Imagine the closing room for an IPv4 transfer. The seller says the agreement is signed and the seller has done what the contract requires. The buyer says completion cannot occur until money is safely held and releasable only on a verifiable event. The escrow provider wants an instruction it can apply without becoming an Internet court. A broker, if one is present, wants the parties to agree when a commission has been earned. The registry contact may say the request has been received, but not yet fully processed. A network engineer asks a different question: can the buyer announce the prefix, maintain reverse DNS, issue or change ROAs, update abuse contacts, satisfy customers and survive a post-close challenge without discovering that the old holder still controls something essential?
Each participant is describing a real form of completion. None is sufficient on its own. A signed contract proves private agreement. Funded escrow proves payment capacity. Registry acknowledgement proves that a recordkeeper has opened a path. A holder update in Whois or RDAP proves that public registration has moved. A working route proves that at least some networks will carry traffic. Reverse DNS, RPKI, route-registration support and abuse-contact handover prove that the new operator can operate the resource in the ways customers, platforms and security systems expect. A quiet period after closing proves that the transaction has not immediately produced a reversal demand, a filter, a reputation failure or a claim that the seller lacked authority.
That is the problem of settlement trust in IPv4. The market often talks about scarcity, policy, transfer rules and intermediation. Those topics matter, but they can obscure the more basic institutional fact. An IPv4 transfer settles across layers that are not controlled by the same actor and do not update at the same moment. The money layer, contract layer, registry layer, routing layer and operating-control layer must converge before the buyer has received what it thought it bought and the seller can say it has safely exited.
AFRINIC is the clearest stress test because its registry function has not been quiet background machinery. Public reporting has described address-theft allegations, litigation involving Cloud Innovation, years without a functioning board or chief executive, court-appointed receivership, contested elections, external intervention and renewed litigation through 2026. The lesson is not that every AFRINIC transaction is unsafe. It is that registry confidence is not scenery. It is part of settlement.
The question is therefore narrow and practical. If IPv4 has become a capital-like asset, what settlement architecture lets parties release money without pretending that payment, registry recognition, network control and legal finality are the same event? Escrow is part of the answer, but escrow is not magic. It can hold funds. It cannot by itself create registry recognition, update RDAP, delegate reverse DNS, issue a ROA, repair reputation, prove authority or decide a dispute. A serious market must define exactly which conditions release funds and which residual risks remain with which party after release.
Completion is not a single event
Ordinary goods encourage a simple closing story. A buyer pays, a seller delivers and title or possession changes hands. Even when the asset is complicated, the law often supplies a background grammar: delivery, transfer of title, warranties, inspection rights, custody, registration and remedies. The parties may disagree about quality or breach, but they usually know what event counts as delivery.
IPv4 does not fit that grammar. The numbers are globally unique identifiers, not boxes in a warehouse. Their economic value depends on a public registration record, but also on the practical willingness of networks to route them, the ability to maintain DNS and security records, the reputation attached to prior use, the relationship between registered holder and operating user, and the confidence of counterparties that the record will not be reversed or polluted by a dispute.
That makes completion a bundle. Contractual completion may occur when signatures and conditions precedent are satisfied. Payment completion may occur when escrow receives cleared funds. Registry completion may occur when AFRINIC or another regional registry recognizes the change in its records. Publication completion may occur when Whois and RDAP show the new holder. Operational completion may occur only after route announcements, reverse DNS, RPKI and abuse contacts have moved to the intended operator. Commercial completion may require a short period in which customers, upstreams, reputation systems and security tools accept the new arrangement.
These events can occur in different orders. A buyer may fund escrow before a registry request is submitted. A registry may accept documents before the bank releases funds. The record may change before the buyer has working RPKI control. Routes may be tested before the public holder record is updated. Reverse DNS may lag. Abuse contacts may remain with the seller or an intermediary for a transition. A dispute notice may arrive after the registry action but before the buyer has fully integrated the block.
The settlement problem is not caused by incompetence. It is inherent in the asset. IPv4 lives in a mixed institutional environment: private contract, registry policy, technical publication, routing practice and operational reliance. A well-run transaction reduces the distance between these layers. It does not abolish it.
This is why escrow terms matter more than the word escrow. Escrow can mean a simple payment hold, a staged release, a document repository, a technical-control checklist, a dispute reserve or a combination of all of them. The weaker the registry environment, the more dangerous it is to use the word without specifying the release event. In AFRINIC-related space, where registry continuity and governance confidence have been publicly tested, vague escrow language merely moves uncertainty from one room to another.
The market needs a more exact vocabulary. It should distinguish agreement, funding, submission, acceptance, registration, publication, operational handover, routeability, security-control handover, abuse-control handover and post-close stability. A buyer that receives only some of these has received an incomplete form of settlement. A seller that remains exposed after all of them has provided more risk-bearing than the consideration may have contemplated.
The asset is a recognized operating position
The economic object in an IPv4 transaction is not the number string alone. It is a recognized and usable position in the global numbering and routing system. A prefix printed on paper has no market value unless the surrounding institutions and networks treat it as belonging to a particular holder or operator. The same numerical block can be valuable, impaired, disputed or commercially unusable depending on registry records, authority evidence, route history, security objects and operating controls.
Scarcity made this difference visible. When IPv4 was abundant, a registry record was easy to treat as administrative bookkeeping. The resource was useful, but the value attached to a specific historic block was modest compared with the general ability to obtain more space. Once the free pools were exhausted or rationed, the record became a settlement venue. A change in the record could move large economic value. A delay in the record could trap capital. A false record could enable theft. A disputed record could stop a transaction even if both commercial parties wanted it to close.
This is the point behind the asset-market view of IPv4. IPv4 is finite, financed, litigated, routed and embedded in revenue systems. It enables servers, mobile translation layers, cloud services, data centres, VPN infrastructure, anti-abuse systems, customer access lists, payment rules and email reputation. The market may not agree on a single legal label, but counterparties behave as if a usable address block has capital significance because it does.
The registry model still carries language from an older era. It often describes resources through allocation, assignment, registration, membership, service and policy compliance rather than clean ownership. That language may be defensible for the registry's narrow technical function, but it does not remove the market's settlement problem. If a buyer commits substantial funds, it needs confidence that the recordkeeper will recognize the transfer, that the seller had authority, that the record will be public, that the resource can be operated and that the buyer has remedies if the sequence breaks after payment.
The result is a hybrid asset. It is not ordinary chattel. It is not merely a contract claim. It is not a pure financial instrument. It is a scarce network identifier whose value depends on a ledger and on live technical controls. That hybridity is exactly why settlement cannot be reduced to a bank receipt or a registry update.
For ordinary inventory, possession can be a useful proxy. For IPv4, there are several kinds of possession. The registered holder may be one party. The party announcing routes may be another. The party controlling reverse DNS may be a third. The party able to change ROAs may be the seller, the buyer, a service provider or the registry. The abuse contact may point to a legacy mailbox. The commercial exposure may sit with a lender, a broker or a hosting customer. Settlement has to align these positions or explicitly state which positions remain transitional.
AFRINIC makes that alignment harder to ignore. In a region whose registry has faced reported internal misconduct, litigation and receivership, counterparties cannot simply assume that the registration layer is frictionless. They must ask how much of the economic object is already within the buyer's control and how much remains dependent on a fragile or contested institutional path.
Escrow appears because authority is staggered
Escrow exists in IPv4 because the parties cannot safely perform at exactly the same moment. The seller does not want to submit transfer documents, release credentials or cooperate with operational handover without assurance that the buyer can pay. The buyer does not want to release money while the seller still controls the record, while the registry has not accepted the request or while the technical use of the prefix remains uncertain. The broker wants a closing event clear enough to avoid a fee dispute. The escrow provider wants conditions that can be verified without becoming the decision-maker for every Internet consequence.
That is a familiar commercial pattern. Escrow is useful wherever delivery and payment cannot be simultaneous. The special feature of IPv4 is that delivery has more than one layer. A payment escrow can be perfectly honest and still release too early if the condition is poorly chosen. Seller signature may be too early. Registry receipt may be too early. Holder-name change may still be too early if RPKI, reverse DNS and abuse contacts remain stranded. Buyer routeability may be too late if the seller has already surrendered the authority that only it could exercise.
The right release condition depends on the risk being allocated. A small, clean, intra-registry transfer between known operators may release on registry update plus a short technical confirmation. A large block with older records may require staged release: a deposit on signature, a larger tranche on registry acceptance, another on public holder update and a final holdback after operational handover. A file with unusual history may require an express remediation path before any final release.
Escrow should also separate money from authority. Holding funds does not prove that the seller has authority. Holding authority documents does not prove that the buyer can pay. Holding registry credentials is dangerous unless scope, custody and emergency triggers are clear. Holding technical controls without telling the parties creates another risk: an intermediary becomes indispensable after closing. A good escrow design identifies which actor holds money, which actor holds documents, which actor controls registry-facing authority and which actor controls operational systems.
In IPv4, escrow is therefore a settlement architecture, not merely a bank product. It should define sequence. The parties sign and evidence authority. Funds are lodged. The registry request is submitted. The registry accepts or rejects the file according to defined criteria. Public records change. Operational controls move. A post-close period tests stability. At each stage the agreement should say what happens if the sequence stops.
This does not mean every transaction needs a heavy legal machine. Over-design can kill legitimate deals, especially for smaller operators. But the core logic should be explicit. If a stage fails because the seller lacked authority, the buyer should recover funds and costs under the agreed remedy. If a stage fails because the buyer cannot satisfy a published eligibility condition, the seller should not carry indefinite uncertainty. If the registry delays without explanation, the parties should know whether escrow extends, terminates or releases partially. If operational controls lag after record change, a holdback should protect the buyer without treating the seller as unpaid forever.
AFRINIC's experience shows why such terms matter. Registry stress lengthens the interval between commercial intention and reliable finality. The longer that interval, the more settlement trust has to be engineered rather than assumed.
AFRINIC makes registry confidence visible
A stable registry is easy to underestimate. If records update predictably, services remain available, disputes are classified narrowly and staff authority is uncontroversial, counterparties treat the registry as background. Consideration may reflect scarcity and reputation, but not fear that the recordkeeper itself will become the obstacle. AFRINIC has made that assumption harder.
AFRINIC serves Africa and parts of the Indian Ocean, administering IPv4, IPv6 and autonomous system numbers and supporting public registry services such as Whois, RDAP, reverse DNS, routing registry functions and RPKI. For settlement purposes, these services are not auxiliary. They are the public and technical surfaces through which a transfer becomes legible to networks, customers, banks, platforms and later claimants.
The recent institutional record is unusually eventful. Public chronology records AFRINIC's formal recognition as the fifth regional registry in 2005, later internal controversy, reported address theft in 2019, litigation and governance disputes from 2020 onward, Supreme Court rulings in Mauritius in 2021 and 2022 that contributed to board invalidity or board discontinuity, the absence of a functioning board or chief executive, and the appointment of a receiver in 2023 to preserve operations and arrange elections. Internet Governance Project described the receivership as a court-supervised remediation. The Register described the organization in 2025 as boardless and bossless, with elections planned after years of strife.
Those facts matter for settlement even if a particular transaction file is clean. A registry's institutional condition affects the confidence that commercial actors place in its update process, dispute handling, service continuity and authority representations. A buyer that hears that AFRINIC has received a request will ask what that means if governance authority is contested. A seller will ask how long it remains bound if processing is delayed by institutional uncertainty. An escrow provider will ask which registry communication is objective enough to trigger release.
The 2025 election sequence sharpened the issue. Public reporting said a receiver appointed senior British lawyers to oversee nominations because of concerns about potential interference. It later described court challenges, external concerns about election transparency and fairness, the erroneous listing of Cloud Innovation as a registered member in Mauritian corporate documents, and a Supreme Court ruling that allowed the election to proceed while clarifying aspects of that listing. The Register then reported that the election was suspended and annulled after concerns over voter documentation and alleged powers of attorney. By 2026 it was still reporting litigation and dispute over AFRINIC's future.
One can read these events as governance news. Settlement actors should read them also as market-infrastructure news. A registry does not have to fail technically in order to affect settlement. If counterparties think the authority path is uncertain, they will demand longer escrow, more documentation, more holdbacks, stronger warranties and more conservative release triggers. Registry fragility becomes a private cost.
That is why AFRINIC is not merely a regional case. It shows the hidden dependency inside every IPv4 transaction. The parties are not closing around a passive database. They are closing around an institution whose capacity, legitimacy and continuity are part of the asset's usability.
Address theft turned dormant records into settlement evidence
The 2019 address-theft reporting remains one of the most important settlement exhibits in the AFRINIC story. KrebsOnSecurity described allegations that a senior AFRINIC figure had secretly operated companies that sold valuable IPv4 space, drawing on a long investigation into African address blocks associated with dormant or weakly monitored entities. The reporting estimated tens of millions of dollars of value and connected the problem to the broader market for scarce IPv4 addresses, where dormant records can be commandeered or misused. Other public chronologies have referred to millions of IPv4 addresses associated with the episode and later abusive use.
The point for settlement is not to retry each allegation. It is to understand the mechanism. Address theft is possible when the record of authority becomes separable from the real-world entity that originally received or used the resource. A company dissolves, merges, changes name or loses contact. A technical contact remains in a database after corporate authority has changed. A dormant block stops attracting daily attention. Historical Whois data is altered, interpreted or relied upon without enough corroboration. A third party discovers that a valuable asset can be moved, routed or sold if the recordkeeper accepts a file that looks plausible enough.
Once IPv4 has market value, stale records are not clerical debris. They are settlement risk. A buyer wants to know whether the seller is truly the holder, whether the holder still exists, whether the signatory has authority, whether earlier assignments or sub-allocations create claims, whether the route history suggests unauthorized use, and whether any public or private dispute could later challenge the transaction. A seller wants to know that it will not be blamed for later misuse if it has transferred a resource cleanly. A registry wants to prevent a false update without becoming a commercial police force.
Escrow cannot answer these questions after the fact unless the transaction file preserves evidence before release. The file should connect the registered holder to the legal entity, the legal entity to the signatory, the signatory to the transfer authority, the authority to the registry request and the request to the operational handover. If any link is weak, the release condition should reflect that weakness. A higher consideration may compensate a seller for delay, but it does not repair false authority. A lower consideration may compensate a buyer for reputation or timing risk, but it does not create a clean authority record.
AFRINIC's theft history therefore supports a simple discipline: old records require stronger proof, not broader discretion. The registry should not treat every monetization of IPv4 as suspect. Nor should it rubber-stamp a file because buyer and seller appear commercially motivated. The correct question is narrower. Does the evidence show that the requested change is authorized, that the resource is not subject to a conflicting verified claim, and that public registration and technical controls can move without corrupting the ledger?
This is where settlement trust differs from trust in personalities. The market cannot rely on a seller's confidence, a broker's assurance or a buyer's urgency. It needs a documentable chain. Address-theft reporting is a reminder that the chain is part of the asset.
Receivership converted governance risk into timing risk
Receivership is often treated as a governance remedy: a court appoints a receiver to preserve an organization, maintain the status quo, arrange elections and restore proper management. Internet Governance Project's 2023 account framed AFRINIC's receivership in that way, as a legal mechanism for preserving operations and replacing leadership under court oversight. From one angle, that is reassuring. It means the legal system did not simply allow the registry function to drift without supervision.
For settlement, however, receivership has a second meaning. It proves that the registry operator can become an object of legal administration. The database, services, bank accounts, management authority and election machinery may continue, but the path of authority is no longer ordinary corporate routine. Counterparties closing a transaction must ask who can approve what, whether ordinary staff authority remains intact, how disputes are escalated, and what court orders could affect the timing or interpretation of registry acts.
This is not an argument that transactions must stop during receivership. If anything, a well-run receivership should preserve ordinary registry functions. The issue is whether the settlement architecture recognizes the unusual condition. A contract that assumes normal processing may fail to state what happens if a receiver changes a timetable, if the registry cannot form a board, if a court application interrupts a policy decision, or if external organizations seek to intervene on the ground that registry continuity is at stake.
The institutional timeline matters. AFRINIC's board discontinuity began before receivership and did not end cleanly with a single announcement. The Register reported that the registry had been unable to appoint a chief executive or elect board members since 2022. Elections planned in 2025 were themselves contested. The Supreme Court of Mauritius became the venue for several questions that, in a quieter registry, would have been internal governance matters. By 2026, reporting still described litigation and external participation in proceedings connected to attempts to wind up AFRINIC.
This changes the settlement calculus. A buyer in a normal registry environment may accept a short escrow period because the main risk is documentary completeness. In a receivership environment, timing risk includes institutional capacity and legal intervention. A seller may require a long-stop date after which funds return or terms are renegotiated. A buyer may require a holdback if registry action occurs but operational controls lag because staff, policy or authority is unclear. A broker may be useful, but only if its knowledge is documented rather than converted into private leverage.
Receivership also exposes the weakness of the phrase registry continuity. Everyone agrees that number uniqueness, RDAP, Whois, reverse DNS and RPKI should continue. The harder question is whether continuity of the function requires continuity of every power claimed by the incumbent institution. Settlement trust requires the opposite assumption. Critical registry functions should be continuous precisely because the operator may face legal or governance stress. The ledger must be protected from collapse, but also from being used as a hostage for institutional immunity.
For escrow design, that means separating ordinary registry confirmation from broad institutional endorsement. A release trigger should not require the registry to bless the commercial wisdom of a deal. It should require objective evidence that the registry has made the relevant record change or accepted the relevant maintenance action. When institutional conditions are abnormal, objective triggers become more important, not less.
The 2025-2026 discontinuity matters at closing
The 2025-2026 AFRINIC sequence is tempting to treat as a story about elections, personalities and Internet governance politics. For settlement, it is a story about discontinuity. The market watches not only whether a board exists, but whether authority can be relied upon from one transaction stage to the next.
In April 2025 The Register reported that AFRINIC would hold elections in June after several years without a board, and that the receiver had appointed a nominations committee led by senior British legal figures to address concerns about possible interference. In June, Internet Governance Project reported that electronic voting had begun and in-person voting was scheduled, while also describing court challenges by the Tanzanian Internet Service Providers Association and an external application seeking changes to the nominations committee. The Supreme Court of Mauritius dismissed the challenges and allowed the election to proceed, while dealing with the erroneous Cloud Innovation registered-member listing.
That might have suggested progress. Yet the next stage did not settle the institutional question. The Register reported in July 2025 that the election had been suspended and annulled after concerns about voter documentation and alleged powers of attorney. It reported criticism of the absence of transparent explanation and referred to the possibility of compliance review. Cloud Innovation, a long-running litigant in AFRINIC matters, was reported as seeking a winding-up path. By February 2026, reporting described AFRINIC as saying it was back on track, with a board, interim management, a budget and an action plan. By March and May 2026, the same outlet was again reporting litigation, accusations of paralysis, external intervention and disputes over the legal meaning of AFRINIC's role and resources.
That pattern is the market signal. Settlement trust is not created by one successful milestone if the next milestone reopens the question of authority. A buyer does not need to predict the outcome of every court proceeding. It does need to know whether a registry action taken today will be treated as stable tomorrow. A seller does not need to take a side in every governance argument. It does need to know whether it can receive money and exit without the transaction becoming collateral in a wider dispute.
The discontinuity affects even routine deals because market participants price the long tail. If a transaction normally closes in weeks but occasionally falls into months of institutional uncertainty, counterparties will write contracts for the tail. Escrow durations lengthen. Counsel asks for more representations. Banks ask more questions. Sellers may prefer buyers with stronger registry experience. Buyers may discount blocks with unusual AFRINIC history. Some transactions may move into managed-use structures because a permanent transfer feels harder to settle.
These are not moral judgments about any party. They are transaction costs. In a capital-like asset market, governance discontinuity becomes part of the bid-ask spread, part of the holdback, part of the warranty package and part of the decision whether to proceed at all.
The institutional lesson is that AFRINIC recovery is not measured only by whether the organization can hold meetings or publish plans. It is measured by whether counterparties can define reliable settlement triggers. If the market cannot tell when an AFRINIC-recognized change is final enough to release funds, the registry's governance problem has become a settlement problem.
Release conditions should be layered
The central design question is simple to state and hard to answer: what event should release money? A weak transaction answers with a vague phrase such as completion of transfer. A serious transaction breaks completion into observable conditions.
Signature is rarely enough. It proves that the parties have agreed, but not that the seller had authority, that the registry will accept the request or that the buyer will obtain operational control. Funded escrow is also insufficient. It proves that money exists, but not that delivery will occur. Registry ticket creation is useful, but too early. It shows that the sequence has begun. It does not prove acceptance.
Registry acceptance is stronger. If AFRINIC or another registry confirms that the file is complete and that the requested holder change or maintenance action will proceed, the seller has cleared an important institutional hurdle. Yet acceptance may still precede publication. The buyer may not be able to show customers, upstreams or auditors that the public record has changed. For many deals, the first major release should therefore require public registration update in Whois or RDAP, not merely internal acknowledgement.
Even public registration update may not be the final trigger. The economic object is usable control. If the buyer cannot create or change ROAs, cannot maintain reverse DNS, cannot control route objects or cannot update abuse contacts, the registry change may be incomplete for operational purposes. A buyer of a large block intended for immediate customer deployment may rationally demand a second-stage release only after technical handover. A seller may respond that some operational steps depend on the buyer's network, not the seller. The solution is not to collapse the distinction, but to assign it.
A workable release schedule might divide funds into tranches. An initial deposit becomes non-refundable after due diligence confirms authority and the buyer fails to proceed without cause. A main tranche releases on public holder update. A technical tranche releases after reverse DNS, RPKI/ROA authority, route-registration support and abuse-contact handover are complete, to the extent these are within the seller's or intermediary's control. A final holdback releases after a short dispute and stability window, absent a verified claim that existed before closing or a breach of representation.
The exact percentages are commercial. The categories are institutional. They prevent one party from bearing risks it cannot control. They also prevent escrow from becoming a weapon. A buyer should not be able to hold back all funds because it misconfigured its own routing. A seller should not receive all funds if it delivered a public holder update but retained the operational keys needed to use the prefix. A broker should not be paid solely because it introduced the parties if the transaction fails at a stage the broker claimed to manage.
The trigger must also distinguish registry delay from registry refusal. Delay may extend escrow. Refusal for curable documentation may create a cure period. Refusal because the seller lacks authority should unwind the deal. Refusal because the buyer fails a published eligibility condition may allocate costs differently. Refusal based on broad discretionary discomfort should be challenged through a defined path rather than silently converted into a private loss.
AFRINIC's environment makes these distinctions more than legal neatness. They are the means by which settlement trust is manufactured in a market where no single institution can promise all layers of finality at once.
RDAP, reverse DNS, RPKI and abuse contacts settle at different speeds
Many IPv4 disputes begin because the parties confuse registry holder change with operational handover. The public record may name the buyer while one or more controls remain elsewhere. That can be harmless during a planned transition. It can be dangerous if the transition is not documented.
Reverse DNS is a common example. A buyer may need delegation changes so that customer systems, mail servers and identity checks work as expected. If reverse DNS remains with the seller or a service provider after holder update, the buyer has not fully integrated the block. The seller may be willing to assist, but the agreement should say for how long, at what standard, and what happens if the buyer requests changes after closing. A silent transition leaves both sides exposed.
RPKI is more sensitive. A route-origin authorization can make a route valid, invalid or uncovered depending on the state of certificates, repositories and relying-party views. If the old holder's ROAs persist, the buyer may announce through an origin that fails validation. If the old holder revokes too quickly, routes may become invalid before the buyer's arrangements are in place. If no one knows who controls the relevant portal or key material, a registry record change may create a security gap. RPKI handover should therefore be treated as a first-class settlement condition, not a post-close chore.
Routeability is related but not identical. A prefix may be legally transferred and technically announceable, yet still face filtering, geolocation residue, reputation history or upstream hesitation. The seller cannot guarantee the entire Internet's routing policy. It can, however, disclose known route history, provide letters of authorization where appropriate, coordinate a planned cutover and avoid actions that make the buyer's first announcements harder. The buyer can test upstream acceptance and plan mitigation. Escrow can reserve a small holdback for agreed cooperation, not for all global routing behavior.
Abuse-contact control also matters. A buyer inheriting a block with poor history needs the ability to receive and answer abuse reports. A seller needs evidence that complaints after a certain time belong to the new operator. A registry record that still points to the seller's mailbox can create reputational and legal confusion. In a market where address theft and spam history have been publicly associated with African blocks, abuse-contact handover is not administrative trivia.
RDAP and Whois publication sit between legal and operational control. They tell the world who is responsible, but they do not by themselves give the buyer technical command. Conversely, a buyer may operate a block before public records fully reflect the arrangement, especially in staged transfers or managed-use arrangements. The settlement file should state whether operational use before public update is allowed, who bears abuse and routing responsibility during that interval, and whether funds remain in escrow until public records catch up.
The post-close period is the final part of operational settlement. A short stability window can reveal whether a former holder objects, whether a route is filtered, whether reverse DNS is broken, whether RPKI is stale, or whether a registry issue has been misread. The window should be limited and tied to objective defects. It should not become an indefinite buyer option. Its function is to catch known settlement defects, not to transfer ordinary business risk back to the seller.
In AFRINIC-related transactions, this sequence deserves particular care because institutional uncertainty and operational uncertainty can be confused. A slow registry response is not the same as a route leak. A dispute over governance is not the same as a missing abuse mailbox. Settlement trust improves when the file names each layer separately.
The dispute window is an economic term
Every settlement system needs a theory of mistakes. In IPv4, mistakes can be documentary, technical, institutional or commercial. A signatory may lack authority. A corporate succession record may be incomplete. A registry may misclassify a holder. A buyer may misstate intended use. A seller may fail to disclose a dispute. A representative may exceed mandate. A route may not propagate as expected. A court order may arrive. A previous claimant may appear.
The market prices these possibilities, but often indirectly. A buyer demands a discount. A seller demands faster release. An escrow provider demands clearer instructions. Counsel demands warranties and indemnities. Brokers demand fees for getting the sequence done. If the registry environment is uncertain, the private cost of dispute risk rises even where the individual block is clean.
A dispute window makes the cost visible. It states that some part of the funds remains held for a defined period after public and operational handover, and that release is blocked only by specified claims. Those claims should be narrow: false authority, pre-existing conflicting claim, registry reversal based on pre-close facts, failure of agreed operational-control handover, or breach of a core representation. Ordinary buyer remorse, a change in market conditions, self-inflicted routing error or unrelated governance news should not block release.
The window should also state what happens to the resource during dispute. The default should preserve the last verified operational state. If the buyer is already registered and operating, a commercial payment dispute should not automatically justify pulling reverse DNS, revoking ROAs or disrupting customers. If the seller remains registered while the file is pending, the buyer should not route as if it owns the block unless the agreement authorizes interim use. Dispute isolation is the difference between settlement discipline and hostage-taking.
AFRINIC's experience makes this principle central. Public reporting has shown how litigation and governance disputes can entangle the registry itself. The correct lesson is not that every registry dispute should freeze all operations. It is that dispute categories must be precise. A court challenge to an election is not a prefix-specific authority defect. A winding-up application is not the same as a seller's forged board resolution. A dispute over regional policy is not the same as a missing reverse-DNS handover. Settlement architecture should not allow broad institutional anxiety to contaminate a clean transaction file.
The dispute window also protects sellers. If a buyer wants long post-close protection, it should pay for it through a holdback or other negotiated term. It should not expect unlimited seller exposure after receiving the resource. In a scarce market, sellers often use proceeds for capital expenditure, debt repayment or business transition. Indefinite escrow undermines the reason to sell.
For buyers, the window is a guard against false finality. A public holder update that is reversed two days later because a previous director lacked authority is not completion. A routeable prefix whose RPKI status is controlled by the seller is not full handover. A clean invoice with broken abuse contacts is not enough for a customer-facing operator. The window gives these defects a place to be addressed without turning every concern into a failed deal.
In short, the dispute window is not an afterthought. It is the market's recognition that IPv4 finality is layered. AFRINIC's institutional history only makes that recognition more necessary.
The registry should be a ledger, not a deal judge
A serious settlement architecture must not solve private risk by expanding registry power. That is the central boundary. The registry's job is to maintain uniqueness, accuracy, publication and security continuity. It should verify authority, prevent duplicate or fraudulent registration, record disputes with precision, maintain Whois and RDAP, support reverse DNS and RPKI, and execute valid changes under defined procedures. These functions are real and important.
They do not imply that AFRINIC should become the commercial judge of every deal. Escrow should manage payment and commercial risk. Contracts should allocate warranties, holdbacks and remedies. Courts or independent forums should decide serious disputes. The registry should not use its control over records to approve or disapprove the parties' economics, business model, consideration, financing, buyer urgency, seller profit or broker compensation unless a specific adopted rule directly governs the question and is applied through a fair procedure.
This boundary reflects a broader discipline: registries should not become enforcers of every claimed public interest. An address registry is a critical administrative layer. It is not a police force, a prosecutor, a market regulator or a moral tribunal. It may moderate its own forums and enforce defined service rules, but it should not weaponize essential registration services to punish conduct beyond its mandate. The more valuable IPv4 becomes, the more dangerous mandate expansion becomes.
Settlement trust depends on this restraint. If a registry can withhold recognition because it dislikes a commercial form, counterparties will treat the registry as a discretionary deal approver. That increases uncertainty, empowers insiders and intermediaries, and forces parties to structure around perceived institutional preferences rather than objective requirements. Escrow conditions then become a guessing game: not whether the seller proved authority, but whether the registry approves of the transaction's purpose.
AFRINIC's disputes show how easily the line can blur. Public debate has mixed resource review, out-of-region use, transfer policy, member rights, litigation, institutional continuity and regional representation. Some of those questions may matter for policy. They should not all enter a routine settlement file. A transfer file should not become the venue for resolving the entire philosophy of IPv4 commercialization.
Keeping the registry narrow does not mean making it weak. A ledger-first registry can be strict about evidence. It can reject false documents. It can require current corporate authority. It can pause a file subject to a concrete court order. It can preserve a last verified state during dispute. It can publish processing states and audit trails. It can require that reverse DNS and RPKI handover be technically coherent. These are forms of strength.
What it should not do is launder broad power through the language of continuity. Registry continuity means continuity of records, services, uniqueness, security publication and legitimate updates. It does not mean institutional immunity, discretionary commercial control or the right to convert every market anxiety into registry veto. Protecting the ledger is not the same as protecting every gatekeeping claim.
For escrow, this distinction is practical. The release condition should refer to objective registry acts, not discretionary approval of business wisdom. If the registry acts as a reliable ledger, escrow can define triggers. If the registry acts as an unpredictable commercial judge, escrow becomes expensive insurance against institutional mood.
A settlement architecture for AFRINIC-related transfers
A workable AFRINIC settlement architecture would start with a narrow recordkeeping premise and build commercial safeguards around it. The registry verifies and publishes the authoritative state. The parties and escrow allocate payment and performance risk. Technical operators execute handover. Independent adjudication handles disputes that exceed administration. None of these layers should pretend to be the others.
The first component is authority evidence. Every transaction should preserve a clear chain from registered holder to legal entity, from legal entity to signatory, from signatory to transaction, and from transaction to requested registry action. Older allocations, corporate reorganizations, dissolved entities, name changes and legacy contacts should not be handled through informal memory. If the chain is incomplete, escrow can hold funds while the defect is cured or the parties terminate.
The second component is public registry staging. The parties should know the difference between request received, file complete, accepted for processing, holder updated, public Whois or RDAP updated, and any related reverse-DNS or RPKI action. If AFRINIC can publish or communicate these states consistently, escrow providers can use them. If the states are opaque, private actors will invent their own signals, increasing cost and disputes.
The third component is technical-control handover. Reverse DNS, RPKI/ROA authority, route-registration support, abuse contacts and operational communications should be assigned to a closing checklist. The checklist should identify who controls each item before closing, what must change, who performs the change, what evidence proves completion, and what remains outside the seller's control. This prevents an operational problem from being disguised as a payment dispute.
The fourth component is a calibrated post-close holdback. This need not be large in every transaction. Its purpose is to cover defects that could not reasonably be verified before release: a pre-existing authority claim, a registry reversal based on pre-close facts, or failure to complete an agreed technical-control step. It should have a defined duration and a defined claims path.
The fifth component is remediation rather than automatic collapse. If reverse DNS lags, fix reverse DNS. If a ROA is stale, create or revoke the relevant object. If an abuse contact is wrong, update it. If a document is missing, create a cure period. If a claim is serious, isolate the disputed action and preserve the last verified operational state. Not every defect should unwind the whole transaction. Not every dispute should disrupt running networks.
The sixth component is auditability. A failed transaction should be reconstructable without relying on memory or personal assurances. The file should show who provided each document, what it proved, which registry state occurred, when funds moved, which controls changed and why any holdback was released or retained. Auditability protects honest buyers, honest sellers, registries and escrow providers alike.
This architecture does not require AFRINIC to guarantee broker conduct or every route decision on the Internet. It requires AFRINIC to provide a reliable, narrow, legible registry interface. The more objective the registry interface, the less pressure there is to give the registry broader commercial power. That is the balance a capital-like IPv4 market needs.
It also helps counterparties allocate settlement risk without hiding it inside general unease. Authority risk is different from registry-timing risk. Registry-timing risk is different from operational-control risk. Operational-control risk is different from institutional-continuity risk. Institutional-continuity risk is different from ordinary market risk. A buyer should not withhold money because the market softened after registry update. A seller should not force release if it never delivered agreed controls. A broker or adviser who reduces documented risk should be paid for that work, not for cultivating fear.
This is how a scarce market matures. It does not eliminate risk. It names risk, assigns it and makes it auditable.
What confidence would look like
Settlement confidence in the AFRINIC market would not mean that every transaction is fast or that every party is satisfied. It would mean that the parties can predict the path from private agreement to recognized and usable control. They would know which documents prove authority, which registry states matter, which technical controls must move, which events release funds, which defects trigger cure and which disputes go to an independent forum.
The registry would act as a reliable ledger. It would protect uniqueness, preserve accurate records, maintain RDAP and Whois publication, support reverse DNS and RPKI continuity, record concrete disputes and execute authorized changes. It would not convert commercial discomfort into discretionary approval power. It would not treat escrow as a reason to expand its mandate. It would not make the market guess whether a file is delayed because of evidence, policy, governance or institutional unease.
Escrow would manage commercial timing. It would hold funds, release them on objective conditions, preserve holdbacks for defined defects and avoid becoming a substitute registry. It would not treat a signed contract as full delivery. It would not treat a registry ticket as finality. It would not demand impossible proof of global route acceptance. It would translate layered settlement into staged payment.
Buyers and sellers would accept that IPv4 is neither ordinary inventory nor a mystical public gift. It is a scarce operational asset whose use depends on records and controls. The buyer's job is to prepare funding, eligibility, routing, RPKI, DNS and abuse operations. The seller's job is to prove authority, cooperate with registry action and hand over agreed controls. Both sides should understand that a transaction without settlement terms is incomplete.
Brokers and advisers would appear as participants in the mechanics, not as the central thesis of the market. They can reduce search and documentation cost. They can coordinate escrow. They can help translate registry procedure into commercial terms. But their value should come from documented diligence, not from private access or cultivated fear. A settlement architecture that is too dependent on undisclosed intermediary knowledge is not mature.
AFRINIC's broader governance future remains uncertain. Public reporting in 2026 included both signs of organizational recovery and signs of continuing litigation and intervention. That uncertainty is exactly why settlement design matters. A market cannot wait for perfect institutional peace before it transacts. Nor should it pretend that institutional stress is irrelevant. The disciplined response is to define release triggers, preserve audit trails, isolate disputes and keep the registry's role narrow.
The closing room for an IPv4 transfer will still contain several definitions of completion. The lawyer will look for contractual satisfaction. The bank will look for payment certainty. The registry contact will look for authorized records. The engineer will look for usable control. The buyer will look for continuity. The seller will look for release. Settlement trust is the architecture that lets all of those definitions be true in sequence without pretending they are the same moment.
AFRINIC shows why that architecture is no longer optional. Once IPv4 becomes capital-like, the cost of ambiguity rises. Money release, registry recognition, routeability, reverse DNS, RPKI, RDAP, authority evidence and post-close remedies do not naturally converge. They must be made to converge by contract, escrow, registry discipline and operational planning. The goal is not to make AFRINIC the judge of every deal. It is to make AFRINIC dependable enough as a ledger that escrow can do its proper job: bridge the gap between payment and settlement without laundering new discretionary power into the registry layer.

