Institutional legitimacy is often described as if it were a ceremonial possession. A body has a charter, a board, a logo, a service region, a seat in the global system and a vocabulary of stewardship; therefore, it is assumed to possess authority. That is the wrong starting point for AFRINIC. In a registry that records scarce internet number resources, legitimacy is not a medal conferred by other institutions. It is an economic contract among resource holders, downstream networks, members, courts, customers, counterparties and operators who must believe that the registry record can be relied upon tomorrow.
That belief has balance-sheet content. It affects whether an IPv4 block is treated as a dependable operating input, whether a transfer can close without an excessive indemnity, whether a lender or buyer discounts a network company, whether a customer trusts an operator's continuity, whether a court preserves the last stable state during litigation, and whether members think voting is worth the bother. In ordinary language, legitimacy sounds like trust. In registry economics, it behaves more like collateral. It lowers risk premia, supports transactions and keeps scarce resources from being trapped inside defensive legal structures.
AFRINIC is the hard case because its formal role and its economic role have drifted apart. The African registry is incorporated in Mauritius and is publicly described as the regional registry for Africa and parts of the Indian Ocean, administering IPv4, IPv6 and autonomous system numbers. Those facts matter, but they do not settle the legitimacy question. The question is whether the institution that keeps the record has the procedural restraint, liability alignment, member confidence, operator reliance, court continuity and scarcity-era asset discipline required for others to keep treating its record as the dependable reference point for valuable resources.
The answer cannot be taken from AFRINIC's own institutional story, from the NRO's language of solidarity, from ICANN's continuity interventions, or from any official account that equates recognition with legitimacy. Those materials are useful exhibits when they state narrow facts: incorporation, service region, policy text, receivership, assistance mechanisms, court concerns and operational dependencies. They cannot be the frame. The stronger analytical frame comes from Lu Heng's public notes, the public positions of NRS and LARUS, independent reporting by The Register and KrebsOnSecurity, and the Internet Governance Project's analysis of how IPv4 scarcity changed incentives. Several of those sources are written by interested participants, and none should be treated as a court. Their value is that they force the central question into view: can a registry exercise control over the recognised record without being responsible for the economic consequences of that control?
The AFRINIC crisis is therefore not just a governance embarrassment. It is a repricing of institutional trust. Allegations of address-record manipulation, the dispute with Cloud Innovation, litigation in Mauritius, receivership, disputed voting authority, Smart Africa-backed board politics, ICANN intervention and revisions to global RIR failure procedures all concern the same deeper bargain. If the registry record is to remain the trusted ledger, the institution operating it must be narrower than a gatekeeper and more accountable than a private club. If it is not, official recognition may continue while economic confidence erodes.
Legitimacy is a contract, not a slogan
The word "legitimacy" does too much work in internet governance. It is used to describe open meetings, public mailing lists, community consensus, elected boards, incorporation documents, memoranda among institutions and the habitual recognition of one registry by another. Each may contribute something. None is sufficient. An institution is legitimate for a particular function when the parties affected by that function accept the institution's decisions as predictable, bounded and reviewable enough to rely upon.
That functional definition matters for AFRINIC because a registry decision is not like an ordinary association decision. If a trade association elects a weak board, members can resign, ignore a recommendation or form a rival lobby. If a registry's authority becomes doubtful, uncertainty attaches to a record used by networks, customers, brokers, buyers, courts, security systems and public agencies. The harm is not merely reputational. It can enter contracts, valuations, route-security arrangements, reverse DNS, abuse handling, transfer timetables and litigation strategy.
Lu Heng's note on authority and belief makes this point in philosophical terms. Regional internet registries do not route packets by force, command states or possess armies. Their power comes from collective belief that their databases represent the legitimate record of number-resource control. That belief is not decorative. It is the substrate on which voluntary coordination is built. If enough operators think the record is no longer neutral, bounded or accountable, the registry does not merely suffer bad press. Its record becomes less final.
This is why official status can lag economic reality. AFRINIC may remain the recognised RIR in formal documents while counterparties price additional risk into AFRINIC-administered resources. A buyer may demand a wider indemnity. A lessor may structure around registry exposure. A member may litigate rather than trust institutional remedies. A court may preserve the status quo because it does not want an institutional dispute to damage running networks. Legitimacy falls before recognition is withdrawn.
It is also why a restored board, by itself, is not enough. A board can be necessary for budgets, management appointments and ordinary corporate action. But a board produced after years of receivership and a failed election must do more than occupy seats. It has to rebuild the economic belief that subsequent registry acts will be accepted as fair process rather than factional power. That is harder than convening a meeting, and less theatrical than issuing a statement.
The contract has at least six elements. The record must be accurate enough to support reliance. The rules affecting scarce assets must be clear before investment is made. The registry's discretion must be proportionate to its liability and review exposure. Members must believe their voice and vote are real, not ritual. Operators must know that ordinary business continuity will not be sacrificed to institutional drama. Courts and emergency guardians must protect continuity without turning the incumbent registry into an untouchable authority. AFRINIC has been strained at each point.
The registry record is the confidence layer
An IP address does not stop routing because a database entry is questioned. Packets follow routing decisions, not corporate press releases. Yet the registry record is still the confidence layer around the asset. It tells the market who is recognised, who may request updates, who receives invoices, who can arrange reverse DNS, who can create related security assertions, who may transfer, and whose claim is visible to counterparties. The record does not create all value, but it affects how safely value can be used.
The public notes on registry continuity draw a useful distinction. The function that must be protected is not the prestige of the registry corporation; it is uniqueness, registration accuracy, RDAP and WHOIS availability, reverse DNS, RPKI publication, running-network continuity and a credible path for dispute resolution. These are not abstractions. A cloud platform, hosting company, bank, telecom operator, public network or managed-service firm can suffer real losses if the recognition layer becomes unstable, even if the prefixes still appear in the global routing table.
This is where the AFRINIC story differs from a simple quarrel over procedure. A registry with a clean ledger can absorb a policy argument because the underlying record remains trusted. A registry with a doubtful ledger finds that every policy argument becomes more expensive. If participants doubt who may vote, who may represent a member, who may authorise a transfer, who may speak for the corporation, or who may rely on a past allocation, the registry's core commodity--trusted recognition--is impaired.
KrebsOnSecurity's 2019 reporting on alleged historical manipulation of AFRINIC address records is important for precisely this reason. The report described claims by researcher Ron Guilmette that address blocks associated with defunct or acquired African organisations had been commandeered and sold through companies tied to a former AFRINIC insider. AFRINIC's then chief executive said an investigation was under way. The public article did not provide a final judicial finding, and the allegations should not be treated as proved beyond the reported record.
Even with that uncertainty, the incident exposed the value of registry confidence. If historical records can be manipulated by someone with insider knowledge, the loss is not confined to the blocks in question. It teaches members that dormant records, corporate succession, contact accuracy and change controls are economically material. It also creates pressure for tougher enforcement. That pressure may be understandable, but it can become dangerous if the institution responds to a record-integrity scandal by expanding commercial discretion rather than strengthening narrow record controls.
The legitimate response to weak records is a better ledger: audit trails, verified authority, transparent correction categories, conflict metadata, independent review and continuity for unaffected resources. The illegitimate response is to use the scandal as evidence that the registry must become a broader judge of acceptable business models. AFRINIC's legitimacy depends on proving that it knows the difference.
Scarcity made the ledger political
IPv4 scarcity changed the price of every ambiguity. In the allocation era, a registry could speak about need, stewardship, conservation and community without every word becoming a balance-sheet event. The resource was valuable operationally, but new allocations were still part of a managed supply process. Exhaustion changed that. Once addresses are scarce, leased, transferred, financed and litigated, registry terms that once looked administrative begin to function as economic controls.
The Internet Governance Project's 2021 analysis of the AFRINIC dispute treated this as the central background. AFRINIC had a relatively small regional share of IPv4, came late to the RIR system, and entered scarcity with a pool whose administrative allocation fees did not reflect market value. As free-pool access tightened, the gap between registry rationing and secondary-market pricing created predictable conflict. A party that obtains, holds or controls IPv4 is no longer dealing only with technical identifiers. It is dealing with scarce production capacity.
Lu Heng's public notes push this point harder. In "The Policy Mirror", he argues that vocabulary such as public resource, conservation, regional classification, written approval and needs assessment changes meaning once IPv4 becomes a priced asset. His conclusion is interested and polemical, but the economic mechanism is straightforward. If a registry can block or delay the movement of value, the registry affects value. If it affects value while disclaiming full responsibility for the commercial consequences, a legitimacy gap opens.
Scarcity also makes legitimacy distributional. A rule that restricts outbound transfers may be defended as protecting African resources for African networks. The same rule may reduce the exit value of resources held by African operators, discourage inbound supply, increase discounting and push activity into leasing or nominee structures. A rule that requires demonstrated need may be defensible for remaining free-pool allocations. The same logic becomes intrusive when applied to already allocated resources that have acquired customers, contracts and financing expectations.
This is not an argument that the market should be allowed to do anything it wants. Fraud, duplicate claims, false records, abandoned resources, forged authorisations and security-integrity emergencies justify strong registry action. But the ground of action matters. Protecting uniqueness and record accuracy is different from judging whether a holder's customers are sufficiently local, whether a leasing structure is morally acceptable, or whether a changed business plan still matches an old application narrative.
Institutional legitimacy in scarcity therefore requires anti-retroactivity and proportionality. A party receiving a new allocation from a remaining pool can be asked to accept forward-looking conditions. A holder whose resource is already embedded in business operations has a reliance interest even if official language avoids the word property. To deny that reliance is to turn the registry into an unpredictable counterparty. To recognise it is not to make addresses ordinary land. It is to admit that operational capital needs stable rules.
The old vocabulary is not useless. Stewardship, conservation and community still name real concerns. But they become dangerous when they are used as floating mandates. Scarcity requires the registry to say which invariant it is protecting. If the invariant is uniqueness, accuracy, fraud prevention, contactability, security continuity or clear dispute status, the registry has a strong claim. If the invariant is a preferred commercial geography or a moral view of leasing, the claim is weaker and the burden of justification is much higher.
Liability is part of authority
The most important idea in the Lu Heng notes is not decentralisation, ownership or opposition to AFRINIC. It is liability symmetry. The notes repeatedly argue that the present RIR model concentrates high-consequence power over economically critical number resources while retaining service-vendor-scale liability. That claim should be tested carefully because it is made by a party with commercial and litigation interests. It should not be dismissed, because it identifies the institutional gap at the centre of AFRINIC's legitimacy problem.
In ordinary commerce, limited liability can be coherent. A low-fee service vendor cannot insure unlimited losses for every customer. But a registry is not easily replaced, and its decisions can affect assets far more valuable than the annual fee attached to membership. If a registry can suspend recognition, block a transfer, refuse an update, impair a service, or threaten resource recovery, the potential downstream damage may include customer disruption, financing loss, contract breach, renumbering cost, litigation expense and market discount.
The liability question is not solved by saying that IP addresses are not property. That claim may be true in a narrow legal sense, or true in some jurisdictions and not others, or true only for some incidents of ownership. It does not follow that holders have no reliance. Many economically important rights are not freehold property: licences, concessions, slots, spectrum rights, domain names, software entitlements, contractual options and regulated permissions can all carry significant value without being simple ownership. A denial of property does not create unlimited registry discretion.
Nor is liability symmetry a demand that registries become insurers of every market loss. The better point is institutional design. The broader the discretion, the stronger the review, remedy, capital, transparency and restraint must be. If the registry wants minimal liability, it should narrow its power to record-keeping invariants: proof of control, uniqueness, accurate contacts, security continuity, fraud prevention and dispute metadata. If it wants to judge commercial conduct, it needs a different accountability structure.
AFRINIC's crisis illustrates what happens when this alignment is missing. The Cloud Innovation dispute began as an enforcement conflict over resource use and compliance. It then moved into Mauritian litigation, provisional orders, bank-account freezes, operational paralysis and receivership. Different parties describe responsibility differently. IGP criticised AFRINIC's enforcement posture while also acknowledging the damage litigation caused to the registry. The point is not to assign all blame. It is to observe that a registry with large practical discretion and limited resilience can become destabilised when a resource holder tests that discretion in court.
Legitimacy therefore requires a registry to bear more of the cost of its own power. That can be done by limiting the power, strengthening independent review, preserving last verified operational state during disputes, publishing service levels, protecting unrelated resources from spillover, and accepting that courts are not enemies of the registry merely because they test the boundaries of registry authority. A low-liability gatekeeper is unstable. A narrow ledger can be legitimate.
The institutional-economics point is simple. A party that can change another party's cost of capital should be accountable for the conditions under which it does so. That does not make every registry act a damages claim. It does mean that the registry's discretion must be designed as if mistakes are costly, because they are. The cheaper the formal membership fee, the more dangerous it is to pretend the economic exposure is also cheap.
Member trust is an operating input
RIRs often describe themselves as member-based institutions, and membership is indeed part of their legitimacy. But "member-based" does not mean that every affected operator is informed, represented or capable of disciplining the institution. A registry's membership can be broad in theory and sleepy in practice. When most members are focused on running networks rather than attending meetings, a committed minority, consultant class, government-linked coalition or litigation-backed campaign can acquire influence far greater than its share of the underlying operational exposure.
Lu Heng's early AFRINIC note on the myth of community ownership made this argument from the perspective of a dissident participant. He argued that many members do not realise the importance of their voting rights, while a small circle of insiders can navigate procedures, committees and elections. The claim is sharply stated, but the incentive problem is familiar. Associations with low participation are vulnerable to concentrated organisation. Scarcity makes that vulnerability more consequential because control over process can influence control over valuable resources.
The failed 2025 AFRINIC election turned member trust into a concrete institutional risk. The Register reported that voting was suspended and then annulled after allegations concerning powers of attorney and voter documentation. South Africa's Internet Service Providers Association was reported as alleging that some representatives arrived to vote only to find votes or authority claimed on their behalf. Other details remain contested, and the public record is incomplete. The careful conclusion is not that every allegation is proved. It is that the election failed at the point where representation becomes evidence.
That failure matters because voting authority and resource authority share the same institutional muscle. A registry must know who may speak for a member, who may request a record update, who may authorise a transfer, who may sign a service agreement, who may challenge a decision, and who may cast a vote. If the member-authorisation system is doubtful, the legitimacy of later board decisions is discounted. The board may be formally elected; its control premium remains contested.
The September 2025 board election reduced paralysis but did not erase the discount. The Register reported that eight directors were elected and that seven had Smart Africa's endorsement, while critics continued to question arrangements and further court activity was expected. Smart Africa's involvement can be read as a response to a real fear: that a critical regional function had been disrupted by litigation and capture risk. It can also raise a separate fear: that continental or state-backed coordination may substitute for direct member legitimacy. Both readings can be true enough to matter.
For AFRINIC, the repair is not to assert that the community has spoken. It is to make member consent auditable. That means clean member classifications under Mauritius law and registry practice, verified voting authority, harmonised proxy rules, transparent post-election reporting, conflict disclosures, and a culture in which members are treated as principals with exposure rather than an audience for institutional messaging. Trust is not produced by invoking the membership. It is produced by making membership decisions harder to manipulate and easier to verify.
Member trust is also an economic input because participation itself has a cost. A small operator that spends time on governance is not spending that time on customers, routing, billing or capital expenditure. It will participate only if the institution treats participation as meaningful. If voting feels ceremonial, if proxy rules are opaque, or if official continuity arguments seem to protect whatever outcome has already been arranged, the rational response is apathy or litigation. Neither is healthy. The registry needs enough procedural credibility that ordinary members find the official path cheaper than private mobilisation.
Operator reliance is wider than legal ownership
The public debate often gets stuck on whether IP addresses are property. That question matters in court, but it is too narrow for economics. The wider question is reliance. Networks rely on stable numbering to sell services, maintain customer configurations, preserve abuse history, satisfy counterparties, support allowlists, run reverse DNS, maintain route-security arrangements and close corporate transactions. Those reliance interests exist whether the law calls the underlying resource property, licence, service right, contractual entitlement or something else.
Lu Heng's notes on LARUS One and registry-layer risk are commercially interested, but they identify a market signal. If a leasing product is sold partly as continuity assurance against registry risk, the market has already recognised that registry-layer exposure is a cost. Customers may prefer not to own the registry relationship directly because ownership-like control brings audit, transfer, compliance and litigation exposure. Whether or not one accepts LARUS's solution, the demand it addresses is real.
Operator reliance also explains why abrupt registry remedies can harm parties who are not responsible for the disputed conduct. A block may support hundreds or thousands of downstream customers. A routing or recognition dispute involving the holder of record may spill into enterprises that simply bought hosting, access, cloud capacity or managed services. If the registry's remedy is revocation, service impairment or refusal to process ordinary records, the punishment can travel beyond the alleged breach. A legitimate institution isolates disputes to the smallest affected surface.
This does not make resource holders untouchable. Fraudulent acquisition, forged corporate control, duplicate claims, abandonment, unpaid obligations after due process and clear court orders must be actionable. But a registry that treats every contested commercial model as a possible basis for existential harm undermines the reliance that gives its record value. The better rule is proportionate remedy: correct records where records are wrong, flag disputes where claims conflict, pause transactions where authority is uncertain, preserve last verified operational state where customers depend on continuity, and reserve irreversible action for clear cases.
The Cloud Innovation dispute is important because it sits on this boundary. IGP reported that AFRINIC questioned discrepancies between registered usage and actual deployment, changes from original need narratives and regional service language. Cloud Innovation disputed AFRINIC's interpretation. Later public reporting shows that the dispute became part of a much broader conflict involving litigation, institutional paralysis, AFRINIC statements, Larus leasing claims and court orders concerning public communications. Many merits remain contested.
The institutional lesson is that business-plan review is dangerous unless its authority is explicit, narrow and paired with review. A registry may legitimately ask whether the public record is accurate and whether resources were obtained by misrepresentation. It becomes a different institution if it treats every evolution of customer geography, leasing, revenue model or operational delegation as a fresh licensing question. Operator reliance cannot survive if the registry record is always provisional on future discretionary approval.
The distinction is especially important for smaller African operators. A multinational cloud platform can diversify across registries, jurisdictions and pools of addresses. A smaller ISP or data-centre company may have one registry relationship and a thinner balance sheet. If that relationship becomes unpredictable, the smaller operator cannot simply buy its way out of the problem. Its cost of capital rises, its customers demand assurances it may not be able to give, and its unused addresses may remain idle because selling or leasing them through the official path feels risky. Weak legitimacy is therefore not a tax on speculators alone. It is a tax on the region's ordinary network firms.
Courts provide continuity, but not a full mandate
AFRINIC's incorporation in Mauritius is not a legal footnote. It is one reason the crisis has taken its particular shape. A company performing a regional internet function remains subject to the courts and corporate law of its jurisdiction. That reality is sometimes treated as a threat to internet self-governance. It should also be treated as a legitimacy backstop. When institutional governance fails, ordinary courts may be the only institutions capable of preserving the status quo, appointing a receiver, testing corporate authority and preventing one faction from turning paralysis into control.
The September 2023 receivership is the clearest example. The NRO welcomed the Mauritius court's appointment of a receiver and described the receiver's role as preserving the value of the business, maintaining the status quo of assets, overseeing elections, facilitating a proper board and enabling a chief executive appointment. This is official material, but it is useful here as a factual exhibit. It shows that even the RIR system accepted the need for a court-supervised bridge when AFRINIC could not restore ordinary governance by itself.
Receivership, however, is a bridge rather than a source of permanent legitimacy. A receiver can keep services running, supervise elections, preserve records and reduce immediate disorder. A receiver should not be treated as a substitute legislature for the economic rights of resource holders. Heng's public note on AFRINIC lock-in argues that a receiver is preservative, not legislative, and that structural resource-mobility decisions made while board legitimacy remains contested carry special risk. The language is partisan, but the institutional caution is sound.
Courts also face their own limits. A Mauritius judge can interpret company law, contractual claims, injunctions, insolvency applications and procedural authority. The court may need technical evidence to understand why number resources administered through AFRINIC should not be treated as assets of AFRINIC available for distribution in a winding-up. ICANN's 2026 intervention in such proceedings, as reported by The Register, belongs in this narrow category. It may help a court understand the function; it does not give ICANN or AFRINIC the final word on all related economic disputes.
The court-continuity problem is therefore delicate. Too little court involvement may leave a failed association to be captured by whoever can control procedure. Too much court-driven management can make technical registry operations dependent on litigation schedules, interim orders and filings by adversarial parties. The legitimate target is continuity of the record and services while merits are decided elsewhere. The illegitimate target is using the fear of litigation to demand immunity from accountability.
AFRINIC's future depends on whether court involvement narrows over time. A healthy registry can live with lawsuits, because disputes are isolated and ordinary operations continue. An unhealthy registry turns every major decision into litigation, because members do not trust the registry's own process and external actors fear collapse. Receivership can begin repair. It cannot substitute for the institutional reforms that make courts less necessary.
Continuity must not become immunity
The most persuasive argument for protecting AFRINIC is continuity. Africa cannot lose number-registration services. Networks need accurate records, RDAP and WHOIS availability, reverse DNS, RPKI continuity, member support, transfer processing and a way to prevent duplicate claims. These functions should not fail because a board election is disputed, a bank account is frozen, or a court case drags on. The continuity argument is real.
The continuity fallacy begins when the function is fused with every authority claim of the institution currently performing it. Lu Heng's "Registry Continuity Fallacy" note makes this distinction sharply: preserve the ledger, not the gatekeeper. The note argues that number uniqueness, record accuracy, publication services, security continuity, running-network continuity and independent adjudication can be separated from the survival of a particular board, corporate shell, policy theory or enforcement posture. The formulation is polemical, but the distinction is essential.
Emergency planning within the RIR system implicitly accepts the same point. If WHOIS, RDAP, reverse DNS, RPKI and related services require backup, data sharing and possible successor operation, then the service can be conceptually separated from the incumbent. That does not mean AFRINIC should be destroyed or casually replaced. It means the more critical the function, the more replaceable and auditable the operator should be. Indispensable functions require contingency; they do not justify unchecked discretion.
This distinction should guide how ICANN, the NRO and other registries engage AFRINIC. They have a legitimate interest in preventing fragmentation of number-resource recognition. They do not have a legitimate interest in laundering every AFRINIC enforcement theory into a system-preservation imperative. If central actors are seen as protecting data integrity, continuity and court understanding, they can reduce panic. If they are seen as protecting an incumbent registry from the consequences of its own discretionary choices, they may accelerate the loss of trust they hope to prevent.
NRS's public messaging reflects the fear on the other side. Its emphasis on member money, records and votes frames registry legitimacy as something resource holders must defend against institutional capture. NRS is not neutral; it is part of the political economy around AFRINIC. But the fear it mobilises is not imaginary. When members believe continuity language is being used to preserve low-liability power, they will look for alternative coordination, legal pressure, portability rights and commercial structures outside the incumbent registry.
Continuity should therefore be defined narrowly and operationally. Preserve the last verified registry state where possible. Maintain publication services. Keep reverse DNS and RPKI coherent. Process ordinary member support. Record disputes without contaminating unrelated resources. Build failover that does not depend solely on institutional goodwill. Do not treat a challenge to a board, a policy, a contract interpretation or a transfer rule as a threat to the internet itself. Legitimacy is strengthened when continuity is protected without immunity.
The official narrative is an exhibit, not the frame
AFRINIC's official narrative rests on familiar RIR language: community, stewardship, bottom-up policy, regional development, continuity and public-resource administration. Some of that language names real goods. A registry should not be a private database serving only the richest bidder. It must prevent duplication, support operational data, apply adopted rules and sustain services for a region whose networks need reliable numbering. The problem is not that the official vocabulary is always false. The problem is that it can become self-validating.
If a registry says it is legitimate because the community process authorises it, the reader must ask who participated, who was affected, who bore loss, who could exit, who could appeal and who could verify the vote. If it says it protects regional development, the reader must ask whether the rule creates more supply or merely reduces liquidity. If it says resources are not property, the reader must ask what reliance remains. If it says litigation threatens continuity, the reader must ask whether litigation is attacking the ledger or testing discretionary power.
The same scrutiny should apply to the critics. A commercial address holder has incentives. A leasing company has incentives. A decentralisation campaign has incentives. Lu Heng's notes often use strong language about sovereignty, capture, power and asset value. Those notes should not be read as neutral adjudication. They should be read as public arguments from a participant who has both direct exposure and a clear institutional theory. Their value lies in the questions they force, not in any demand that readers accept every conclusion.
Independent reporting helps keep the frame anchored. KrebsOnSecurity provided the public record of the 2019 allegations. IGP analysed the Cloud Innovation dispute and the economic consequences of IPv4 scarcity. The Register tracked receivership, elections, ICANN's interventions, Smart Africa's role, renewed litigation and AFRINIC's public claims about obstruction. These accounts still rely on available evidence, statements and documents. They do not replace courts. But they stop the institutional story from being told only by the institution.
This evidentiary discipline is especially important because several facts remain uncertain. The final public resolution of the 2019 address manipulation allegations is not clear from the reporting available here. The legal merits of AFRINIC's claims against Cloud Innovation and Cloud Innovation's claims against AFRINIC are not decided by press summaries. The validity of specific powers of attorney in the annulled election is not established for every case in the public record. The long-term effect of new board arrangements, Smart Africa-backed candidates and ICP-2 revisions remains to be seen.
A legitimate public analysis should preserve those uncertainties. What can be said with confidence is structural: AFRINIC's institutional legitimacy is under strain because its record-keeping function now sits above scarce assets, its governance process has been contested, its enforcement posture has led to litigation, and its continuity has required court and external-system attention. That is enough to make legitimacy an economic question rather than an official slogan.
The legitimacy discount is paid by the region
The cost of weak legitimacy rarely appears as a single invoice. It appears as a discount. Buyers ask for more protection. Sellers accept lower prices. Lessors demand tighter termination rights. Operators keep underused addresses because the official transfer path feels risky. Customers choose operators with larger reserves or cleaner registry exposure. Lawyers become part of ordinary transactions. The resource still exists, but the value it can support is lower because the institutional environment around it is harder to price.
This discount is not paid only by large address-market actors. It is paid by small and medium-sized African networks that need clear rules more than anyone else. A large global cloud platform can hire counsel, diversify across regions, buy blocks in several markets, absorb delays and structure around uncertainty. A smaller ISP, data-centre operator or enterprise network may have only one practical registry relationship and a thinner balance sheet. If registry discretion is hard to predict, the smaller operator faces a higher cost of capital and a weaker exit option.
That is why the development argument for broad registry control deserves scepticism. A rule can be described as protecting regional resources while reducing the value and financeability of the resources already held by regional operators. A region does not become richer because its assets are harder to move. It may become poorer because liquidity, inbound supply and price discovery deteriorate. The point is not that every address should leave Africa, or that regional needs are irrelevant. The point is that confinement is an expensive way to pursue development.
AFRINIC's legitimacy should therefore be judged by whether it lowers or raises this regional discount. A legitimate registry makes the official path cheaper than the grey path. It makes disclosed transfers safer than undisclosed control arrangements. It makes accurate contact data more useful than silence. It makes independent review faster than years of litigation. It makes member voting more credible than external lobbying. It gives capital a reason to enter the registry system rather than route around it.
The opposite pattern is easy to recognise. If transfer approval is slow and discretionary, parties create side agreements. If leasing is treated as suspect without a workable disclosure path, operational control disappears from public view. If member elections are hard to verify, factions litigate instead of conceding. If court involvement is described as an attack on the internet, courts become more suspicious of institutional claims. If resource holders see no reliable institutional remedy, they build pressure outside the registry. Each workaround may be rational for the actor using it. Together they reduce the authority of the common record.
This is the practical meaning of Lu Heng's repeated distinction between a ledger and a gatekeeper. A ledger increases value by making claims legible, durable and transferable. A gatekeeper can reduce value by adding approval risk, political risk and uncertainty about future interpretation. Some gatekeeping is unavoidable because the registry must reject fraud and duplicate claims. The legitimacy question is whether the gate is narrow and objective enough that the market still prefers to pass through it.
There is a further, quieter effect. A weakly trusted registry changes how companies invest before any dispute occurs. A network that fears future recognition risk may avoid expanding services dependent on scarce addresses. A holder that fears transfer obstacles may delay releasing idle inventory. A customer that fears upstream registry exposure may spread workloads across less efficient arrangements. These are deadweight losses: no one receives them as revenue, but the region still pays.
The regional discount also affects public institutions. Governments that depend on national connectivity, public-sector networks, IXPs, schools, hospitals and digital services need the registry layer to be boring. They may be tempted to support stronger institutional protection when AFRINIC looks threatened, but a government-backed rescue that makes registry discretion more political can deepen the same discount. Public authorities should want reliable records, not a larger political prize around the records. The healthier the ledger, the less reason states, campaigns or coalitions have to fight over the operator.
For members, the discount is a warning and an opportunity. If they treat AFRINIC governance as a ceremonial obligation, someone else will price their assets for them. If they demand narrow rules, verifiable voting, objective transfer recording and continuity rights, they can reduce the discount attached to their own holdings. Institutional legitimacy is not something AFRINIC gives members. It is something AFRINIC and members must co-produce through rules that make reliance rational.
What a legitimate AFRINIC would make boring again
The test of recovery is not whether AFRINIC can produce a stirring account of resilience. It is whether it can become boring. A good registry should be less exciting than the networks it serves. Its records should be accurate, its transfer processing predictable, its invoices clear, its voting authority verifiable, its enforcement criteria narrow, its appeals credible, its litigation contained and its continuity planning technical rather than theatrical.
The first repair is record confidence. AFRINIC should be able to show, without exposing sensitive customer details, that resource records, member authority records, corporate contact records, reverse-DNS dependencies, RPKI-related services and transfer histories are controlled by auditable change processes. Historical irregularities should be classified and remediated through clear categories: fraud allegation, corporate succession uncertainty, dormant-holder review, disputed claim, ordinary contact correction, court-constrained status. The goal is not public shaming. It is confidence that the ledger is not fog.
The second repair is authority verification. The same institutional system that verifies a vote should be strong enough to verify a transfer request, a member representative, a power of attorney, a record update and a dispute notice. The 2025 election failure makes this a priority. Member trust will not return because an election was eventually completed. It will return when members can see how authority is validated and how contested authority is handled before it changes outcomes.
The third repair is a narrower enforcement model. AFRINIC should distinguish record-integrity enforcement from commercial-use control. Fraud, duplicate claims, forged authority, security-integrity emergencies, court orders and abandonment are core registry concerns. Pricing, leasing, customer geography, speculation, financing and changed business models should not be converted into registry punishments unless a clear adopted rule, known in advance and paired with independent review, makes the matter relevant. Even then, remedies should be proportionate.
The fourth repair is liability alignment through restraint. If AFRINIC does not have the capital, insurance, statutory mandate or public-law structure to absorb large commercial harm, it should not exercise discretion that can create large commercial harm except under narrow conditions. The cleanest alignment is to keep the registry's mandatory role close to uniqueness, accuracy, publication, security continuity and objective transfer recording. Less power requires less liability; more power requires more accountability.
The fifth repair is continuity architecture. AFRINIC can continue as operator, and its staff knowledge may be valuable. But critical services should not depend on the goodwill, solvency or uncontested authority of one corporate shell. Replication, escrow, service-level disclosure, RPKI succession planning, reverse-DNS contingency, independent dispute forums and resource-holder portability are not anti-AFRINIC measures. They are how a critical function proves it does not need hostage logic to survive.
The sixth repair is humility about representation. No board, government-linked coalition, mailing-list group, company, campaign or external guardian speaks for "Africa" in the abstract. They speak for institutions, members, states, operators or customers within defined mandates. AFRINIC's legitimacy will be stronger if it stops asking continental language to do work that only clean process can do. The service region is real. It is not a blank cheque.
The seventh repair is a credible account of scarcity-era asset administration. AFRINIC need not declare IPv4 to be ordinary property. It should, however, acknowledge that already allocated and transferred resources carry reliance interests. A registry that recognises reliance can still police fraud and protect uniqueness. A registry that denies reliance because it dislikes property language invites the market to protect itself outside the registry. The official ledger wins when it is safer than avoidance.
Watchpoints for the legitimacy premium
The next phase of AFRINIC's legitimacy will be visible in practical signals. The first is whether the board's authority stabilises in courts and among members. A functioning board can still carry a discount if every major act is shadowed by challenges to election mechanics or member status. Watch for resolved litigation, published voting reforms, clean minutes, conflict disclosures and a willingness to explain controversial decisions in evidentiary rather than ceremonial language.
The second is whether AFRINIC separates transfer policy from scarcity morality. Lu Heng's "Policy Mirror" note reads the 2026 transfer framework as an attempt to classify and confine IPv4 value through regional status, written approval and continuing policy control. AFRINIC and its supporters may characterise such rules as regional stewardship. The practical test is market behaviour. If AFRINIC-administered resources trade at a discount, move through opaque leasing structures, face longer closing timelines or require heavier indemnities, the market will have priced a legitimacy problem.
The third is whether litigation narrows. A registry can survive disputes over specific resources, invoices, elections or communications. It cannot easily rebuild if every operational act becomes a front in a wider legitimacy war. The healthiest signal would be a move from existential litigation to bounded claims with preserved operational state. That requires both sides to reduce maximalism: the registry by narrowing discretion, and resource holders by accepting that fraud and record integrity remain legitimate registry concerns.
The fourth is whether ICANN and the RIR system build failure procedures that protect the ledger without protecting the gatekeeper. Revised ICP-2 work may be necessary because AFRINIC exposed a real lifecycle gap. But an emergency mechanism that centralises discretion above regional registries could repeat the same legitimacy problem at a higher level. The relevant question is not whether global guardians can intervene. It is what exactly they preserve, how narrowly they act, and how resource-holder reliance is protected during transition.
The fifth is whether member participation becomes harder to counterfeit. Member apathy is not a moral failing; operators have networks to run. But an institution that depends on member legitimacy must design against apathy. Credential hygiene, proxy limits, authorisation audits, direct notice, voting receipts, challenge windows and transparent post-vote reporting are not procedural clutter. They are legitimacy infrastructure.
The sixth is whether AFRINIC's language changes. Institutions reveal themselves by the words they use when stressed. If AFRINIC speaks mainly of institutional survival, continental mission, community will and protection from disruption, sceptical members will ask what powers those words are defending. If it speaks in terms of record accuracy, objective criteria, limited remedies, member verification, continuity of running networks and independent review, the legitimacy premium can begin to return.
The more difficult watchpoint is whether AFRINIC's critics also accept constraints. A registry cannot rebuild legitimacy if critics demand market freedom while ignoring fraud controls, contact accuracy, routing-security continuity or court-supervised dispute isolation. A credible reform position has to protect the ledger as much as it limits the gatekeeper. Otherwise the debate merely replaces one form of discretion with another.
The economics of institutional legitimacy is ultimately conservative. It does not require a revolution against registries. It requires registries to remember why they were trusted. The internet-number system needs a truthful record, not a sacred corporation. It needs continuity of services, not immunity for discretion. It needs member voice, not ritual participation. It needs courts as backstops, not permanent managers. It needs scarcity-era asset administration that recognises reliance without pretending every address is ordinary property.
AFRINIC can still be a legitimate registry if it makes that bargain credible again. The institution does not have to win every narrative, silence every critic or persuade the market that IPv4 has no asset character. It has to make the record reliable enough, the rules predictable enough, the remedies proportional enough and the governance verifiable enough that networks prefer the official ledger because it is safer than the alternatives. That preference is the only legitimacy worth having in scarcity. That is the real contract. Everything else is ceremony.

