Summary
- Global recognition turns a regional number registry into something closer to a franchise operator for territorial uniqueness: exclusive in its region, indispensable to users, shielded by continuity concerns, and tempted to convert a neutral coordination fun.
- The problem appears first in a room that does not look like Internet governance.
The diligence question behind a routed prefix
The problem appears first in a room that does not look like Internet governance. A cloud provider is buying capacity in an African market. A bank is reviewing security for a financing facility secured by network contracts. A migration committee is deciding whether a regulated workload can move from one hosting platform to another without renumbering, breaking allowlists, invalidating customer audit files, or disturbing reverse DNS. The engineers have already checked the obvious facts. The prefixes are routed. The origin AS is visible. The abuse contacts can be found. The customer can show invoices, letters, routing records, perhaps ROAs and downstream contracts.
Then the lawyer asks the question that matters for balance-sheet risk: who, at the global layer, is recognized as able to say that these number resources remain in usable status?
That is not the same question as whether packets move today. BGP can carry a route even while the registry status behind the route is disputed. A lender, acquirer, insurer, or cloud customer is asking about something more durable: the institutional source of the record that other systems are expected to respect when they evaluate uniqueness, registration standing, reverse delegation, transfer eligibility, and continued administrative legitimacy. The risk is not a simple outage. It is that a resource which functions operationally can become legally or institutionally impaired because the party administering the regional ledger is itself contested.
AFRINIC makes this question unavoidable. The African registry administers IP addresses and autonomous system numbers for Africa and parts of the Indian Ocean. Its own policy manual describes a hierarchy in which IANA allocates number-resource blocks to AFRINIC, and AFRINIC redistributes them to members and delegates assignment authority under regional policy. That hierarchy is easy to describe as technical administration. In economic terms it is more substantial. IANA-facing global recognition gives one regional body an exclusive operating position over a territorial uniqueness function. The body does not manufacture the addresses. It does not create the productive value of the networks that use them. But it sits at the recognized recording point through which the world is told which use is valid, unique, and administratively standing.
That is why the best analogy is not a trade association or a database vendor. It is a franchise grant, but only in the economic sense. The word should not be read as a legal claim that ICANN, IANA, the NRO, or any other body is a commercial franchisor, or that AFRINIC is a contractual franchisee. The point is functional. In a conventional commercial franchise, a central system grants an exclusive or semi-exclusive territory under a common brand and operating promise. The local operator serves customers, applies standards, handles local conditions, and enjoys a protected position that ordinary rivals cannot simply invade. Customers may think they are buying a local service, but the value depends partly on recognition by the larger system. If the local operator fails, the central layer faces a dilemma: protect continuity by supporting or replacing the operator, or protect the incumbent so aggressively that the system becomes hostage to a bad local office.
This is AFRINIC's franchise risk. The networks do not depend on AFRINIC because they admire its corporate form. They depend on the recognized ledger function. Yet as long as global recognition is attached to AFRINIC as an institution rather than to auditable continuity obligations, the office can acquire power beyond the neutral task of preserving uniqueness. The risk committee's question therefore becomes the governing question for the whole system: is recognition serving the users of the ledger, or is it preserving the franchise-like operator?
A franchise without the legal costume
The franchise analogy is useful because it separates economic substance from institutional vocabulary. RIRs are usually described in the language of community, policy, stewardship, bottom-up governance, and technical coordination. Those words describe some of the process. They do not describe the economics of dependence. A network does not experience the RIR as one association among many. It experiences the RIR as the regional gateway into the global numbering order.
Several franchise-like elements are present.
First, there is exclusive territory. AFRINIC's service region is not a neighborhood in a competitive market. It covers Africa and associated Indian Ocean economies. An operator located there normally cannot choose among five registries as it might choose among five vendors. The geography is assigned. The franchise is territorial.
Second, there is a common brand promise. The RIR system promises that unique number resources will be administered in a coordinated way across regions. The user of an AFRINIC-administered resource relies not only on AFRINIC's local database but on the fact that other registries, IANA, ICANN-related processes, operators, routing-security tools, and counterparties treat the regional record as part of one global coordination system. That is the brand value: uniqueness is recognized outside the territory.
Third, there are operating obligations. A franchise-like operator is expected to keep the service open, use the shared claim properly, follow standards, serve customers, and not endanger the wider system. An RIR is expected to maintain registry services, publish reliable records, manage reverse DNS and related services, implement policies, protect data, keep member services available, and participate in global coordination. The NRO's 2023 statement on AFRINIC's receivership framed the issue in continuity terms: registry services had to continue, commitments under ICP-2 and the inter-RIR and ICANN arrangements had to be honored, and the official receiver was expected to help restore functional governance. That statement is evidence of the official continuity posture, not proof that continuity and incumbent protection are the same thing.
Fourth, there is local discretion. A franchise-like local operator is not a robot. It hires staff, manages operations, handles disputes, applies standards, and interprets edge cases. An RIR similarly interprets policy, evaluates documentation, manages member status, processes transfers where policy permits, runs election and governance machinery, and decides how aggressively to enforce contractual and policy claims. Scarcity makes that discretion more valuable. When IPv4 was abundant, an address block looked more like an administrative input. When IPv4 became scarce, transferable, leasable, financeable, and operationally embedded, the registry's discretionary choices began to affect wealth, entry, continuity, and market structure.
Fifth, there is customer lock-in. A fast-food customer can cross the street. A network cannot casually move its addresses to a different RIR. Lu Heng's writing on portability argues that, without guaranteed portability, networks are effectively locked into the registry where their resources sit and must bear the effects of that registry's governance failures or operational breakdowns. That is an interested critique, but it identifies a real economic mechanism. Even where transfers exist, they are policy-bound, region-bound, delayed, documented, and sometimes unavailable. Exit is not ordinary exit.
Finally, there is the central-recognizer dilemma. If the local operator fails, the wider system cannot ignore the local customers. But rescuing the local operator can also reward mismanagement, preserve poor governance, and suppress better alternatives. In the RIR system, the recognition layer faces the same dilemma without admitting the franchise structure. It must protect global uniqueness and service continuity. But if it protects the incumbent institution too strongly, it converts continuity into incumbent insurance.
The result is a peculiar political economy. The RIR receives the benefits of a public-like franchise: exclusivity, deference, recognition, and continuity pressure. But it often retains the liability posture of a private service organization. The office is treated as systemically important when it needs protection, and as merely contractual when users ask for remedies. That mismatch is the core of franchise risk.
The product is territorial uniqueness, not addresses
An Internet number resource is not valuable because a registry typed it into a database. A prefix becomes valuable because networks can use it, route it, embed it in customer systems, support services on top of it, and rely on global actors not to treat another user of the same number as equally valid. The registry function is therefore not the production of value. It is the administration of uniqueness.
Uniqueness is a strange product. It is not consumed like bandwidth. It is not manufactured like a server. It is a social and technical condition in which many independent actors agree that a particular number should not be duplicated in the public Internet. That agreement needs records, hierarchy, procedures, and dispute handling. But the more the recordkeeper is treated as the source of value, the more the system drifts from coordination into permission.
AFRINIC's policy manual makes the mechanics visible. IANA allocates number-resource blocks to AFRINIC. AFRINIC redistributes them to members and delegates assignment and sub-allocation authority where appropriate. Public IPv4 addresses are described as globally unique. Reverse DNS delegation depends on registered assignments or sub-allocations in the AFRINIC database. ASNs must be registered in AFRINIC's whois database, and the manual states that assignment or registration of ASNs does not confer ownership; users are described as custodians rather than owners. These are registry mechanics, not corporate mythology. They show why the ledger matters: other functions rely on it.
Yet those same mechanics show why the franchise is dangerous. If a registry record is treated as the only recognized path to usable status, the recordkeeper acquires more than a clerical role. It can influence whether an address block is regarded as transferable, supportable, reverse-delegable, certifiable, or administratively in good standing. It can influence whether a buyer discounts the block, whether a bank accepts the cash flow behind it, whether a cloud customer accepts the migration risk, and whether an operator is forced to spend years in legal uncertainty.
The economic value being franchised is therefore not the address as an owned thing. It is the recognized uniqueness function attached to a territory. This is why the winding-up debate around AFRINIC matters. ICANN's 2026 intervention, as reported by The Register, stressed that numbering resources allocated through AFRINIC are not assets of AFRINIC and should not be treated as assets available for distribution in a corporate liquidation. That position protects an important truth: a registry should not be able to sell the numbers as if they were office furniture. But it also exposes a harder question. If the resources are not the company's assets, and if users are often told they are not owners in the full property sense, then the crucial asset is the recognition relationship itself. Who holds it? Who can transfer it? Who is accountable when it is misused? Who protects users if the recognized office becomes the risk?
This is exactly where the franchise analogy helps. A failed franchise-like local operator may not own the brand, but it has customers, leases, equipment, employees, and local obligations. The central brand system may insist that the brand cannot be liquidated by the local operator. That is true, but not sufficient. The customers still need service, employees still need a legal employer, suppliers still need payment, and the territory still needs an operator. The legal proposition that the brand is not the local operator's asset does not itself answer the continuity problem.
So too with AFRINIC. Saying that number resources are not AFRINIC's corporate assets is necessary to prevent liquidation logic from swallowing a public coordination function. But it is not a complete theory of user protection. The durable public concern is the ledger of entitlements, registrations, delegations, and operational dependencies. Recognition should protect that ledger. It should not become a shield for every discretionary claim made by the incumbent office.
Recognition creates lock-in before users notice it
Franchise risk usually hides during normal operations. Customers notice the brand only when something breaks. A hotel guest does not study the franchise agreement until the booking vanishes. A borrower does not inspect the registry dependency until the lender asks whether the collateral or cash flow depends on a contested authority. A cloud customer does not care which registry originally administered a prefix until a migration plan requires continuity across contracts, audits, geolocation tables, reverse DNS, abuse handling, and routing-security expectations.
Lock-in in numbering is deeper than ordinary vendor lock-in. A company can replace a payroll vendor or a firewall supplier with cost and irritation. Replacing production IP space can mean renumbering servers, customer tunnels, firewall rules, VPN endpoints, allowlists, mail reputation systems, geolocation assumptions, monitoring systems, certificates, partner integrations, and contractual service descriptions. The address is embedded in social, operational, and commercial systems far beyond the router.
That is why the registry relationship is not merely a membership account. It is upstream of many commitments the operator has made to others. If a registry action or registry dispute affects status, the harm radiates through contracts that never mention the RIR. A bank financing a hosting business may discover that the cash flow depends on the continued usability of resources governed by a standard-form registry relationship. A buyer acquiring a network may discover that part of the value is hostage to unresolved registry litigation. A public agency using a local provider may discover that its continuity plan assumes the stability of a private foreign legal entity.
This is the economic content of IANA/global recognition. Recognition compresses global trust into a regional point. That compression is useful. Without a recognized hierarchy, uniqueness becomes harder to coordinate, disputes multiply, and local records may conflict. But the same compression creates a bottleneck. The recognized registry can become the narrow point through which many other rights, services, and expectations must pass.
Lu Heng's writing on minimum initial specifications and voluntary adoption offers a general design lesson: coordination artifacts should not become standing authorities whose recognition is the only path by which operational reality can exist. The point is not that the current RIR system can be replaced overnight by local validation rules. It cannot. The point is that the danger is recognizable. A recordkeeper that begins as a common reference point can become a gatekeeper when future status depends on its continuing recognition decisions.
AFRINIC shows the cost of discovering lock-in late. Even while its governance was disputed, networks still depended on the AFRINIC-administered records. Even while elections were delayed, annulled, challenged, or later reconstructed, the region's users still needed registry services. Even while parties argued about receivership, member status, powers of attorney, winding-up, and external intervention, routing and customer services could not wait for a perfect constitutional settlement. This is lock-in at system scale: the franchise-like operator may be contested, but the franchise function remains indispensable.
AFRINIC as the stress case
AFRINIC is not important because every fact about it is unique. It is important because it reveals what the recognition bargain does under stress.
The public record is now extensive. The Internet Governance Project described AFRINIC as operating without a board since 2022 and linked the turmoil to long-running legal conflict and internal governance problems. The NRO's September 2023 statement welcomed the appointment of an Official Receiver by the Supreme Court of Mauritius process, stating that the receiver's role included maintaining the status quo of AFRINIC's assets, preserving the value of the business, overseeing elections, facilitating formation of a proper board, and appointing a CEO. The NRO presented receivership as a path to continued registry services and restored governance.
That was the continuity story. It had a real foundation. A registry cannot simply stop serving because its board is absent. Members still need whois, reverse DNS, registration updates, resource requests, billing processes, and support. The appointment of a receiver can be understood as a legal mechanism to keep the franchise function alive while the local operator's governance is repaired.
But subsequent events showed why the story is incomplete. In June 2025, AFRINIC's election process became the center of further dispute. The Register reported that ICANN raised concerns about transparency and fairness, sought changes to the nominations process, and asked the Mauritian court to consider its requests. The court allowed the election to proceed while ordering a communique clarifying that Cloud Innovation's listing as a registered member was erroneous and had arisen from the registrar's handling rather than AFRINIC or the receiver. The same reporting noted that ICANN lacked standing to bring the application, yet remained concerned about the overall integrity of the election.
Days later, the election was suspended and then annulled after concerns over powers of attorney and voting documentation. The Register reported allegations that powers of attorney may have been used without resource holders' consent and that ICANN warned it might initiate a compliance review. It also reported that, if AFRINIC failed such a review, another RIR could potentially serve as an emergency registry for Africa. By July 2025, ICANN was criticizing the lack of a transparent explanation for annulment and reserving rights connected to an emergency replacement process, while Cloud Innovation called for AFRINIC to be wound up and responsibilities transitioned to a different framework. Those are reported positions and procedural steps, not adjudicated findings about the underlying allegations.
By February 2026, AFRINIC representatives were telling the operator community that the organization was back on track, with a board, interim management appointments, a budget and action plan, and a strategy process. The Register reported that AFRINIC had 773,376 unallocated IPv4 addresses and that the revised ICP-2 work was intended to define the full lifecycle of an RIR, including derecognition provisions and crisis assistance. That sounded like recovery.
Then in May 2026, The Register reported that ICANN again intervened, this time successfully applying to become a party to Cloud Innovation's attempt to wind up AFRINIC. ICANN's stated purpose was to ensure the court understood AFRINIC's unique role and the nature of the resources it administers. It also argued that numbering resources allocated through AFRINIC are not assets of AFRINIC and therefore cannot be distributed in a winding-up.
This sequence is not mainly a morality play about good actors and bad actors. It is an institutional economics case. The local operator was impaired. The local court system became central. The global recognition layer intervened repeatedly. The incumbent office was said to be essential for continuity. Emergency registry language appeared. A winding-up application forced the question whether the resources are corporate assets. The networks remained dependent throughout.
That is franchise risk in operational form: the local operator of a territorial uniqueness function becomes contested, but the larger system cannot easily let the territory go dark, cannot casually shift the franchise without threatening autonomy, and cannot admit that recognition protects only the incumbent without undermining its own legitimacy.
The recognition layer has a legitimate job
It is tempting to conclude that global recognition is simply the problem. That would be too easy. The recognition layer exists because uniqueness is a global public coordination problem. If two incompatible ledgers claim the same address space, networks and counterparties need a way to know which record to rely on. If a local registry is placed into liquidation, the numbering system cannot allow a liquidator to auction prefixes as corporate inventory. If a regional office becomes operationally unable to perform basic services, users need continuity. If a new entity claims to be the registry for a region, the rest of the world needs criteria before accepting that claim.
Those are not imaginary concerns. AFRINIC's own policy manual shows how many services depend on the recognized registry: allocation and assignment records, whois entries, ASN registration, reverse DNS, abuse contact publication, resource certification, and routing registry functions. Even where routing itself is decentralized, many administrative and security functions depend on a coherent record. A recognition layer that protects the coherence of that record is doing necessary work.
The legitimate functions are fourfold.
First, it protects uniqueness. The global numbering system needs one recognized source of truth for the allocation hierarchy at any given time. That does not mean one office should have unlimited discretion. It means duplicate claims must be avoided.
Second, it protects continuity. If the recognized registry is in receivership, litigation, board failure, or financial distress, users should not lose basic services because the corporate shell is unstable. The NRO's 2023 statement was strongest when it focused on continued operations and services. That is the right instinct.
Third, it prevents opportunistic conversion. A court, creditor, shareholder claimant, receiver, or corporate officer should not treat number resources as ordinary assets available for distribution. ICANN's 2026 argument in the winding-up matter is economically sound on that point. Number resources are not chairs, bank accounts, or receivables. The ledger must not be broken up by corporate insolvency logic.
Fourth, it coordinates emergency substitution. In the extreme case, someone must be able to keep records, reverse DNS, member support, and related functions running if the incumbent cannot. The point of emergency substitution is not to create a super-regulator. It is to keep the franchise service from failing while minimizing policy discretion.
These functions are not optional. The question is what they attach to. If recognition attaches to institutional mythology, the incumbent office becomes sacred. If recognition attaches to ledger continuity and service obligations, the users become central. The difference is decisive.
The hard part is that the RIR system developed in a culture that often blurred those categories. It spoke as if region, community, policy, office, and ledger were one thing. In stable times that blurring was tolerable. In crisis it becomes dangerous. A franchise grant can be defended because the service must continue. It becomes abusive when the local operator uses that continuity dependence to resist discipline, external review, liability, or substitution.
The danger is incumbent protection disguised as continuity
Continuity is the most powerful word in the system because it is the least deniable. Nobody responsible wants numbering services to fragment. Nobody wants a court fight to break reverse DNS or whois. Nobody wants a region's networks to be left without registry support. Because the continuity argument is true, it can also be abused.
The abuse occurs when a recognition layer protects the incumbent office as if that office were identical to the ledger. The office then benefits from a hostage logic: if you discipline us too hard, the users suffer; if you replace us too quickly, uniqueness is threatened; if you let creditors or courts act normally, the global system is at risk. Some of those warnings may be true in a narrow sense. But if the conclusion is that the office must be preserved regardless of its conduct, the franchise has become too protected.
AFRINIC's turmoil shows how this can happen without anyone openly admitting it. The receiver was appointed to preserve status quo and restore governance. That can be reasonable. ICANN's interventions sought, according to public reporting and its stated positions, to protect election integrity, clarify member status, prevent resource destabilization, and resist treatment of number resources as corporate assets. Those can also be reasonable aims. Yet each intervention also changes the distribution of power. It can influence which actors are treated as legitimate, which court arguments receive global support, which path is considered stabilizing, and which alternatives are framed as threats.
This is not an argument that ICANN or the NRO should have been passive. It is an argument that the recognition layer needs a stricter theory of its own role. It should defend the ledger and users against fragmentation. It should not defend every incumbent claim merely because the incumbent carries the recognized label. It should clarify the distinction between continuity of service and continuity of office.
The problem is especially acute when the incumbent has low practical liability relative to user harm. Lu Heng's writing on registry power and liability emphasizes the mismatch: RIRs can exercise high-consequence gatekeeping while standard-form agreements and institutional structures may leave users with remedies far smaller than the operational damage from a serious registry-side decision. The precise contractual details differ across RIRs, but the economic structure is common. The registry's discretion can affect continuity, transferability, status, and business value. The registry's downside can be limited, diffuse, or delayed.
In such a structure, recognition protection can become a subsidy. The franchise-like operator knows that the larger system fears fragmentation. It knows that courts and operators will be warned against destabilizing the registry. It knows that emergency substitution is difficult and politically costly. It knows that the public narrative will often treat attacks on the office as attacks on the Internet. The result is moral hazard: the office may underprice the harm it imposes because the system is designed to rescue it from the full consequences of failure.
This does not require bad intent. Moral hazard often works through ordinary incentives. A bank with deposit insurance may take more risk because depositors are protected. A company considered too important to fail may borrow cheaply and delay reform. A local franchise operator whose territory is too sensitive to close may bargain harder with the central brand system and customers. An RIR whose recognition is treated as indispensable may resist accountability because everyone else fears the consequences of real discipline.
That is why continuity must be unbundled. The continuity of users is non-negotiable. The continuity of the office is conditional.
Derecognition is both too weak and too strong
A franchise system needs a termination right. Without it, the local operator cannot be disciplined. But a termination right can also be abused by the central recognizer. The economics of derecognition in the RIR system has the same double edge.
If derecognition leverage is too weak, a failing registry becomes untouchable. It can operate poorly, delay reforms, mishandle elections, underinvest in services, overreach in policy interpretation, or impose high transaction costs, while users remain locked in because the rest of the world continues to recognize the franchise. The result is a bad equilibrium: users suffer, markets discount resources, courts struggle with partial remedies, and the recognition layer issues statements while avoiding decisive action.
If derecognition leverage is too strong, the central layer becomes dangerous. A body outside the region can threaten regional autonomy, member rights, local legal process, and bottom-up legitimacy. Even a well-intentioned central actor can become a permission authority if it can decide which regional office is recognized, when it has failed, who may replace it, and what conditions users must accept. Lu Heng's note on ICP-2 failure standards warns against exactly this problem: failure mechanisms are necessary, but decisive action must remain grounded in members and bottom-up consent rather than becoming a top-down centralizing power.
The tension cannot be solved by pretending one side is imaginary. AFRINIC shows that a registry can become impaired enough to require external concern. It also shows that external concern can itself become a source of political conflict. ICANN's 2025 and 2026 interventions may be defended as continuity protection. Critics can also see them as attempts by a global layer to shape local outcomes. Both perceptions can coexist because the institutional design is ambiguous.
The real issue is that derecognition is asked to do too much. It is treated as the ultimate remedy for failure, the threat behind compliance, the emergency path for continuity, and the signal of global legitimacy. That makes it too blunt. A credible system would separate functions: audit of service obligations, escrow of registry data, continuity triggers, limited emergency operation, user-right protection, transparent disclosure, member consultation, and eventual recognition transfer if necessary. But those are recognition-conduct principles, not a full replacement plan. The immediate point is narrower: the power to withdraw recognition must be strong enough to discipline failure and narrow enough not to become the new sovereign.
In franchise terms, the central brand system should not tolerate a local operator that endangers customers. But it also should not use termination threats to dictate every local business choice. The termination right should be tied to service failure, fraud, insolvency risk, misuse of the shared claim, or inability to meet operating standards. It should not be a general license to override local stakeholders. Applied to RIRs, recognition should attach to measurable continuity and integrity obligations, not to ideological loyalty.
This is why emergency-registry talk is so sensitive. A temporary operator that keeps whois, reverse DNS, support, and data integrity alive is a continuity tool. A temporary operator that starts remaking policy, reallocating economic rights, changing member standing, or choosing winners in disputes becomes a political actor. The narrower the emergency function, the more legitimate it is. The broader it becomes, the more it looks like the central body using crisis to occupy the territory.
The RIR system needs discipline at both ends. It must not allow an incumbent to say, in effect, "you cannot touch us because the Internet depends on us." It must not allow a central recognizer to say, in effect, "the Internet depends on us, so your regional rights are conditional on our approval." The franchise problem is that both temptations grow from the same source: global recognition is valuable because it coordinates uniqueness. Whoever controls it can convert coordination into permission.
Moral hazard in an irreplaceable franchise
The phrase "too important to fail" is usually applied to banks. It fits poorly in some respects and well in others. RIRs do not create credit in the banking sense. They do not borrow from central banks. They are not payment systems. But they share one feature with too-important institutions: their failure imposes costs on third parties who did not choose the risk.
If AFRINIC fails to perform, the harmed parties are not only AFRINIC's officers or litigants. They include ISPs, hosting companies, public agencies, content platforms, enterprise customers, banks, cloud customers, and downstream users whose services depend on stable numbering records. That externality is precisely why the recognition layer is reluctant to let the franchise fail. But once the franchise-like operator understands that reluctance, the incentive structure changes.
The moral hazard has several forms.
One is underpriced discretion. If a registry can take aggressive positions while knowing that global actors will later defend the continuity of the institution, it may not fully internalize the risk of its own discretion. AFRINIC's public disputes over deregistration, member status, election validity, and liquidation illustrate how high the stakes can become. Even when a registry believes it is protecting policy, the cost of error falls heavily on members and networks.
Another is delayed repair. A protected local operator may move slowly because the outside world fears forcing the issue. AFRINIC operated for years under governance impairment before a stable board narrative reappeared. Receivership, court oversight, election scheduling, annulment, and later reconstruction all consumed time. During that time, users bore uncertainty. Delay is not neutral. It is a tax on transactions, financing, planning, and trust.
Another is liability-light authority. If the registry's practical exposure is small relative to user harm, the office can exercise power without matching capital. Lu Heng's liability analysis frames this as a structural mismatch between consequence-heavy authority and consequence-light accountability. The franchise analogy sharpens the point. A local operator with exclusive territory, protected brand status, and locked-in customers should not be allowed to operate with obligations fit only for a low-stakes service vendor. Exclusivity should increase duties, not reduce them.
Another is narrative insurance. The office can wrap itself in the language of region, community, stewardship, and continuity. Those words may have legitimate uses. They can also obscure the simple fact that a private legal entity is exercising recognized control over records on which others rely. Lu Heng calls the inflation of narrow coordinating roles into broader authority "mandate laundering." In franchise terms, this is the local operator speaking as if it were the territory itself.
The final form is exit distortion. If users cannot move their resources or standing away from a failing registry without losing recognition, the local operator faces less market discipline. Portability would act like a safety valve. It would not solve every problem, and it may be hard to implement, but the economic principle is clear: when users can leave, service quality and accountability matter more. When users cannot leave, political and legal remedies carry more weight.
AFRINIC's case is therefore not only about AFRINIC. It is a test of whether the RIR system can admit that recognition protection creates incentives. If the answer to every crisis is to preserve the incumbent because fragmentation is worse, then each incumbent learns the same lesson: the larger system will absorb reputational and political pain to keep the franchise alive. That is a recipe for future under-discipline.
A better bargain would be stricter. The more exclusive and indispensable the franchise, the stronger the duties. Recognition should bring mandatory disclosure, service-level reporting, data escrow, independent audit, conflict controls, financial transparency, user-impact assessment, liability alignment, and narrow emergency substitution protocols. These are not bureaucratic ornaments. They are the price of being the recognized operator of a territorial uniqueness function.
Capital markets see the franchise before governance bodies do
Financial actors often understand institutional risk before governance bodies describe it clearly. A buyer of IPv4 capacity does not need a philosophy of Internet coordination to notice that two similar blocks can carry different diligence burdens. One has clean registry records, stable transfer pathways, predictable reverse DNS, no active litigation, and a recognized office whose governance is not in question. Another sits inside a region where the registry has been under receivership, elections have been annulled, ICANN has discussed compliance review, and a winding-up proceeding has raised the question of what happens to the administering entity. The second block may route just as well today. It still carries a higher institutional risk premium.
This premium appears in transaction documents. A buyer may ask for stronger representations about registry status. A lender may exclude some address-related value from borrowing base calculations. A cloud customer may demand migration fallbacks. An acquirer may require escrow, holdbacks, or indemnities. An insurer may price business-interruption exposure differently. A board may reject a migration plan that concentrates too much dependency in disputed resources. The market is not waiting for a formal theory of RIR franchise risk. It is already pricing it.
The risk is not only that AFRINIC might make a bad decision. It is that no single party can fully assure the buyer what the recognized system will do under stress. The registry may say one thing, a receiver another, a court another, ICANN another, other RIRs another, and affected members another. The value of global recognition is that it normally collapses those questions into a single reliable status. When the recognition environment itself becomes contested, the collapse fails. Diligence spreads outward.
This is why the phrase "the addresses route" is insufficient. A financier does not lend only against today's route table. It lends against expected continuity of revenue. A cloud platform does not migrate only into today's reachability. It migrates into future supportability. A government agency does not depend only on current packet flow. It depends on auditability, incident response, service continuity, and legal clarity. Registry recognition touches all of those.
AFRINIC's own policy mechanics reinforce the point. Reverse delegation may depend on registered assignments. ASNs must be publicly registered. Abuse contacts depend on database entries. Temporary assignments, anycast assignments, IXP reservations, and transfers are all mediated by policy and registry action. These are ordinary functions, but ordinary functions become credit-relevant when the institution administering them is unstable.
Capital markets also notice asymmetry. The operator has built data centers, customer relationships, software dependencies, and revenue contracts. The registry has a recognized ledger role. If the registry action creates uncertainty, the operator bears most of the operating damage. If the operator sues, the process may take years. If the recognition layer steps in, it may prioritize continuity of the franchise over the specific user. That asymmetry weakens the resource as a financeable asset, even where formal property language is avoided.
One can see why a market for continuity services, leasing structures, and upstream risk absorption emerges. Larus's public material is self-interested and should not be treated as independent proof of disputed legal claims. But it is useful as market evidence: registry recognition risk has become legible enough to be packaged as a business-continuity product.
The winding-up problem exposes the asset fiction
The most revealing part of AFRINIC's recent history may be the winding-up dispute. It forces the system to answer a question it prefers to avoid: what exactly is being preserved when a registry is preserved?
ICANN's position, as reported in May 2026, was that numbering resources allocated through AFRINIC are not AFRINIC's assets and cannot be distributed in a winding-up. That position is important. If a registry's creditors could seize and distribute number resources as corporate property, the global uniqueness system would be at risk. A registry's balance sheet should not become the ownership map of the Internet.
But the opposite proposition is not enough. If number resources are not corporate assets, that does not mean the incumbent corporation must be preserved at all costs. It means the ledger function must be separated analytically from the corporate shell. The shell has employees, contracts, bank accounts, bylaws, members or registered members under local law, officeholders, and liabilities. The ledger has records of allocations, assignments, delegations, statuses, contacts, and related services. The users have operational dependence. The recognition layer has a coordination interest. These are different interests.
Corporate insolvency law is poorly suited to this mix because it looks for assets, creditors, shareholders or members, and statutory duties. The RIR system adds a recognized public coordination function without making the registry a state agency or treaty organization. That is exactly the franchise problem. The local company carries a global service role that exceeds ordinary corporate categories, yet it remains a local legal person subject to local courts.
The Internet Governance Project's 2023 article defended receivership as evidence of private governance resilience: a court-appointed receiver could preserve organizational stability while replacing leadership, with government acting as safeguard for continuity of services. That is one plausible reading. The later record complicates it. Receivership did not end the political economy problem. It moved the problem into a legal process where elections, member classifications, powers of attorney, standing, annulment, and winding-up became central. Court involvement can preserve continuity. It can also reveal that the registry franchise has outgrown its legal container.
The phrase "not an asset" therefore needs a companion principle: not an asset of the registry, but not a discretionary weapon of the registry either. Number resources should not be distributed to creditors. They also should not be treated as a discretionary prize controlled by whoever occupies the recognized office. The correct protected interest is the continuity of valid user records and services.
This distinction matters in liquidation and in ordinary governance. If the resources are not assets, then the registry cannot claim asset-owner freedom. If users are not full owners, then they need robust continuity rights. If the recognition layer is not a sovereign, then it needs narrow authority and transparent obligations. Every actor loses a simple absolutist claim. That is healthy. The system should be built around duties, not metaphors of ownership.
AFRINIC exposes the danger of leaving this unresolved. In ordinary times, everyone can repeat familiar formulas: resources are public, registries are stewards, members participate, policy is bottom-up, recognition preserves uniqueness. In crisis, those formulas collide. Creditors ask what can be liquidated. Members ask what rights they have. Courts ask who is registered under local law. ICANN asks how to preserve global coordination. Networks ask whether their resources remain safe. A formula that satisfied conferences may not satisfy a financing committee.
The franchise approach gives a clearer answer. The local operator does not own the brand, but it owes duties because it operates under the brand. The central recognizer does not own the customers, but it owes restraint because it can affect the territory. The users do not own the entire system, but their continuity is the reason the franchise exists. When these duties conflict, continuity of users should outrank continuity of office.
Why routing does not settle recognition
Engineers are right to resist legal overstatement. The Internet routes because networks run routers and exchange reachability. A registry does not push packets. A court order does not automatically remove a BGP announcement. A disputed whois entry does not by itself stop traffic. Any analysis that treats registry status as a power switch is technically crude.
But the opposite error is just as dangerous. Because routing is decentralized, some observers infer that registry recognition is secondary. That is not how risk works. Critical infrastructure often depends on records that do not operate the machinery directly. A land registry does not build houses, but it affects collateral, sale, insurance, and litigation. A securities depository does not run the company, but it affects settlement and ownership evidence. An aircraft registry does not make the aircraft fly, but it affects financing, insurance, and permission to operate. A number registry does not forward packets, but it affects the recognized uniqueness environment around the packets.
The distinction is between operational fact and institutional status. A route announcement is an operational fact. Registry standing is institutional status. The two interact. If a resource loses standing, some networks may still route it, but counterparties may hesitate, reverse DNS may suffer, RPKI or related trust signals may become contested, transfers may be blocked, abuse and contact records may be questioned, and customers may demand remediation. The harm may be gradual rather than instant. That does not make it small.
This is why ICANN's reported language in March 2025, discussed in Lu Heng's mandate-laundering note, is economically significant. Describing AFRINIC as the entity empowered to assign addresses in its region and as attesting that a recipient is the only network in the world authorized to use them shifts the vocabulary from clerical record to recognized authority. One can defend that language as a shorthand for uniqueness. But it also shows how easily uniqueness becomes permission. If the registry is said to attest who is authorized, the registry's local decisions acquire global exclusionary meaning.
The danger is not that recognition exists. The danger is that recognition becomes confused with a general authority to decide operational legitimacy. A registry should be able to say, "according to this ledger, this resource is registered to this holder under these records." It should be much more constrained before it can say, "the world should treat this network as unauthorized." The first protects uniqueness. The second approaches permission power.
AFRINIC's disputes matter because they occurred exactly at this boundary. Deregistration claims, resource-status disputes, receivership, election legitimacy, emergency registry language, and winding-up arguments all raise the possibility that a registry or recognition layer could affect the status environment around live resources. The packets may continue, but the institutionally recognized wrapper around those packets changes.
For a financing committee, that wrapper is not decorative. It is part of the asset's risk. For a cloud migration committee, it is part of continuity. For a public-sector buyer, it is part of supply-chain assurance. For a small ISP, it may be the difference between being bankable and being considered too exposed to governance risk. The registry's product is therefore not routing. It is recognized uniqueness over time.
Recognition should discipline the franchise, not flatter it
A mature recognition system would make the franchise bargain explicit. It would not pretend that RIRs are ordinary vendors. It would not pretend they are sovereigns. It would treat them as private or nonprofit operators of a recognized territorial uniqueness function, with duties proportionate to that position.
The first duty is ledger continuity. The core records must be preserved, auditable, escrowed, reproducible, and serviceable even if the office fails. This includes allocation and assignment records, contacts, reverse delegation information, transfer-relevant records, resource-certification dependencies where applicable, and member-service data needed to keep basic functions operating. Recognition should be contingent on the ability to preserve and hand off those records under narrow emergency conditions.
The second duty is service continuity. Users should have access to ordinary registry services without being used as leverage in governance conflicts. Billing, support, record updates, reverse DNS, abuse contact publication, and routine requests should be insulated as much as possible from board disputes, election controversies, and litigation among elites. A receiver or emergency operator should be measured by whether these services continue, not by whether the incumbent narrative is protected.
The third duty is disclosure. A local operator with exclusive territory should disclose material risks: litigation that may affect service, financial distress, governance incapacity, data-integrity issues, election irregularities, conflicts of interest, delays in critical processes, and any event that could affect user continuity. Silence is not neutral when users cannot easily leave. The Register's July 2025 reporting on ICANN's frustration over lack of explanation for AFRINIC's annulled election is a warning sign. When an election is annulled after alleged voting-document problems, users need a factual account, not institutional opacity.
The fourth duty is auditability. The recognized registry should be able to show that records are intact, decisions are traceable, and emergency processes are bounded. This is not the same as giving a central body unlimited review power. Audit should protect users and the ledger, not become a political weapon.
The fifth duty is liability alignment. A local operator that administers high-consequence records should not enjoy exclusivity while externalizing most harm. Liability does not have to mean unlimited exposure for every error. It does mean the system should stop treating catastrophic user harm as a mere service inconvenience. Insurance, reserves, indemnity structures, dispute funds, independent review, and clearer remedies may all play roles. The principle is simple: power over continuity should carry responsibility for foreseeable continuity harm.
The sixth duty is user priority in emergencies. If the office fails, the first question should be how to protect existing users and the ledger. It should not be how to preserve the incumbent's prestige, board, or mythology. Emergency substitution should be narrow, temporary, and tied to service obligations. It should not be used to rewrite regional policy, settle commercial disputes, or impose central preferences.
These principles are modest compared with a full post-RIR architecture. They do not design a replacement system. They do not decide every portability question. They do not assign final authority over recognition disputes. They simply insist that franchise-like status must be priced with franchise-like duties. Exclusivity without duty is monopoly. Recognition without audit is mythology. Continuity without substitution is hostage-taking. Derecognition without restraint is centralization.
AFRINIC's lesson is not that global recognition should disappear. It is that recognition must become less sentimental and more contractual in the broad institutional sense. The recognized body should be protected only to the extent that it protects the recognized function.
The economics of permission power
Neutral uniqueness and permission power look similar from a distance. Both involve saying that one use is valid and a conflicting use is not. The difference lies in the source and scope of the decision.
Neutral uniqueness asks a narrow question: which record preserves non-duplication under agreed rules? Permission power asks a broader question: which actor deserves recognized status under the institution's judgment? The first is technical-administrative. The second is political-economic. The first should be narrow and auditable. The second is where discretion, ideology, and capture enter.
Scarcity pushes the system toward permission power. When addresses are abundant, a registry's decision to allocate a new block has limited distributive consequence. When addresses are scarce, the same decision can affect market entry, leasing revenue, acquisition value, and strategic advantage. When transfers or leasing become economically meaningful, registry policy and interpretation begin to influence who can monetize continuity and who cannot. When a registry is the only recognized regional source, its neutrality becomes harder and more important.
AFRINIC's policy manual still carries the language of need, custodianship, public resource, fairness, and regional management. That language is inherited from a world in which the registry's main problem was distribution of a technical commons. The economic environment is now different. IPv4 scarcity means that registry decisions sit near markets even when the registry denies selling resources. The registry does not need to own the resource to influence the market. It only needs to control recognized status.
This is why franchise economics is a better lens than governance procedure. A local operator with exclusive territory may not own the brand and may not own the customer's business, but it controls a chokepoint. It can delay approvals, interpret standards, report non-compliance, or trigger termination. Its power lies not in ownership but in the recognized relationship. The RIR's power is similar. It may say that resources are not property and that policy is community-made. Yet the office can still affect the recognized status of scarce inputs used by real businesses.
Permission power is especially dangerous when combined with moral language. "Stewardship" can be a duty of restraint. It can also become a claim to superior judgment. "Community" can describe participation. It can also obscure whose interests are actually represented. "Policy" can be a rule. It can also become a shield for discretionary enforcement. "Continuity" can protect users. It can also protect incumbents.
The discipline should be to force every recognition action back to the narrow question: what is necessary to preserve uniqueness and user continuity? If the action goes beyond that, it needs separate justification, member consent, legal authority, and remedy. A registry should not be able to launder broad economic control through the narrow function of uniqueness.
This is the central economic lesson of AFRINIC. The addresses routed through African networks are not merely entries in an administrative table. They are inputs into businesses, public services, and capital plans. A regional registry recognized through the IANA/global hierarchy is therefore not merely a clerk. It is the operator of a scarcity-sensitive franchise. The more scarce and embedded the resources become, the more dangerous it is to let the local operator define the limits of its own discretion.
What a safer recognition bargain would say
The conclusion should be narrow because the problem is already broad enough. AFRINIC does not require a manifesto for a fully built post-RIR world in order to teach its lesson. It requires a better recognition bargain.
The bargain would start with a simple sentence: recognition follows the ledger function and service obligations, not institutional mythology. A registry is recognized because it maintains a unique, accurate, auditable, and serviceable record for users in its region. It is not recognized because the office embodies a continent, because a board speaks for a region, or because institutional continuity is valuable in itself. The office is a means.
Second, emergency substitution should be possible but narrow. It should preserve data, ordinary services, reverse DNS, support, and user standing. It should not become a mandate to redesign regional governance, settle commercial fights, change policy preferences, or choose a permanent successor without the affected users. The narrower the emergency tool, the less it threatens autonomy.
Third, franchise-like status must carry liability, disclosure, and audit duties. If a registry wants the benefits of exclusivity and global deference, it must accept obligations that ordinary private associations do not carry. That includes risk reporting, financial transparency relevant to service continuity, independent review of material incidents, data escrow, clear conflict rules, and remedies proportionate to foreseeable harm. The system cannot keep public-like authority and private-like downside forever.
Fourth, the recognition layer must distinguish between protecting the registry and protecting users. In crisis, its first loyalty should be to continuity of valid user records and services. The incumbent office deserves support only insofar as it remains the best vehicle for that continuity. If preserving the office undermines the users, the office loses the argument.
Fifth, exit should become more credible over time. This does not require an immediate blueprint for full portability or post-RIR architecture. It does require recognition that non-exit is part of the moral hazard. A local operator that knows users cannot leave will behave differently from one that knows users have a viable safety valve. Any future reform that improves portability, mirroring, escrow, or user-directed continuity will improve discipline.
Finally, courts and governments need a clearer vocabulary. A local court hearing a winding-up application should not be forced to choose between ordinary corporate liquidation and blind deference to Internet-governance ritual. A government should not be told that a private registry is either just a company or a quasi-sovereign continental authority. The better vocabulary is franchise-like public-dependency function under private legal form. That vocabulary allows courts to protect the ledger without treating the registry as owner, and to scrutinize the office without endangering users.
AFRINIC is the hard case because it compresses every element into one file: exclusive territory, scarce resources, receivership, election crisis, ICANN intervention, emergency-registry language, a winding-up fight, and unresolved questions about whether number resources are assets, user entitlements, or recognized records. Its networks depend on the franchise even when the local operator is contested. That is the structural fact.
The lesson is not that recognition is illegitimate. Recognition is valuable because uniqueness must be coordinated. The lesson is that recognition has been underpriced. It gives the regional operator a franchise-like position while the duties attached to that position remain too soft, too implicit, and too easily confused with institutional self-preservation.
The answer is to reverse the priority. The ledger is more important than the gatekeeper. Users are more important than the office. Continuity is more important than the incumbent. Global recognition should make a registry more accountable, not more sacred. If the economics of IANA recognition are treated honestly, the RIR is not a priesthood, not a sovereign, and not an ordinary vendor. It is a franchise operator for territorial uniqueness. That franchise can be useful. It can also fail. The system's maturity will be measured by whether it can protect the function without protecting the failure.

