governments and regional bodies had an interest in continuity, sovereignty language, development planning, or influence over critical infrastructure. Courts had an interest in enforcing local law without accidentally becoming registry managers. None of these interests disappears because the participants use stewardship vocabulary.
Scarcity also changed the meaning of expertise. A person who understands AFRINIC policy, membership categories, transfer procedure, resource review, Whois history, route objects, RPKI, legal exposure, and corporate documentation is not merely technically informed. That person holds commercially valuable knowledge. A staff member with access to records, a former officer with institutional memory, a policy participant who can draft language, a lawyer who understands member rights, a broker who knows where dormant blocks sit, and a candidate who can rally proxy votes are economic actors. Some are public-spirited. Some are self-interested. Most are both. Good conflict governance starts from that reality instead of pretending that technical communities are immune from ordinary incentives.
The address-heist allegations show the sharpest version of the scarcity problem. KrebsOnSecurity and South African reporting, drawing in part on research by Ron Guilmette, described claims that valuable African IPv4 resources had been diverted through companies linked to an AFRINIC insider and family members. The reported value exceeded $50 million. AFRINIC leadership at the time acknowledged an investigation, and the staff member resigned. Those are reported facts and claims from public material; they are not a substitute for a legal finding that every address block described was stolen in law or that every identified party was convicted of wrongdoing.
The institutional lesson is still serious. A registry with scarce resources must assume that insider access, dormant records, stale contacts, corporate name changes, legacy documentation, and policy discretion can be monetized. A staff conflict register is therefore not an office form. It is a protection against asset stripping, favoritism, and the appearance that valuable public registration functions can be converted into private opportunity.
Cloud Innovation shows the next stage. Here, the issue was not a hidden diversion but a large, visible holding acquired through AFRINIC and used in an address-leasing business. AFRINIC challenged usage and demanded justification. Cloud Innovation argued that the registry was overreaching and that out-of-region customer use did not justify revocation. The dispute converted policy interpretation into business risk and converted the registry's enforcement posture into institutional risk. Bank accounts were frozen. Operations were impaired. Legal cases multiplied. What looked to one side like enforcement looked to the other like discretionary attack on assets.
Scarcity turns these disagreements into conflict-of-interest problems because everyone at the table has something to gain or lose from interpretation. The policy drafter who restricts transfers may be advancing a development view, but the rule also changes holder value. The broker arguing for mobility may be advancing market efficiency, but the rule also increases business opportunity. The registry auditing use may be protecting records, but it also defends its authority. The regional coalition endorsing candidates may be protecting continuity, but it also shapes control of the institution. The only honest response is to name these interests and manage them.
The address-heist reporting and the staff-interest problem
The 2019 address-heist reporting remains central because it exposed the conflict category that registries most need to fear: the insider or former insider who can convert record knowledge into private profit. The allegation was not merely that addresses had been abused in the abstract. It was that blocks once assigned to African entities, including defunct or reorganized organizations, appeared to have been moved or monetized through companies connected to a senior AFRINIC figure. The reporting identified Ernest Byaruhanga, described as an early AFRINIC employee and policy coordinator, and connected him or family-linked entities to companies involved in selling or leasing address space. In the material that made the allegations public, he did not publicly answer the reporting, and AFRINIC said it would investigate.
The boundary between allegation and finding is important. The public record does not justify saying that a court convicted a specific person or that every block in the reporting was definitively stolen. It does justify a narrower and still damaging conclusion: AFRINIC had to confront claims that a person close to its registry function had undisclosed commercial links to IPv4 monetization. For a registry whose legitimacy depends on neutrality, that is a structural alarm.
Even if later inquiries were to narrow, qualify, or dispute parts of the story, the design failure would remain clear. Staff, senior contractors, directors, committee members, and close associates should not be able to hold undisclosed interests in businesses whose value depends on registry records. That does not mean every employee with a family member in the internet sector is disqualified from work. It means the institution needs a way to see the interest, classify it, screen the person from affected matters, and preserve evidence that the decision was not privately influenced.
The practical mechanism is a related-party register. Staff, directors, senior contractors, nomination officials, policy chairs, and their close family or controlled entities should disclose material interests in brokers, leasing firms, transfer advisers, address holders, litigation funders, large network customers, cybersecurity firms using large address pools, registry vendors, and organizations regularly transacting with registry members. Disclosure would not automatically ban participation. It would sort risk. A staff member with a passive interest in a small network might be screened from that network's file. A director connected to a broker might be excluded from transfer-policy implementation and resource-review cases. A contractor advising on election rules might have to list prior opinions, clients, and financial links affecting AFRINIC parties.
The heist reporting also shows why record access is an economic privilege. Dormant or poorly maintained corporate records are not inert when IPv4 prices rise. They become maps. A registry employee or former employee may know which legacy contacts are stale, which blocks have weak documentation, which maintainers are inactive, which organizations no longer exist, and which routes have moved without clean paperwork. That knowledge can support legitimate cleanup. It can also support predatory acquisition, misrepresentation, or quiet resale. Conflict governance must treat record knowledge as sensitive because the market treats it as valuable.
This is where conflict governance differs again from after-the-fact audit. A record trail can show who approved a change and what evidence appeared on the file. It cannot answer the prior question unless the institution collected and checked interests before the approval. If a conflicted employee made a documented decision, the decision may be legible and still illegitimate. Documentation is necessary; it is not enough. A registry must separate interest from authority before the file moves.
The staff scandal also helps explain why later AFRINIC enforcement choices became so charged. After public allegations of internal misappropriation, a registry has a strong incentive to prove that it can police misuse. That incentive is understandable. It is also a conflict. Staff and leadership may become invested in a public narrative of cleanup. They may prefer visible targets because visible action restores confidence. They may prefer maximal remedies because moderation can look weak. They may treat critics as obstacles to institutional recovery rather than parties with rights.
That institutional self-interest should be disclosed and constrained, not denied. AFRINIC's interest after the heist reporting was to restore credibility. A large holder's interest was to preserve assets and business continuity. Other members' interest was to avoid becoming collateral damage. The address market's interest was certainty. The African access market's interest was continued supply. A credible process would identify these interests before selecting remedies. It would explain the problem being audited, the decision-makers screened out, the evidence standard, the cure period, the review route, and the proportionality of the response. Without that, even sincere cleanup can become another source of suspicion.
Cloud Innovation showed how one actor can carry many roles
Cloud Innovation is often treated as either the villain or the victim of the AFRINIC story, depending on the narrator. Conflict analysis needs a colder frame. It treats Cloud Innovation as a concentrated example of a legitimate but high-risk role: the large resource holder whose commercial model depends on registry recognition of address control, customer use, leasing, transferability, and continuity. Cloud Innovation, linked to Lu Heng and connected in public reporting with Larus and the Number Resource Society, acquired a very large AFRINIC address holding before the most acute scarcity phase. Independent analysis described a business model involving the leasing of addresses to customers, many outside the region. AFRINIC later challenged aspects of the use and threatened consequences up to revocation.
Several factual layers should not be collapsed. The acquisition of resources through AFRINIC was not the same kind of allegation as the 2019 staff-interest reporting. Cloud Innovation was a visible resource member with a contractual relationship to the registry. The controversy centered on policy interpretation, stated need, regional use, disclosure demands, customer privacy, registry discretion, and remedy. AFRINIC correspondence, as summarized in public analysis, questioned discrepancies between stated and actual use and asserted a right to review and potentially terminate. Cloud Innovation disputed the interpretation, objected to broad customer-use disclosure, and argued that revocation would endanger service continuity and business value. Mauritian court orders then affected the parties' leverage, including injunctions and bank freezes.
The conflict problem is role accumulation. Cloud Innovation could be a resource member, a litigant, a large holder, an address-leasing participant, a policy advocate, a voting participant, and a supporter of governance campaigns. None of those roles is forbidden by nature. A resource holder may defend its interests. A litigant may criticize institutional structure. A lessor may argue that policy should recognize leasing. A member may vote. But when one actor spans so many roles, the institution needs to make boundaries visible.
Is the actor voting as a resource member? Funding litigation as a private party? Advocating policy through a public organization? Supporting candidates? Collecting proxies? Operating a commercial platform? Contesting court orders? Seeking settlement? Each activity may be lawful. The combined influence is the conflict issue. Members need to know how the roles relate, because the same commercial stake may appear in court, in policy debate, in election mobilization, and in public communications.
The same analysis applies to AFRINIC. The registry was not a neutral spectator. It had a reputational interest in showing that it could police misuse after earlier scandal. It had a financial interest in defending accounts and operations. It had a legal interest in preserving its interpretation of the Registration Service Agreement and bylaws. It had an institutional interest in resisting a member whose litigation had become a severe burden. It had a policy interest in retaining discretion over transfers, regional use, and resource review. When AFRINIC described Cloud Innovation and associated campaigns as a threat to the institution, that statement may have reflected real pressure, but it still came from an interested party.
Conflict governance would lower the temperature by mapping interests without turning the map into propaganda. A registry handling a dispute with a large broker-holder should identify which directors, staff, lawyers, advisers, policy chairs, contractors, and committee members have prior relationships with the holder, competing brokers, affected members, government bodies, or organizations campaigning on the issue. It should explain who is recused from resource decisions, who may speak publicly, who controls litigation instructions, how settlement authority is separated from public-relations incentives, and how member services are protected while the dispute continues.
The member-litigant should face a corresponding disclosure duty when it seeks governance influence. If it supports candidates, solicits proxies, funds litigation, promotes policy changes, or uses public associations to advance positions, the material interest should be visible. That does not silence the actor. It lets members read the contribution honestly. A broker can explain transfer friction. A large holder can explain continuity risk. A litigant can explain why it thinks registry discretion is excessive. Those arguments may be valuable. They become corrosive when the commercial position behind them is concealed or minimized.
Cloud Innovation also illustrates litigation funding incentives. Litigation can be a rights-preserving tool. It can also become a governance weapon. If a member funds repeated applications, injunctions, wind-up attempts, or public campaigns, the cost falls not only on the registry but on all members whose fees and service continuity are exposed. If the registry funds broad counter-litigation from member money, the same concern arises in reverse. Members need to know who pays, who benefits from delay, who benefits from settlement, who benefits from dissolution, who benefits from emergency intervention, and who bears the cost if the conflict keeps the registry unstable.
Company-register ambiguity and nomination conflicts
The 2025 nomination disputes show how small classifications can become high-stakes conflicts. During the election cycle, ICANN raised concerns about possible conflicts in the nomination process and about company-register material that appeared to list Cloud Innovation in a way suggesting a governance status beyond ordinary resource membership. The Mauritian court did not adopt every requested remedy. It ordered clarification that the Cloud Innovation classification was erroneous, with the error attributed to the registrar rather than to AFRINIC or the receiver, and it did not reconstitute the nomination committee. That legal result should be kept narrow. It was a finding about the handling of the register issue and the relief granted; it was not a broad finding that every nomination concern was valid, nor a finding that every concern was baseless.
That narrowness is exactly why the conflict question remains. Company-register material is public record in a formal sense, but it is not self-interpreting. A mistaken or ambiguous entry can create the appearance of influence even if the legal explanation is administrative error. A nomination committee may be legally intact and still face a legitimacy problem if members cannot see how potential conflicts were checked. A court may decline to remove committee members and still leave the institution with work to do if the public process did not make relationships clear enough.
Nomination committees are sensitive because they shape the candidate field before members vote. They can exclude an unqualified candidate, elevate a safe candidate, frame eligibility, interpret bylaw requirements, and influence the practical range of choices. In a stable organization, members may tolerate a light-touch committee. In a registry emerging from years of board vacancy, litigation, receivership, and resource-market conflict, the committee becomes a gatekeeper over scarce institutional authority. Its conflicts must be handled as carefully as a board's.
The independence question cannot be answered by professional status alone. Senior lawyers or respected public figures may improve the process. They do not become conflict-free because they are eminent. Members need to know who selected them, who paid them, what terms of reference governed them, what prior relationships they had with AFRINIC, Cloud Innovation, ICANN, other RIRs, African network bodies, government-linked initiatives, candidates, large members, proxy collectors, and litigation parties, and what conflicts were declared. If a committee member previously advised on resource-member classification, election procedure, bylaws, proxy validity, or the status of a litigant, the recusal analysis should be visible.
This does not require publishing privileged legal advice or private personal details. It requires a usable public summary: appointment route, role boundary, conflict statement, recusals, replacement rules, and how disputed eligibility decisions are recorded. The public summary should be specific enough that a losing candidate cannot plausibly claim that all relationships were hidden, and a winning candidate cannot be dismissed as the product of an opaque gate.
The nomination problem also shows why outside intervention needs its own conflict lens. ICANN, the other regional registries, the NRO, governments, and regional digital-development bodies all have legitimate reasons to care about AFRINIC continuity. The global addressing system depends on a functioning African registry. But institutional concern is not the same as disinterest. Other registries may want to avoid precedent that makes an RIR vulnerable to dissolution or market attack. ICANN may want continuity and compliance without appearing to take regional control. Governments may want stability and influence. Regional bodies may want development alignment. Their evidence can be useful; their incentives still need to be named.
For AFRINIC, the practical rule is simple. The closer a person or institution gets to selecting candidates, validating voters, advising election officials, funding a campaign, or asking a court to alter the election machinery, the more disclosure should be required. Candidate eligibility is not only a legal box. It is a market-affecting control over future registry discretion.
Proxies, endorsements and the member's voice
Board elections matter at AFRINIC because the board is not symbolic. It appoints or supervises management, approves budgets, influences legal posture, oversees bylaws, supervises policy implementation, and signals whether the registry will behave as a narrow recordkeeper or an expansive gatekeeper. When the organization went without a functioning board, ordinary governance could not be assumed. When receivership tried to restore elections, candidate selection, online voting, in-person voting, proxy recognition, resource-member status, registered-member status, and court challenges all became control surfaces.
The proxy allegations made the conflict issue concrete. Voting rights in a low-participation membership organization are vulnerable to aggregation. Many resource holders are operating companies, not governance professionals. They may not monitor every election, litigation update, policy meeting, or bylaw dispute. A disciplined campaign can contact them, obtain credentials or powers of attorney, and turn apathy into control. That can be legitimate mobilization. It can also become capture if the member does not understand the implications, if the solicitor conceals its interest, if authority is forged, or if the rules allow one person to represent many members without verification strong enough for the stakes.
Powers of attorney and proxy mandates should therefore be treated as conflict-sensitive instruments. Each should be specific to the election, time-limited, revocable, and confirmed through an independent contact channel already associated with the member. The confirmation should identify the proxy holder, the election, the scope of authority, the expiration date, and the member's right to withdraw authority. If a member arrives to vote in person and discovers that a proxy has been submitted, the vote should not simply proceed on the basis of the earlier document. Disputed authority should freeze the affected vote until resolved.
Bulk proxy collection deserves enhanced disclosure. Who collected the mandates? Who paid for the campaign? Which candidates or policy outcomes are supported? Does the collector have commercial interests in transfers, leasing, resource review, litigation, registry relocation, member classification, or dissolution? Does the proxy holder represent a broker, a large address holder, a legal funder, a government-linked body, or an association with a declared platform? The point is not to forbid organized voting. The point is to let the member and the rest of the electorate see whether votes are being aggregated by an actor with a material stake in future registry decisions.
Endorsements raise a related problem. Reporting on the September 2025 election noted that seven elected directors had been endorsed by Smart Africa, a regional digital-development body with many member states, and that some stakeholders were uneasy about a slate associated with powerful governmental or regional interests. Endorsement is not corruption. A regional coordination body may have genuine continuity concerns. It may want AFRINIC to function, avoid dissolution, and support public digital infrastructure. Those are legitimate interests. They are still interests.
If a large external coalition helps produce a board majority, members need to understand the coalition's objectives, funding, relationships, and expectations. A registry serving resource holders should not be captured by brokers; nor should it drift into being an instrument of state-aligned strategy without clear member consent. The conflict regime should apply symmetrically. The broker-linked reformer should disclose the broker link. The government-backed continuity candidate should disclose the support. The registry insider should disclose the insider network. The policy professional should disclose consulting and committee ties. Then members can make a choice.
Campaign attacks should be handled the same way. One bloc may describe another as a proxy for commercial address monetization. The other may describe the first as a vehicle for governmental or incumbent capture. Both accusations may identify real risks. Neither substitutes for disclosure. Conflict governance does not decide the political argument by slogan. It forces both sides to show their interests and lets members evaluate the tradeoff.
AFRINIC's board legitimacy cannot rest only on the fact that an election occurred. In a post-exhaustion registry, board control changes expected future discretion. A board perceived as broker-captured will make enforcement against leasing interests look retaliatory or selective. A board perceived as government-captured will make transfer restrictions look like capital control. A board perceived as litigation-driven will make settlement, legal spending, and member classification look self-interested. The solution is not to find candidates with no interests. The solution is to make interests legible enough that legitimacy does not depend on blind trust.
Receivership did not remove conflicts; it concentrated them
Receivership is best understood as a stress test for conflict governance. When the Supreme Court of Mauritius placed AFRINIC under receivership, the immediate problem was continuity. AFRINIC had been unable to maintain ordinary board and management authority. Court-appointed receivership was designed to preserve assets, maintain operations, and supervise a path back to governance. Public material described a mandate to preserve the status quo, oversee elections, help form a board, and support appointment of a chief executive. That is emergency institutional medicine, not ordinary member democracy.
Emergency governance always creates conflicts. A receiver is supposed to be neutral, but the role is appointed through a legal process shaped by litigants, court orders, statutory duties, institutional lobbying, and operational urgency. A receiver may hire lawyers, election contractors, accountants, and advisers. Each contractor has incentives: fees, reputation, mandate protection, avoidance of blame, and preference for decisions that validate the appointment. The receiver may face pressure from AFRINIC staff, resource members, outside governance bodies, government ministries, regional digital organizations, and litigants. The receiver may need to act quickly while creating a record strong enough to survive court review.
The 2025 election sequence showed how difficult that environment became. The receiver's first election attempt was challenged, proceeded, suspended, and annulled. The reasons involved concerns about voting documentation and powers of attorney, while reporting and public commentary complained that explanations were limited. ICANN asked questions. Members and observers asked questions. Cloud Innovation later argued that the annulment showed the election process could not reach closure and used the episode to support a wind-up strategy. Other actors argued that dissolution would endanger regional registry continuity. The receiver's attempt to solve governance became another governance dispute.
Conflict governance should not treat receivership as a disclosure-free zone. It should require a receivership interest statement. That statement would identify the receiver's mandate, limits, advisers, contractor selection criteria, fee categories where appropriate, prior relationships, communications with major litigants, communications with outside governance bodies, and rules for publication of election decisions. It would preserve privilege and sensitive security details. It would still give members enough information to see that emergency authority has not become private authority.
The need is acute because receivership can blur preservation and policy. A receiver preserving the registry must keep services running. But elections, bylaw consultations, membership classifications, transfer-policy timing, and litigation strategy can have durable economic effects. If a receiver supervises an election under rules that materially favor one bloc, the result is not merely administrative. If a receiver permits or resists policy action while board legitimacy is contested, the effect may be market-moving. If a receiver appoints advisers with prior ties to one side, even a legally valid process may look captured.
The better rule is conservative discretion. Emergency authority should preserve the ledger, verify members, run a clean election, maintain staff, pay critical bills, and comply with court orders. It should avoid irreversible policy moves unless a court or a properly constituted board clearly authorizes them. Where a decision cannot avoid affecting interests, the receiver should publish the conflict analysis: who is affected, who was consulted, what alternatives were rejected, which advisers had conflicts, and why the decision falls within preservation rather than lawmaking.
By early 2026, public reporting described a registry trying to move from emergency management toward normal operations, with interim management, morale and budget work, strategic planning, continued litigation over the consequences of earlier disputes, and policy questions still unresolved. That status should be read carefully. Operational recovery is a fact about institutional capacity. It is not a legal finding that conflict problems have been repaired. Litigation still belongs in the category of contested legal process. Policy discussion still belongs in the category of community decision-making. Neither should be used as proof that legitimacy has returned unless the interest disclosures and recusal records support that conclusion.
The receivership lesson is modest but important. Emergency governance can keep the lights on. It cannot substitute for a conflict regime that members trust. If every receiver decision becomes a new battlefield, the registry has not escaped the crisis. It has merely moved conflict to another forum.
Contractors and advisers need more than borrowed credibility
AFRINIC's crisis involved many outsiders: barristers, election-service providers, accountants, legal teams, advisers, court officers, governance organizations, and consultants. Outsiders can improve a weak process. They can also lend borrowed credibility to decisions whose incentives remain unclear. In conflict-of-interest governance, an external contractor is not independent because of nationality, seniority, title, or professional polish. Independence has to be demonstrated through appointment route, scope, fee source, prior relationships, reporting line, publication duty, and recusal rule.
The nomination-committee arrangement illustrates the point. A receiver seeking to avoid election interference appointed senior legal figures to supervise candidate nominations. That may have been prudent. But if members do not know the conflict checks applied to those figures, the appointment remains vulnerable. Did any committee member previously advise a party to the dispute? Did any provide an opinion about Cloud Innovation's classification, AFRINIC member categories, proxy rules, or bylaws? Did any have ties to ICANN, Smart Africa, ISPA, other network bodies, major candidates, litigation funders, or large resource holders? Were those ties material? Who decided they were not disqualifying? Was that decision recorded?
Election-service providers need the same scrutiny. A vendor running ballots should have a written conflict statement covering prior work for candidates, endorsing organizations, litigants, proxy collectors, registries, and governance bodies. It should state how credentials are issued, how powers of attorney are verified, how disputed authority is frozen, how logs are preserved, and how members can confirm votes cast in their name. A clean-looking ballot is not enough if proxy acquisition is opaque or if vote authority cannot be challenged before the result becomes political fact.
Legal contractors are more sensitive still. In a prolonged registry dispute, lawyers are not mere technicians. They shape litigation strategy, settlement posture, public communication, bylaw interpretation, member-rights arguments, and the timing of applications. A lawyer paid by the registry may have an incentive to fight broadly. A lawyer paid by a large holder may have an incentive to multiply pressure. A lawyer advising a policy group may have an interest in language that benefits a client class. Privilege is necessary, but it should not conceal all conflict. Boards and receivers can publish categories of representation and conflict screening without revealing legal advice.
Consultants and reviewers also need boundaries. A consultant hired to review bylaws should not quietly reshape the power of resource members without a public classification of the issue. An adviser hired to preserve continuity should not become a shadow policymaker. A contractor hired to run an election should not decide long-term resource economics. A committee hired to vet candidates should not become the arbiter of which market model the registry will prefer. The more a contractor's work can move economic rights, the more explicit the conflict check must be.
Many internet governance communities resist this kind of formality because they value open participation and volunteer expertise. The concern is real. A small community can become paralyzed if every participant is treated as suspect. The answer is proportional disclosure, not opacity. A casual mailing-list comment does not require a full financial statement. A proposal author, chair, appeals participant, committee member, board candidate, staff expert, paid consultant, proxy collector, or election vendor should disclose material interests because those roles can shape outcomes.
AFRINIC's experience shows why. When disputes become legal, every undisclosed relationship becomes ammunition. When an election is annulled, every contractor becomes suspect. When policy affects valuable resources, every drafter is accused of capture. The absence of a conflict system does not protect volunteers from legalism. It invites legalism after the fact. A register, a recusal rule, and a written independence test are cheaper than years of litigation over whether an invisible interest tainted a decision.
Borrowed credibility is especially dangerous in a registry because the institution already depends on delegated trust. Members trust the registry to maintain unique number records. The global routing system trusts the registry's records as part of coordination. Courts and governments trust the registry not to turn technical administration into private control. When the registry borrows credibility from outside professionals without showing their interests, it adds another layer of trust where what it needs is constraint. Credibility should come from visible boundaries, not impressive names.
When policy language moves address value
Policy participation is part of the conflict story, but it should remain a conflict-disclosure story. The issue here is not the full transaction cost of drafting, defending, monitoring, and amending proposals in a process dominated by repeat participants. The narrower question is how interests should be managed when policy language shifts address value. At AFRINIC, words such as regional, transfer, unauthorized, abuse contact, need, legacy, resource member, registered member, allocation, assignment, review, and termination are not merely semantic. They can affect whether a block moves, whether a holder can lease, whether a buyer discounts, whether a lender lends, and whether the registry can threaten adverse action.
Conflict governance in policy does not mean that people with interests should be silent. A transfer broker knows transfer friction. A small ISP knows allocation delay. A large holder knows operational dependency. A security operator knows abuse-contact failure. A registry staff member knows database-quality problems. A government agency knows public-sector dependency. Excluding them would produce worse policy. The problem arises when interested speech is presented as neutral community wisdom without disclosure. The policy room then becomes a market in concealed positions.
The most useful disclosure is economic class. A participant should state whether a proposal materially affects an address holding, brokerage business, leasing platform, legal practice, consulting practice, candidate campaign, government program, registry budget, or pending litigation. The disclosure need not expose confidential customer lists or private contracts. It should give listeners enough information to judge incentive. A proposal restricting outbound transfers reads differently when submitted by an access provider seeking local supply, by a registry insider defending authority, by a government-backed coalition seeking regional control, by a competitor to a broker, or by a holder whose own blocks would gain value from scarcity.
The same standard applies to liberalization. A proposal to recognize leasing, reduce needs assessment, narrow revocation, or permit broader inter-RIR portability may be economically sound. It may also benefit brokers, lessors, and large holders. The interest does not invalidate the argument. It tells the community how to read it. Indeed, a market participant may be the person best positioned to show that a rule creates a liquidity discount or a customer-continuity risk. That contribution is valuable when the speaker's interest is visible. Hidden interest corrodes; disclosed interest informs.
AFRINIC's legal environment makes policy conflicts more severe. When a policy proposal interacts with a live court dispute, a wind-up application, an injunction, contested board legitimacy, or resource-review litigation, it can function as litigation strategy by another route. If a proposal would strengthen one party's case, weaken another's asset position, change settlement leverage, or moot a legal claim, that should be disclosed. A policy chair should be able to classify the proposal as ordinary technical maintenance, data-quality rule, member-rights alteration, transfer-market rule, enforcement expansion, fee rule, election rule, or litigation-adjacent measure. Higher-impact categories should trigger stronger interest disclosure and independent review.
Implementation needs recusal too. Staff who advise on a policy should not automatically be the same people applying it in contested cases if they have become publicly invested in a particular interpretation. Board members who campaigned on a transfer-policy position should disclose that when supervising enforcement. Committee members who wrote an abuse-contact rule should be screened from appeals where the scope of that rule is contested. Recusal does not waste expertise. It separates expertise from adjudication when prior advocacy creates a reasonable perception of bias.
The hardest policy conflict concerns retroactivity. When rules change after resources have been allocated and businesses built, affected holders have reliance interests. A policy participant seeking new restrictions may frame them as stewardship. A holder may frame them as confiscation. The institution needs an impact and disclosure process capable of separating future allocation rules from constraints on existing holdings. Otherwise every policy debate becomes a fight over whether yesterday's investment can be repriced by today's meeting.
Low participation is itself a conflict signal. A mailing-list consensus among a small number of repeat participants cannot carry the same legitimacy burden as a member vote on a market-moving rule. Silence by busy operators should not be treated as deep consent. Those who show up may be those with the strongest private incentives, the most procedural expertise, or the most to gain from complexity. That does not make participation illegitimate. It makes disclosure more important.
The controls that would make conflicts governable
A credible conflict-of-interest regime for AFRINIC would be practical, not ornamental. It would begin with a standing interests register covering directors, senior staff, nomination and election officials, policy chairs, appeal or review participants, major contractors, and senior advisers. The register would record material interests in resource holders, brokers, leasing firms, transfer advisers, litigation parties, registry vendors, government-backed digital bodies, internet governance associations, and organizations that endorse candidates or solicit proxies. It would include close family and controlled entities where relevant. It would be updated on appointment, annually, and before major decisions.
The second element would be decision-specific disclosure. A general register is useful, but conflicts often arise from a particular file. Before a resource review, transfer refusal, revocation threat, settlement instruction, policy implementation decision, committee appointment, vendor selection, nomination ruling, proxy dispute, or election certification, the decision-maker should confirm whether any registered or new interest applies. The decision record should state who was screened, who recused, who replaced them, and why any remaining interest was judged immaterial. The public version can be concise. The private record can preserve detail needed for audit, member review, or court scrutiny.
The third element would be recusal with substitution. Disclosure without recusal is theatre. AFRINIC needs rules for when a person cannot participate: direct financial interest, recent paid representation of a party, close family interest, employment or board role in an affected entity, public campaign role on the exact issue under decision, litigation involvement, material consulting relationship, or responsibility for a prior contested decision now under review. It also needs substitution rules so recusal does not paralyze the institution. If too many directors are conflicted, an independent committee or court-approved reviewer may be needed. If staff expertise is conflicted, an external technical reviewer can advise without deciding.
The fourth element would be a voting-integrity layer. Every power of attorney or proxy should be specific, time-limited, revocable, and confirmed through an independent member channel. Bulk proxy collection should trigger enhanced disclosure of funder, solicitor, supported candidates, supported policy outcomes, and commercial or litigation interests. Members should be able to verify whether a vote has been cast in their name before the ballot closes. Disputed authority should suspend the vote until resolved, not shift the burden to post-election litigation.
The fifth element would be contractor independence rules. Election vendors, nomination committee members, legal advisers, accountants, reviewers, and consultants should file conflict statements before appointment. Their appointment letters should define role boundaries, publication duties, reporting lines, fee arrangements, and recusal triggers. Where a contractor's work affects market value or member rights, the selection process should be recorded and, where possible, competitive. A receiver or board should not be able to solve a legitimacy crisis merely by hiring eminent outsiders whose own relationships are opaque.
The sixth element would be policy conflict classification. AFRINIC proposals should be tagged by impact: technical maintenance, data quality, security-adjacent rule, transfer-market rule, member-rights rule, enforcement rule, fee rule, election rule, or litigation-adjacent rule. Higher-impact proposals should require stronger interest disclosure from authors, chairs, staff advisers, and major advocates. If a proposal would materially affect existing holdings or pending disputes, the process should include reliance analysis and independent legal review before implementation. This is not a veto for incumbents. It is a safeguard against concealed value transfer.
The seventh element would be litigation-interest transparency. AFRINIC and major litigants should publish safe summaries where member interests are affected: case category, relief sought, operational risk, who funds the action, whether settlement authority exists, whether any governance participant has a role in the litigation, and what service-continuity protections are in place. Privilege can be preserved. What should not be hidden is the fact that litigation is being used to seek dissolution, constrain transfers, block allocations, affect elections, or change control of the registry.
The eighth element would be institutional conflict disclosure. AFRINIC should acknowledge when the institution itself is conflicted. In a dispute over its own authority, it has a self-preservation interest. In a policy limiting transfers, it may have an authority-preservation interest. In a legal fight over dissolution, it has an existence interest. In a post-scandal audit, it has a reputational-repair interest. Naming these interests does not weaken the registry. It makes decisions more credible because the institution shows that it understands its own incentives.
Finally, the regime needs consequences. A conflict breach should lead to a proportionate response: late disclosure, corrected record, recusal, replacement of a decision-maker, invalidation of a committee decision, election re-run for affected votes, staff discipline, contractor termination, independent review, or referral to court or authorities where fraud is alleged. The goal is not maximal punishment. The goal is to make disclosure rational and concealment costly.
A lower risk premium is the real prize
AFRINIC's experience shows how expensive weak conflict control becomes. A registry can spend years in court trying to prove that its decisions were valid. It can defend elections, nomination committees, resource reviews, member classifications, bylaws, transfer policies, account freezes, wind-up applications, and public statements. It can win some points and lose others. The larger cost is not only legal fees. It is the erosion of ordinary confidence. Members begin to ask whether the registry can be trusted with discretion. Buyers ask whether blocks in the region carry a governance discount. Outside bodies ask whether emergency intervention may be needed. Courts become recurring participants in what should have been institutional decision-making.
Good conflict governance is cheaper because it creates contemporaneous evidence. When a board decision is challenged, the registry can show disclosures, recusals, independent advice, and minutes. When an election is challenged, it can show proxy confirmations, vendor logs, candidate disclosures, endorsement disclosures, and dispute handling. When a policy is challenged, it can show impact classification, interest statements, reliance analysis, and implementation boundaries. When a staff action is questioned, it can show screening and related-party checks. This does not prevent all lawsuits. It changes their quality. A party challenging the decision must attack a visible process rather than fill an information vacuum with suspicion.
The market effect is just as important. A registry whose conflicts are managed can be strict without looking predatory. It can enforce fraud controls without appearing to target commercial rivals. It can run elections without every slate being treated as a takeover. It can hire contractors without their independence becoming a new dispute. It can accept policy input from brokers and holders without letting them secretly write the rules. It can engage with governments without becoming a government instrument. It can cooperate with ICANN and the other registries without treating institutional solidarity as proof of neutrality.
Small operators benefit most from visible constraint. Large actors can litigate, lobby, hire counsel, structure around restrictions, collect proxies, or wage public campaigns. Small members often cannot. They need simple confirmation that their vote is theirs, their records are accurate, their applications are processed by people without hidden stakes, and their resources will not be trapped in a fight among richer actors. Conflict governance is therefore not an elite procedural concern. It protects the member who cannot attend every meeting, monitor every lawsuit, or decode every bylaw dispute.
The objection will be that conflict rules are too legalistic for internet governance. AFRINIC's history has already answered that objection. The legalism arrived because the informal system failed. Courts entered because private governance could not produce accepted legitimacy. Receivership arrived because ordinary organs broke down. Election annulment arrived because voting authority could not be trusted enough to close the process. The choice is not between relaxed community governance and procedural rigidity. It is between disciplined conflict management inside the institution and disorderly conflict resolution through courts, emergency authority, and public campaigns.
The institutional-economics conclusion is simple. A regional internet registry is a private organization performing a public-coordination function over resources it does not own in the ordinary sense and resources that operators depend on in the commercial sense. That position is inherently conflicted. It is tolerated because the registry is expected to behave like a constrained public record: accurate, neutral, predictable, and limited. When scarcity turns the record into a control surface for valuable IPv4 resources, the need for constraint increases. If constraint does not increase with value, legitimacy falls.
AFRINIC's crisis is often narrated as a fight among personalities, companies, courts, regions, governments, and global internet institutions. Those narratives contain pieces of truth. They miss the mechanism. Scarcity raised the value of registry decisions. Value attracted private interests. Private interests entered staff conduct, holder strategy, broker models, litigation, elections, proxy solicitation, contractor appointments, policy drafting, and outside intervention. The institution lacked a conflict system strong enough to make those interests visible and bounded. The result was not one crisis but a sequence of crises, each reinforcing the belief that registry discretion could be privately influenced.
Conflict governance would not make AFRINIC boring overnight. It would not eliminate disputes over Cloud Innovation, transfer policy, regional use, resource review, bylaws, Smart Africa's role, ICANN intervention, litigation, or the future of the RIR model. It would do something more valuable: make disagreement less existential. A member could lose a policy fight while seeing who advocated, who disclosed, and who decided. A candidate could lose an election while seeing that proxies were verified. A holder could face enforcement while seeing that conflicted staff and directors were screened out. A court could review a decision without reconstructing incentives from rumor.
The alternative is familiar. Every adverse action becomes evidence of capture. Every policy becomes a private value transfer. Every election becomes a proxy war. Every contractor becomes a suspect. Every outside intervention becomes either rescue or occupation, depending on the viewer. Every court order becomes part of the registry's operating system. In that world, formal legality is not enough. A decision may comply with bylaws, court directions, or policy text and still fail the legitimacy test because the interests around it were hidden.
AFRINIC is therefore a test case for the next stage of registry governance. The question is not whether conflicts exist. They do. The question is whether the registry can make them governable: disclosure before decision, recusal before challenge, related-party registers before scandal, contractor independence before annulment, proxy verification before voting, policy-interest statements before consensus, and litigation-interest transparency before institutional paralysis. These are not imported corporate rituals. They are the price of administering scarce digital infrastructure in a market that no longer treats IPv4 as administrative residue.
The payoff is a lower risk premium attached to registry discretion. A buyer discounts less when transfer rules are predictable and conflicted actors are disclosed. A lender worries less when registry recognition is reviewable. A member trusts more when elections have verified authority. A court intervenes less when the institution has a credible record. Staff can do their jobs with less suspicion. Honest candidates can run without being treated as fronts. Policy advocates can state their interests without disqualifying themselves. The registry becomes less powerful in the arbitrary sense and more useful in the institutional sense.
That is the trade AFRINIC should want. The registry does not need mythology. It needs trust. It does not need to prove that every critic is malicious or that every supporter is public-spirited. It needs to prove that private incentives cannot secretly steer public registry decisions. In institutional economics, legitimacy lowers the cost of cooperation by making behavior predictable. Without credible conflict governance, even formally legal decisions look like private influence over a public record.

