The closing call has reached the point at which everyone wants the transaction to become boring. The buyer is ready. The seller is ready. The broker has repeated the transfer checklist. The escrow provider is waiting for the condition that matters: confirmation that the registry will recognise the instruction. Lawyers have polished the purchase agreement. The network teams have planned the routing change. No one on the call is still debating whether the IPv4 block has value. Scarcity has settled that question.

Then the whole transaction contracts to a smaller and more expensive question: can the person signing for the resource holder actually bind it?

That question sounds like legal housekeeping. In a scarce-address market it is economic infrastructure. A buyer does not pay full value merely because a name appears in a registry record. It pays because it expects the registry, counterparties, banks, routers, auditors, customers and later buyers to accept that a recognised holder has lawfully authorised a change. A seller does not receive full value merely because it controls an email account or can answer a support ticket. It receives full value when the market believes that the person giving instructions is authorised by the legal or institutional holder, that no rival officer can later repudiate the signature, that no hidden beneficial controller or sanctioned party sits behind the instruction, that any power of attorney is genuine and narrow, and that the registry decision will not become tomorrow's dispute flag.

This is identity-verification friction. It is close to documentation burden, but it is not the same subject. Documentation burden is the cost of producing evidence: old allocation letters, merger files, corporate registry extracts, board minutes, translations, certificates and archive trails. Identity-verification friction is the control point that such evidence is meant to answer: who is recognised as able to act for the holder now? A file can be thick and still fail if the signatory cannot bind the holder. A sparse file can be workable if current authority is clear, the action is narrow and no rival claim exists. The economic hinge is not the mass of paper. It is the recognition of agency.

Nor is this an abuse-contact story. A reachable abuse mailbox is useful for complaint routing and operational contactability. It does not prove that the mailbox operator can sell a block, appoint a proxy, approve a restructuring, certify beneficial ownership, instruct a lawyer, vote in a board election or bind the member in litigation. Contactability is not authority. Archives are not authority. Authority is the scarce institutional recognition that turns an intention into a ledger entry, a vote, a transfer, a financing condition or a legal defence.

AFRINIC makes the issue unusually visible because its recent public history has repeatedly turned on authority rather than merely information. Public records and reporting have described alleged historical address-record corruption, litigation over large IPv4 holdings, bank-account restraints, receivership, years without normal board continuity, an annulled 2025 election after disputes over powers of attorney and voter documentation, and later board formation still shadowed by legitimacy questions. Those episodes should not be read as official framing for what the registry ought to do. They are factual exhibits showing where value, fraud control, representation and institutional continuity collide.

The difficulty is that good verification is both indispensable and dangerous. Without it, stolen blocks, revived shell companies, forged mandates, captured accounts and fraudulent proxies become easier. With too much discretion, legitimate mergers, restructurings, transfers, account recoveries, sanctions reviews and small-operator succession plans can be frozen by uncertainty. The same check that protects the ledger can become a hidden option held by the registry over other people's capital. In an IPv4 economy that option has a price: delayed closings, discounted blocks, extra indemnities, failed financings, governance disputes and a risk premium attached to resources administered by an institution whose authority checks are opaque.

The proper question is therefore not whether AFRINIC should verify identity and authority. It should. The question is how narrowly it should do so, how quickly, how transparently, with what status categories, with what appeal rights, and with what separation between ledger protection and institutional gatekeeping.

Scarcity made the signature a settlement instrument

IPv4 scarcity changed the meaning of registry recognition. When addresses were treated mainly as administrative inputs issued through need-based policy, a signature on a registry request could look like paperwork. When IPv4 became scarce, leased, financed, traded, litigated and embedded in customer contracts, the signature became a settlement instrument. It is the small act that turns operational use into recognised control, recognised control into transferability, and transferability into balance-sheet value.

That transformation is easy to miss because the registry database still looks technical. It lists organisations, contacts, number resources and related records. But the market reads that database as a coordination ledger. Buyers ask whether the listed holder can transfer. Banks ask whether the borrower can keep using addresses that support revenue. Brokers ask whether a transaction can close without a rival claim. Operators ask whether reverse DNS, routing-security material and public registration data will remain stable. Courts ask who is before them when a dispute arises. The registry record is not a land deed, but it performs a similar economic function: it tells strangers whose instructions the coordination system will honour.

That is why identity verification has option value. A registry that can decide whether a signer is authorised can decide whether a transaction closes today, closes later, closes at a discount or fails. It can decide whether a merger cleanup is routine or suspended. It can decide whether account recovery restores continuity or opens a broader investigation. It can decide whether a member vote is counted or rejected. It can decide whether a power of attorney is evidence of representation or evidence of attempted capture. This power is necessary because the registry must not record forged control. It is dangerous because it sits at the exact point where scarce resources become liquid.

In ordinary markets, signature authority is distributed across several institutions. Company registries record directors. Banks maintain mandates. Notaries certify documents. Courts resolve disputes. Escrow providers hold funds. Buyers and sellers allocate risk by contract. A regional internet registry is not designed to replace all of these institutions. Yet in practice it becomes the last mile of recognition. A company may have a signed contract, a bank may be ready to move funds and lawyers may have issued opinions, but the address block does not move in the public number-resource ledger until the registry accepts that the right person has asked for the right change.

The friction is therefore built into the asset. IPv4 can keep routing without a fresh signature, but it cannot be cleanly sold, regularised, financed, reorganised or defended in the market without recognised authority. The more valuable the resource, the more counterparties care about the signature. The more counterparties care, the more registry verification becomes part of the price. A block administered by a registry whose authority decisions are fast, precise and reviewable is worth more than an otherwise similar block whose transfer path is unclear.

AFRINIC's public history sharpens this dynamic. Reporting on alleged address-record corruption around 2019 described dormant or defunct African address blocks being commandeered or commercialised through companies linked to a former insider, with asserted market value above $50m. That episode did not make every old allocation suspect. It did show that weak authority controls around scarce addresses can be monetised. Once that lesson is visible, every later transaction carries a question: is this signer the holder's authorised representative, or merely the person who found the loose end?

The answer cannot be "trust the email account". Email control is useful evidence, especially for routine operational continuity, but it is not corporate authority. Nor can the answer be "trust the oldest contact object". Historical contacts may have retired, died, changed employer, become hostile, lost credentials or represented a predecessor rather than the current holder. Nor can the answer be "trust whoever appears with a power of attorney". A power of attorney is only as good as the authority of the person who granted it, the scope of the power, its authenticity, its currency and its revocability.

An asset-grade registry must distinguish these facts rather than treating them as one compliance blob. The signer, the login holder, the technical contact, the abuse desk, the billing contact, the legal representative, the shareholder, the director, the broker and the power-of-attorney delegate may all be different people. Sometimes one founder fills every role. Sometimes a multinational group divides them across legal, technical and treasury teams. The economics are the same in either case: value moves only when the market trusts the registry's answer to the authority question.

That answer must also be modest. Verification should not become a referendum on whether IPv4 markets are morally attractive, whether leasing is elegant, whether a holder's business model is politically popular or whether the registry would have allocated the resource differently years ago. Those may be policy debates. Identity verification has a narrower job: for this action, who can bind the holder, what evidence proves that capacity, what legal bar applies if any, and what unrelated services continue while the question is answered?

The holder is not the login

The most common institutional error is to confuse account control with holder authority. A person who can log into a portal may be able to submit a request. That does not mean the person can bind the resource holder. A person who receives registry mail may be able to answer a ticket. That does not mean the person can sell a block, appoint a governance proxy, approve a merger update or certify ownership. A person who has long handled technical matters may know the network better than anyone else. That does not mean the person has corporate authority after a shareholder dispute, a founder's death or a change in management.

This distinction matters because internet-number records often outlive the administrative arrangements that created them. A small ISP may have requested resources through a founder's personal email. A university may have used an engineer who later moved to another institution. A public agency may have been reorganised into a ministry, regulator or state company with different signing rules. A family business may have passed through inheritance or share transfers. A multinational may have centralised network operations while leaving legal title in local subsidiaries. A bankrupt operator may still have customers using addresses while creditors dispute control. In each case, the login trail and the authority trail can diverge.

If the registry accepts login as authority, it invites theft. A captured mailbox, a compromised staff account or a former employee with lingering credentials can move a valuable resource or change account representation. The market then learns that registry recognition is not secure. Buyers demand more diligence. Sellers with clean authority suffer because the whole region is discounted. Fraud prevention is a public good in this setting, not a private favour to the registry.

If the registry rejects the login until perfect corporate proof is supplied, it can freeze legitimate action. A holder may need to replace an obsolete account owner because the named person left years ago. A bank may require a registry-recognised officer before financing can close. A merger may need records updated quickly to preserve customer contracts. A new management team may need to regain account control after a founder's death. If the registry treats every gap as suspicion and gives no narrow cure path, the holder's resource becomes less useful even though no fraud exists.

The correct design starts with roles. A registry account should distinguish the legal holder, the authorised representative for ordinary account actions, the technical contact, the abuse contact, the billing contact, the transfer signatory, the governance voter, the power-of-attorney delegate, the beneficial-control disclosure contact and any external professional representative such as counsel or broker. In a small operator the same person may fill several roles. In a larger organisation the roles may be divided. The important point is that the role defines the authority, and the authority defines the permissible action.

Role separation reduces both fraud and friction. A network engineer should be able to maintain technical records or reverse-DNS details without proving board authority for every minor update. A billing contact should be able to resolve invoices without being treated as a transfer signatory. A legal representative should be able to submit a merger file without becoming the operational abuse desk. A governance proxy should be specific to a meeting or election, not a general licence to alter resources. A broker should be able to assist a transfer without being mistaken for the holder. Each role should have a defined proof requirement and a defined consequence if the proof fails.

This is not bureaucratic neatness. It is economic infrastructure. Role clarity lets a buyer know whether the seller's signatory can close. It lets a bank know whether the company representative can bind the borrower. It lets the holder preserve routine maintenance while a high-value transfer is under authority review. It lets the registry freeze one action without freezing the whole account. It lets courts and counterparties see what is actually disputed.

The most expensive registry status is the undifferentiated hold. If an account is simply "under review", nobody knows what that means. Is there a forged document? A sanctions match? A missing director certificate? A fee problem? A rival claimant? A compromised account? A court order? A disputed beneficial owner? A stale contact? Each issue carries different risk and should have different effects. Treating them as one status turns verification into an all-purpose veto.

AFRINIC has stronger reasons than most registries to avoid that error. In a recovering institution, trust is already scarce. If account-control issues are classified precisely, members can correct them and counterparties can price them. If they are blurred, members will assume the worst. A registry that has lived through litigation, receivership and election controversy cannot afford a verification process that looks like another discretionary channel.

The holder-login distinction also marks the boundary with abuse-contact policy. An abuse contact is supposed to make the network reachable for complaints and operational remediation. It is a contactability function. It does not settle who owns the company, who may grant a power of attorney, who may sign a transfer, who may answer a sanctions inquiry or who may vote. A registry that treats reachability as authority will make fraud easier. A registry that treats every authority question as an abuse-contact problem will make operations needlessly hard. The two systems should talk to each other, but they should not be collapsed.

Delegation: powers of attorney and authorised representatives

The 2025 election controversy matters to the transfer market because it exposed the same authority problem in a governance setting. Public reporting described a receiver-led election process after AFRINIC had lacked normal board continuity. The June 2025 vote was suspended and annulled after concerns about powers of attorney and voter documentation. Reports described authorised representatives arriving to vote only to discover that votes had allegedly been submitted on their behalf through powers of attorney they said they had not provided. Other accounts referred to attempted aggregation of powers over many members. Not every allegation was publicly adjudicated, and the factual record should not be stretched beyond what is known. But the economic lesson is plain.

A membership organisation could not rely on the mere existence of a document purporting to authorise representation. The system needed to know whether the grantor was the right member, whether the person granting authority was authorised inside that member, whether the power was genuine, whether it was current, whether it had been revoked, whether it applied to that election, whether the member had an opportunity to confirm or contest it, and whether another channel had already recorded the member's vote.

Those are also transfer questions. A buyer may receive a power of attorney from a seller's representative. A broker may present a board resolution. A lawyer may provide a notarised mandate. A bank may ask for beneficial ownership and sanctions certifications. The registry may see the same documents and still need to decide whether the person before it can bind the resource holder. If an election system can be stressed by proxy aggregation, the resource-transfer system can be stressed by transaction aggregation. Scarce assets attract specialists who know where authority records are weak.

Delegation is not inherently suspect. It is often necessary. AFRINIC's service region is broad. Resource holders may be unable to attend meetings, manage registry interactions in person or maintain specialised legal capacity. Cross-border transactions require lawyers, brokers, corporate secretaries, technical representatives and escrow providers. A power of attorney can be efficient when it is specific, authenticated and revocable. The danger arises when delegation becomes opaque, reusable, aggregated and detached from confirmation by the holder whose authority is supposedly being exercised.

A sound authority regime would make powers of attorney narrow by default. A power for a board election should not imply power to sell resources. A power to submit transfer documents should not imply power to vote. A power to receive registry correspondence should not imply power to change the legal holder. A power given for one transaction should expire after that transaction. A power should identify the grantor, the internal authority of the grantor, the representative, the permitted acts, the affected resources or meeting, the date, the expiry, the revocation method and the independent confirmation channel.

The registry should also give the member or holder a receipt. If a vote is lodged in a member's name, the member should be able to see it before the result becomes irrevocable. If a transfer instruction is submitted, the legal holder should receive notice through independent verified channels. If a power of attorney is accepted, the holder should know which document was accepted and for what purpose. This does not require publishing private documents to the world. It requires making authority visible to the party whose authority is being used.

The receipt principle reduces both fraud and friction. Fraud becomes harder because an unauthorised delegate risks detection. Legitimate delegates move faster because the registry does not need to treat every proxy as a mystery. Members gain confidence that votes or resources are not being used without consent. Buyers gain confidence that a closing will not later be attacked by an officer who says the seller never authorised the representative. Banks gain a cleaner record for escrow release. Courts gain a clearer trail if something goes wrong.

Aggregation deserves special attention. A representative claiming authority over many members, many votes or many resources is not just a paperwork event. It changes incentives. It creates a concentrated control position in a system whose legitimacy depends on distributed member consent. The right response is not to ban delegation. It is to raise the assurance level: direct confirmation with each grantor, narrow scope, clear expiry, auditable revocation, conflict checks and aggregate reporting after the event.

AFRINIC's election experience also shows the cost of silence. After an authority shock, lack of public explanation magnifies the discount. If an institution cannot say how many authorisations were challenged, what categories of defect existed, what rule allowed aggregation, what checks were performed and how the next process will differ, the market fills the gap with suspicion. The same holds for transfers. Confidentiality may protect private documents, but it need not prevent classification. "Power of attorney rejected because grantor authority was not verified" is different from "document appears forged", which is different from "authorisation expired", which is different from "rival claimant under court dispute".

Classification turns a political crisis into a curable record problem. That is the most valuable service an authority process can provide. It narrows the dispute to the fact that matters. It prevents one defective document from contaminating every action by the holder. It keeps legitimate delegation usable while making fraudulent delegation riskier. It also makes the registry less tempting to capture, because the rules by which representation is accepted are visible and contestable.

Beneficial ownership, sanctions and corporate restructuring

Beneficial ownership is one of the most sensitive areas of identity verification and one of the easiest to misuse. In a transfer, financing or account recovery, counterparties may need to know who ultimately controls the holder. Banks need this for anti-money-laundering and sanctions purposes. Buyers need it to avoid undisclosed control risks. A registry may need it where legal obligations, fraud indicators or ownership-control rules are genuinely implicated. But beneficial ownership is not a general licence for a registry to inspect every commercial motive, customer relationship or internal investment decision.

The economic boundary is control over the instruction. Who can direct the holder? Who benefits from the transaction? Is a sanctioned or legally restricted party exercising control? Is a nominee hiding a prohibited controller? Is an apparent signatory acting for a shareholder who lacks authority? These questions can matter. But they should be tied to defined triggers and defined actions. Routine maintenance by a stable holder should not become a standing invitation to demand full ownership charts. A transfer, account recovery after compromise, contradictory authority claim, sanctions match, court order, insolvency or high-risk proxy arrangement may justify more.

Beneficial ownership also has a time dimension. A company may be legally the same resource holder but have changed shareholders. A bank may care because sanctions or control rules look through formal ownership. A buyer may care because the seller's warranty depends on who controls the company. A registry may care if a policy rule or court order turns on control. Yet ordinary shareholder changes should not necessarily impair existing resource recognition. Otherwise every private investment, family succession, management buyout or restructuring becomes a registry approval event.

Sanctions exposure reinforces the need for categories. A possible sanctions match is not the same as a confirmed legal prohibition. Common names, indirect ownership, minority interests, government-linked companies, holding structures and cross-border groups can produce ambiguity. Banks understand this; they use status language. Registry verification should do the same. "Possible match under review; no transfer until cleared; maintenance preserved" is different from "confirmed prohibited party; legally restricted action". A possible match should not silently degrade reverse DNS, routing-security material or ordinary contact maintenance. Legal risk should be isolated to the action it actually affects.

The same logic applies to banks and escrow providers. IPv4 transactions can involve large payments, offshore companies, multinational groups, old records and counterparties from jurisdictions that banks treat as higher risk. A correspondent bank may hold funds while asking for ownership documents. An escrow provider may require confirmation that the registry will process the transfer. A buyer may refuse to release funds until the registry acknowledges the signatory. A seller may not want to surrender control until payment certainty exists. The closing call becomes a choreography of verification.

Registry delay is costly in that choreography. Compliance approvals expire. Exchange rates move. Credit committees meet on schedules. A buyer's network project may have a deployment window. A seller may need funds for debt repayment, equipment purchases or restructuring. If identity verification produces an indefinite hold, the transaction does not merely wait. It decays. Parties renegotiate price, demand extra indemnities or walk away.

This is how verification friction becomes an invisible option. The registry does not have to forbid the transaction. It merely has to control the unresolved status. A pending authority review gives the buyer leverage to reprice. It gives the bank reason to ask more questions. It gives a rival claimant time to intervene. It gives the seller less certainty over liquidity. If the registry uses that status narrowly, the cost is justified by fraud prevention. If it uses the status broadly or unclearly, it becomes a private tax on asset mobility.

Corporate restructuring adds another layer. It is often discussed as a documentation problem: which merger certificate, asset-purchase agreement, corporate extract or board resolution proves continuity? That evidence matters. But the distinctive identity-verification issue is more direct. After the restructuring, who can bind the holder? A local ISP may be acquired by a larger operator. Customers, equipment, staff and network operations may move. The address block may keep routing. Months later the buyer may want the registry record updated or may want to sell part of an unused holding. The registry must decide whether the buyer, the old seller, the acquired legal entity, a surviving subsidiary, an administrator, a liquidator or another officer can give the instruction.

The market does not need the registry to judge the merger's commercial wisdom. It needs the registry to determine whether the authority chain is good enough for the ledger action. If the old company survived as a subsidiary, the subsidiary's authorised signatory may still need to sign. If the company merged out of existence, the successor's officer may need to prove succession. If the asset sale did not mention number resources, the buyer may need supplementary evidence that the network and associated registry relationship were included. If creditors are involved, the registry may need confirmation that the seller was allowed to dispose of resource-related rights. Each case differs, but the target fact is consistent: who may act for the recognised holder or lawful successor?

This target fact should be separated from archive completeness. An old agreement may be badly drafted while business continuity is real. A polished board resolution may be signed by someone who had no authority. A registry file may contain twenty years of history and still fail at the current-signatory step. Conversely, a sparse historical file may support a narrow authority conclusion if current legal continuity is clear and no rival claim exists. The registry should not reward paper volume over authority quality.

A proportionate system would classify restructuring cases by authority risk. A same-entity name change is low risk if company-registry evidence is clear. A merger between two active members with matching officers may be moderate risk. A claim by a buyer of assets from a dissolved entity is higher risk. A request from a former employee of an abandoned company is high risk. A case with rival claimants or forged-looking documents is severe. Each tier should have different evidence expectations, service effects and appeal routes.

The safeguard is continuity during review. If a restructuring file is incomplete, the registry may pause the transfer or holder change. It should not casually impair the existing operational state. Customers should not lose reverse-DNS continuity because an acquisition document needs clarification. A resource should not become unusable because a board certificate is missing. A transfer can wait while live network maintenance continues under the last verified role. That is the difference between verification and punishment.

Transfers are settlement systems, not morality plays

A transfer closing is the cleanest place to see the boundary between ledger and gatekeeper. The registry's legitimate questions are precise. Is the source holder recognised? Is the destination eligible to be recorded? Are the signatories authorised? Is the resource subject to a dispute, court order, sanctions prohibition, fraud report or policy condition that specifically affects transfer? Are required fees and forms complete? Are inter-regional registry steps, if any, coordinated? If those questions are answered, the registry's role should be to record the change and preserve the public ledger.

The registry's role should not be to decide whether the seller is morally right to monetise IPv4, whether the buyer's business model is sufficiently pleasing, whether leasing is aesthetically attractive, whether shareholders have made enough use of the block, or whether address scarcity should be solved by administrative disapproval of market behaviour. Those debates may exist in policy forums, contracts or courts. They should not be smuggled into identity verification.

The difference matters because identity checks can become the least visible route to gatekeeping. A registry can delay a transfer by asking for more evidence of authority. Some requests will be legitimate. Others may test business purpose, geography, customer profile or political acceptability under the cover of due diligence. The member experiences both as "verification". The market sees a process that cannot be priced because the reason for the hold is unclear.

AFRINIC's public disputes make the risk concrete. Outside analysis of the Cloud Innovation conflict described review of usage, countries of service and consistency between stated need and actual utilisation. It also described threats to terminate or reclaim resources. Those issues are not the same as whether a signer can bind a holder. When the registry asks for authority evidence, it protects the ledger. When it asks whether a holder's business evolution should be re-approved, it moves toward central planning of a scarce input. Combining the questions makes every transfer a policy referendum.

The market response is predictable. Parties avoid clean registry updates and rely on private arrangements. Holders lease instead of transferring because transfer review is too uncertain. Buyers demand discounts for resources whose registry path is unpredictable. Brokers gain power because they know how to navigate an opaque process. Small operators with legitimate holdings hesitate to monetise them because one failed verification could invite broader scrutiny. The registry then sees less transparency and more informal control, which increases fraud risk. Overbroad gatekeeping can therefore produce the opacity it was meant to prevent.

This does not mean transfers should be rubber-stamped. A forged signature should stop the transaction. A seller whose officer lacks authority should not be able to close. A court order should be obeyed within its scope. A sanctioned party should not be allowed to use the registry process unlawfully. A compromised account should be locked for the affected actions. A rival claimant should trigger a dispute status. These are strong controls. Their strength comes from being specific.

Specificity also protects honest counterparties. A buyer that learns "the seller's power of attorney is expired" can ask for a new one. A seller that learns "the buyer's beneficial ownership declaration is incomplete" can decide whether to wait. A bank that learns "registry transfer approval is pending only final confirmation from the source holder through an independent channel" can hold funds with more confidence. A court that sees "resource disputed; last verified operational state preserved; transfer blocked pending order" can supervise without guessing.

The settlement analogy is useful. A securities clearing system verifies signatures, account authority, custody and legal restrictions. It does not normally decide whether the seller should have bought the stock years earlier. A land registry records transfers and flags disputes. It does not rewrite the local housing market because it dislikes prices. An IPv4 registry is not identical to these institutions, but the economic discipline is similar: settlement infrastructure should be conservative about authenticity and modest about policy ambition.

In a scarce-address economy, the registry can either make transfers safer or make itself the price-setting bottleneck. Safer transfers require narrow verification, predictable roles, independent confirmation and appealable status. Bottleneck power requires ambiguity. AFRINIC's long-term credibility depends on choosing the former. That choice is not a concession to speculators. It is a way to make the ledger harder to steal and easier to trust.

Small operators pay the highest authority tax

Authority checks fall unevenly across the market. A global carrier has directors, lawyers, corporate secretaries, compliance staff, identity-management systems, board templates, ownership records and multiple officers who can sign. A small access provider may have a founder, a bookkeeper, a technical lead and an outside lawyer who sees registry matters once in a decade. A rule that appears equal in policy text can be regressive in effect because the capacity to prove authority is not evenly distributed.

This is not simply documentation burden, though the two overlap. The question is not how many old files the operator can produce. It is how easily the operator can put a recognised human being in front of the registry with power to act. In a small operator, the founder may have moved abroad, died, split from a co-owner, lost access to the original email, or remained the only person known to the registry despite years of staff changes. The company may be real, the network may be running, fees may be paid and customers may be served, yet the authority path may be fragile.

When such an operator needs to transact, the cost is immediate. A transfer buyer will not accept "we think the founder can sign". A bank will not accept a portal login as corporate authority. A broker will ask who can provide warranties. The registry will ask for a recognised representative. If the answer takes months, the operator loses liquidity. If the answer requires expensive local legal work disproportionate to the size of the block, the operator loses value. If the registry cannot distinguish account recovery from suspicious control change, the operator may avoid updating records at all.

The paradox is that small operators may have the most to gain from legitimate liquidity. A modest IPv4 holding can finance equipment, reduce debt, support expansion or keep customers online during restructuring. It can also attract predatory buyers if the holder's authority file is weak. A buyer that discovers a signatory problem may demand a discount or insist on controlling the cure process. The holder's lack of authority infrastructure becomes bargaining weakness.

Verification standards should not be lowered for small operators. Lower standards would create a fraud channel precisely where records may already be weak. The better answer is role-based continuity. A small operator should be able to appoint more than one verified representative before crisis. It should be able to maintain a succession contact. It should be able to update officer records through a low-risk process. It should receive periodic reminders to confirm who can bind the holder. It should be able to distinguish technical, billing, governance and transfer roles. It should be able to pre-clear authority for a future transaction without triggering a broad resource review.

The registry can also publish small-operator playbooks. For a founder-led company, what evidence normally proves that a new managing director can act? For a family succession, what court or corporate documents are usually relevant? For a merger into a larger operator, what sign-off is needed from the surviving entity? For a public-sector reorganisation, what government instrument or gazette notice is acceptable? For an account compromise, what channel should be used to regain control? The registry need not provide legal advice. It can define the facts it needs.

This reduces friction because parties can prepare authority before money is on the table. The cheapest identity verification is the one completed before a closing call. If the seller has already verified its transfer signatory, the buyer prices less risk. If the holder has already recorded a backup officer, account recovery is easier. If the registry already knows which role can vote, elections are less vulnerable to proxy surprises. If beneficial-control review is triggered only by defined events, ordinary account maintenance remains cheap.

Small-operator incidence should also shape remedies. If a small holder fails to update an authorised representative, the remedy should begin with notice and assistance. If the failure affects only transfer authority, routine maintenance should continue. If the holder cannot prove authority for a sale, the sale should wait; the network should not be punished. If the holder is genuinely abandoned, fraudulent or captured, stronger measures may be needed. The point is to distinguish incapacity from bad faith.

This distinction is economically important because a registry that prices small operators out of clean authority will not make the market safer. It will make it more informal. Operators will rely on side letters, private routing arrangements, unrecorded leases and brokers who claim to know the process. That is worse for the ledger. A narrow, accessible authority-verification system brings more actors into the clean record.

Governance legitimacy is an authority problem too

Identity verification in transfers cannot be isolated from identity verification in governance. A registry that asks members to prove who may act for them must also prove that its own decision-makers are authorised, constrained and reviewable. Otherwise verification becomes asymmetric: members must show authority in detail, while the institution exercises authority through contested or opaque structures.

AFRINIC's receivership period illustrates the issue. Receivership can preserve an institution while governance is repaired. It can keep services running, protect assets, arrange elections and provide a lawful bridge when a board is missing. But receivership does not automatically restore all legitimacy. It raises its own authority questions: which actions are ordinary preservation, which are structural changes, which require member approval, which require court approval, and which should wait for a board whose election is not disputed?

For identity verification, the receiver-era lesson is direct. If an institution is under court-supervised repair, high-consequence member decisions should be especially bounded. A transfer hold, account lock, power-of-attorney rejection or beneficial-ownership demand should state the authority for the request and the effect of non-compliance. Members should not be asked to accept indefinite discretionary verification while the registry's own governance chain is difficult to inspect.

The June 2025 election controversy made the problem sharper. If powers of attorney and authorised representatives were controversial enough to annul an election, then the registry's ordinary authority records deserve careful reconstruction. Who is the authorised representative of each resource member? How is that representation confirmed? Can a member revoke a proxy? Can it see whether a vote or instruction has been lodged? Are online and in-person rules aligned? Are aggregation limits clear? Is there an audit trail? These are not merely electoral-design questions. They are the same questions that determine account control and transfer authority.

The later board formation may have allowed AFRINIC to resume normal governance functions, but formal seating is not the same as undiscounted legitimacy. If public controversy persists around the process that produced a board, every economically consequential decision made by that board carries a risk premium: transfer policy, verification standards, resource review, bylaw changes, account-status rules and litigation strategy. The board may be lawful and still face a market discount if members cannot predict how authority will be exercised.

The healthiest board would reduce the value of controlling the board. It would do that by narrowing discretion, publishing authority rules, protecting appeal rights, separating routine ledger maintenance from political choices, and making member representation verifiable. A board that turns verification into a stronger control lever increases the value of capturing board seats. A board that turns verification into predictable infrastructure lowers that value.

This is an institutional-economics point. When governance power over scarce assets is high, actors invest in capturing governance. When the ledger function is narrow and constrained, the prize is smaller. AFRINIC's election conflicts cannot be solved solely by better ballot mechanics if the board remains a gateway to asset control. The incentive to fight over the board will remain as long as board-controlled policy can confine, delay or devalue member resources through discretionary verification and enforcement.

External oversight does not solve the asymmetry. Courts can decide legal disputes and appoint receivers. Coordination bodies can express concern about registry continuity. Governments can worry about digital strategy. None of them replaces the need for verifiable member authority and constrained registry authority. If external actors push too hard, members may view local consent as bypassed. If they stay silent, institutional failure may spread. The stable path is not more grand authority. It is narrower, auditable authority at the exact points where assets and votes move.

AFRINIC's identity-verification rules should therefore be designed for stress, not for normal days. They should assume that a future board may be contested, that a member may be in litigation, that a power of attorney may be challenged, that a bank may demand proof, that a sanctions screen may produce a false positive, that a founder may disappear, that a portal account may be compromised, and that a court may ask what the registry did. Rules that work only when everyone trusts everyone are not rules for a scarce-address registry.

Appealable status is cheaper than discretionary silence

The most important reform is not a longer document list. It is appealable status. A holder, buyer, broker, bank or court should be able to understand what the registry believes the authority problem is, what action is affected, what evidence can cure it, what services continue, what deadline applies and what review path exists.

Appealable status begins with categories. "Verified" should mean the holder and relevant roles are confirmed for specified actions. "Routine authority pending" should mean a low-risk role update is under review. "Transfer authority pending" should mean the transfer cannot close until a specified signatory issue is resolved, but maintenance continues. "Power of attorney questioned" should identify whether the concern is authenticity, scope, grantor authority, expiry or revocation. "Beneficial ownership review pending" should identify whether the issue is ordinary due diligence, sanctions screening, nominee concern or contradictory control evidence. "Account compromise suspected" should freeze vulnerable actions while preserving safe communications. "Rival claim asserted" should isolate the disputed resource or action. "Court-restrained" should identify the order's scope as far as legally possible. "Rejected" should state the reason and route to appeal.

These categories protect the registry as well as members. Staff can make conservative decisions without turning every case into existential conflict. A rejected transfer can be explained as a missing authority link rather than hostility to a business model. A court can see that the registry preserved the last verified state rather than taking sides prematurely. Members can correct files instead of escalating politically. Fraudsters face clearer barriers.

Status should be action-specific. A transfer can be blocked while abuse-contact updates continue. A governance proxy can be rejected while billing remains normal. An account can be in recovery while reverse DNS and routing-security services remain stable. A beneficial-ownership review can pause a sale without impairing the holder's ability to serve customers. This action-specific design prevents verification from becoming collateral damage.

Status should also be durable. Once a holder verifies a transfer signatory, that verification should last for a defined period or until a change trigger occurs. Once a power-of-attorney format is accepted for a transaction type, similar future transactions should not start from total uncertainty. Once a small operator completes account recovery, it should not be forced to repeat the same proof for every routine action. Durable verification reduces cost without weakening control.

Appeal must be real enough to discipline mistakes. Not every case needs a courtroom. A first review can be internal but separate from the original staff decision. Higher-risk cases can go to an independent reviewer, panel, arbitrator or court depending on the legal framework. The review should examine whether the requested evidence maps to the stated authority fact, whether the action-specific hold is proportionate, whether the holder received notice, and whether continuity was preserved. The aim is not to make every transfer litigable. It is to keep registry discretion from becoming unreviewable.

Confidentiality can coexist with status. Private documents, shareholder data, identity documents, bank details and legal opinions should not be exposed unnecessarily. But the category of decision can be disclosed to affected parties and, in aggregate, to the community. AFRINIC could publish statistics on authority verifications, power-of-attorney rejections, account recoveries, transfer holds, average review times, appeals and fraud escalations. Aggregate reporting would show whether the system is reducing risk or creating bottlenecks.

The reporting should avoid triumphal enforcement language. The objective is not to show how many members were disciplined. It is to show that the ledger is more reliable and transactions are more predictable. A good authority system has fewer surprises, not more punishments.

AFRINIC's recovery story would be more credible if identity-verification status became boring. Boring means a holder knows what role is missing. A buyer knows what closing condition remains. A bank knows whether the problem is sanctions, authority or court restraint. A member knows whether its vote has been lodged. A court knows what the registry preserved. In a scarce-address economy, boring is valuable.

A narrow ledger architecture for authority

The deepest boundary is conceptual. A registry should verify capacity to act. It should not confer virtue on the actor. Capacity means the legal or institutional ability to bind the holder for a defined action. Virtue means the registry's judgement that the holder's broader business, politics, customers, geography or market behaviour deserves approval. The first belongs in identity verification. The second is where gatekeeping begins.

The boundary can be tested through examples. A seller with a clean board resolution and no dispute may be authorised to sell even if some community participants dislike IPv4 commercialisation. A buyer may be eligible to receive a transfer even if it plans to lease addresses, provided the applicable rules do not specifically and lawfully prohibit the transaction. A company may have changed shareholders without losing authority to maintain existing resources. A power of attorney may be valid for a single transfer even if the representative is controversial. A holder under ordinary sanctions screening may continue routine maintenance while the specific transaction is paused. A member may be allowed to vote through a verified proxy without giving that proxy any resource-control authority.

Each example separates authority from approval. The registry's ledger role is to know who can act, whether the action is within defined rules and whether a specific legal bar exists. It is not to use the identity checkpoint to reshape the market. If the rules need changing, that should happen through transparent policy and legal processes, not through case-by-case verification pressure.

This boundary improves fraud control. Fraud hides in ambiguity. If the registry asks for everything, honest members resist, staff drown in irrelevant files and real red flags are harder to see. If the registry asks for the fact that matters, anomalies stand out. A forged power of attorney, a director without authority, a nominee hiding a prohibited controller, a portal account controlled by a former employee, or a rival claimant can be identified more clearly when the review is targeted.

The boundary should be embedded in process language. Every identity-verification request should answer five questions. What action is being requested? What role is required for that action? What fact about identity or authority is uncertain? What evidence can prove it? What happens to unrelated services while the fact is checked? If staff cannot answer those questions, the request is probably too broad.

A workable authority architecture follows from that discipline. First, every account should have a verified legal holder identity and a current authority map. The map should identify who can perform routine account maintenance, who can sign transfers, who can appoint governance proxies, who can update billing, who can handle technical records, who can submit beneficial-ownership information, and who can instruct external representatives. The registry should permit overlaps but record them explicitly.

Second, high-consequence actions should require independent confirmation through more than one channel. A transfer request should notify the legal holder's verified channel, the transfer signatory and any recorded secondary officer. A governance proxy should be visible to the member before voting closes. A change of authorised representative should be confirmed through existing verified contacts unless account compromise or succession requires an alternative recovery process. Independent confirmation prevents one captured channel from controlling the whole account.

Third, powers of attorney should be transaction-specific by default. They should identify the resource, election, meeting or action. They should expire. They should be revocable. They should be confirmed with the grantor through a verified channel. Bulk powers covering many members or many actions should receive heightened review, not because delegation is wrong, but because aggregation changes the risk. A single representative claiming authority over a large share of members or resources is a market and governance event.

Fourth, beneficial-ownership review should be trigger-based and proportionate. Routine maintenance should not require full ownership disclosure unless a specific risk trigger exists. Transfers, account recovery, sanctions matches, court disputes, insolvency and high-risk proxy arrangements may justify more. Even then, the request should identify the control fact being examined and the action affected.

Fifth, account recovery should be treated as continuity protection, not suspicion by default. If a holder loses access because a founder left or a mailbox died, the registry should provide a structured path using corporate filings, officer certifications, payment history, technical continuity, court or notarial evidence where appropriate, and notices to old contacts. During recovery, the registry should preserve the last verified operational state and block only vulnerable changes. Recovery should not automatically trigger a broad resource-use audit.

Sixth, transfer verification should be separated from policy enforcement. The transfer desk should verify holder authority, recipient eligibility, resource status, legal restrictions and required procedural steps. If a separate policy issue exists, it should be named separately with its own authority, facts and remedies. Hidden policy review inside identity verification undermines settlement confidence.

Seventh, every adverse authority decision should be reasoned and appealable. The explanation can be concise: grantor authority not proved; document authenticity questioned; power expired; signatory not authorised for transfer; beneficial-control information incomplete; court order prevents action; rival claim requires dispute process; account compromise suspected. The holder should know the cure path. Appeals should have deadlines and preservation rules.

Eighth, governance authority should use the same discipline. Member registers, voting roles, proxies, receipts, revocations and post-election assurance reports should be treated as ledger functions. A registry that demands clean authority from members must show clean authority in its own voting system. Board legitimacy and transfer certainty are not separate worlds when both turn on who may act for whom.

Finally, the architecture should contain a preservation presumption. Unless law, court order, proven fraud, duplicate claim, security compromise or abandonment requires otherwise, the last verified operational state should remain stable while authority is reviewed. Transfers may pause. Votes may be held for review. New high-risk changes may be blocked. But ordinary maintenance, publication services and customer continuity should not be casually damaged.

This architecture is not anti-registry. It is the only way a registry can remain credible when the resources it records have become economically serious. The registry gets better fraud control. Members get clearer rights. Buyers get more predictable settlement. Banks get better status language. Courts get better records. Small operators get a path to continuity. The market gets less discounting.

The question at the closing call is simple enough to fit in one sentence and large enough to explain much of AFRINIC's crisis: who may speak for the holder? If the answer is too loose, the ledger can be stolen. Dormant companies can be revived by strangers. Former employees can capture accounts. Forged powers of attorney can move votes or assets. Nominees can hide prohibited controllers. Buyers can acquire disputes instead of resources. The registry becomes unsafe.

If the answer is too discretionary, the ledger becomes a gate. Legitimate sellers cannot close. Mergers cannot regularise records. Small operators cannot monetise scarce capacity. Banks cannot finance address-supported revenue. Members cannot trust elections. Beneficial-ownership review becomes commercial surveillance. Sanctions screening becomes indefinite contamination. The registry becomes too powerful relative to its liability and mandate.

The durable answer is narrow. The registry should recognise roles, verify capacity, preserve evidence, classify uncertainty, allow appeal and protect continuity. It should not use the authority checkpoint to decide which business models deserve liquidity or which faction deserves leverage. It should know who can bind the holder, not claim to own the holder's optionality.

AFRINIC's public history gives the issue urgency. Alleged address-record corruption showed why weak authority controls are dangerous. Litigation over resource control showed how number-resource disputes can threaten institutional survival. Receivership showed that continuity of the registry function can require legal repair. Election controversies showed that powers of attorney and authorised representatives are not peripheral paperwork; they are mechanisms by which control is exercised. IPv4 scarcity ties these episodes together because every authority decision now touches capital.

The old administrative model treated registry verification as a back-office service. The new economics makes it a settlement layer. That does not mean the registry should become a bank, court, police force or corporate regulator. It means the registry must be more disciplined about the smaller job it actually has: protect uniqueness, maintain accurate records, prevent unauthorised changes, record verified authority, preserve services during disputes and let lawful transactions proceed.

The best outcome for AFRINIC is not a heroic institution that decides the future of every address it records. It is a boring authority system that makes such heroics unnecessary. Buyers and sellers should not spend a closing call wondering whether the registry will treat a signature as a fact, a suspicion or an invitation to revisit the holder's commercial existence. Members should not wonder whether a proxy has been used in their name. Small operators should not fear that account recovery will become a resource review. Banks should not need to guess whether a hold means sanctions, fraud, missing authority or politics.

Narrow verification would not remove conflict. Scarce assets will always attract disputes. It would make conflict cheaper, more specific and less destructive. A forged power can be rejected without freezing unrelated services. A sanctions match can pause a transfer without degrading the public record. A restructuring gap can be cured without punishing customers. A rival claim can be isolated while the last verified state continues. A board election can be audited without turning member authority into theatre. The ledger can remain reliable because the institution refuses to make itself larger than the ledger.

That is the economic lesson of identity-verification friction. It is not old-archive burden. It is not complaint routing. It is the price of recognising agency over a scarce coordination asset. AFRINIC must charge that price carefully. Too little verification invites theft. Too much discretionary verification traps capital. The durable middle is a registry that asks one disciplined question at a time: for this action, who has the authority to bind the holder, how do we know, what remains unaffected while we check, and how can an error be reviewed?

If AFRINIC can answer that question consistently, identity verification becomes market infrastructure. If it cannot, every signature will carry a discount.