AFRINIC's recovery will not be proved by the return of a board, by a carefully phrased statement about stability, or by the continued habit of other internet institutions treating it as one of the world's five regional internet registries. Those are important administrative facts. They are not the same thing as economic trust.

The harder question is why a buyer, lessor, network operator, court, customer, bank, government agency, cloud platform or downstream service provider should once again treat an AFRINIC-administered record as boring. Boring is the compliment that matters in registry economics. A boring record can be relied upon without an extra committee meeting. It can support a transaction without special indemnities. It can be shown to a customer without a footnote about pending institutional risk. It can be used by a court as a coordination fact rather than as another disputed artifact in a wider fight.

AFRINIC's crisis has made that kind of boredom difficult. Years of litigation, receivership, election disputes, allegations about voting authority, public arguments about the integrity of address records, and conflict over IPv4 scarcity have turned a technical-administrative institution into a case study in institutional economics. The immediate narrative is African internet governance. The larger problem is how a private, membership-based registry can retain authority over scarce, capital-like resources when its own governance becomes a source of risk.

The answer begins with a distinction that runs through the sharper criticism of the AFRINIC model: protect the ledger, not the gatekeeper. AFRINIC's formal identity as the regional registry for Africa and parts of the Indian Ocean explains why its function matters. It does not prove that every power claimed by the incumbent institution deserves the same protection. The registry record is valuable because outsiders believe it is accurate, bounded, auditable and durable enough to coordinate around. If that belief weakens, the damage does not arrive only as a single outage. It appears as discounts, delay, litigation, defensive contracting, customer anxiety, uncertain member mandates and pressure for alternative continuity arrangements.

That is why AFRINIC's governance failure should not be analysed as a morality play about one claimant, one company, one receiver, one election, one board, one public campaign or one theory of community. The public record contains many contested details. The 2019 allegations reported by KrebsOnSecurity about the misuse of dormant or defunct African address space remain allegations in the materials available for public analysis, not judicially settled findings. The dispute between AFRINIC and Cloud Innovation has competing legal, commercial and governance narratives. AFRINIC has argued that litigation and associated campaigns damaged its ability to function; critics have argued that the deeper failure lies in a registry model with too much discretion, too little liability and no credible exit. The 2025 election sequence included reported allegations over powers of attorney and voting authority; the public materials do not establish every contested claim.

Those cautions matter. A registry crisis should not be repaired by replacing institutional mythology with counter-mythology. Allegations must remain allegations unless established. Interested critics must be read as interested critics. Official statements must be read as official statements. But uncertainty about individual claims does not obscure the structural lesson. AFRINIC's crisis touched almost every confidence layer around a regional internet registry: record accuracy, member authority, transfers, revocation risk, court continuity, receiver authority, voting legitimacy, liability alignment, external recognition, operator trust and the possibility of exit.

A revived board can start to repair those layers. It cannot substitute for them. If AFRINIC wants resource holders and markets to trust its records again, it has to make the official path cheaper, safer and more predictable than litigation, private workaround, special indemnity or structural avoidance. Recovery is not a ceremony. It is a reduction in the price of relying on the registry.

Recovery is a price, not a press release

Institutions in crisis tend to describe recovery in theatrical terms. There is a court order. A receiver keeps the lights on. An election is scheduled. A board is seated. A chief executive search begins. Other organisations express support. The institution announces that services continue. The implied message is that normality has returned.

In a registry, normality is not a speech act. It is a price.

It appears in whether a transfer can close without a special AFRINIC discount. It appears in whether a lender values an address-supported business without a governance haircut. It appears in whether a cloud customer asks whether its provider's numbering could be affected by a court fight in Mauritius. It appears in whether a lessor demands broader termination rights for address space administered in one region rather than another. It appears in whether a lawyer becomes part of a transaction that should have been routine. It appears in whether members participate in governance because they believe the process can change outcomes, or only because abstention has become too expensive.

The cost of failed registry governance is therefore diffuse. It is rarely reported as a single loss. It spreads through contracts, diligence, credit assumptions, procurement reviews, insurance language, customer commitments and litigation budgets. A buyer may not say that AFRINIC has failed. It may merely ask for a lower price. A network may not denounce a registry. It may merely avoid exposing critical customers to registration uncertainty. A member may not leave. It may merely stop believing that the official process is the safest place to resolve disputes.

Official materials are essential exhibits in this analysis. They can identify AFRINIC's service region, registry functions, receivership events, election announcements, policy positions and continuity statements. They should not be allowed to determine the conclusion. The question is precisely whether official status still converts into economic trust. The same caution applies to critics. Lu Heng, LARUS and NRS are not detached observers; they have legal, commercial and political interests in the dispute. Their public notes nevertheless matter because they state a coherent theory of failure: registry authority rests on shared belief; IPv4 scarcity turned records into capital infrastructure; and concentrated discretion without matching liability eventually destroys confidence.

That theory does not need to be accepted in full to be useful. It directs attention to the correct unit of recovery. AFRINIC does not have to persuade every critic that the old model was virtuous. It has to persuade rational operators that the official ledger is safer than avoidance. That is a lower-sounding standard, but it is harder to meet. It asks for evidence of process rather than institutional pride. It asks for narrow authority rather than grand language about regional guardianship. It asks for lower transaction costs rather than lower rhetorical temperature.

The central error in much internet-governance language is to treat legitimacy as an asset that an institution owns. In registry economics, legitimacy is closer to rolling credit. Other actors keep lending belief to the registry because doing so remains useful. When they doubt the borrower's discipline, the terms change. AFRINIC's recovery is the renegotiation of those terms. The market will not ask whether the institution feels legitimate. It will ask whether reliance has again become rational.

The ledger is the registry's real capital

AFRINIC's most important asset is not its office, bank account, meeting calendar, public mission statement or board title. It is the recognised registry record. The record says which organisation is associated with a number resource, who may request changes, which contacts are visible, how reverse DNS is delegated, how security assertions may be rooted, how transfers are recorded and whether a dispute contaminates an otherwise ordinary transaction.

Routers do not obey the registry as a matter of physics. Networks can route packets without asking AFRINIC for permission. Yet contracts, security systems, brokers, customers, courts, banks and counterparties often treat the registry database as the recognised coordination layer. That is enough to make the record economically powerful. A registry does not have to command every router to affect value. It only has to influence the social and legal facts that surround network identity.

This is why the 2019 public reporting on alleged manipulation of AFRINIC address records mattered beyond the particular blocks at issue. KrebsOnSecurity reported claims by researcher Ron Guilmette that dormant or defunct African address space had been commandeered and sold through companies linked to a former AFRINIC insider; AFRINIC's then chief executive was reported as saying that an investigation was under way. Those claims should not be repeated as settled judicial fact. Their importance for recovery is narrower and more institutional: they showed how much value can sit inside historical records, succession evidence, contact control and internal change authority.

If a registry's historical ledger is suspected of being porous, every later enforcement choice becomes more delicate. The institution may feel pressure to prove that it can audit and act. Members may fear that audit power will become discretionary control. Operators may accept fraud correction but reject business-model policing. Courts may be asked to distinguish between record integrity and institutional overreach. Counterparties may wonder whether a defect in one part of the ledger can spread uncertainty to other holdings.

The recovery condition is therefore not simply stronger enforcement. It is better record confidence. That means verified authority, historical audit trails, distinguishable categories of correction, conflict metadata, transparent cure periods and independent review for severe action. It means that a record affected by fraud, succession uncertainty, court restraint or an ordinary transfer should not be collapsed into a single opaque bucket called "compliance." The more valuable IPv4 becomes, the more every registry flag functions like credit information. Vague adverse status lowers value. Precise status permits risk to be priced.

The real test is whether AFRINIC can isolate contamination. If one block is disputed, unrelated resources should not inherit the risk. If one member's voting authority is challenged, every later act should not become suspect. If a historical record is defective, the cure should be documented without turning all older allocations into provisional licences. A reliable ledger is not a ledger without conflict. It is a ledger that can contain conflict without spreading it.

That is the point of the ledger-versus-gatekeeper distinction. A ledger-oriented registry treats accuracy, uniqueness and continuity as its core duties. It records who holds what, how authority was verified, what status applies, what dispute exists and what processes are available. A gatekeeper-oriented registry is tempted to convert control of the record into a broader power to approve business models, punish disfavoured uses, slow mobility, discipline members or turn regional policy preferences into asset restrictions. The first role lowers coordination costs. The second raises political stakes and legal exposure.

AFRINIC's crisis shows how quickly a registry can slide from the first role toward the second when resources become scarce. Scarcity makes the record valuable. Value makes every discretionary power worth fighting over. Once the fight begins, the institution may seek more discretion in order to defend itself. That response can worsen the trust problem. The market does not want a heroic gatekeeper. It wants a ledger that can be checked.

Scarcity turned governance into capital risk

AFRINIC's governance troubles became economically material because IPv4 scarcity changed the thing being administered. In the abundance era, registry governance could be untidy without attaching a large value discount to every decision. Addresses had operational importance, but fresh allocations were still part of a routine administrative process. Scarcity altered the bargain. IPv4 addresses became purchased, leased, financed, litigated, defended and embedded in customer systems. A registry decision about recognition, transferability, revocation or dispute status therefore became a decision about capital.

The Internet Governance Project's 2021 analysis of the AFRINIC-Cloud Innovation dispute placed the conflict in that scarcity environment. It described a region with a relatively small share of global IPv4, below-market administrative allocation pricing and a dispute over whether Cloud Innovation's use of AFRINIC-administered addresses complied with regional-use expectations. It also criticised aspects of AFRINIC's enforcement posture while acknowledging that Cloud Innovation's litigation imposed serious institutional costs. That reading is an interpretation, not a court judgment. Its value lies in the mechanism it identifies: scarcity made an administrative record worth fighting over.

Once scarcity is present, governance failure no longer remains inside governance. A contested board can affect transfer rules. A disputed member register can affect who controls policy. A receiver can preserve continuity but also become part of a struggle over authority. A court order can protect the status quo while changing expectations about future operations. An official statement can move from reassurance to market signal. A delay in transfer recognition can change bargaining power. The institutional layer becomes part of the price of the asset.

This is why AFRINIC's recovery cannot be reduced to replacing people. A better board can help if it reduces discretion and clarifies process. A worse board can accelerate the discount. But the core recovery problem sits in institutional design. A registry whose policies allow it to block capital movement on broad, retrospective or moralised grounds will face distrust even under competent management. A registry whose member-authorisation system can be challenged after the fact will face litigation even after an election. A registry whose liability remains small relative to the harm its decisions can cause will face pressure for external discipline even if it uses careful language.

The policy problem is often hidden by the vocabulary of stewardship. Stewardship sounds benign. In a scarce-resource environment it can become economically coercive if it is not bounded. A registry can and should protect uniqueness, prevent duplicate claims, correct fraud, publish accurate data, operate security services and respect court orders. It does not follow that the registry should hold a standing veto over every later use, lease, transfer, customer relationship or commercial strategy attached to a number resource. The broader the claimed discretion, the less the record looks like a neutral coordination layer and the more it looks like a gatekeeping licence.

The trap is that governance failure creates demand for stronger control. After a scandal, address-record controversy or years of litigation, many observers instinctively want the institution to assert discipline. Yet more discretion can be the wrong medicine. If members and operators fear arbitrary power, expanding the range of discretionary intervention raises the price of trust. Recovery requires strength of the boring kind: tighter records, clearer rules, better audits, faster independent review, narrower remedies and fewer opportunities for factional control.

That is institution-building through restraint. It is less satisfying than institutional combat. It is also more likely to work.

Receivership preserved the bridge; it did not rebuild the market

The appointment of a receiver by the Supreme Court of Mauritius, welcomed by the Number Resource Organization in September 2023, was an important factual step in AFRINIC's crisis. The NRO statement described the receiver's role as preserving the value of AFRINIC's business, maintaining the status quo of assets, overseeing elections, facilitating the formation of a proper board and enabling the appointment of a chief executive. As evidence, that tells us the crisis had crossed a line: ordinary governance could not itself restore ordinary governance.

Receivership can be economically valuable because it prevents a bad equilibrium from becoming immediate collapse. It can keep staff, records, bank accounts, systems and legal authority from being pulled apart by factions. It can create a path toward elections. It can signal to courts and counterparties that the registry function will not be abandoned. In that sense, receivership protects option value. The institution remains capable of repair because the bridge has not fallen into the river.

But receivership is not recovery. A receiver is a preservative tool, not an economic constitution for scarce number resources. Lu Heng's public note on AFRINIC lock-in argues that a receiver should not be treated as a legislature for irreversible structural choices. Even readers who reject his broader argument should accept the caution. During receivership, the legitimacy of structural policy changes, transfer restrictions or bylaw revisions will be read through the lens of provisional authority. The more permanent the economic effect, the greater the need for explicit authority, member consent and review.

The same point applies to court-supervised elections. An election can restore corporate organs, but it does not by itself restore confidence that those organs will act within a narrow and predictable mandate. Public reporting in 2025 described suspended and annulled voting after allegations involving powers of attorney, followed by a later board election in which Smart Africa-backed candidates reportedly won most seats. The validity of every disputed instrument is not established for public readers by those reports. What is established is that the process itself became a site of concern.

That matters because member authority and registry authority are cousins. The same institutional discipline that verifies who may vote must verify who may transfer, who may update a record, who may appoint a representative, who may sign for an organisation and who may contest a claim. If members doubt the integrity of voting authority, they will doubt other forms of authority management. If they believe a board's mandate is born from procedural fog, every economically material board decision will carry a discount.

Receivership therefore bought AFRINIC time, not trust. Time is useful only if it is spent on verifiable reforms. A court-appointed bridge followed by the same opaque incentives is not recovery. It is a pause before the next repricing. The market will not care that a receiver once maintained status quo assets if, after the receiver, transfer rules remain ambiguous, dispute handling remains destructive, member authority remains contestable and liability remains misaligned.

The lesson for other RIRs is uncomfortable. A receiver can keep a registry alive, but it cannot make a registry trusted. Continuity of the corporate shell is only one layer of continuity. The registry state, security publication services, member authority, transfer pipeline, court restraints, customer dependencies and downstream routing expectations each need their own protection. A receiver can hold them together temporarily. A recovered institution has to make them separable enough that one dispute does not threaten the whole.

Courts must preserve continuity without becoming the registry

AFRINIC's incorporation in Mauritius makes court continuity central to its recovery. Courts can appoint receivers, restrain corporate actions, interpret contracts, examine member authority, hear winding-up applications and police public claims. That is not a defect in itself. A registry is not a sovereign. When internal governance fails, ordinary courts may be the only institutions with recognised authority to preserve the status quo and prevent one faction from converting paralysis into control.

The danger is that court involvement can become either too weak or too strong. If courts defer excessively to registry claims of community and continuity, they may allow a private institution to treat technical importance as practical immunity. If courts treat AFRINIC like an ordinary company without regard to registry dependencies, they may accidentally damage records, RDAP, WHOIS, reverse DNS, RPKI, member support and running networks. The recovery condition is not fewer courts in the abstract. It is better court-continuity architecture.

Public reporting in 2026 described ICANN intervention in a winding-up context. The narrow legitimate role of such official-system evidence is technical context. ICANN can help a court understand why number resources and registry services cannot be treated like ordinary corporate inventory. It can explain dependencies around IANA recognition, registry records and continuity of service. But ICANN's view should not settle the economic rights of resource holders, the scope of AFRINIC's discretion or the legitimacy of any particular policy. Courts need technical context without surrendering their role as legal backstop.

A mature continuity design would give courts more precise tools. It would distinguish the corporate shell from the registry state, the registry state from security publication services, security services from policy authority, policy authority from member voting and member voting from resource-holder reliance. It would define what happens to records, signatures, reverse zones, contact authority, pending transfers and dispute flags under receivership, insolvency, board incapacity or emergency intervention. Without that separation, every legal remedy risks becoming too blunt.

The receiver model showed the importance and limits of judicial preservation. It was useful because someone had to maintain continuity while governance was broken. It was insufficient because preservation alone does not settle what powers the rebuilt institution should have. If the post-receivership institution returns with the same broad discretion, courts will be invited back. If it narrows its powers and improves review, courts can retreat to their healthier role: resolving bounded disputes rather than supervising the registry's existence.

The ideal is not to eliminate litigation. Disputes will continue because valuable resources invite disagreement. The ideal is to make litigation less existential. A court case over a transfer, a member credential, a disputed block or a public statement should not threaten the entire ledger. The last verified operational state should usually be preserved while the merits are decided. Conflicting changes can be paused. Unrelated services should continue. Courts should be able to decide without holding the live network hostage.

That requires pre-committed rules. Emergency continuity should not be invented in the middle of insolvency or receivership. It should say which systems continue, who can sign changes, how disputed instructions are frozen, how security services are maintained, how member communications are authenticated and how independent review is accessed. If the internet-governance system wants courts to handle registry crises carefully, it has to provide the legal architecture before the crisis reaches the courtroom.

Member authority is the hidden operating system

RIRs speak of membership as a source of legitimacy. In theory, that is true. In practice, membership legitimacy depends on whether the people and organisations with real exposure can participate, verify their representation and discipline the institution at reasonable cost. A membership system dominated by insiders, consultants, organised blocs or one-off mobilisation does not become legitimate merely because bylaws call it a community. The more valuable the registry's decisions, the more vulnerable low-participation governance becomes.

Lu Heng's public criticism of AFRINIC governance argues that many operators are disengaged while a smaller group understands and shapes procedure. The argument comes from an interested position, but the delegation problem is familiar. Network operators have customers to serve, outages to prevent and capital expenditure to manage. Registry politics is a cost centre until something goes wrong. Procedural specialists can accumulate influence before ordinary members realise that the rules affect asset value, mobility and operating continuity.

The reported 2025 election problems turned that abstract concern into a recovery condition. If powers of attorney, proxy rules, member classifications or voting rights are unclear, then member voice cannot reassure the market. A board may be elected, but its mandate will be traded at a discount. Members who believe their authority can be misused may withdraw, litigate or form counter-coalitions. Members who believe the process is already captured may not vote at all. Each reaction makes the official process less representative.

The cure is not more rhetoric about community. It is a professional authority system. Members should know how their representatives are verified, how proxy authority is created and revoked, how contested authority is frozen, how voting receipts are issued, how eligibility changes are disclosed, how conflicts are recorded and how post-election challenges are bounded. These are not decorative governance details. In a scarce-resource registry, they are part of the asset-administration layer.

Member authority also has to be separated from continental symbolism. AFRINIC's service region is real, and the underdevelopment of African internet infrastructure is a real policy concern. But no board, campaign group, litigant, staff team, receiver, regional organisation, outside registry or critic can simply speak for Africa as a whole. They can speak within mandates. A regional mission is not a blank cheque for any faction to convert procedural control into political title.

The legitimacy problem is especially acute because the registry's members are not the only parties affected by registry decisions. A vote may be cast by a resource holder; the practical consequence may be felt by its customers, downstream users, borrowers, employees and suppliers. That does not mean every downstream user should vote. It means the member system must be clean enough that non-members can trust the institution without participating in it.

If AFRINIC wants member governance to support market confidence, it should treat elections, proxies and representative authority as registry-critical infrastructure. A contested proxy is not merely a meeting inconvenience. It can become the first link in a chain that affects board legitimacy, policy validity, transfer confidence and court intervention. The cheaper it is to verify member authority early, the less expensive it becomes to defend registry decisions later.

The Cloud Innovation dispute and the enforcement dilemma

The AFRINIC-Cloud Innovation dispute became a symbol because it exposed the registry's enforcement dilemma under scarcity. Public accounts differ over the merits. AFRINIC has presented the dispute as part of a broader struggle to defend regional policy and institutional viability. Critics have framed it as an example of a registry reaching beyond neutral recordkeeping into discretionary control over valuable resources. Courts have been asked to handle pieces of the conflict. Public commentary has often treated the case as a referendum on the RIR model itself.

The safer analytical position is to separate merits from mechanism. Without treating any disputed allegation as established fact, the case shows why enforcement design matters. A registry needs tools to correct fraud, prevent duplicate claims, enforce valid court orders, maintain contact accuracy and preserve uniqueness. It also needs to avoid turning every use dispute into a threat to the holder's operational identity. When the same institution can investigate, interpret policy, mark records, restrict transfers and threaten resource continuity, counterparties will ask what checks exist before severe harm occurs.

The economic issue is proportionality. A disputed use, even if serious, should not automatically endanger unrelated customers or unrelated resources. A compliance inquiry should not become a bargaining weapon in a commercial dispute. A transfer delay should not become a de facto asset freeze without clear authority. A public accusation should not substitute for a finding. A court order preserving the status quo should not be treated as a final statement of policy virtue. Conversely, a resource holder should not be able to use litigation merely to make all registry oversight impossible. Both overreach and obstruction can damage the ledger.

That is why AFRINIC's recovery requires remedies that are staged, reviewable and narrow. The registry should be able to flag a dispute without poisoning the whole operating environment. It should be able to request evidence without threatening immediate destruction of customer reliance. It should be able to preserve last-verified-state continuity while an independent reviewer or court examines the merits. It should be able to separate resource-specific disputes from member voting rights unless the authority link is genuinely relevant. It should be able to explain which facts are alleged, which are established, which are being reviewed and which practical effects follow.

This is not softness. It is credibility. A registry that reserves severe measures for severe, independently reviewable cases will be trusted more than a registry that speaks of stewardship while wielding broad uncertainty. A narrow remedy lowers the fear that recordkeeping will become economic punishment. It also lowers the attraction of litigation as the only available defence.

The enforcement dilemma is not unique to AFRINIC. All RIRs operate in a world where old allocation decisions, new commercial uses, leasing arrangements, regional policy language and transfer markets collide. AFRINIC's crisis is distinctive because the collision became public, prolonged and court-centred. Other registries should not mistake quiet for immunity. The same economic tension exists wherever a scarce registry record is treated as both infrastructure and policy lever.

Operator trust is broader than member trust

Members are important, but AFRINIC's trust perimeter is wider than its membership list. Downstream customers, cloud users, banks, public agencies, hospitals, schools, managed-service customers, security teams, peering partners, route-filtering operators, lenders and buyers may all rely indirectly on AFRINIC-administered resources. They do not vote in AFRINIC elections. Many will never read a policy proposal. Yet they experience registry instability through reachability, security reputation, contract confidence and continuity of service.

This is why recovery cannot be built only around formal member governance. A member may fight about its rights; a customer may only ask whether the service will keep working. An ISP may understand RPKI dependencies; a hospital using the ISP's connectivity may not. A hosting company may know the registry status of its block; a merchant relying on payment APIs may not. When a registry remedy threatens the holder of record, practical effects can travel down to parties who had no role in the disputed conduct.

Commercially interested continuity products and advocacy around network identity are therefore a market signal even when their promoters have obvious interests. One need not accept a critic's proposed solution to accept the underlying signal: some customers perceive registry-layer exposure as a risk distinct from routing, hosting or ordinary contract performance. If registry risk were irrelevant, there would be less demand for products, legal theories and public campaigns designed to reduce dependence on a single institutional gatekeeper.

Operator trust has a different grammar from governance trust. Operators ask whether updates will be processed, whether records will remain accurate, whether RPKI will continue, whether reverse DNS will be stable, whether transfers will close, whether compliance inquiries will be proportionate, whether customers will be protected during disputes and whether a court order will suddenly impair ordinary activity. They care less about whether a statement invokes bottom-up policy. They care whether the operational surface is predictable.

AFRINIC's recovery should therefore include an operator-continuity compact. Severe adverse action should not disrupt downstream customers without clear authority, independent review and transition windows. Security services should not be used as enforcement weapons. RPKI publication should remain neutral to ordinary commercial disputes unless a specific security or legal decision requires change. Reverse DNS and RDAP should be preserved through governance stress. Support queues and update paths should remain visible. If the registry must flag a dispute, it should do so precisely rather than poisoning the resource's whole operating environment.

The compact should also define communication discipline. Markets fear silence almost as much as bad news. If a transfer is delayed, parties should know why, under which rule, for how long, with what appeal and with what effect on operations. If a court order constrains action, the registry should distinguish the court constraint from its own policy preference. If an external organisation assists with continuity, the assistance should be described by function and limit, not by vague solidarity. Precision is a form of risk reduction.

The broader lesson is conservative. The registry exists to make networks more reliable, not to make institutional authority more dramatic. When operator trust is high, AFRINIC can be politically boring and economically useful. When operator trust is low, every governance fight becomes a service-continuity question. Recovery means making the live network feel less dependent on the outcome of institutional politics.

Auditability is the substitute for faith

AFRINIC cannot ask the market simply to have faith after a crisis of faith. It must replace faith with auditability. Auditability does not mean publishing every private member document or exposing sensitive operational data. It means making the decisive parts of the process verifiable by the right parties and understandable to courts, members and counterparties. A registry whose authority depends on belief should want proof to do as much work as possible.

The audit surface begins with records. Every material change to resource status should have a documented authority chain. Transfers should show that the transferor was the holder or authorised representative, that the recipient was identified, that no applicable freeze barred the movement, that security and publication services were handled, and that any dispute status was preserved. Historical corrections should be categorised so that fraud correction, corporate succession, clerical clean-up and contested claims do not blur together.

The next audit surface is membership. Elections, proxy instruments, powers of attorney, eligibility changes and representative authority should be reconstructable after the fact. The point is not to create an unmanageable bureaucracy. It is to prevent losing sides from plausibly claiming that the process was unverifiable. The 2025 election controversy showed that a registry election is no longer a low-value association ritual. It is a control event around valuable infrastructure. The evidence standard has to match the stakes.

Financial and legal auditability also matter. AFRINIC and its critics have traded claims about legal expenditure, obstruction, paralysis and responsibility. A recovered institution should publish enough financial and litigation exposure information to let members understand the cost of the conflict without turning every line item into a campaign weapon. If members are asked to fund institutional defence, they need to know what is being defended: the ledger, ordinary operations, a board position, a policy theory or a liability posture.

Policy auditability is often overlooked. A policy that affects transferability, revocation, abuse-contact obligations, leasing recognition or regional classification should state whether it is prospective or retroactive, which reliance interests it affects, what independent review is available, what remedies are proportionate and how the policy relates to record accuracy rather than institutional preference. If a policy cannot pass that scope test, it probably belongs outside the registry's mandatory authority.

External-support auditability is just as important. ICANN, the NRO, other RIRs and regional actors may provide technical assistance, emergency planning and continuity advice. Their involvement should be recorded with limits: what service they support, what data they access, what decision they do not control, what trigger applies and how affected resource holders can challenge action. External support that is auditable can reassure. External support that looks like club protection can inflame distrust.

The end point is a registry that can be believed because it can be checked. That is the economic substitute for ceremonial legitimacy. Members do not need to love every decision if they can verify authority, understand the rule, challenge proportionately and rely on continuity while the challenge proceeds. AFRINIC's recovery will be visible when fewer disputes depend on competing narratives and more can be resolved by records.

ICP-2, portability and the meaning of exit

The most controversial recovery condition is credible exit. In registry language, exit sounds destabilising. In institutional economics, exit disciplines governance. If members and resource holders have no realistic way to move their registration relationship away from a failing or captured institution, the registry holds a monopoly over a critical recognition layer. Voice then becomes overloaded. Every election, policy appeal and court case matters too much because no one can leave.

Lu Heng's public portability argument is blunt: number resources should be movable from one RIR to another as a hard continuity right. That proposal collides with the traditional regional structure of the RIR system. It also identifies the weakness exposed by AFRINIC. A resource holder trapped in a registry undergoing governance failure must bear the consequences of that failure even if the holder did not cause it. Without exit, the registry's poor performance is partly socialised onto members through lower liquidity, higher diligence costs and weaker customer confidence.

Exit does not have to mean chaos or unilateral escape from the public record. A serious portability regime would preserve uniqueness, prevent duplicate claims, carry dispute status, maintain security continuity, respect court orders and record the successor registry or qualified operator. It would be more like a controlled transfer of registration service than a private declaration of independence. The point is not to create five competing truths for one block. It is to prevent one failing institution from holding the only recognised truth hostage.

ICP-2, the policy framework historically associated with recognising new regional internet registries, matters here because the RIR system is being forced to think about recognition, derecognition and continuity under stress. If the global system contemplates what happens when an RIR can no longer meet the criteria for service, then the incumbent registry is not metaphysically inseparable from the function. Records can be shared. Services can be replicated. Operations can be transferred. Once that is admitted, the hard questions become procedural rather than theological: who controls transition, what triggers apply, what rights affected holders have, and how much discretion remains with the incumbent institution or the incumbent club of registries.

AFRINIC's recovery would be stronger, not weaker, if credible exit options existed. A registry confident in its record quality and member service should not fear portability designed for exceptional failure or holder choice under defined conditions. Exit would discipline policy by making lock-in less valuable. It would reduce the prize value of board control. It would make courts less likely to face all-or-nothing remedies. It would reassure operators that continuity does not depend on the permanent health of one corporate shell.

The analogy to domain-name registrants is imperfect but useful. Domain names can move between registrars under rules because the system separates the object, the registry, the registrar and the registrant's operational use. Number resources have different technical and governance constraints, especially around uniqueness and routing security. But the economic principle is similar: portability converts monopoly dependence into accountable service. AFRINIC's crisis shows why the number-resource system needs its own safety valve.

Opponents of portability will warn, not unreasonably, that exit can fragment the shared record. The warning should be taken seriously. A portability regime without authority checks, dispute carriage, court-order recognition and security continuity would be dangerous. But the opposite risk is now equally serious. A system that denies reliance, suppresses exit, overuses community rhetoric and shields low-liability discretion may teach serious operators to prepare for life outside the shared record. Fragmentation is not caused only by rebels. It is also caused by institutions that make belief irrational.

Liability, discretion and recovery economics

The economics of recovery is a problem of risk allocation. The party best placed to avoid a risk should carry enough of that risk to behave carefully. If AFRINIC controls record procedures, it should bear process discipline. If a resource holder controls customer representations, it should bear customer-facing accuracy. If courts control interim remedies, they should preserve operational continuity. If ICANN or other RIRs design emergency procedures, they should define triggers and limits before crisis. Recovery means moving risks to the actors who can manage them, rather than dumping them on downstream customers who never joined the governance fight.

This is where liability alignment becomes unavoidable. A registry that claims broad authority over valuable resources while disclaiming most economic responsibility creates a structural imbalance. It can impose costs that it does not fully bear. That imbalance does not prove malice. It creates bad incentives. The more a registry wants to exercise policy discretion over transfers, leasing, regional use, revocation or severe compliance measures, the more accountability it should accept for error, delay and disproportionality. Conversely, a registry that narrows itself to accurate recordkeeping can more plausibly justify limited liability.

AFRINIC's critics often frame this as a lock-in problem. The institution can make decisions that affect assets, customers and transaction value, while resource holders have limited ability to change registries or obtain compensation for bad process. AFRINIC's defenders frame the institution as a steward of public internet resources facing aggressive litigation and commercial pressure. Both narratives point to the same design issue. Power without credible accountability will be distrusted; accountability without continuity could damage the registry function. The repair lies in narrowing power, clarifying process and creating external review before harm becomes irreversible.

Recovery economics also explains why rhetoric about non-profit status or community mission is insufficient. A non-profit can still impose large economic costs. A community process can still be captured, opaque or impractical for ordinary operators. A regional mission can still be used to justify unpredictable restrictions. The market does not price intentions. It prices expected outcomes, remedies and variance.

If a registry's decisions are predictable, reviewable and narrow, counterparties will tolerate occasional disagreement. If its decisions are unpredictable, slow and hard to challenge, counterparties will demand discounts even when the institution is morally confident. That is the difference between legitimacy as sentiment and legitimacy as transaction cost.

The same logic applies to recovery investment. AFRINIC may need to spend money on audit systems, authority verification, legal transparency, security continuity, independent review and member-service reform. Those are not overhead luxuries. They are capital repairs to the trust infrastructure. The return will not appear as a single revenue line. It will appear as fewer lawsuits, easier transfers, lower diligence costs, stronger member participation, less external intervention and fewer customers asking whether AFRINIC-administered resources carry a special risk.

The recovery premium will return quietly if the reforms are real. Transactions will close faster. Contract language will become less defensive. Courts will see narrower disputes. Members will use internal challenges before seeking emergency relief. External actors will intervene less dramatically. Operators will treat registry status as routine infrastructure. That is how institutional trust normally re-enters a market: not with applause, but with reduced caution.

What a credible recovery programme would contain

A credible AFRINIC recovery would begin with record confidence. The registry should publish a roadmap for historical record review, authority verification, transfer-history integrity, disputed-status handling and audit trails. It should distinguish allegations from findings, correction from punishment and conflict metadata from revocation. The point is not to reopen every past decision for political theatre. It is to make the ledger's current state intelligible enough that counterparties can rely on it.

The second requirement is member-authority repair. AFRINIC needs a voting and representation system that is harder to counterfeit, easier to challenge before results change control and clear enough for courts to understand quickly. A post-crisis board has to treat its own election mechanics as a registry-critical system. If members cannot verify who speaks for them, they will not trust who governs the database.

The third requirement is a transfer model built around objective recording. AFRINIC can protect uniqueness, prevent fraud, enforce court orders and maintain accurate public data without turning every transfer into a judgment about regional virtue or business need. Prospective rules should be clear. Retroactive changes should be presumptively suspect where reliance has formed. Leasing and operational delegation should be brought into legible records rather than driven into ambiguity.

The fourth requirement is a revocation firewall. Revocation, deregistration, forced renumbering and security-publication disruption should be treated as extraordinary remedies, not ordinary compliance tools. Independent review should precede severe action except in narrow emergencies. Customers and running networks should be protected through transition periods and last-verified-state preservation. A registry that can destroy cheaply will never be fully trusted.

The fifth requirement is liability alignment through restraint. If AFRINIC's contractual exposure remains small, its mandatory discretion should become smaller as well. Broader policy ambition requires broader accountability. Narrow recordkeeping permits lower liability. The institution has to choose. Trying to retain broad economic control while disclaiming economic responsibility is the pattern that turns a governance dispute into a legitimacy crisis.

The sixth requirement is a court-continuity protocol. Mauritian courts should not have to improvise the operational implications of receivership, winding-up, disputed board authority or emergency transfer of services. AFRINIC, with appropriate technical and legal input, should define what happens to registry state, RDAP, WHOIS, reverse DNS, RPKI, update authority, member communications and pending disputes under institutional stress. Courts can then preserve continuity without accidentally becoming the registry.

The seventh requirement is external support with limits. ICANN, the NRO, other RIRs and regional actors may help preserve services, but assistance must be bounded, auditable and function-specific. If external actors appear to protect the incumbent institution from accountability, they will deepen the trust deficit. If they protect records, services, security continuity and member due process, they can help rebuild confidence.

The eighth requirement is credible portability. It need not be immediate, simple or unconditional in every case. It should be real enough that resource holders know institutional failure does not trap their operational identity indefinitely. Exit is the market's check on governance. Without it, every internal fight becomes a fight over a captive base.

The ninth requirement is disciplined public communication. AFRINIC should speak in categories that markets can use: what is alleged, what is established, what rule applies, what service continues, what review exists, what risk is isolated and what action is not being taken. Vague invocations of community, sovereignty, continuity or attack will not repair transaction confidence. They may rally supporters, but they do not lower diligence costs.

The tenth requirement is humility about the scope of the institution. AFRINIC does not need to be the sovereign of African number resources. It needs to be a trusted operator of a precise ledger, a steward of continuity in the narrow operational sense, a disciplined administrator of member authority, a recorder of transfers, a protector against fraud and a participant in a wider architecture of portability and failover. That role is smaller than the grand narrative of regional guardianship. It is also more valuable.

The conservative case for a smaller AFRINIC

The reform programme implied by AFRINIC's crisis is often described as radical because it questions lock-in, broad discretion and the sanctity of the incumbent gatekeeper. In economic terms it is conservative. It tries to preserve the shared registry system by making reliance rational again. It treats the ledger as infrastructure, not as a trophy. It treats courts as continuity backstops, not as enemies of the internet. It treats members as principals whose authority must be verified, not as a decorative community. It treats portability as insurance against institutional failure, not as an attack on coordination.

The alternative is to preserve the vocabulary of the old model while the market prices around it. That would be the worst outcome: formal recognition without full economic authority. A board could sit while transfers remained suspect. A receiver could leave while member authority remained fragile. ICANN could intervene in court while resource holders still distrusted official discretion. A policy could be ratified while markets priced it as lock-in. A press release could speak of continuity while operators asked whether the live network or the institution's power was being protected.

AFRINIC can still recover if it accepts a humbler institutional role. The institution's regional mission is not strengthened by turning every dispute into a defence of institutional sovereignty. It is strengthened when African networks, African customers and African resource holders can rely on records without fearing that governance failure will become an operational event. A narrow, auditable, portable and reviewable registry would do more for African internet development than a proud but distrusted gatekeeper.

The broader RIR system should study AFRINIC not as an embarrassment to be contained, but as a stress test for scarcity-era registry design. IPv4 scarcity made records valuable. Valuable records made registry discretion economically consequential. Economic consequence made liability, auditability, member authority and exit essential. AFRINIC reached the stress point in public because governance, litigation and scarcity pressures converged. Other registries should not assume that their own quieter politics repeal the same arithmetic.

The official internet-governance habit is to worry that too much exit, market recognition or court involvement will fragment the system. That risk exists. It should be managed with rules, not dismissed. But the opposite risk has become just as serious. A system that denies reliance, suppresses exit, overuses community rhetoric and shields discretion from liability may teach serious operators to hedge against the shared record. If that happens, fragmentation will not be caused mainly by rebels. It will be caused by institutions that made belief irrational.

The economics of governance recovery is therefore not a demand for institutional drama. It asks AFRINIC to rebuild the conditions under which others can rely on it without heroics. Record confidence, member authority, transfer reliability, court continuity, liability alignment, operator trust, auditability and credible exit are not reform slogans. They are the components of the price at which the market lends legitimacy back to a registry.

Until they are credible, recovery remains incomplete. Once they are credible, AFRINIC will not need to declare that it is trusted. The transactions will say it for the institution.