A registry in court is not just a company in court
AFRINIC is formally a Mauritian nonprofit, member-based organisation serving Africa and parts of the Indian Ocean as one of the world's five regional internet registries. That legal description is tidy. The operational description is less tidy. AFRINIC distributes and records IPv4 addresses, IPv6 prefixes and autonomous system numbers. It also supports public registry services such as WHOIS, RDAP, reverse DNS, internet routing registry functions and resource certification. Those services are not consumer products. They are coordination infrastructure for networks, hosting firms, access providers, data centres, banks, public agencies and the many customers who never learn the name of the registry on which their identifiers depend. A lawsuit against the corporation therefore reaches a function that operators experience as infrastructure.
The result is an odd institutional bargain. A local corporation keeps records that have cross-border effects. Courts in Mauritius have jurisdiction over the corporation. Network operators across 54 countries rely on the ledger. ICANN and the Number Resource Organization sit above and around the system as global coordination bodies, but neither is a normal prudential regulator. Members participate in policy and elections, but many affected downstream users are not members. When the organisation is stable, the arrangement looks like a practical compromise. When the organisation is contested, every legal motion becomes an economic event.
That is the core of AFRINIC's court and continuity risk. Litigation does not merely decide who wins a lawsuit. It changes the expected reliability of registry services, the cost of holding addresses, the credibility of transfers, the bargaining position of members, the willingness of counterparties to rely on records, and the probability that a court, receiver, ICANN, another RIR, a ministry or a successor body will have to act under pressure. A court order that freezes a bank account, restrains a corporate action, appoints a receiver, annuls an election or admits an outside intervenor may be legally narrow. Economically, it changes the risk premium attached to every resource whose stability depends on the registry.
The standard internet-governance vocabulary often obscures this. It speaks of "community", "stewardship", "bottom-up policy" and "continuity". Those words have real content, but they can also blur the distinction between two things that should be kept separate: continuity of the registry function and continuity of the incumbent institution's power. Lu Heng's public notes have pressed that distinction in sharp form: protect the ledger, not the gatekeeper; protect the live network, not institutional comfort. One need not accept every claim made by any litigant to see the analytical usefulness of that separation. AFRINIC's crisis is intelligible only if the ledger is treated as a critical function that may need protection from all sides, including from the corporation operating it.
The evidence trail is unusually concrete. The Internet Governance Project wrote in 2021 that AFRINIC's dispute with Cloud Innovation grew out of IPv4 scarcity, regional allocation assumptions, below-market administrative pricing, a contested enforcement theory and litigation that froze bank accounts. The NRO said in 2023 that the Supreme Court of Mauritius had appointed a receiver whose role included preserving status quo assets, overseeing elections and restoring functional governance. The Register then followed the later sequence: election planning, ICANN objections, proxy-vote allegations, annulment, a later board election, renewed litigation, AFRINIC's accusation that its antagonist was trying to paralyse it, and ICANN's 2026 intervention in a winding-up application. AFRINIC's own pages describe the services that must continue while all this occurs.
The facts do not support a simple morality play. AFRINIC had real governance problems before the Cloud Innovation dispute reached its current intensity. Cloud Innovation and related actors have pursued aggressive legal and political tactics. ICANN has sometimes acted as a guardian of global coordination and sometimes as another institution trying to shape a local legal process. Courts have supplied remedies that preserved order and remedies that increased uncertainty. The important question is not which actor should be trusted unconditionally. It is how to value, contain and allocate continuity risk when the ledger of a scarce, operationally embedded resource is administered by an institution whose own authority is in dispute. That question is economic before it is rhetorical.
The economics underneath the legal pleadings
IPv4 scarcity is the economic substrate of the AFRINIC dispute. Without scarcity, the controversy would be a governance quarrel around an administrative record. With scarcity, the record becomes a claim on a valuable input. The Internet Governance Project's 2021 analysis put the matter plainly: IPv4 addresses became marketable because the available pool is finite and IPv6 is not a seamless substitute for every use. The market value of an address rose far beyond the administrative fees paid to registries. A /16 block could represent millions of dollars in market value. AFRINIC, late among the RIRs and historically holding a small share of global IPv4, still had a relatively visible pool at the moment when other regions had largely exhausted their free space.
Scarcity changes institutional incentives. In an abundant regime, a registry can allocate numbers according to demonstrated need, keep records and rely on community norms to police abuse. In a scarce regime, applicants have incentives to arbitrage policy differences, members have incentives to defend existing allocations, registries have incentives to tighten control, and political actors have incentives to describe control of address space as a regional development matter. The same database entry becomes at once a technical uniqueness record, a contractual relation, a tradable or leasable economic input, a political symbol and a potential litigation asset.
AFRINIC's official fee schedule illustrates the mismatch. It charges allocation and membership fees by category, with the largest annual LIR category listed at tens of thousands of dollars rather than at a market-value price for millions of addresses. That is not a flaw in itself; RIRs are not meant to be auction houses. But it means the registry's economic role is not captured by its revenue model. A member holding a large allocation may pay an administrative fee while the addresses support business lines, leases, customer contracts, cloud capacity, routing reputation, security allowlists and financing assumptions worth far more than the fee. The registry is therefore a low-fee recordkeeper above high-value reliance.
That position is stable only when authority is narrow and predictable. If the registry records what was validly issued, maintains uniqueness, processes legitimate updates and acts against fraud through clear rules, the fee/value mismatch can be acceptable. If the registry also claims broad discretion to reassess use, revoke resources, block mobility, redefine member rights or intervene in commercial models after reliance has formed, the mismatch becomes dangerous. The party with the most leverage has the least proportional downside. The holder and downstream customers bear much of the operational loss; the registry bears litigation cost, reputational damage and institutional strain, but its contract terms and balance sheet may not map to the scale of harm. That asymmetry turns administrative discretion into a financial exposure for everyone else.
This is the power/liability problem that appears repeatedly in public criticism of the RIR model. Heng's notes point to liability caps, administrative-scale budgets and the absence of balance-sheet exposure commensurate with the value of resources affected by registry decisions. NRS messaging makes the same point in more campaigning language, warning network operators that a registry chokepoint can threaten continuity while carrying limited liability. Those claims are not neutral, because they come from actors aligned with a side of the dispute. Yet they identify a genuine economic question: can a coordination body exercise consequence-heavy discretion while retaining service-provider-grade exposure?
AFRINIC and its defenders answer from a different premise. IP addresses, in the orthodox registry view, are not owned as ordinary property. They are allocated or assigned under policies and agreements so that the internet's numbering system remains coherent. That position is important. If every allocation were treated as an unconditional private asset, registries would struggle to reclaim fraudulently obtained resources, correct records, conserve scarce space or operate a policy system at all. But "not ordinary property" does not mean "no economic reliance". Licences, concessions, regulated entitlements and contractual access rights can be non-property in one sense and still carry substantial reliance value.
AFRINIC's court risk arises precisely in that middle zone. Resource holders cannot credibly say the registry is irrelevant once addresses are allocated. Registries cannot credibly say commercial reliance is irrelevant once addresses are routed, leased, financed, embedded in customer systems and valued in markets. Courts are then asked to adjudicate disputes where old administrative language meets new economic substance. A receiver, injunction or winding-up application becomes more than company law. It becomes a test of whether the institutional wrapper can still contain the asset-like behaviour of number resources.
How enforcement became institutional exposure
The immediate dispute with Cloud Innovation began as an enforcement question. AFRINIC alleged that Cloud Innovation's use of addresses did not match the terms under which resources had been justified, including concerns about out-of-region use and the purpose of utilisation. Cloud Innovation contested the allegations. The Internet Governance Project described AFRINIC's approach as an overly aggressive attempt to clean up after earlier controversies, while also describing Cloud Innovation's litigation response as excessive. The exact legal merits sit with courts and contracts. The institutional economics are visible without deciding them.
An enforcement action against a large holder is not like a reminder to update a contact record. The more addresses involved, the more customers and counterparties are exposed. IGP reported that Cloud Innovation had received rights to millions of IPv4 numbers from AFRINIC and that the company built a leasing business around them. AFRINIC's view was that policy and agreement conditions mattered. Cloud Innovation's view was that AFRINIC was asserting discretionary control over a business model and over operationally embedded resources. The threatened remedy, according to reporting, could have included terminating membership and reclaiming resources. That was not a minor sanction.
Registry enforcement has to exist. A registry that cannot act against fraud, false records, hijacking, misrepresentation or serious breach is not a registry. AFRINIC had its own reasons to be sensitive. Independent reporting in 2019 documented allegations that address records had been manipulated through dubious entities, with address blocks allegedly sold for personal profit. Such allegations, even before final legal conclusions, damage the credibility of any ledger. A registry emerging from that kind of scandal will naturally want to demonstrate that it can audit and reclaim. Weak enforcement invites predation.
The danger is overcorrection. After a records scandal, institutional pride can become indistinguishable from ledger protection. A registry may come to see broad discretion as necessary for integrity. Members may see the same discretion as a continuing threat to assets they rely on. The two readings can coexist. AFRINIC could have believed it was defending policy and correcting abuse, while Cloud Innovation could have experienced the action as a business-ending assertion of power. When the values at stake are large enough, an ambiguous enforcement model becomes an invitation to litigation, and litigation becomes a stress test for the registry itself.
The litigation then fed back into institutional exposure. IGP reported that a 2021 court order provisionally froze up to US$50 million of AFRINIC funds, crippling operations. Later reporting described years in which AFRINIC could not elect a board, appoint a chief executive or perform all functions. The Register's September 2025 account said Cloud Innovation's lawsuits left AFRINIC unable to appoint a CEO or elect board members, and that the registry was unable to perform its core function of allocating IP addresses to members. These are severe claims of institutional effect. They show that the remedy environment can harm the ledger even when litigation is formally between named parties.
AFRINIC's March 2026 position, as reported by The Register, framed the situation as a web of litigation and procedural roadblocks driven by Cloud Innovation, Larus and associated campaigns. It said instability delayed restoration and consumed resources that could have supported training, research and membership strengthening. Heng's response, also reported there, reframed the matter as structural: the registry model had concentrated high-consequence power over economically critical resources without commensurate liability. The two accounts are not merely adversarial spin. They are different theories of continuity. AFRINIC stresses the continuity of the institution; its critic stresses the continuity of the operators and customers beneath the resource.
That distinction should guide analysis. If a member can use litigation to immobilise a registry for years, the registry's continuity architecture is weak. If a registry can threaten a member's large operational position through discretionary interpretation without proportionate external discipline, the member's continuity architecture is weak. The hard fact is that both can be true. Court and continuity risk is not a one-sided accusation. It is a structural condition in which each actor can convert legal leverage into operating risk for others.
Receivership as preservation, not settlement
Receivership was the system's attempt to move from legal conflict back to institutional function. The NRO's September 2023 statement welcomed the appointment of an official receiver for AFRINIC. It said the Supreme Court of Mauritius had restrained AFRINIC from relocation, takeover, merger, restructuring or management control; appointed a receiver to maintain the status quo of assets and preserve business value; tasked the receiver with overseeing elections under AFRINIC's constitution; and called for a board and CEO to be formed on an expedited timeline. The NRO thanked staff for keeping operations and services going. The message was preservation, not reinvention.
That statement is useful as a factual exhibit, but it should not be treated as proof that receivership solved the underlying economics. Receivership can preserve a business. It can keep bank accounts, staff, records and basic operations from collapsing. It can supervise elections. It can hold the ring while parties fight. What it cannot automatically do is settle the meaning of resource-holder rights, the proper scope of registry enforcement, the economic treatment of IPv4 transfers, the legitimacy of voting arrangements, or the relation between Mauritian company law and a global number registry.
Indeed, receivership can become another risk layer. A receiver's authority is meant to be preservative. It is strongest when it maintains status quo assets, prevents dissipation, restores lawful governance and avoids permanent policy choices unless clearly authorised. If a receiver-run period includes contested nominations, disputed member status, proxy concerns, bylaw controversy or policy changes affecting resource value, the receiver no longer looks like a neutral bridge. The bridge becomes part of the battlefield.
The 2025 election history shows this. The Register reported in April 2025 that the receiver planned elections after years without a board, appointed a nomination committee chaired by a King's Counsel and cited concerns about potential interference. That alone signalled fragility. A normal membership election should not require the political symbolism of senior foreign barristers, external election services, warnings about credentials and close global scrutiny. The machinery of legitimacy had become expensive because trust had become scarce.
Then came legal challenges and ICANN's intervention. The Internet Governance Project reported in June 2025 that electronic voting had begun after interim legal skirmishing, that TISPA had obtained an injunction delaying the election over voting-right questions, and that ICANN sought reconstitution of the nominations committee. The Supreme Court dismissed the challenges in a way that allowed the election to proceed and ordered clarification that Cloud Innovation's corporate-record classification as a registered member was erroneous. IGP treated ICANN's intervention as overreach; The Register reported ICANN remained concerned about election integrity. The court allowed movement, but it did not restore broad confidence. Legal permission to continue and institutional confidence are different assets.
The election then collapsed. The Register reported that minutes before the voting period ended, the nomination committee suspended voting over questions about powers of attorney. ISPA alleged that some representatives found votes had already been cast on their behalf through powers of attorney they had not provided. AFStar alleged fraudulent powers of attorney. ICANN sent a letter asking questions and warning that a compliance review could lead to an emergency registry arrangement. The receiver annulled the election and sought an extension to run new elections. The outcome was a textbook continuity failure: the very election meant to end limbo reproduced limbo.
An election is supposed to price legitimacy cheaply. Members vote, directors take office, staff execute, counterparties regain confidence. In AFRINIC's case, legitimacy became costly. Every proxy rule, membership classification, nomination decision and court filing acquired economic weight because control of the board could affect enforcement, resource policy, bylaw design, litigation strategy, bank accounts and the future of the registry. The ballot was not only a governance ritual. It was a contest over the institution sitting above a scarce ledger.
Election annulment and the price of uncertainty
The annulment of the June 2025 election mattered because it converted procedural doubt into a measurable continuity premium. When an election is merely contested, stakeholders can wait for explanation. When it is suspended and annulled, every party must ask whether the next election will be credible, whether the receiver has enough authority, whether courts will constrain the result, whether ICANN will start a compliance process, whether members trust the register, and whether registry functions can fully resume. The cost is not limited to lawyers. It appears in planning delays, cautious counterparties and higher political value attached to institutional control.
The Register's July 2025 reporting said AFRINIC had not detailed the investigations, concerns or irregularities behind the annulment. ISPA alleged that one party claimed powers of attorney to represent nearly half of resource holders and that at least some documents were fraudulent. An anonymous member told The Register someone had tried to vote on his behalf using what he considered a fake document. ICANN criticised the receiver for lack of transparency and referenced a policy that could allow appointment of an emergency replacement for a dysfunctional RIR. Cloud Innovation then called for AFRINIC to be wound up and its responsibilities transitioned to a more trusted framework.
Those facts illustrate a distinctive feature of court and continuity risk: silence is itself a cost. In a normal corporation, poor explanation after a failed election damages governance credibility. In a registry, poor explanation damages the authority of records. If members cannot trust who voted, they may ask whether the membership register, authorised representatives and powers of attorney are reliable. If a court is asked to resolve those questions, the legal record may become the only trusted audit trail. That increases the role of judges in a function that internet governance traditionally prefers to keep inside private coordination.
The later 2025 election produced a board, but did not erase the risk. The Register reported in September 2025 that AFRINIC announced eight directors and could convene a board for the first time since 2022. Seven of the eight were endorsed by Smart Africa. The article also noted likely court challenges over whether the election was properly run, a continuing government investigation, a criminal investigation into the June election, discomfort among some community members about Smart Africa's slate, and the possibility that Mauritian courts would constrain the new board. A board existed, but its mandate was born inside a cloud of litigation and political alignment.
This is why board legitimacy in a registry cannot be assessed by vote totals alone. The normal democratic instinct is to count votes and move on. But in a low-participation, high-stakes membership system, vote mechanics, credentials, proxies, nomination control and member classification may matter as much as the final number. Heng's public note on AFRINIC power and lock-in made the point in polemical language: elections can be a ceremony around power already shaped by procedures, capital and organisational control. Stripped of polemic, the institutional lesson is sound. Legitimacy in a registry is not simply produced by a completed ballot; it is produced by a credible chain from member identity to vote authority to policy restraint.
The economic consequence is that a board can be formally constituted yet still operate under a legitimacy discount. If counterparties believe the board may be challenged, they discount its policy decisions. If members believe the voting base was unclear, they discount its mandate. If courts are expected to revisit election mechanics, they discount the board's freedom of action. If ICANN is revising the policy basis for emergency intervention or derecognition, the board operates under a shadow option held by the global coordination layer. That shadow is not always bad. It can discipline dysfunction. But it also makes the local registry less autonomous and less predictable.
Injunctions, winding-up and cross-border dependency
By 2026, AFRINIC's court risk had moved beyond the election itself. The Register reported in February 2026 that AFRINIC was "back on track" according to newly appointed executive Mukom Tamon, who told APRICOT that morale had improved, interim management roles had been filled, a budget and action plan were near, and a 2027-2030 strategy was being prepared. He also noted an unallocated IPv4 pool of 773,376 addresses. The same report said the RIR community was revising ICP-2 to define the full lifecycle of an RIR, crisis assistance and possible derecognition.
That apparent recovery was quickly complicated. In March 2026 The Register reported AFRINIC's accusation that Cloud Innovation, Larus and associated campaigns were trying to paralyse it through litigation, objections and member communications. AFRINIC cited delays and legal costs. Heng replied that the real issue was structural power without commensurate liability. NRS argued that operators could be trapped and unable to defend themselves after damage was done. The clash again turned on the same continuity question: is litigation an attack on the registry, or is litigation a remedy against excessive registry power?
In May 2026 The Register reported two further fronts. First, ICANN successfully applied to become a party to Cloud Innovation's attempt to wind up AFRINIC. ICANN said it wanted the court to understand AFRINIC's unique role and the nature of the resources it administers, and to make clear that numbering resources allocated through AFRINIC are not assets of AFRINIC available for distribution in a winding-up. Second, AFRINIC obtained or publicised an interim order related to statements that allegedly attributed judicial approval to leasing or commercial exploitation of AFRINIC-allocated resources. Larus and Cloud Innovation disputed AFRINIC's characterisation and said the order did not decide IPv4 leasing, ownership, Cloud Innovation's member position or Larus's business model.
The first front, winding-up, is the most severe form of institutional discontinuity. Winding up an ordinary company distributes assets, terminates operations and resolves creditor claims. Winding up a regional registry raises harder questions. What happens to historical records? Who operates WHOIS and RDAP? Who maintains reverse DNS delegations? How does RPKI trust continue? Who signs updates? What happens to pending disputes? Are unallocated numbers corporate assets, public coordination resources, or neither? ICANN's intervention, as reported, focused on preventing the court from treating number resources as distributable corporate property. That is a factual legal concern, not a full continuity architecture.
The second front, injunctions over public statements, shows a subtler risk. Courts can police misrepresentation. If a company falsely suggests judicial endorsement of a commercial model, correction may be justified. But injunctions around public characterisations can also become part of the information war surrounding resource rights. A statement about whether a court order validates leasing may affect customer confidence, member mobilisation, creditor expectations and political support. In a thin-trust environment, communications are not mere public relations. They are instruments of market expectation.
Cross-border dependency intensifies both fronts. AFRINIC is local enough for Mauritian courts to restrain it, appoint receivers and handle corporate filings. It is regional enough that African network operators depend on it. It is global enough that ICANN, the NRO and other RIRs worry about systemic precedent. It is commercial enough that address holders and leasing platforms treat registry positions as economically material. A local court may be asked to decide a company-law question, but the practical audience includes customers, carriers, route-filtering operators, certificate validators, banks, governments and rival institutions.
That does not mean courts should stand aside. A registry cannot be above law merely because the service matters. The opposite is more plausible: the more critical the function, the more clearly law must distinguish between corporate claims, registry records, member rights, public-interest continuity and private economic reliance. The court and continuity problem is not that judges are involved. It is that judges are being asked to act before the internet-number system has built a mature continuity design for institutional failure.
Continuity is the function, not the office
AFRINIC's official materials list the functions that must continue: distribution and management of IP address space and ASNs, policy implementation, member services, reverse DNS, WHOIS, RDAP, RPKI, IRR and related routing-security functions. Heng's public continuity note breaks that into operational categories: number uniqueness, registration accuracy, publication and security continuity, running-network continuity and independent adjudication. That framework is more useful than the usual slogan that "AFRINIC must be saved" or "AFRINIC must be dissolved". The right first question is: what must not break?
Number uniqueness must not break. The same block cannot be recognised for incompatible holders. Historical allocations and assignments must remain traceable. Fraudulent changes must be preventable. Disputed changes must be flagged without corrupting the last verified state. This is the deepest ledger requirement. It is narrow but fundamental. It does not require a court to validate every policy theory. It requires the system to preserve a reliable answer to who currently holds the recognised registration claim.
Publication services must not break. WHOIS and RDAP records, reverse DNS delegations and route-related data are used by operators, security teams, counterparties and customers. RPKI requires particular caution because it is a cryptographic trust system, not merely a public directory. Certificates, manifests, revocation information, ROAs, repositories and trust-anchor arrangements cannot be thrown casually from one operator to another. AFRINIC's own service list and trust-anchor material show that it sits inside routing-security practice. A continuity plan that preserves corporate authority while neglecting these systems would be misnamed.
Legitimate updates must not break. A frozen ledger is not a stable ledger. Networks merge, split, change contacts, update routing authorisations, correct data, pay invoices, receive allocations and transfer resources where policy allows. During litigation, the temptation is to preserve everything by preventing change. That may protect against fraud or opportunistic transfer. It may also harm legitimate operations. Continuity requires controlled update authority, not simple stasis. The system must know who can sign, who can approve, what changes are reversible, what changes require independent review and what changes are blocked pending dispute.
Running-network continuity must not break. This is the point often lost in institutional argument. The registry office is not the asset. The asset is the live economic use of network identifiers by operators and customers. A customer whose payment system, hosting service, hospital application, airline integration or security allowlist depends on stable IP resources does not experience the dispute as a policy theory. It experiences the dispute as reachability, reputation, route validity, service continuity and contractual performance. Registry action that preserves institutional leverage by threatening those dependencies has not protected continuity; it has shifted risk downward.
Adjudication must not break. A registry should not be recordkeeper, claimant, judge and executioner in its own serious disputes. Nor should a resource holder be able to freeze a registry indefinitely through maximalist litigation. Courts, arbitration, independent technical custodians and predefined emergency criteria may each have a role. The key is dispute isolation. A dispute over title, use, fees, membership or policy should be recorded and adjudicated without unnecessary contamination of unrelated operations. Where the last verified operational state can be preserved safely, that should usually be the default until an independent decision requires change.
Once continuity is defined this way, the policy choice becomes clearer. Saving AFRINIC as a functioning institution may be useful if it serves these requirements. Preserving every AFRINIC authority claim is a different proposition. Winding up AFRINIC may be legally available in some corporate sense, but it would be reckless without a precise transition plan for records, services, security and updates. ICANN or another RIR stepping in may be necessary under some failure scenario, but emergency replacement controlled by the same institutional class that failed to prevent the crisis would not by itself solve the accountability problem. Continuity is architecture, not rhetoric.
How court risk is priced by resource holders
Resource holders price court risk even when they do not call it that. A holder with stable registry relations can plan around network demand, customer growth, transfers, leasing, routing security and financing. A holder in a contested registry must also price injunction risk, update delays, policy reinterpretation, litigation spillover, election uncertainty, emergency registry intervention, member-eligibility changes and possible court constraints on the board. Those risks do not always appear as explicit fees. They appear as discounts, hedging costs, legal retainers, slower contracts, cautious buyers, customer assurances and lower confidence in the portability of resources.
IPv4 mobility is especially sensitive. A resource that can be transferred or leased under predictable rules has one economic profile. A resource confined by region, subject to disputed policy, or dependent on a contested board's interpretation has another. Heng's public note on the AFRINIC lock-in criticised the ratification of a policy marking the entire AFRINIC IPv4 pool as "Regional", arguing that reduced inter-RIR mobility destroys liquidity and value. AFRINIC supporters would frame regional policy differently, as protection of regional resources. Both frames recognise the same economic fact: mobility affects price.
Legal uncertainty also changes bargaining power. If a holder fears revocation or contaminated records, customers demand assurances. If a registry fears litigation, it may slow or harden approvals. If board legitimacy is challenged, policy opponents can delay implementation. If courts may revisit membership or bylaw arrangements, investors and counterparties hesitate. If ICANN may review compliance, the local institution's autonomy weakens. The resource remains the same string of numbers, but the institutional conditions around it have changed. In finance, that is a risk premium. In registry language, it is often disguised as governance noise.
The premium is not borne evenly. Large holders can hire counsel, mobilise members, litigate, lobby and build alternative narratives. Small ISPs may simply wait, pay fees and hope services continue. Downstream customers may have no standing at all. Governments may discover the dependency only when a dispute threatens national operators. Other RIRs and ICANN may bear reputational risk if the African registry appears unstable. Staff bear morale and operational strain. A continuity architecture should therefore pay particular attention to actors who cannot easily litigate but suffer if records, routes or updates are disrupted.
The paradox is that the very fragility of the registry can increase the value of controlling it. If the board can influence enforcement, transfer policy, regional mobility, bylaw reform, litigation posture and cooperation with ICANN, then board seats become economically valuable. That encourages slate politics, proxy aggregation, credential campaigns and court challenges. The more powerful the institution appears, the more parties fight to control it. The more they fight, the less stable the institution becomes. AFRINIC's experience suggests that concentrated discretion over scarce resources invites the capture behaviour that "community governance" is supposed to prevent.
Reducing that premium requires reducing discretionary stakes. Transparent records, auditable membership authority, clear transfer rules, limited enforcement remedies, independent appeal, service failover, RPKI succession planning and objective emergency triggers would make control of the corporate shell less economically decisive. The board would still matter, but it would matter less as a prize. Courts would still hear disputes, but fewer disputes would threaten the live ledger. ICANN would still have a backstop role, but it would be less tempted to improvise. Resource holders could then price the registry as infrastructure rather than as a political option.
What a serious continuity design would contain
A serious continuity design starts with a versioned and independently auditable registry state. The authoritative record should have a historical chain of authorised changes, enough external replication to survive corporate failure, and controls that distinguish public data from protected member information. This is not a call to publish sensitive data indiscriminately. It is a call to ensure that insolvency, receivership, board dispute or hostile litigation cannot make the last trusted state unknowable. If the ledger is the core public function, the ledger's integrity must not depend solely on the goodwill or solvency of one company.
The second element is service failover. RDAP, WHOIS, reverse DNS, IRR and related publication services should have tested continuity procedures. The plan should identify data sources, credentials, signing authority, delegation steps, responsible custodians, member-communication channels and rollback rules. A plan that exists only as a policy aspiration is not enough. It should be rehearsed. The AFRINIC crisis has shown that the relevant failure mode is not only a server outage; it is legal and governance paralysis. Technical backup must therefore be joined to lawful authority.
RPKI succession deserves separate treatment. Routing security depends on coherent trust anchors, repositories, manifests, certificates, revocation information and relying-party behaviour. A hasty transfer can create confusion or weaken security. A refusal to plan transfer can make the current operator a single point of failure. The answer is not to pretend RPKI makes the incumbent immortal. It is to specify emergency publication procedures, key-custody arrangements, migration paths, member notices and criteria for when a successor or interim operator may act. Security continuity is too important to be improvised during litigation.
The third element is dispute isolation. If a block is disputed, the system should record dispute metadata, prevent conflicting transfers where necessary and preserve the last verified operational state unless an independent decision requires a different result. Existing routes, reverse DNS and valid security objects should not be disrupted merely because one party has made an allegation. At the same time, disputed status should not become a shield for fraud. The point is to separate adjudication from operational destruction. Courts decide rights; the ledger preserves operational coherence while they do so.
The fourth element is constrained enforcement. Revocation, deregistration, freezing and forced renumbering are nuclear tools. They may be necessary in cases of fraud, abandonment, serious breach or security abuse, but their conditions should be narrow and reviewable. Intermediate remedies should be developed: correction orders, compliance plans, transfer pauses, escrowed updates, independent audits and customer-protection windows. AFRINIC's dispute shows why a registry needs tools between polite request and existential termination. A system with only weak reminders and catastrophic sanctions will over-litigate.
The fifth element is voting and membership assurance. A registry whose board controls economically material policy must know who its members are, who may vote, who may appoint proxies, how powers of attorney are verified, how disputes are logged, and how results are audited. The 2025 AFRINIC annulment exposed the cost of ambiguity. Community governance cannot function if member authority is a contestable document pile. This does not require turning every RIR election into a state election. It does require professional controls proportionate to the value of the function.
The sixth element is legal separability. The corporate shell, the technical registry function, the policy forum, the dispute-resolution channel and the economic rights attached to resources should not be fused so tightly that a dispute in one destroys the others. Receivership tried to separate preservation from governance, but only after crisis. A better design would predefine which assets, records, credentials and authorities move under which triggers. It would distinguish replacing a board from replacing a service operator, and replacing a service operator from reallocating resources. The goal is not centralisation. It is controlled substitutability.
Finally, there must be transparency without theatricality. AFRINIC, Cloud Innovation, Larus, NRS, ICANN, NRO, Smart Africa, ISPA and other actors all use public communications to shape expectations. Some communications inform; others mobilise. Continuity design should reduce dependence on rhetoric by making key facts independently checkable: service status, election rules, member eligibility, pending disputes, update queues, legal constraints and emergency triggers. The more facts are auditable, the less every communique functions as a market-moving claim.
Uncertainty and watchpoints
Several facts remain uncertain or contested. Courts have not finally resolved every claim surrounding Cloud Innovation, AFRINIC's enforcement authority, election mechanics, bylaw disputes, winding-up, member classification, public statements about court orders, or the legitimacy of particular policy moves. Allegations of fraudulent powers of attorney have been reported, but public readers do not yet have a full judicial record explaining the June 2025 annulment. AFRINIC says litigation and associated campaigns threaten to paralyse the registry. Its critics say registry discretion threatens live networks and member assets. Both claims may contain truth, and each side has incentives to overstate the other's responsibility.
Start with the winding-up application and ICANN's role in it. If the Mauritian court treats AFRINIC primarily as an ordinary company, continuity concerns may be underweighted. If it treats AFRINIC as untouchable because the function is systemic, accountability may be underweighted. The sound path is narrower: recognise the local company-law vessel, protect the non-distributable character of number resources, and require a precise continuity plan for records, services and updates under any corporate remedy.
The post-2025 board is the practical governance test. A board that can approve budgets, hire management and restore services is necessary. A board whose mandate remains under serious legal challenge cannot fully eliminate risk. Watch whether AFRINIC publishes clear minutes, audited finances, litigation exposure, policy implementation details and member-verification improvements. The best evidence of legitimacy will be boring: predictable administration, restrained policy, clean records and reduced dependence on emergency statements.
ICP-2 revision and any derecognition or emergency-registry mechanism will show whether the wider system has learned the right lesson. The Register reported that the RIR community is developing policy for the full lifecycle of an RIR, including crisis assistance and possible derecognition. That work is necessary, but it can move in two directions. It can create real continuity architecture, including separable services and objective triggers. Or it can centralise authority inside the incumbent RIR club while leaving member-rights and liability questions unresolved. The difference matters.
Resource mobility and regional lock-in remain the market signal. If AFRINIC policy increasingly restricts outbound movement or commercial use, holders will price lower liquidity and higher political risk. If policy liberalises without anti-fraud controls, critics will accuse the system of draining regional resources. Either path can be defensible only if rules are clear, prospective, proportionate and insulated from board-capture incentives. Retroactive or ambiguous changes will feed litigation.
RPKI and publication-service resilience are the operational tests. Public debate often focuses on elections and lawsuits because they are visible. The more important operational question is whether WHOIS, RDAP, reverse DNS, IRR and RPKI can continue through institutional stress. A registry that wins court battles but lacks tested service succession remains fragile. A critic that demands institutional replacement without a credible RPKI and ledger transition plan is also fragile.
The final watchpoint is whether the debate shifts from saving AFRINIC to protecting continuity. AFRINIC may recover and serve well. It may remain under legal pressure. It may be reformed. Some future scenario may require an interim or successor operator. None of those outcomes should be judged by institutional symbolism alone. The ledger must remain accurate. Security assertions must remain coherent. Legitimate updates must be possible. Disputes must be isolated. Downstream customers must not be made collateral. Courts must be able to act without accidentally breaking the network. That is the economics of court and continuity risk: the institution may be contested, but the ledger cannot be allowed to become a hostage.

