The notice arrives as an attachment, formally addressed and legally careful, but on the desk of a network operator it has the weight of a title deed being questioned. It asks for explanations, supporting documents, revised contact details, proof of use, perhaps evidence of where customers sit or how addresses are routed. Some of the questions are ordinary. A registry is entitled to know whether the company name in its database still exists, whether the authorised representative is still employed, whether a reverse-DNS delegation points to working name servers, whether abuse contacts can be reached, whether a transfer request has been signed by the right person, and whether an address block has been registered under false or stale information. That is ledger maintenance. It is the work that makes the record useful.

Then the letter changes character. It asks whether the holder's actual use remains consistent with a past justification. It questions where services originate, where customers are located, how sub-allocations are documented, whether leasing is present, and whether commercial activity around the block fits the registry's view of policy. It suggests that failure to satisfy the review may affect the registration service agreement, membership status, future transfers or continued recognition of the resources. The same prefix that yesterday appeared as a production input in customer contracts, hosting revenue, route-origin records, reverse-DNS dependencies and acquisition diligence now appears as a conditional administrative grant. The reader sees the difference between correcting a registry record and threatening an operating asset.

That difference is the enforcement boundary. It is not an argument for registries to do nothing. A registry that cannot correct false records, prevent duplicate claims, reject forged authority, police obvious fraud or keep its database coherent is not neutral. It is negligent. But a registry that can move from record correction into discretionary judgment over a member's business model, customers, geography, leasing arrangements or commercial strategy becomes something else. It becomes a gatekeeper over scarce inputs while retaining the language, liabilities and habits of an administrative recordkeeper.

AFRINIC is the clearest test of this boundary because its crisis compressed the relevant forces into one institution. It is the regional internet registry for Africa and parts of the Indian Ocean, registered in Mauritius, responsible for distributing and managing IPv4, IPv6 and autonomous system numbers, and for operating services around registration data, reverse DNS, WHOIS, RDAP, IRR and RPKI. Those functions are prosaic until they become uncertain. They are also not easily replaceable. An African resource holder cannot move the same administrative relationship to RIPE NCC, ARIN, APNIC or LACNIC because an enforcement letter has become commercially frightening.

AFRINIC also sits on the most visible recent evidence of what happens when enforcement is not bounded. Public reporting has described alleged address-record corruption involving valuable IPv4 space and a former senior staff figure; a resource-use dispute with Cloud Innovation that included the possible withdrawal of millions of IPv4 addresses; litigation that reportedly produced a provisional freeze of up to $50m of AFRINIC funds; years without a normal board or chief executive appointment; receivership under Mauritian court supervision; elections suspended, annulled and then rerun under legitimacy pressure; renewed disputes over bylaws, transfer policy, winding-up proceedings and commercial IPv4 leasing claims; and repeated interventions or statements by ICANN, the Number Resource Organization, AFRINIC, Cloud Innovation, industry groups and commentators worried about continuity.

Those facts can support several inquiries. One can ask how members should hold a monopoly registry accountable. One can ask how a board should supervise legal exposure. One can ask when courts should provide appeals or interim relief. One can ask whether legal budgets create perverse incentives for institutional hardening or member obstruction. Those questions matter, but the narrower issue is where enforcement authority should stop if a registry is to remain a ledger rather than a discretionary gatekeeper. The answer is not found in slogans about ownership or community. It lies in institutional economics: credible commitment, reliance, scarcity, exit impossibility, market recognition, corruption repair, enforcement discretion and the danger of giving a private administrative body high-consequence power without equivalent constraint.

The useful severity of a narrow ledger

A regional internet registry is valuable because the rest of the internet can rely on a shared reference point. Its record says that a particular organisation is recognised for particular number resources, that the organisation has certain contacts, that delegations and public registration data have been entered through known channels, that transfers are reflected in the authoritative database, and that route-origin or reverse-DNS information sits behind a recognisable administrative relationship. The value is not mystical. It is settlement value. It reduces the cost of asking who may rely on which number.

That settlement role requires some severity. A false representative cannot be accepted merely because the registry wants to remain polite. A dormant company's address block cannot be moved through dubious paperwork without inquiry. A transfer cannot be processed if the source holder is not the recognised rights holder. Reverse DNS should not be delegated without proper registration. Public contact data should not be knowingly wrong. RPKI publication cannot be treated as a casual courtesy if parties depend on it for route-origin assurance. The ledger has to say no often enough that yes remains meaningful.

The boundary problem begins when the registry's no moves from evidence to economics. Evidence-based enforcement asks whether the record is true, whether the signer is authorised, whether a policy condition was met, whether a document is forged, whether the same resources are claimed by two parties, whether the database has been altered improperly, or whether a narrowly stated obligation has been breached. Economic gatekeeping asks whether the holder's business model is acceptable, whether customers are desirable, whether the addresses should be leased, whether use outside a region is politically objectionable, whether a holder has captured too much value from scarcity, or whether a later institutional view should override earlier reliance.

The distinction is not always clean, because policy and economics meet in resource administration. AFRINIC's policy materials describe justified need, soft-landing constraints, utilisation thresholds, transfer conditions and reverse-DNS registration requirements. A transfer recipient may have to justify need. A local internet registry remains responsible for allocations until transfer or return. In Phase 2 of IPv4 exhaustion, a minimum of /24 and a maximum of /22 per allocation or assignment apply. These are not empty procedures. They decide access to a scarce production input.

Still, the ledger can remain narrow if it enforces rules as written, prospectively where possible, proportionately, and with a strong bias toward continuity. The registry may verify that a requirement exists and that evidence supports action. It should not use vague mission language as a licence to reprice commercial reliance after the fact. A notice that says "your contact is wrong; correct it" is different from a notice that says "your customers and revenue model now cause us to reconsider whether you may continue to rely on this block." The first protects the ledger. The second uses the ledger to govern the business.

AFRINIC's predicament shows why the line matters. The institution's formal description is administrative and service-oriented: a nonprofit, member-based organisation serving a region, entrusted with internet number resources, operating registry and related technical services. But the consequence of its decisions is no longer merely administrative. IPv4 scarcity means a registration can support revenue, borrowing, acquisition value, leasing income, customer continuity and operational reputation. A letter that changes the recognised status of addresses can therefore change value before any router changes configuration.

The useful registry is not weak. It is disciplined. It can correct records, freeze disputed changes, reject suspicious authority, maintain audit trails, require accurate contacts, process transfers under known conditions and refer fraud to courts or law enforcement. What it cannot safely do is combine clerical necessity with open-ended authority over member conduct. If it does, every commercial dispute becomes a registry dispute, every registry dispute becomes a legal dispute, and every legal dispute becomes a continuity problem for unrelated members.

This is a credible-commitment problem. Networks accept a central recordkeeper because they expect the recordkeeper to stay inside a role. The more valuable the resources become, the stronger the temptation for the recordkeeper to enlarge that role. Members, customers and counterparties then ask whether today's record is an administrative fact or a revocable permission. Once that question becomes serious, the registry has already raised the risk premium on its own records.

The commitment must be institutional rather than merely rhetorical. A registry cannot restore confidence by saying that it intends to be fair while reserving every severe remedy to itself. The commitment must be visible in categories, time limits, evidence standards, escalation thresholds and service protections. The market does not need a registry to promise that every holder will be happy. It needs a registry to make clear that recognition will not be withdrawn or impaired because a later administrator dislikes a lawful commercial pattern that was not clearly prohibited when reliance was built.

Scarcity changed enforcement from hygiene into capital control

IPv4 scarcity is the force that turned registry enforcement into an economic question. If addresses were abundant, a dispute over a block would still be inconvenient, but replacement would discipline both sides. A holder that lost resources could request more; a registry that imposed unreasonable conditions would see members adapt around it; customers could move with less pain. That is not the world in which AFRINIC now operates. IPv4 remains necessary because IPv6 has not removed the need for IPv4 reachability, and address blocks are treated in practice as scarce inputs for hosting, access networks, cloud services, resale, leasing, mergers and continuity planning.

AFRINIC's exhaustion materials show the institutional setting. The region entered Soft-landing Phase 1 in March 2017 and Phase 2 in January 2020. Phase 2 lowered the maximum allocation or assignment to /22 and the minimum to /24. Public reporting from APRICOT 2026 described AFRINIC as still holding 773,376 unallocated IPv4 addresses, while an executive expressed the hope that the pool would reach zero so the conversation could move more fully to IPv6. The aspiration may be understandable in technical circles; the economics remain stubborn. As long as IPv4 is needed for customer reachability, scarcity makes existing recognition valuable.

Scarcity changes what enforcement does. A request for documentation becomes a contingent claim on value. A delay in transfer recognition becomes a financing cost. A refusal to recognise a recipient can depress liquidity. A dispute flag can make customers nervous. A threat of revocation can destroy a business before a court reaches the merits. A statement that leasing is not recognised, or that a court has not approved a leasing structure, can move market expectations because recognition itself is part of what is being traded.

The Internet Governance Project's 2021 account of the AFRINIC crisis made the scarcity mechanism explicit. It noted that AFRINIC had received only a small share of global IPv4 space compared with regions that received large allocations earlier, and that from 2015 to 2017 AFRINIC was one of the few places where substantial unallocated IPv4 space remained available at administrative fees. The gap between administrative price and market value created arbitrage. Cloud Innovation, a Seychelles-based member, received millions of IPv4 numbers and developed a business around leasing them, including to customers outside Africa. AFRINIC later challenged the use. The dispute was not only a legal disagreement. It was a clash between allocation-era policy logic and market-era reliance.

One can be critical of both sides without losing the economics. A resource holder may exploit low administrative fees and scarcity rents. A registry may overreact by trying to reclaim resources under broad interpretations of regional purpose or original need. A court may preserve status quo yet also create systemic shock through provisional measures. The crucial lesson is that scarcity makes enforcement a capital-control instrument unless it is tightly bounded. The registry may not call it capital control. It may call it stewardship, conservation, compliance, regional development or policy enforcement. The market sees recognition risk.

This is especially true for transfers and leasing. AFRINIC's policy materials include conditions for IPv4 transfers within the region, including source and recipient requirements and need assessment. The policy manual also says ASN assignment or registration does not confer ownership in the proprietary sense. Those official positions are relevant factual exhibits. They do not eliminate economic reliance. A bank may not treat an address as freehold property, but it may still care whether a revenue stream depends on a block that could be reviewed, held, transferred, leased or contested. A lessee may not own the number, but it may still need assurance that its provider's registry status is stable.

When registry enforcement reaches into that market environment, it begins to allocate losses. If AFRINIC challenges out-of-region use, holders with global customer bases bear risk. If it restricts transfer mobility, members holding blocks face a lower optionality premium. If it treats leasing as suspect without a clear, prospective responsibility regime, lessors and lessees face ambiguity. If it refuses to act against false authority or stolen records, legitimate holders bear fraud risk. The boundary must therefore be defined not by whether enforcement has economic effects, because all enforcement will, but by whether the effect is necessary to maintain a true, unique, reliable record.

That necessity test is the heart of the matter. Correcting a forged representative is necessary. Correcting a stale company name is necessary. Blocking a transfer signed by the wrong party is necessary. Demanding unlimited downstream customer information because the registry dislikes a business model is much harder to justify. Reopening reliance years after allocation because a holder's commercial use has evolved may be justified only if a clear rule made that evolution material and the remedy is proportionate. Withdrawal of resources should be a last remedy for fraud or severe breach, not the default instrument for policy discomfort.

Scarcity also changes the politics around enforcement. Members who have little address space may resent those who acquired large blocks before scarcity fully arrived. Governments and development advocates may want resources retained for regional use. Commercial brokers may want liquidity. Security operators may want accurate abuse handling above all else. These preferences are not trivial. But a registry cannot reconcile them through private pressure on individual holders. It must either translate them into properly adopted policy, with prospective effect and clear remedies, or leave them outside enforcement. Otherwise scarcity turns every review into a redistribution contest.

AFRINIC's crisis became severe because this boundary was unclear at the moment scarcity made it expensive. The registry thought, or argued, that its role included ensuring compliance with regional and need-based commitments. Cloud Innovation argued that the registry was using administrative records to control commercial activity. Courts then became the arena because the economic stakes exceeded the trust available in the administrative process. That is the institutional failure: not merely a lawsuit, but a missing boundary before the lawsuit.

The Cloud Innovation notice as a boundary event

The most revealing episode is not a final judgment. It is the resource-review correspondence that preceded the institutional crisis. According to the Internet Governance Project, AFRINIC wrote to Cloud Innovation in June 2020 raising three concerns: discrepancies between registered descriptions of use and countries where resources were actually used; inconsistency between originally expressed need and actual purpose; and a reading of membership obligations tied to originating services in the AFRINIC region. Cloud Innovation contested the position. AFRINIC returned in March 2021, sought a change request with detailed information about use, services and country of service origin, and asserted that it could determine whether to terminate the registration service agreement and reclaim IPv4 resources.

If that summary is accurate, the letter sat exactly on the enforcement boundary. Some questions were ledger questions. Did the database describe actual use accurately? Were assignments and sub-allocations properly registered? Was the holder still the relevant legal entity? Were the original application representations false? Those are legitimate questions for a registry. Other questions reached into a member's operating model. If customers are in China, if services are global, if addresses are leased, if deployment changes over time, does the registry supervise those choices through continuing permission? That is where ledger maintenance becomes gatekeeping.

The remedy made the boundary economically explosive. Reclamation of millions of IPv4 addresses would not resemble a small correction to a database field. It would threaten contracts, customers, route-origin arrangements, address reputation and revenue. It would also send a signal to every other AFRINIC member: the record on which you rely may be conditional on a later institutional judgment about whether your actual use still matches what the registry considers acceptable. Even if the registry had arguments, the breadth of the threatened consequence changed the nature of the enforcement act.

Cloud Innovation's response also shows why a weak boundary is dangerous. A holder facing a severe administrative threat will not behave like a cooperative file clerk. It will litigate, seek injunctions, challenge authority, attack process, mobilise public arguments and look for leverage. The 2021 litigation reportedly led to provisional orders freezing up to $50m of AFRINIC funds. The Internet Governance Project criticised both sides: AFRINIC, in its view, had overreached from a desire to clean up past problems; Cloud Innovation, in its view, had used excessive legal tactics; the court had created a crippling shock before detailed evidence had been heard. The value of that assessment is that it refuses a simple hero story.

An enforcement boundary would have reduced incentives for escalation. It would have separated categories at the start. If the issue was inaccurate registration, the remedy would be correction, deadline, audit trail and perhaps a public status note. If the issue was suspected false application information, the registry would state the evidence, materiality and consequences. If the issue was out-of-region use, the registry would identify the policy basis, whether the rule applied to the relevant allocations, and whether enforcement was prospective or retrospective. If the issue was leasing, it would identify the exact policy or contractual condition and the least disruptive remedy. If the issue was fraud, it would preserve evidence and seek appropriate legal relief.

Instead, the dispute appears to have allowed broad concepts to accumulate: regional purpose, need justification, customer geography, leasing, resource recovery, member status, legal liability and registry continuity. That accumulation is fatal to trust. A member can answer a narrow question. It cannot safely answer an expanding theory of authority if the worst-case result is loss of the productive input. The registry can defend a narrow record correction. It cannot easily defend an open-ended power to decide how a holder may evolve its business after allocation.

This does not mean that Cloud Innovation's conduct, claims or business model should be accepted without scrutiny. The point is institutional, not partisan. A registry must be able to act against false statements and misuse of the administrative system. A large holder should not be able to convert low-cost allocation into private gain while ignoring obligations that were clearly accepted. But the larger the holder and the more valuable the block, the more important it is for the registry to prove that enforcement is rule-bound and proportionate. Severity without boundary is not strength. It is a lawsuit waiting to happen.

The episode also reveals why liability matters. AFRINIC's reported notice language, as described by IGP, stressed that the registry would not be liable for loss or damage arising from the notice or action taken under it. From an institutional-economics perspective, such language is predictable but insufficient. A body that can destroy reliance while disclaiming liability has a moral-hazard problem. It may underprice the harm of broad enforcement. Conversely, a holder that can respond with claims large enough to immobilise the registry can externalise its defence onto unrelated members. The boundary must constrain both.

The right lesson is not "never enforce" or "never litigate." It is that resource review should not be designed as a discretionary threat. It should be designed as a classification system. The notice on the desk should tell the operator what kind of problem exists, what evidence is required, what rule is being applied, what remedies are possible, what services remain protected, and what independent forum can review the severe steps. When a registry cannot provide that map, it is asking members to trust power rather than process.

This is also where the question differs from ordinary due process. Hearings, appeals and court access are necessary safeguards, but they do not define the proper perimeter of authority. A gatekeeper can offer hearings before acting as a gatekeeper. If the severe remedy is outside the ledger function, better procedure only makes overreach more orderly. The boundary must come before the appeal.

Corruption repair is not a blank cheque

AFRINIC had reasons to become more vigilant. KrebsOnSecurity reported in 2019 that researcher Ron Guilmette and South African journalists had traced allegations involving African IPv4 blocks, dormant or defunct organisations, companies linked to former AFRINIC policy coordinator Ernest Byaruhanga and address space with an estimated market value above $50m. AFRINIC's then chief executive acknowledged awareness of the allegations and said an investigation was under way. The reporting was careful to describe allegations and records rather than a final legal finding, but the institutional damage was obvious. A registry whose record can be manipulated from inside loses the trust that gives the ledger value.

After such a scandal, stronger controls are not optional. Dormant resources require scrutiny. Historical corporate changes need verification. Staff access needs logging and separation. High-value record changes need dual approval. Conflicts should be disclosed. Whistleblowing channels need protection. Suspicious transfers require evidence. Members need assurance that the ledger is not a field for insiders, shell entities or stale contacts to turn administrative access into private value. If AFRINIC did not harden enforcement after the reported address-record scandal, it would have failed its members.

The boundary problem lies in using corruption repair to justify open-ended resource policing. The wrong lesson from a records scandal is that the registry should be able to rejudge all commercial use whenever it wishes. The right lesson is that authority over the record must be auditable, narrow and evidence-based. If an address block was moved through false paperwork, the registry should correct the record and preserve evidence. If an old holder no longer exists, it should follow a documented succession process. If a staff member had a conflict, it should rebuild controls. None of this automatically creates a general power to decide whether a member's downstream customers, leasing arrangements or geographic markets are sufficiently virtuous.

Institutional psychology makes the mistake tempting. A weak registry that has suffered scandal wants to show strength. Staff fear being blamed for inaction. Directors want to demonstrate reform. Outside critics demand cleanup. Lawyers warn about liability if the institution ignores suspicious use. The language of stewardship becomes attractive because it converts past embarrassment into present authority. Yet the transition from repair to discretionary enforcement is exactly where a registry becomes dangerous. It confuses stronger evidence controls with broader economic discretion.

The categories must be kept apart. Fraud is not the same as changing a deployment plan. False authority is not the same as leasing. A forged document is not the same as a customer outside the region. Stale WHOIS contact data is not the same as a business model that relies on IPv4 scarcity. A suspicious historical transfer is not the same as a holder's claim that addresses can be monetised. If AFRINIC collapses these categories, innocent members will respond defensively, serious fraud cases will become harder to win, and courts will be asked to sort administrative facts from institutional ambition.

Corruption repair also affects market confidence. A buyer of AFRINIC-administered addresses will ask whether the chain of recognition is clean. A lessee will ask whether the lessor's authority is safe. A lender will ask whether the registry record can be relied upon. If AFRINIC publishes a disciplined remediation framework, the market can price risk: this block has a documentation gap, that block has an unresolved authority dispute, another block is under fraud review, and ordinary blocks are not being reopened. If the registry instead signals that any valuable use can draw a broad review, all blocks carry a registry-discretion discount.

The distinction is not merely theoretical. The great virtue of a ledger is that it can absorb the past without making every future transaction a trial. Historical irregularities can be classified. Records can be corrected. Fraud cases can be referred. Controls can be documented. A gatekeeper does the opposite: it keeps the past alive as a permanent reason to supervise the future. Members then live under a "just in case" regime in which any valuable holding may be re-examined through new standards.

AFRINIC should be strictest where the record is most vulnerable: authority documents, dormant organisations, staff access, change requests, transfer signatures, member representatives, contact accuracy and public registration dependencies. It should be most restrained where the registry is tempted to decide industrial policy: whether a particular commercial use captures too much scarcity value, whether customers are in the preferred place, whether leasing is unwelcome absent clear policy, or whether address mobility should be limited because local retention sounds good. Those questions may belong in policy debates, contracts or courts. They should not appear as improvisation in enforcement letters.

The reason is simple. Corruption repair increases legitimacy only if it narrows discretion. If repair enlarges discretion, the registry asks members to accept that a past failure of internal control now entitles the institution to more external control over them. That bargain will not hold. It turns a legitimate demand for clean records into a permanent authority claim. AFRINIC's history gives it a duty to enforce carefully, not a blank cheque to govern commercially.

Exit impossibility and the captive member

The enforcement boundary would matter less if members could leave. A network operator that dislikes one software vendor can migrate. A bank customer can open a second account. A data-centre customer can multi-home, change suppliers or diversify risk. Each exit path may be costly, but the possibility disciplines the provider. A regional internet registry is different. For resources in AFRINIC's region, the recognised administrative relationship sits with AFRINIC. The holder cannot move the same historical record to another RIR merely because an enforcement letter has become too broad.

This absence of exit changes the economics of enforcement. In an ordinary market, a supplier that threatens customers too aggressively loses business. In a monopoly ledger, the threatened holder must still deal with the registry, pay fees, maintain records, request changes and rely on publication services. Unrelated members must also keep paying while the dispute consumes resources. Customers and counterparties cannot easily substitute away from the record. The registry's power is therefore not only administrative; it is tied to lock-in.

Lock-in creates a higher duty of restraint. If AFRINIC can threaten severe resource consequences, it must internalise the fact that members have no equivalent bargaining escape. The registry should not use account standing, RPKI, reverse DNS, WHOIS/RDAP, transfer recognition or member records as leverage in broad commercial disputes except under explicit, narrow rules. These services are not luxuries. They are part of how the holder remains visible to the market. A member may continue routing packets while a registry dispute is pending, but the uncertainty can affect customer confidence, financing, acquisitions and abuse handling.

Lock-in also makes enforcement externalities larger. When AFRINIC threatened Cloud Innovation's resources, the fight did not remain between two parties. Litigation reportedly froze institutional funds, contributed to governance paralysis and impaired ordinary operations. Years later AFRINIC accused Cloud Innovation, Larus and associated campaigns of creating litigation and procedural roadblocks that delayed restoration, raised legal costs and obstructed training and research initiatives. Lu Heng responded to The Register by framing the dispute as structural: concentrated registry power over economically critical number resources without commensurate legal and financial liability. These are adversarial positions. Both point to the same externality. A dispute over enforcement can impose costs on members who are not parties.

The boundary should therefore be designed around third-party protection. If the registry reviews one holder, unrelated members should not lose service continuity. If a holder obtains interim relief, the registry's operating accounts should not be immobilised beyond what is necessary to protect the claim. If litigation is unavoidable, RPKI, reverse DNS, RDAP, WHOIS and ordinary tickets should be firewalled from the fight. If the dispute concerns a large block used by downstream customers, remedies should protect innocent customers where possible. The objective is not to spare powerful holders from consequences. It is to prevent registry enforcement from becoming a systemic event.

Exit impossibility also changes how members interpret official reassurance. A voluntary association can tell members that leadership believes an enforcement campaign is in the community interest. Dissatisfied members can leave. AFRINIC cannot rely on that logic. It must show concrete limits: who approved the review, what rule applies, what evidence standard is used, what remedy is proportionate, what services are protected, what costs are expected, and how the matter can be reviewed. When members cannot exit, disclosure and boundary become substitutes for market discipline.

This is why a monopoly registry should be conservative about discretionary enforcement. Conservative does not mean lenient. It means predictable, documented and reluctant to use severe remedies unless the ledger itself is at risk. A fraudulent authority document risks the ledger. Duplicate claims risk the ledger. False route-origin authority can risk the ledger. A member's commercial return from scarcity may offend some observers, but offence is not a ledger risk unless a rule clearly makes that conduct material. Without this distinction, every profitable use of scarce IPv4 becomes suspect, and registry authority becomes a tax on success.

AFRINIC's member environment is especially vulnerable because many operators are small, resource-constrained and geographically dispersed. They may not have staff who can follow Mauritian litigation, registry policy text, receiver communications, election irregularities, ICANN letters, transfer proposals and commercial leasing arguments. They experience the registry through invoices, tickets, delegation requests and occasional policy notices. For them, an enforcement regime that large holders can litigate may become an unspoken compliance burden. They will over-document, avoid transactions, defer investment or accept broker terms because registry risk feels unpriceable.

The registry's response should be to lower the cost of compliance by narrowing the scope of enforcement. Members should know that accurate data and truthful authority are non-negotiable. They should also know that ordinary network evolution will not trigger existential review absent a clear rule. They should know that transfers are judged by published criteria, not by mood. They should know that leasing is regulated through explicit responsibility requirements if it is regulated at all, not through surprise theories. A captive relationship is tolerable only when the captured party can predict the rules.

Transfer and leasing recognition reveal the boundary

Transfers and leasing make the enforcement boundary visible because they separate physical control from recognised control. IPv4 addresses do not move like crates. The commercial parties sign documents, money may change hands, customers may be served, routes may be announced, and abuse contacts may be updated, but the economic value depends heavily on whether the recognised registry record supports the arrangement. A transfer that the registry will not recognise is commercially incomplete. A lease that depends on an upstream holder's registry status carries recognition risk. A market that cannot price recognition becomes illiquid.

AFRINIC's transfer policy materials show why the line is difficult. Regional transfers are allowed under conditions, and the recipient must justify need. Source entities face limitations after transfer approval, and transferred legacy resources lose legacy status. These rules may be defended as conservation, fairness and regional policy. They also affect liquidity, bargaining power and the value of existing blocks. When policy is explicit, market participants can price it. When enforcement expands beyond policy, they price uncertainty instead.

Leasing is harder because it may not require a full transfer of registry registration. A holder can provide addresses to customers while remaining the recognised resource member. That creates legitimate registry concerns: contact accuracy, abuse handling, route-origin authority, sub-allocation registration, customer continuity and compliance with any policy restricting assignments or sub-assignments. It also creates legitimate commercial reliance: customers need continuity, lessors need revenue predictability, and buyers or investors need to know whether the registry will treat leasing as ordinary service provision, policy breach or evidence of improper monetisation.

The 2026 dispute involving Larus, Cloud Innovation and AFRINIC demonstrates how valuable recognition language has become. The Register reported that Larus announced a first-party IPv4 leasing platform backed by what it described as a court-ordered shareholder-position continuity structure. AFRINIC responded that a Mauritian court order did not establish, approve or recognise such a structure in relation to AFRINIC. It later said the Supreme Court of Mauritius issued an interim order restraining publications or statements that falsely attributed judicial approval, endorsement or validation of leasing, monetisation, transfer or commercial exploitation of AFRINIC-allocated IP resources. Cloud Innovation and Larus disputed AFRINIC's characterisation and said the order was not a final judgment on leasing, ownership or their business model.

The merits of those statements are for the proceedings and documents. The economic lesson is that the parties were fighting over recognition claims. Did a court order support the marketability of a structure? Did AFRINIC have to correct an overstatement? Did the correction itself chill a business model? Did the interim order protect judicial accuracy or become another registry-linked restraint on commercial speech? Scarce-resource markets turn these questions into price signals. A phrase in a court order, communique or platform announcement can affect customer trust.

That is why enforcement around transfers and leasing should be more precise than ordinary public relations. If AFRINIC believes a claim falsely attributes court approval, it should say exactly that, and no more. If it believes leasing is prohibited, it should identify the rule, affected resources, timing and remedy. If it believes the issue is abuse accountability, it should require abuse-contact and responsibility records. If it believes the issue is transfer evasion, it should define what facts make a lease equivalent to a transfer. Each theory has different consequences. Blurring them lets enforcement become market management.

The same discipline should apply to critics and commercial actors. A holder or leasing company should not market ambiguity as if it were judicial approval. It should not imply registry recognition that does not exist. It should not use the fragility of AFRINIC's governance to sell certainty it cannot deliver. Market participants also need a boundary: they may challenge registry overreach, but they should not convert uncertain litigation into promotional entitlement. Recognition markets require precision from both the recordkeeper and the holder.

AFRINIC's enforcement role should therefore focus on legibility rather than permission. For transfers, legibility means clear source authority, recipient eligibility, policy basis, timestamps, status and appealable refusal. For leasing, legibility means identifying who is the resource member, who operates or announces, who handles abuse, who controls reverse DNS, who may create ROAs, what customer continuity obligations exist, and whether any policy term is implicated. The registry need not endorse every business model to record responsibilities. In fact, recording responsibilities may be the least discretionary way to reduce harm.

An enforcement regime that tries to suppress market reality often produces shadow arrangements. If leasing exists but is not legible, customers have weaker protection and abuse complaints become harder to route. If transfers are too slow or uncertain, parties use informal control arrangements. If out-of-region use is handled through surprise reviews rather than clear policy, holders hide information. The ledger becomes less accurate because the registry asked it to perform too much moral judgment. A narrow registry that records responsibility may achieve more discipline than a broad gatekeeper that drives the market into opacity.

The transfer-and-leasing test is therefore simple. Does the enforcement action make the market more legible, responsibility clearer and the record more accurate? Or does it use recognition power to decide which commercial uses should exist? AFRINIC's future legitimacy will depend heavily on which answer members see in practice.

Courts, appeals and receivers cannot write the boundary

Courts became necessary in AFRINIC's crisis because ordinary governance could not contain the dispute. A court can preserve a status quo, appoint a receiver, clarify corporate authority, restrain misleading statements, hear contractual claims, decide winding-up applications and prevent irreversible harm. The Bankruptcy Division of the Supreme Court of Mauritius appointed an official receiver in 2023; the Number Resource Organization welcomed the appointment as a step toward restoring functional governance, board elections and a chief executive while maintaining member services. Later court processes addressed election challenges, corporate-record confusion, interim relief and ICANN's standing in winding-up litigation.

This judicial involvement was not evidence that the registry function had become unimportant. It was evidence that the corporate shell carrying the registry function had become too contested to govern itself normally. A receiver can preserve assets and maintain operations. A court can stop a party from destroying the other before the merits are heard. ICANN can seek to explain that number resources administered through AFRINIC should not be treated as corporate assets available for distribution in a winding-up. These are continuity protections. They are not a substitute for an enforcement constitution.

The reason is timing. Courts usually enter after a conflict has escalated. The enforcement boundary must operate before the severe letter, before the resource freeze, before the public termination notice, before the bank-account order, before the election challenge, before the takedown request. Once the parties are in court, each has incentives to broaden the fight. The registry says the member threatens continuity. The member says the registry threatens assets. Outside bodies say the system must be protected. Smaller members watch registry services and legal budgets become hostages to arguments they cannot easily influence.

Appeals have the same limitation. They are essential, but they work on a decision that has already been framed. If the decision is "correct the abuse contact within 30 days", an appeal can test evidence and deadline. If the decision is "defend your business model or risk millions of addresses", an appeal inherits an already enlarged premise. A good appeals channel cannot by itself prevent a registry from turning the ledger into a commercial licensing system. It can only review the quality of the turn after it has occurred. Authority should be narrow before procedure becomes necessary.

Receivership can also distort the boundary if treated as permission to do more than preserve. A receiver's purpose is stabilising: maintain the business, protect assets, organise elections, restore corporate organs, keep services running. If receiver-era authority becomes a vehicle for structural changes to resource mobility, member rights or enforcement posture while legitimacy is unresolved, the crisis moves from repair to control. Some critics have made that argument in relation to AFRINIC's post-election policy and bylaw environment. Whether any specific claim is correct is for the relevant record. The general principle is clear: emergency authority should narrow discretionary power, not use the emergency to entrench it.

ICANN and the NRO face a related constraint. Their factual role as emergency explainers matters. The Register reported in May 2026 that ICANN intervened in an application to wind up AFRINIC in order to help the court understand AFRINIC's unique role and to clarify that numbering resources allocated through AFRINIC are not AFRINIC assets available for distribution. That is a legitimate continuity argument if confined to the nature of the registry function. It does not decide whether AFRINIC's earlier resource-use enforcement was proportionate, whether Cloud Innovation's conduct was lawful, whether leasing should be treated as acceptable, or how far regional transfer restrictions should go.

Emergency guardianship becomes dangerous when it confuses protecting the ledger with protecting every discretionary claim made by the incumbent registry. A court should see that AFRINIC is not an ordinary company holding inventory to be liquidated. It should also see that resource holders have operational reliance that cannot be waved away by saying addresses are not property. ICANN should clarify, not command. The NRO should support continuity, not convert official solidarity into a merits conclusion on every dispute. The global layer earns legitimacy by being narrow at precisely the moment it is tempted to be broad.

An enforcement constitution would reduce the need for all of them. It would define review triggers, evidence standards, response periods, escalation thresholds, protected technical services, remedy ladder, disclosure categories and independent review for severe steps. It would tell a court whether AFRINIC acted inside a defined process. It would tell members whether a review is ordinary or exceptional. It would tell markets whether a refusal is final, pending or appealable. It would tell outside bodies whether continuity is at risk or merely litigation rhetoric.

The absence of such a constitution makes every dispute look existential. If the registry has no clear boundary, a holder fears total loss. If the holder seeks broad relief, the registry fears paralysis. If both fears are plausible, courts become arenas for institutional design rather than resolution of concrete claims. That is expensive, slow and corrosive. The registry's public record becomes a chronicle of letters, injunctions, receivers and interventions instead of the boring certainty it is meant to provide.

The irony is that a strong enforcement constitution would make AFRINIC more capable, not less. It would allow decisive action against fraud because the grounds would be clear. It would allow rejection of false authority because the proof standard would be known. It would allow transfer refusal because the criteria would be public. It would protect the registry against claims that every enforcement act is arbitrary. It would also protect members against the fear that any valuable use can be recast as a violation. Courts are necessary backstops. They should not be the registry's ordinary boundary-setting mechanism.

Board legitimacy matters because discretion has value

AFRINIC's board crisis matters for enforcement because discretion is an asset. A board that controls enforcement posture can shape how aggressively staff review resource use, how legal advice is translated into threats, how transfer policy is implemented, how leasing representations are challenged, how settlement is approached, and how much risk is tolerated in severe remedies. In a scarcity environment, those choices affect value. That is why board elections, powers of attorney, membership categories and bylaw disputes became market-relevant events rather than ordinary association politics.

The Register reported that AFRINIC had no board from 2022 until a later election restored one in 2025, though not without controversy. The June 2025 election was suspended and annulled after concerns about powers of attorney and voter documentation. ICANN demanded explanations and warned about compliance review. South Africa's Internet Service Providers' Association and others alleged irregularities; AFRINIC's receiver cited concerns about transparency and fairness. A later election produced eight directors, seven endorsed by Smart Africa, and gave AFRINIC a chance to convene a board, hire executives, unfreeze accounts and resume work. Yet reporting also noted likely court challenges, discomfort about concentrated support and continuing investigations.

This history should not be used to declare any board illegitimate as a conclusion. It should be used to understand the economic stakes of enforcement discretion. If the board's power were merely ceremonial, capture would be less valuable. If the board can influence resource review, transfer recognition, regional restriction, legal budgets, bylaw reform and settlement strategy, then control of the board becomes a way to influence scarce-resource economics. That is not unique to AFRINIC, but AFRINIC made the mechanism obvious.

The distinction from ordinary board oversight is important. Better directors, cleaner elections and stronger minutes are not enough if the board retains an oversized enforcement payload. A responsible board can still preside over a gatekeeper institution if the governing documents let it turn commercial discomfort into resource threat. Conversely, a contested board is less dangerous when its authority is narrow and its day-to-day role is to protect service continuity rather than approve business judgments about members.

The best way to reduce the value of capturing the board is not endless suspicion. It is to narrow the board's discretionary payload. A board should set the enforcement constitution; it should not improvise individual commercial outcomes. It should require staff to classify cases by category: record correction, authority dispute, transfer irregularity, payment default, suspected fraud, policy non-compliance, court compliance, service-continuity risk or ordinary member support. It should approve a remedy ladder. It should require published aggregate metrics on reviews, denials, delays and appeals. It should protect RPKI, reverse DNS and public registration services from being used as bargaining chips.

When the board operates within such limits, election legitimacy still matters, but the prize is smaller. A faction cannot easily capture a registry to punish an address-market rival if revocation requires defined evidence and independent review. A commercial group cannot easily capture a board to force through self-serving transfers if source and recipient criteria are clear. A government or regional coalition cannot easily convert the registry into industrial policy if the mandate firewall is explicit. A critic cannot easily claim every action is arbitrary if the process is documented and consistently applied.

Board legitimacy also affects credible commitment. Members must believe that rules in force today will not be rewritten tomorrow to justify yesterday's threat. They must believe that scarcity will not tempt the board into retrospective control. They must believe that enforcement letters are not factional instruments. They must believe that legal advice is being used to protect the ledger, not to preserve institutional pride. These beliefs do not arise from formal office alone. They arise from repeated restraint under pressure.

AFRINIC's official and public-interest supporters often emphasise continuity. They are right that continuity matters. But continuity is not the same as board insulation. A registry can preserve the ledger while allowing members to challenge directors, budgets, policies and enforcement. Indeed, the ledger must be protected so that accountability can occur without threatening operational records. If every challenge to the board is described as an attack on continuity, continuity becomes a shield for discretion. If every enforcement act is described by critics as illegitimate because the board is imperfect, accountability becomes impossible. The boundary lies in preserving services while forcing decisions into reviewable categories.

The 2025 and 2026 governance episodes also show why member-register accuracy and voting authority belong to the enforcement story. A registry that cannot confidently know who may vote on behalf of members will struggle to know who may authorise resource changes or transfer documents. The same evidence practices recur: corporate status, representative authority, powers of attorney, signatures, revocations, conflicts and audit trails. Strengthening these controls protects both elections and the ledger. It is a mistake to treat governance files and resource files as separate worlds.

The board's hardest task is to prove that restored authority will not be used as restored discretion. A budget, executives and strategy are necessary, but they do not answer the enforcement boundary. The real proof will come in ordinary decisions: how resource reviews are framed, whether transfers are processed predictably, whether leasing concerns are handled through legibility rather than rhetoric, whether court orders are described precisely, whether severe remedies remain rare, and whether members can see enough to trust the process without agreeing with every outcome.

The remedy ladder

The practical answer to enforcement overreach is not abstract humility. It is a remedy ladder. A registry should have a graduated set of responses tied to the type and severity of the problem. The lowest rungs protect data quality. The middle rungs protect policy compliance and counterparties. The highest rungs protect the ledger from fraud or severe breach. Severe remedies should require stronger evidence, higher authority, clearer notice and more independent review because their economic effect is larger.

The first rung is correction. Wrong contact data, stale reverse-DNS delegation, outdated organisation names, missing abuse contacts, unclear representative information and inaccurate registration details should be fixed through ordinary tickets, deadlines and documented change history. The remedy is accuracy. It should not carry implied moral judgment. The registry's tone should be administrative because the purpose is administrative.

The second rung is verification. If a request involves high-value resources, corporate succession, a transfer, a power of attorney, a newly asserted representative or a dormant holder, the registry should require proof. Verification should be targeted. It should state what fact is being verified and why that fact matters. A member should not be required to reveal broad commercial information when the issue is signer authority. A holder should not be asked for customer-level detail when the issue is company status. Narrow evidence reduces both burden and suspicion.

The third rung is status notation or hold. If two parties claim the same authority, if a transfer is disputed, if a court order may affect a record, or if documents appear suspicious, the registry may need to mark or hold the record. But holds should be temporary, reasoned and reviewable. They should protect existing technical publication where possible. A dispute flag should not become a silent punishment. Its purpose is to prevent irreversible changes while facts are clarified.

The fourth rung is compliance plan. If a holder is out of compliance with a clear obligation but there is no fraud and no immediate harm to the uniqueness of the ledger, the registry should prefer a prospective plan: correct records, register sub-allocations, update abuse contacts, document assignments, regularise status, or limit future requests until compliance is achieved. This rung preserves reliance while protecting the record. It is especially important for small operators that may lack legal capacity but can fix administrative defects.

The fifth rung is suspension of specific privileges. A holder that refuses to correct records or pay fees, or that fails a transfer requirement, may lose a specific service or approval pathway under a defined rule. The suspension should match the breach. A failure to provide transfer documents should suspend the transfer, not threaten unrelated resources. A billing dispute may affect account standing under known terms, not become a vehicle for resource-status uncertainty beyond the contract. Proportionality is not indulgence; it is precision.

The sixth rung is independent review before severe action. If AFRINIC seeks termination, reclamation or a step that could destroy operational reliance, the process should move outside ordinary staff discretion. It should require board-level or independent approval, a written statement of evidence, notice to the holder, protection of confidential information, consideration of downstream customers, a continuity plan and a defined appeal or court path. Severe action should be possible, but it should be rare enough and structured enough that members do not live under permanent threat.

The final rung is referral to courts or public authorities where the issue is fraud, forged documents, criminal conduct, insolvency, misleading market statements or enforceable legal rights beyond the registry's administrative competence. A registry can preserve records and provide evidence. It should not try to become police, prosecutor and judge. This separation protects the registry from claims of arbitrary punishment and protects members from a private body's overreach.

A remedy ladder would have changed the AFRINIC crisis not by deciding the Cloud Innovation merits but by forcing classification. Which rung applied? Was the concern false registration, out-of-region use, need mismatch, leasing, member status, abuse accountability or contractual breach? Which evidence supported each category? Which remedy matched the category? Which technical services were protected? Which steps required independent review? Which facts belonged to courts? Without such classification, the dispute became a total conflict over power.

This ladder also helps official supporters of AFRINIC. If they want the registry to survive and enforce rules, they should prefer process that courts can respect. A broad notice threatening resource withdrawal gives opponents an overreach narrative. A classified, proportionate sequence gives the registry a stronger record. It shows that the institution is not trying to become a commercial regulator. It is protecting the ledger and escalating only when lesser remedies fail.

It helps critics too. If a registry follows a narrow ladder, a holder can challenge the specific step rather than attacking the entire institution. The dispute becomes smaller. Did the evidence justify a hold? Was the compliance plan reasonable? Was the severe remedy disproportionate? Did the board have authority? Those questions are still serious, but they do not require winding up the registry, immobilising bank accounts or questioning every service.

The remedy ladder also separates enforcement from legal-budget politics. A registry may spend too much defending its pride, and a member may spend too much trying to make the registry bleed. But the budget question is downstream of the authority question. When the ladder is clear, legal spending can be judged against categories: correction, verification, hold, compliance, suspension, severe action or court referral. When the ladder is absent, every invoice can be justified as existential defence and every lawsuit as resistance to monopoly power. A narrow ladder makes both stories harder to abuse.

AFRINIC's future enforcement legitimacy will depend less on which side wins one famous dispute than on whether ordinary members see this kind of ladder in their own interactions. The notice on the desk should tell them where they stand. A registry that cannot explain its rung is probably standing too high.

The liability gap

The enforcement boundary cannot be solved without addressing liability. Regional registries often insist, correctly in doctrine, that number resources are not ordinary property owned by holders. Policy manuals may describe resources as public resources distributed according to demonstrated need or holders as custodians rather than owners. That position protects the system from treating addresses as corporate inventory to be seized, liquidated or duplicated at will. But it can also create a dangerous inference: because the holder does not own the resource in a full proprietary sense, the holder has no serious reliance interest when the registry acts.

That inference is wrong. Many valuable economic relationships are not fee-simple property. Licences, concessions, permits, spectrum authorisations, exchange seats, route approvals and regulated entitlements can create reliance without becoming absolute property. Withdrawal can still destroy value. A holder may not own an IPv4 block as land, but it may have built customer contracts, network operations, leasing revenue, reputation and financing assumptions around stable recognition. A registry that can interrupt that recognition should face a higher standard than ordinary contract administration.

AFRINIC's reported dispute language sharpens the problem. If a registry can threaten to reclaim resources while disclaiming liability for resulting loss, it may underprice the harm of its own decisions. If a holder can respond with massive claims and provisional measures that freeze operating funds, it may overuse litigation because the registry's essential function gives it leverage. Both sides exploit a liability gap. The registry's power may exceed its exposure; the holder's defence may exceed its direct dispute and impose systemic costs.

Institutional design should close the gap without turning every resource into private property. One approach is procedural liability: severe enforcement is valid only if the registry follows a defined process, and failure to follow it triggers remedies. Another is continuity liability: if action is needed, the registry must design transition protections for downstream customers and unrelated services. Another is disclosure liability: the registry must publish categories of severe enforcement, outcomes and aggregate timing so members can see whether discretion is expanding. Another is insurance or reserve discipline: the institution must budget for the predictable legal risk of severe action.

The point is to make harm visible before action. A registry contemplating withdrawal should ask: what customer services depend on this block; what route-origin or reverse-DNS arrangements exist; what contracts may be affected; what less disruptive remedies are available; what court risk follows; what member funds may be exposed; what continuity plan protects unrelated members; and what evidence justifies the step? If the institution cannot answer, it should not threaten the highest remedy.

This discipline would not immunise holders. A holder that obtained resources through fraud, used forged authority, misled the registry materially, refused to correct records or violated clear policy after notice should face consequences. But consequences should follow a process that internalises externalities. The registry should not be able to say, in effect, "we can destroy reliance because the resource is not property and because our contract limits liability." That is the posture of a gatekeeper with too little skin in the game.

The liability gap also affects transfer and leasing markets. Buyers discount resources if registry discretion is unbounded. Lessees demand lower prices or stronger indemnities if a lessor's recognised status can be challenged unpredictably. Brokers demand higher fees to navigate administrative risk. Smaller operators avoid transactions because they cannot afford a dispute. The market's response to legal uncertainty is not morality. It is pricing. A registry that wants clean markets should reduce unbounded discretion, because unbounded discretion is itself a market defect.

Official continuity arguments can widen the liability gap if used carelessly. When outside bodies emphasise that number resources are not AFRINIC assets and that the registry must not be wound up as if it were an ordinary company, they protect the ledger. But if the same language is heard as saying holders have little enforceable reliance, the system invites more conflict. The better formulation is two-sided: number resources are not corporate assets of AFRINIC to distribute, and stable registry recognition is an operational reliance interest that must not be disrupted except through narrow, proportionate process.

That two-sided formulation would make enforcement more credible. Courts would not have to choose between treating addresses as private property and treating holders as mere petitioners. Members would not have to choose between defending the registry and defending their own businesses. AFRINIC could act against misconduct while recognising that its action has real economic effects. The boundary between ledger and gatekeeper would be expressed in liability: strong enough to protect records, constrained enough to respect reliance.

The liability gap is where institutional rhetoric often fails. "Community" does not compensate a harmed customer. "Stewardship" does not pay for lost revenue. "Not property" does not make reliance vanish. "Asset rights" does not make registry conditions vanish. A serious enforcement boundary must hold all four propositions together.

What AFRINIC should enforce

AFRINIC should enforce the facts that make the registry useful. It should enforce uniqueness, registration accuracy, representative authority, valid transfers, public contactability, reverse-DNS preconditions, RPKI process integrity, abuse-contact publication where policy requires it, fee and account terms as written, and compliance with resource policies that are clear, prospective and properly adopted. It should investigate suspected fraud, false documents, insider manipulation, unauthorised changes and attempts to treat the registry as a private spoils system. These are ledger functions.

It should be much more cautious about enforcing social or economic preferences through the same channels. It should not infer that a profitable leasing model is improper merely because it captures scarcity value. It should not treat out-of-region customer presence as a violation unless the relevant allocation and policy clearly make it material. It should not require re-justification of every evolved use unless a rule expressly supports such review and limits it. It should not use transfer recognition to punish unpopular holders. It should not let regional-development rhetoric convert existing reliance into conditional permission after the fact.

This does not mean AFRINIC cannot support African internet development. It can run training, encourage IPv6 deployment, support capacity building, improve routing security, operate community programmes and participate in policy development. But those activities should not be smuggled into enforcement decisions over individual resources. A programme funded by members is different from a resource threat. A policy debate is different from a review letter. A development objective is different from a record defect. The registry's legitimacy depends on keeping those layers separate.

The hardest category is regional purpose. AFRINIC serves a region and allocates resources under regional policies. It is not irrational for the institution to care whether resources issued under regional constraints are being used in ways that undermine those constraints. Yet regional purpose becomes dangerous when treated as an elastic post-allocation power. Modern networks are global. Cloud services, VPNs, content delivery, anycast, multinational customers, remote operations and leasing arrangements do not map neatly onto one geography. If regional purpose is to be enforceable, it must be translated into measurable, prospective obligations that members can inspect before building reliance.

The same is true of need. Need-based allocation may make sense when a registry distributes scarce space at administrative prices. But continuing need review after allocation should be tightly specified. If a holder lied at application, that is a fraud or misrepresentation question. If a holder's business evolved, the registry must ask whether the original agreement or policy made that evolution a breach. If a holder no longer uses resources at all, return or transfer rules may apply. If a holder leases to customers, the issue may be documentation and responsibility rather than "need" in the original sense. Need should not become a perpetual rationing theory.

AFRINIC should also distinguish enforcement against the holder from protection of downstream users. If a holder has breached a rule, customers may still depend on routes, reverse DNS, abuse handling and service continuity. A severe remedy that abruptly harms thousands of innocent users can be economically disproportionate even if the holder deserves sanction. Transitional arrangements, escrowed contact changes, prospective compliance plans or court-supervised preservation may protect the ledger without creating collateral damage.

Another enforceable category is truthful public representation. If a company claims a court approved a structure when it did not, the registry may need to correct that claim or seek relief. But the correction should be limited to the false attribution. It should not imply a broader merits victory unless the court has given one. Precision protects both the court and the market. AFRINIC's 2026 dispute over leasing-related statements shows the need for this exactness: the parties disagreed over whether statements suggested court endorsement, while the broader lawfulness of leasing remained contested.

In each category, the question should be: what fact is the registry enforcing, and why is that fact necessary to the ledger? If the answer is document authenticity, authority, accuracy, uniqueness, policy implementation or service continuity, enforcement is within the core. If the answer is market discomfort, regional politics, dislike of arbitrage, institutional pride or desire to control scarcity rents, the registry is outside the core unless policy has expressly and legitimately brought the matter inside it.

This test would not settle every case. But it would force clarity. It would make AFRINIC's enforcement letters shorter, more precise and easier to defend. It would make members' obligations more predictable. It would reduce the chance that a resource review becomes a corporate crisis. Most importantly, it would preserve the registry as a ledger whose power comes from reliability rather than fear.

Watchpoints for the next phase

AFRINIC's recovery should be judged by whether enforcement becomes boring. A board, budget and strategy are signs of institutional life, but the enforcement boundary will be visible in smaller operational details. The first watchpoint is the language of resource-review notices. Do they identify the exact rule, fact and remedy, or do they blend mission, policy, customer geography, commercial suspicion and severe threat? The more precise the notice, the more likely AFRINIC is acting as a ledger. The broader the language, the more likely it is acting as a gatekeeper.

The second watchpoint is the handling of transfer and leasing reality. AFRINIC does not need to endorse every address-market practice. It does need to decide whether it will record responsibility, process transfers, maintain accurate contacts and protect customers through explicit criteria, or whether it will treat commercialisation as a standing suspicion. A registry that makes leasing legible may reduce abuse and uncertainty. A registry that suppresses leasing through ambiguity may produce shadow markets and litigation.

The third watchpoint is whether severe remedies remain exceptional. Termination, reclamation, broad freezes and public threats should be rare, evidence-heavy and subject to independent review. If they become ordinary tools of compliance, the registry will raise the risk premium on all AFRINIC-administered resources. If AFRINIC uses lower rungs first and reports aggregate outcomes, confidence should improve even among members that disagree with particular policies.

The fourth watchpoint is service firewalls. RPKI, reverse DNS, WHOIS, RDAP, IRR, ticket processing and ordinary record maintenance should not become collateral in legal or policy fights. If AFRINIC can keep these functions stable while disputes continue, it proves that enforcement is bounded. If ordinary services become leverage or casualties, it proves that the gatekeeper problem remains.

The fifth watchpoint is how courts and outside bodies are described. ICANN, the NRO and Mauritian courts will continue to appear in AFRINIC's story. Their involvement should be presented as continuity support or legal clarification, not as a substitute for local member governance or as automatic endorsement of every registry position. Official exhibits are useful when they state dates, orders, roles and continuity concerns. They should not become the worldview of the institution.

The sixth watchpoint is the treatment of corruption history. AFRINIC must keep repairing the integrity weaknesses exposed by the reported address-record scandal. But repair should mean stronger access controls, audit logs, authority verification, dormant-resource review and independent remediation. If corruption history becomes a general justification for retrospective economic control, the registry will turn a valid lesson into a permanent power claim.

The seventh watchpoint is board restraint after restoration. A restored board may be tempted to prove strength by ratifying policies, hardening regional restrictions, fighting critics and converting recovery into authority. The more valuable test is restraint. Can the board reduce the commercial payload of capturing AFRINIC by narrowing discretion? Can it publish review metrics, legal categories and service-continuity commitments? Can it let policy debates occur without turning them into enforcement campaigns? Can it distinguish institutional survival from institutional vindication?

The eighth watchpoint is whether member accountability is allowed to operate without being recast as a threat to continuity. Members should be able to question budgets, directors, legal strategy, election administration and policy proposals without being told that criticism endangers the registry. At the same time, members should not use accountability language to paralyse ordinary service delivery or evade clear obligations. The enforcement boundary helps both sides. It protects the ledger from factional pressure while leaving the association open to legitimate challenge.

AFRINIC's place in the internet-number system is too important to be left to romantic accounts of community or market. A narrow registry is not anti-community; it is the condition under which diverse members can rely on the same record without trusting the same politics. A predictable enforcement boundary is not anti-compliance; it is what makes compliance legitimate. A recognition market is not proof that addresses are ordinary property; it is proof that registry decisions have economic effects and must be constrained accordingly.

The notice on the operator's desk remains the right image. It can be a healthy instrument: a request to correct records, verify authority, document a transfer, repair public data or address a real breach. Or it can be the first signal that an administrative ledger has become a discretionary gate. AFRINIC's future will turn on which kind of notice its members learn to expect. If the registry can enforce facts without governing business models, repair corruption without claiming open-ended control, preserve continuity without shielding discretion, and recognise market reality without surrendering the ledger, it can emerge from crisis with a stronger role. If it cannot, every valuable IPv4 record in its region will carry not only scarcity value, but registry-risk discount.

The economics are plain. A ledger creates value when it makes reliance cheap. A gatekeeper extracts or destroys value when it makes reliance conditional on discretionary approval. AFRINIC's enforcement boundary is therefore not an internal governance nicety. It is the line between a registry that lowers transaction costs for African networks and a registry that becomes an additional risk layer above them. In a scarce IPv4 world, that line is worth defending with precision.