Summary

  • AFRINIC can keep services running and elect a board, but legitimacy after scandal returns only when operators, members, courts, lenders, cloud providers and public customers can rely on its number-resource ledger without extraordinary proof, discounts or de.
  • A registry emerging from crisis can produce several forms of reassurance before it has produced trust.

The audit after the applause

A registry emerging from crisis can produce several forms of reassurance before it has produced trust. The servers answer. The public database remains visible. Invoices go out. A receiver has held the institution together long enough for a board to be elected. A staff member appears at a technical conference and says morale has improved. A budget is promised. A strategy cycle is announced. The lights, in other words, are on.

Yet a lender asked to finance an address-dependent network, a cloud provider asked to accept a bring-your-own-address range, a buyer pricing an acquisition, or a public-sector customer signing a connectivity contract is entitled to ask a colder question: what evidence would make reliance rational again?

That is the problem AFRINIC now poses. The African Network Information Centre has not merely suffered a bad public-relations season. It has lived through a sequence that included corruption allegations over valuable IPv4 records, a major dispute with Cloud Innovation, court fights, a frozen bank account, years without a board, receivership, contested election processes, allegations about voting papers and powers of attorney, an annulled vote, a later board election, claims of recovery, fresh litigation over winding-up, and repeated interventions or public warnings from ICANN and the other regional registries. Official continuity never entirely disappeared. But continuity is not the same as legitimacy.

The distinction matters because a registry is not an ordinary vendor. If a software supplier becomes scandal-ridden, customers can often replace it, renegotiate, demand indemnities, or move to a rival. A regional internet registry maintains a ledger on which network operators, address buyers, lenders, universities, public agencies, cloud platforms, hosting companies, ISPs and enterprise customers rely. That ledger links scarce IPv4 space, IPv6 allocations, autonomous system numbers, reverse-DNS delegation, resource transfers, membership standing, public contact records, and the practical confidence that counterparties can treat a registration entry as more than an assertion from a troubled office.

The economic question is therefore not whether AFRINIC has survived. It has. Nor is it whether other institutions recognize the need for a functioning African registry. They do. The question is what a damaged registry must do before trust stops being charitable and becomes rational. A court appointment can preserve services. A board election can restore formal organs. A public statement can mark intent. None of those, alone, changes the risk premium that surrounds a ledger whose controls, governance and litigation posture have been publicly contested.

Legitimacy is often discussed as if it were a ceremonial quality, something supplied by elections, recognition, community language, or the blessing of peer institutions. In infrastructure markets it is better understood as a cost-reducing asset. A legitimate registry lowers the price of reliance. It reduces the number of lawyers needed in a transaction, the volume of evidence demanded before a transfer, the warranties required by a buyer, the size of escrow, the discount imposed by a lender, the time spent by engineers proving that the public record matches operational control, and the caution applied by public agencies that cannot afford communications surprises. When that asset is damaged, the costs do not disappear. They move into private contracts, legal budgets, compliance reviews, insurance exclusions, political hedges and delayed investment.

AFRINIC's legitimacy problem is consequently not solved by showing that the institution is alive. A bankrupted company may still trade. A hospital under investigation may still treat patients. A utility with weak governance may still deliver electricity. Survival is a factual condition. Legitimacy is a belief, held by counterparties, that the institution's records, judgments and commitments can be relied on at tolerable cost. The more consequential the institution, the more evidence that belief requires.

The useful test is the post-crisis audit. A registry that wants to be trusted again should be able to place before its members and its dependent markets a disciplined record of what went wrong, which records were affected, who had authority to act, which controls failed, what was corrected, what remains uncertain, how conflicts of interest are now handled, how voting authority is verified, how legal exposure is aligned with registry discretion, and how future communications will distinguish evidence from institutional hope. Anything less asks outsiders to treat slogans as collateral.

Legitimacy is transaction-cost capital

Institutional legitimacy has an economic function before it has a moral one. It lowers transaction costs by allowing parties to stop proving everything from first principles. A buyer does not re-audit every historical entry in a land registry if the land registry is trusted. A bank does not re-litigate every corporate filing if the companies register is trusted. A network operator does not demand court-grade proof for every routine update if the registry's chain of authority, database controls and dispute process are regarded as ordinary and bounded.

That quiet assumption is capital. It is not capital in the sense of cash on a balance sheet, but it behaves like capital because it produces a stream of savings. It allows deals to close faster. It lets lenders assign lower haircuts. It reduces the scope of warranties. It makes title-like assurance cheaper even when the underlying legal category is not property in the familiar sense. It makes operational planning less defensive. It lets engineers spend their time building networks rather than assembling affidavits about who may speak for a prefix holder.

When legitimacy is damaged, counterparties convert distrust into price. Buyers request indemnities. Sellers accept delayed settlement. Lenders discount address-dependent collateral. Cloud platforms ask for stronger letters and technical proof before onboarding an address range. Public-sector customers demand continuity covenants. Universities and national research networks hesitate before depending on addresses whose administrative history may later be contested. ISPs budget for litigation, parallel suppliers, duplicate records and longer review cycles. Smaller networks, which cannot absorb legal fixed costs as easily as large groups, pay most heavily.

This is why registry scandal is not only reputational. It is distributive. The cost of distrust is not borne evenly. Large cloud firms, global carriers and well-advised address holders can buy legal comfort, maintain parallel address strategies and wait out delay. Smaller African ISPs, rural operators, universities, local hosting providers and public connectivity projects often cannot. They face the same registry risk with thinner cash buffers and less procedural expertise. A legitimacy crisis in a registry therefore becomes a regressive tax on networks least able to pay it.

The temptation after institutional crisis is to search for a single legitimating event. A receiver is appointed. A court issues an order. A vote is held. A board is elected. A budget is adopted. A regional conference applauds a hopeful speech. Each event may be useful. None is enough. The transaction-cost asset is rebuilt by repeated, verifiable conduct. Markets trust ledgers because defects are found and corrected, because authority is auditable, because record changes are logged, because disputes have bounded remedies, because leadership speaks with caution, because member rights are predictable, and because time passes without fresh evidence that the same weakness has merely changed its costume.

The difference between reputation and legitimacy is important here. Reputation can be improved by messaging; legitimacy cannot. A communications campaign may change the tone around an institution, but it does not change the incentives of a lender or the diligence checklist of a buyer. The latter will ask for public evidence. Which records were audited after the alleged address heist? Were dormant or legacy allocations reviewed? How were conflicts involving staff, candidates, proxies and advisers disclosed? What controls now prevent one person from moving a valuable entry without dual approval and a durable record? How does the institution distinguish a disputed commercial claim from a risk to the ledger? What remedies exist when the registry makes a mistake? What liability does the registry bear if a high-consequence decision proves unsound?

Those questions are not hostile. They are the price of reliance after damage. In a low-value setting, informal reassurance may suffice. In a market where a single IPv4 block can be worth millions of dollars, reassurance without evidence is an unsecured loan to the institution. No prudent counterparty should be expected to extend it indefinitely.

AFRINIC's difficulty is that the relevant audience is not one audience. It must speak to members who need routine service, to staff who need stable authority, to African operators who worry about capture, to address holders who fear discretionary enforcement, to courts in Mauritius, to ICANN and peer registries, to governments that see public dependency, and to markets that price IPv4 liquidity. A message that satisfies one group may alarm another. A claim of regional protection may please some public-policy actors while reducing confidence among holders who hear capital control. A claim of being back on track may reassure conference attendees while inviting investors to ask why evidence is so thin.

Legitimacy repair is therefore an economic discipline. It requires the institution to reduce the cost of reliance for all these audiences without pretending their interests are identical. That is harder than survival, and far more important.

A registry scandal is different from a corporate scandal

The AFRINIC case is sometimes described in the language of organizational dysfunction: a troubled nonprofit, a long legal quarrel, a boardless period, a contested election, a difficult member. That description is not false. It is incomplete. The reason the crisis matters is that a registry's records are infrastructural.

AFRINIC's own policy manual describes a system built around uniqueness, registration, aggregation and conservation. Public address space must be globally unique. Assignments and allocations must be registered. Registration data must be correct because it supports network operations. The policy manual also places AFRINIC inside a hierarchy of number distribution: IANA allocates blocks to the regional registry, the regional registry redistributes to members, and members assign or sub-allocate where permitted. Those mechanics are not mere bureaucracy. They create a chain of public reliance.

For a network engineer, the registry entry is part of the evidence that a prefix holder is the party one should contact, filter for, delegate reverse-DNS authority to, or accept as the starting point for resource certification and other trust services. For a finance team, the entry is part of the proof that a scarce resource position is usable. For a buyer, it is part of the closing file. For a lender, it is part of the collateral story even if lawyers disagree over the precise proprietary category. For a government, it is part of the continuity map for national and regional connectivity. For a university or hospital network, it may be the background assurance that a long-used address range will not be transformed into a legal emergency by a registry decision.

That is why scandal around record integrity has a different economic shape from scandal around ordinary management. A company can lose a chief executive and keep its customer list. A registry can lose trust in the process by which its entries are created, corrected and relied upon. That loss reaches far beyond the payroll. It turns every valuable entry into a question: who touched this record, under what authority, with what evidence, and what else may have changed without adequate review?

The difference also changes the meaning of service continuity. It is useful that AFRINIC staff kept services running through years of pressure; the NRO's 2023 statement thanked staff for maintaining operations and services during difficult times. But a registry can provide technical continuity while losing decisional legitimacy. The query still returns an answer. The question is whether the market trusts the answer, the process behind it and the institution that may later revise it.

That distinction is central to AFRINIC's post-crisis challenge. Formal survival can be proven by showing that the institution exists, invoices, staff, systems and board minutes. Legitimacy requires more: public confidence that the ledger has been protected against corruption, that contested records have been handled through transparent correction rather than hidden settlement, that member participation is real rather than captured by procedural insiders, that voting authority cannot be manufactured or borrowed without consent, and that the registry will not turn policy language into an unbounded power over assets built by operators.

The scarcity of IPv4 makes the matter sharper. AFRINIC's exhaustion materials explain how global IPv4 depletion moved the region into soft-landing phases, with later allocations constrained by small maximums and utilization requirements. The Register reported in February 2026 that AFRINIC still had 773,376 unallocated IPv4 addresses, while the organization wanted to move the discussion toward IPv6. Even as IPv6 deployment grows, IPv4 remains necessary for compatibility, customer reachability and asset planning. Scarcity means the registry's entries now sit next to real market value. A weak control environment therefore becomes not only an administrative weakness but a market defect.

This is why legitimacy cannot be restored by invoking the special nature of the institution. The special nature of the institution is the reason more evidence is needed, not less. A registry that wants deference because it handles public resources must also accept a higher burden of auditability. A registry that says address records are not ordinary property cannot then be surprised when markets demand stronger proof that administrative discretion will not destroy value created by operators. A registry that relies on community process must show that the community is not merely a small class of repeat participants, proxy holders and procedural specialists.

Corporate scandals can often be compartmentalized. Registry scandals compound. Record integrity, leadership legitimacy, member confidence, litigation posture and resource scarcity interact. Each weakens the others unless repaired together.

The first wound is record integrity

The 2019 reporting by KrebsOnSecurity remains the most concrete exhibit in the economics of AFRINIC's trust damage. The report described allegations that a senior AFRINIC figure, Ernest Byaruhanga, had secretly operated companies that sold valuable IPv4 address blocks, and that U.S.-based researcher Ron Guilmette had spent years tracking African address ranges that had found their way to marketers outside the region. The article reported Guilmette's estimate that the IPv4 addresses he documented were worth more than USD 50 million. It also reported that Byaruhanga did not respond to requests for comment, that he resigned in October 2019 after earlier reporting by MyBroadband, and that AFRINIC's then-CEO Eddy Kayihura said the organization was investigating.

Those allegations should be handled carefully. Public reporting is not the same as a final judicial finding against every person named in it. But the article's institutional significance does not depend on treating every allegation as already proven in court. The significance is that a registry responsible for a scarce, valuable ledger was publicly associated with alleged manipulation of records, dormant business histories, shell companies, family-linked companies and address blocks that could be sold into markets far removed from the original holders. Even if one brackets disputed elements, the economic conclusion is severe: counterparties learned that AFRINIC's records could not be treated as a self-evident fact pattern immune from forensic review.

That is a hard wound to close. Record-integrity failure is more corrosive than ordinary misconduct because the registry's main product is not a product in the ordinary sense. It is a recognized record. If that record can be quietly moved, if old corporate histories can be exploited, if dormant entries can be converted into private value, if staff access or insider knowledge can become a market advantage, then the registry's legitimacy asset has been depleted. The market response is predictable. Buyers seek chain-of-registration evidence. Lenders ask whether a block has adverse history. Operators become reluctant to rely on quiet old entries. Anti-abuse groups treat unexplained address movement as a sign of risk. Public agencies wonder whether records supporting national connectivity have received adequate protection.

The correct institutional response is not merely to say that the matter was regrettable or that new people are in charge. Trust repair requires a record-control audit that is specific enough to reduce uncertainty. Which historic entries were reviewed? Which categories of dormant holder were most exposed? Were any entries corrected? Were any changes reversed? What conflict disclosures now apply to staff, contractors, board members and advisers who may have business interests in IPv4 markets? What approvals are required before a significant record correction, transfer, reclaim, delegation change or status update? How are old documents preserved? How are members notified? How does the registry prevent an insider from turning procedural knowledge into economic extraction?

Without that evidence, the 2019 scandal becomes a permanent tax on the ledger. Every future dispute is read through it. Every controversial enforcement act appears as possible overcorrection. Every record-cleanup claim must fight the suspicion that the institution is trying to repair one legitimacy wound by asserting more discretion than it can safely hold. That is exactly the risk that surfaced in the Cloud Innovation conflict.

There is an irony here. A scandal over record integrity may create pressure for stricter controls. But stricter controls do not automatically produce legitimacy. If controls are precise, auditable and bounded, they repair trust. If controls become broad resource reviews, discretionary re-justification demands and threats to reclaim entire holdings, they may look like a registry trying to govern through fear. A damaged institution can therefore harm itself twice: first by allowing weak controls, then by responding with controls so expansive that members become less confident, not more.

The distinction matters for AFRINIC because scarce IPv4 creates temptations in both directions. Weak controls invite theft, fraud, insider dealing and stale-record abuse. Overbroad controls invite capital confinement, selective enforcement and litigation. A legitimate registry must be able to hold the middle. It must protect the ledger without becoming a gatekeeper over every economic use of the resources recorded in that ledger. It must correct records without transforming correction into a claim of ownership over operator-built value. It must show enough evidence to defeat distrust without asking members to surrender all operational privacy.

That middle cannot be asserted. It must be demonstrated record by record, control by control, decision by decision.

Scarcity turned weak governance into a balance-sheet problem

The AFRINIC crisis cannot be understood apart from IPv4 scarcity. When IPv4 space was abundant and assigned at low administrative cost, weak governance could hide inside technical process. Once the available pool shrank and address blocks developed large market value, the same weakness acquired financial consequence.

The Internet Governance Project's 2021 analysis framed the dispute bluntly. It noted that AFRINIC had received only a small share of global IPv4 space, that IPv4 prices had risen sharply, and that a /16 could be worth millions of dollars. It also described the arbitrage created when scarce addresses were allocated at administrative fees far below market value. This gap made AFRINIC's pool both economically important and politically sensitive. The remaining addresses were not enough to transform African connectivity by themselves, but they were valuable enough to attract conflict, moral rhetoric and attempts to control mobility.

Scarcity changes incentives. It makes insider knowledge profitable. It makes old records worth forensic attention. It makes transfer rules matter. It makes disputes existential for holders. It makes registry delay costly. It makes claims about regional use less like administrative housekeeping and more like capital policy. It makes every statement about ownership, custody or permissible use sound to members like a statement about their balance sheet.

AFRINIC's own policy manual reflects the older conservation logic: addresses should be distributed according to demonstrated need, stockpiling should be avoided, records should be correct, and resources are tied to the service region. The exhaustion page explains the soft-landing structure, including smaller maximum allocation sizes and utilization requirements. These rules belong to a world in which conservation and fair distribution were central concerns. They do not by themselves solve the later world in which many existing holdings are economically valuable, operationally embedded and commercially financed.

The result is a legitimacy trap. If the registry acts as if addresses are merely public resources to be conserved, it may appear to disregard the real value operators have built around them. If it acts as if value is irrelevant, counterparties will not trust its discretion. If it treats every market use as suspect, liquidity falls and members discount the registry's region. If it ignores fraud or stale records, the ledger becomes unreliable. If it restricts transfer mobility under the language of regional development, holders hear lock-in. If it permits movement without controls, members fear another address heist.

This is the setting in which AFRINIC's institutional legitimacy has to be rebuilt. The registry cannot simply return to the administrative posture of an earlier internet. Nor can it credibly become a commercial exchange, a property court, a development ministry or a capital-control office. Its defensible role is narrower and harder: maintain a reliable ledger, enforce clear eligibility and record rules, protect uniqueness and operational continuity, and leave commercial value creation to operators and markets unless specific, transparent policy says otherwise.

For operators, the difference is practical. A regional ISP thinking about expansion must decide whether to buy, lease, transfer, conserve, use carrier-grade NAT, invest in IPv6, or hold scarce IPv4 for customer acquisition. A lender must decide whether the borrower's address-dependent cashflow is financeable. A buyer must decide whether an acquired company's address position will survive closing. A public agency must decide whether a broadband project can rely on the supplier's numbering continuity. These decisions require a registry whose decisions are predictable. If the registry is unpredictable, all these parties pay more.

That is why the legitimacy question is not sentimental. It is embedded in cost of capital, network growth, customer contracts and public connectivity. Africa's networks need investment; investment needs predictable inputs; scarce numbering is one of those inputs. A damaged registry can say it serves regional development. The market will ask whether its behavior lowers or raises the cost of deployment.

The answer cannot be supplied by slogans about community, stewardship or being back on track. It must be supplied by lower transaction costs visible to those who must rely on the ledger. If transfers close with less legal overhang, if record corrections are public enough to be trusted, if member votes are verifiable, if enforcement is proportional, if staff and board conflicts are disclosed, if litigation is managed without threatening ordinary services, then legitimacy begins to return. If not, the scarcity premium becomes a governance discount.

The Cloud Innovation dispute made repair look like risk

The Cloud Innovation dispute placed AFRINIC's post-scandal repair effort under market pressure. According to the Internet Governance Project's 2021 account, after the address-heist allegations AFRINIC conducted a review of registrations and focused on Cloud Innovation's use of IPv4 addresses. AFRINIC's 2020 and 2021 letters raised concerns about discrepancies between registered usage and where resources were actually used, claimed inconsistency between justified need and actual use, invoked service-region language, and asked for information. In March 2021 AFRINIC warned that it could determine in its sole discretion whether to terminate Cloud Innovation's Registration Service Agreement and reclaim the resources. Cloud Innovation contested the claims and later obtained court relief, while AFRINIC moved after one injunction was lifted to terminate membership and freeze addresses for a transition period. Cloud Innovation then pursued further litigation, including the bank-freeze episode.

Different parties describe this history differently. AFRINIC's supporters often portray it as a needed response to misuse and a defense of regional resources. Cloud Innovation and related critics portray it as discretionary overreach against a holder's economically valuable resources. The 2021 IGP analysis took a mixed view: it criticized AFRINIC's aggressive policy theory and risk management, while also criticizing Cloud Innovation's legal escalation and the freezing of AFRINIC funds. For legitimacy analysis, the key point is not to decide every legal claim. It is to see how the dispute turned trust repair into a new trust problem.

After a corruption scandal, a registry needs to show that records are not casually moved or exploited. But when the corrective response threatens to withdraw a massive holding on disputed policy grounds, members learn a second lesson: the registry may be weak against insiders yet severe against members. That perception is damaging even if the registry believes it is acting for conservation or regional fairness. Trust repair becomes credible only if it is visibly bounded. Otherwise the institution appears to replace weak controls with uncontrolled discretion.

The Cloud Innovation dispute also exposed the gap between legal survival and market confidence. AFRINIC could plausibly say it needed to enforce agreements and protect policy. Cloud Innovation could plausibly say that withdrawal of address resources would destroy customer continuity and business value. Courts could freeze funds or preserve positions while legal claims were heard. None of those steps settled the broader market question: when AFRINIC reviews a member's resources, what process, evidence standard, proportionality rule and appeal path protect both the ledger and the holder?

The lack of a trusted answer carries costs beyond the parties. Other members wonder whether changed business models could trigger review. Buyers ask whether registry approval could be delayed by policy ambiguity. Lenders ask whether a borrower could lose address-dependent revenue because a registry later disagrees with use. Cloud providers ask whether a customer's right to use a range may become contested. Public customers ask whether their suppliers can guarantee continuity if the upstream record becomes subject to dispute.

The dispute also changed AFRINIC's communications environment. Every later statement is interpreted through the conflict. When AFRINIC accuses litigants of trying to paralyse it, some hear a registry defending public continuity against destructive litigation. Others hear an institution personalizing a structural problem. When Cloud Innovation calls for winding-up or transition to a more trusted framework, some hear an existential threat to continuity. Others hear a demand for a ledger structure not controlled by the incumbent office. In this environment, legitimacy cannot be won by amplification. It can only be won by evidence that is specific, verifiable and unemotional.

The enduring lesson is that registry repair after scandal must be separated from punishment, politics and theatrical conflict. Record correction should be based on audit trails, not revenge. Enforcement should be proportionate and reviewable. Regional-development concerns should be expressed in clear policy rather than retrospective discretion. Member privacy should be protected while genuine record evidence is required. Litigation should not be allowed to paralyse routine services, but routine services should not become a shield for avoiding accountability. The registry must show that it can protect the ledger without using the ledger as leverage in a broader institutional battle.

That is an exacting standard. It is also the only one that lowers transaction costs. A market will not accept "trust us" from a registry whose crisis history has taught every serious counterparty to verify.

Receivership preserved the patient; it did not prove health

Receivership was necessary because ordinary governance had failed. The NRO's September 2023 statement welcomed the appointment of an official receiver and described the court's ruling: AFRINIC was restrained from relocation, takeover, merger, restructuring or management control; the receiver was to maintain the status quo of assets and preserve the value of the business; the receiver was tasked with overseeing elections, facilitating a proper board and appointing a chief executive. The NRO framed the development as a path back to functional governance and continuity of services.

That was not empty. In a crisis, preserving the ledger and keeping staff able to serve members matters. Receivership can prevent a failing institution from becoming a single point of operational panic. It can stop a boardless office from drifting further. It can place a legal officer between warring parties and day-to-day service. It can create a timetable, however delayed, for elections. It can reassure operators that the registry will not simply vanish on Monday morning.

But receivership is a stabilizer, not a legitimacy certificate. Its logic is preservation. It does not answer whether past records were clean, whether members believe elections are fair, whether policy discretion is bounded, whether leadership culture has changed, whether liabilities match consequences, or whether the institution has learned to communicate with humility. A receiver can hold the patient alive. That does not mean the patient is healthy.

The Internet Governance Project's 2023 commentary saw receivership as evidence that private internet governance could self-correct through courts and rule of law. That is one possible reading, and there is value in it. The existence of a judicial mechanism did prevent institutional collapse from becoming immediate technical collapse. Yet the same event can also be read more skeptically. If a registry handling critical records needs court-supervised emergency governance for years, the system's resilience is partial. It preserved continuity after the failure, but it did not prevent the failure from imposing uncertainty on every party dependent on the institution.

This distinction matters because post-crisis actors often overclaim the meaning of emergency success. A bridge that does not fall during a fire has performed better than one that collapses, but a fire report is still required. Which materials failed? Which alarms worked? Which exits were blocked? Which people had authority to act? What must change before the building is reoccupied at normal capacity? Without those answers, survival may produce complacency.

AFRINIC's receivership should therefore be treated as the first exhibit in formal survival, not the last exhibit in legitimacy repair. It helped keep services alive and created a route toward elections. It also exposed how much authority depended on legal structures outside the registry's own governance design. Members could reasonably ask why the institution's internal checks were unable to prevent board paralysis. Staff could reasonably ask how they were to operate under contested authority. Outsiders could reasonably ask whether routine policy and resource decisions were appropriate while basic governance was in dispute.

The cost of this uncertainty was not abstract. AFRINIC was reportedly unable to perform some core functions, including allocation of IP addresses to members, during parts of the crisis. The Register's September 2025 account described the later board election as a necessary step before hiring a chief executive, seeking to unfreeze bank accounts and resuming work. For a registry, that is a long institutional winter. For operators, it means planning around delay, uncertainty and legal noise in a region where digital infrastructure projects already face financing and execution challenges.

A prudent legitimacy program would not present receivership as vindication. It would present it as a boundary event: here is what receivership preserved, here is what it could not solve, here is what ordinary governance must now prove before members can rely on it again. Such an approach would lower distrust because it would show institutional self-knowledge. The alternative - treating emergency preservation as if it erased the underlying crisis - merely teaches counterparties that the registry still confuses survival with trust.

Elections need evidence, not theatre

The 2025 election cycle shows why formal acts are necessary but insufficient. The sequence was meant to move AFRINIC from receivership toward member governance. Instead it created another layer of legitimacy debt.

The Register reported in April 2025 that AFRINIC was scheduled to hold elections in June, with receiver Gowtamsingh Dabee appointing senior British lawyers to supervise candidate nominations and warning about potential interference. South Africa's Internet Service Providers Association had urged members to protect their AFRINIC credentials, warning that entities obtaining credentials could manipulate votes and alter board composition. AFRINIC had also warned members about solicitations by obscure or fictitious groups. These warnings were already a sign that the election's economic function was not merely to count votes. It was to produce confidence that voting rights had not been captured.

In June 2025 the process became more complicated. ICANN raised concerns about the election and asked for changes to the Nomination Committee. The Supreme Court of Mauritius declined to reconstitute the committee and ordered a communique clarifying that Cloud Innovation's listing as a shareholder was erroneous and not attributable to AFRINIC or the receiver. Electronic voting continued. ICANN expressed mixed feelings, saying concerns about election integrity remained.

Then the election was suspended and annulled. The Register reported that, minutes before the voting period ended, the Nomination Committee chair suspended the election because of questions about powers of attorney. South Africa's ISPA alleged that authorized representatives had found someone else voting on their behalf using powers of attorney the resource holders had never granted. AFStar also alleged fraudulent powers of attorney. ICANN sent questions to the receiver and warned that inadequate answers could trigger a compliance review. The receiver later annulled the election, citing concerns about voter documentation and the need for unquestionable legitimacy.

Again, every allegation must be treated as allegation unless proven through the proper process. But legitimacy damage does not wait for final adjudication. For members, the question became whether voting authority itself could be trusted. If the same institution trying to rebuild governance could not complete an election without proxy controversy, the formal act failed to produce the desired economic asset. It added diligence questions: who maintains the voter roll, who may represent a resource member, how are proxies verified, how are disputed documents preserved, what audit is published, and who bears responsibility if a ballot is cast without authority?

The later election in September 2025 produced a board. The Register reported that AFRINIC announced eight directors, seven of whom had Smart Africa's endorsement, and that the institution now had a chance to convene a board for the first time since 2022. That was a necessary step. It was not a final answer. The same report noted likely court challenges, continued investigations, concerns about the bylaw basis for the election, discomfort among some community participants about Smart Africa's influence, and the continuing possibility that ICANN and the other registries would complete a policy route for intervention if AFRINIC failed to recover.

Leadership renewal is central to legitimacy after scandal, but it must be renewal in substance. A board must show independence, competence, conflict discipline and restraint. It must explain the status of disputed elections and legal challenges without either hiding behind lawyers or inflaming public conflict. It must publish enough about its control environment to satisfy rational reliance without compromising necessary privacy. It must separate the board's duty to the registry from the agendas of governments, lobbying groups, incumbent insiders, resource holders and litigants. It must not convert an electoral majority into a blank cheque over the ledger.

This is not a demand for endless process. It is the opposite. Proper evidence prevents endless process because it gives members and courts fewer reasons to revisit the same doubts. A clear proxy-verification report reduces rumor. A conflict register reduces suspicion. A candidate-eligibility rationale reduces accusations of exclusion. A durable voter-authentication process reduces future annulment risk. A disciplined explanation of legal constraints reduces speculation. In a damaged institution, silence is not neutrality; it is an invitation to fill the gap with distrust.

Elections can renew legitimacy only if the evidence around them is stronger than the crisis that preceded them. Otherwise they become theatre: visible, procedural and incapable of lowering the cost of reliance.

"Back on track" is a claim, not an audit

By early 2026 AFRINIC had begun to tell a recovery story. The Register reported from APRICOT in February that Mukom Tamon, AFRINIC's head of capacity building, said staff morale had improved, a new board was active, interim management personnel had been appointed, and a budget and action plan would appear within weeks. He said the organization was out of the quagmire and predicted that the phoenix would rise from the ashes. The article also noted AFRINIC's remaining unallocated IPv4 pool and the broader policy response among registries to the AFRINIC crisis.

Such signals have value. Staff morale matters. A budget matters. Strategy matters. Participation in regional technical meetings matters. A registry cannot rebuild trust if it cannot organize internal management or speak again to operators. But "back on track" is a claim. It becomes evidence only when tied to auditable conduct.

The months that followed showed why. In March 2026, The Register reported AFRINIC's accusation that Cloud Innovation, Larus and associated advocacy campaigns were trying to paralyse it through litigation and procedural roadblocks, including challenges to IPv4 issuance and bylaw work. Lu Heng responded that the issue was structural: high-consequence power over economically critical number resources was disconnected from commensurate liability. The Number Resource Society also argued that governments and operators were exposed and trapped. AFRINIC's critics rejected the institution's framing; AFRINIC and supporting voices rejected theirs.

In May 2026, The Register reported that ICANN had again intervened, this time becoming a party to an application to wind up AFRINIC. ICANN said it wanted the court to understand AFRINIC's role and the nature of the resources it administers, and argued that numbering resources allocated through AFRINIC are not assets of AFRINIC available for distribution in a winding-up. The same report described a separate dispute over a Larus press release and AFRINIC communiques concerning whether a court order had approved or endorsed a shareholder-position continuity structure, leasing or commercialization of AFRINIC-allocated resources. An interim order required takedown of statements that falsely attributed judicial approval to the Supreme Court of Mauritius. Cloud Innovation and Larus disputed AFRINIC's characterization and emphasized that the order did not decide IPv4 leasing, ownership or their business model.

This is not the landscape of a fully restored institution. It is the landscape of an institution whose formal organs have returned while its legitimacy remains contested across several markets: legal, operational, political and financial. A board can meet while litigation continues. A strategy can be drafted while members doubt the bylaw base. A budget can be approved while lenders still apply haircuts. Staff can regain morale while counterparties still demand extra evidence. Each improvement is welcome. None should be oversold.

The risk of overclaiming recovery is that it burns the very asset being rebuilt. If a registry says "normality has returned" while significant disputes continue, careful members conclude that the institution's public language is not calibrated to risk. If it says "transparent process" but does not publish enough evidence, members see process as branding. If it says "the community has decided" while participation, proxy and membership categories are legally contested, outsiders hear mythology. If it says "we are attacked" without separating litigation abuse from legitimate member concern, it may rally supporters while alienating counterparties who need neutral governance rather than camp language.

A more credible recovery narrative would be modest. It would say: services have been preserved; a board has been elected; management functions are being restored; specified audits are under way; certain legal matters remain unresolved; the institution will publish what can be published; member voting controls have been redesigned; record-integrity review has named categories and dates; enforcement will be proportionate and documented; communication will distinguish fact, allegation, party position and aspiration. That kind of language is less triumphant. It is also cheaper for markets to trust.

Legitimacy after scandal is not won by appearing uninjured. It is won by showing that injury has changed behavior.

Liability must move closer to power

One reason registry legitimacy is difficult to repair is that registry authority often outruns registry liability. AFRINIC's crisis made this visible, but the problem is broader. A registry record can affect the value of scarce addresses, the continuity of customer services, transfer confidence, reverse-DNS authority, public contact evidence and commercial financing. Yet registries tend to describe themselves as coordinators, not guarantors. They preserve discretion while limiting downside.

This imbalance matters after scandal because counterparties ask who pays if the registry is wrong. If a record was altered without proper authority, who compensates the injured holder or buyer? If an enforcement action later proves excessive, who bears the cost of customer disruption? If an election is annulled after members relied on it, who absorbs the delay? If a registry issues public statements that later require correction, who pays for reputational damage? If the registry delays a legitimate transfer during litigation, who carries the financing cost?

Institutions often answer these questions by pointing to legal terms, public-resource language or the special status of internet numbering. Those answers may have force in litigation. They do not rebuild trust by themselves. Economic reliance depends on practical alignment between decision power and consequence. The more high-consequence discretion the registry holds, the more credible its controls, remedies and liability posture must be.

Liability alignment does not mean that a registry should become an insurer of every market movement. That would be impossible and would distort its role. It means that the institution must not hold broad unilateral power while asking members to absorb all downside from its mistakes. Remedies can be layered. Some errors require correction and notice. Some require fee credits or service commitments. Some require independent review. Some require litigation. Some require public explanation. The point is not that every harm has the same remedy. The point is that the remedy map must exist before trust can return.

AFRINIC's post-crisis repair therefore needs more than a board and budget. It needs a clear allocation of risk. When the registry audits records, what happens if it finds uncertainty rather than fraud? When it believes a holder breached a use condition, what notice, cure period, evidence threshold and appeal protect continuity? When litigation threatens institutional operations, what services are insulated from the dispute? When members challenge election authority, what records are preserved and disclosed? When public statements are contested, what correction mechanism applies? When staff or board members have outside interests, what recusal and disclosure rules apply?

The answer cannot be improvised case by case. Improvisation is costly. It gives insiders discretion, lawyers billing hours and markets uncertainty. A damaged registry needs standing discipline. It needs predictable thresholds for action, independent sign-off for high-consequence decisions, tamper-evident logs for major record changes, member-visible policies for conflicts, and a habit of publishing redacted evidence where full disclosure would expose private data. It also needs to resist the temptation to make every dispute a referendum on its own survival. The registry's job is to keep the ledger reliable, not to win every public narrative at any price.

Liability alignment is especially important for African connectivity because the region's operators cannot assume that global capital will overlook governance risk. Infrastructure investors are already cautious about currency exposure, regulation, power availability, civil works, customer affordability and cross-border risk. If the numbering layer adds uncertain registry discretion, the combined risk stack becomes heavier. A small operator may face a higher financing cost not because its network is weak, but because the registry layer above it is legally noisy. A public connectivity project may become more expensive because suppliers need contingency plans for address continuity. A cloud region or data-centre project may demand additional assurances before treating local address resources as stable inputs.

These costs are not dramatic. They are worse: they are quiet. They appear as delayed projects, conservative underwriting, more expensive leases, smaller loans, shorter contracts and lost bids. That is why legitimacy repair has to be measured partly by costs outside the registry. If members still need unusually heavy warranties, if lenders still discount heavily, if buyers still delay closings, if cloud providers still require unusual documentation, then the legitimacy asset has not been rebuilt.

Power that affects balance sheets must be surrounded by controls that balance sheets can understand.

Member confidence is not the same as member ceremony

AFRINIC's public language, like that of other regional registries, relies heavily on community and member participation. Its policy manual describes a bottom-up policy development process based on openness, transparency and fairness. Anyone may participate in policy discussion. Drafts are reviewed. Chairs assess consensus. Appeals exist. These principles are valuable. They are not self-executing.

The gap between formal openness and actual confidence is one of the central lessons of the crisis. Members can have rights on paper while remaining operationally disengaged, poorly informed, legally uncertain or vulnerable to proxy collection. Technical communities can be open while dominated by repeat participants who know the procedures. Voting can be held while members are unsure who has authority to vote. A board can be elected while members argue that the bylaw route was flawed. A policy can be adopted while affected parties believe the process is too costly to monitor.

Legitimacy after scandal requires the registry to treat member confidence as a measurable condition, not a rhetorical inheritance. How many members understand their voting rights? How many can verify their representatives? How quickly can a member revoke or confirm a proxy? How is the voter roll reconciled with legal membership categories under Mauritian company law? How are resource members represented if registered-member status has a different legal meaning? How are meeting notices delivered? How are member challenges tracked? How are policy impact analyses made legible to small operators rather than only to insiders and lawyers?

The 2025 powers-of-attorney controversy makes this concrete. Whether each allegation is ultimately proven is less important for institutional design than the fact that members and observers found the process vulnerable enough to challenge. A registry election should not depend on trust in obscure documents that cannot be rapidly verified by the member supposedly represented. Modern member governance needs secure confirmation, revocation windows, audit logs and post-election reporting. It also needs rules that prevent one participant from aggregating voting authority at a scale that changes the character of representation, unless members have knowingly granted that authority and can see the consequences.

Member confidence also requires separating participation from obedience. A registry with damaged legitimacy may be tempted to treat criticism as sabotage because some litigation has indeed been disruptive. That is a dangerous move. Members who question policy, bylaws, elections, transfers or audits are not automatically enemies of continuity. Some may be self-interested. Some may be wrong. Some may be acting in bad faith. But if the institution cannot distinguish bad-faith disruption from rational member concern, it will push legitimate doubt into opposition.

The economics again are straightforward. A member that does not trust governance behaves defensively. It stores more evidence, seeks outside counsel, delays cooperation, resists audits, supports alternative associations, questions invoices, and treats every registry request as a potential threat. The registry then reads defensive behavior as hostility and responds with more assertion. Transaction costs spiral. The cure is not softer language alone; it is a governance design that gives members fewer reasons to defend themselves against the institution that is supposed to coordinate them.

For AFRINIC, the member-confidence program should be practical. Verify and publish the categories of membership and voting rights in legally precise terms. Provide each resource member with a secure, simple way to view and revoke voting authority. Publish redacted election audit results after each vote. Maintain a conflict register for board, senior staff, Nomination Committee members and external advisers. Provide impact notes for major policy changes in plain operational language. Create predictable channels for small ISPs, universities, public networks and enterprise holders who cannot attend every meeting. Ensure that complaints are answered with reasons, not merely references to process.

This is not administrative nicety. It is the production of legitimacy. If members understand the institution and can verify how it acts in their name, their reliance becomes cheaper. If they cannot, community language becomes mandate without evidence, and mandate without evidence is exactly what crisis has made unaffordable.

The record has to be corrected without becoming political property

One of the hardest tasks in registry repair is correcting records without claiming too much authority over the economic life built on those records. AFRINIC must protect the accuracy of its database. The policy manual says registration data must be correct at all times because it supports network operations. It says unregistered resources are invalid. It states that assignments remain valid when the original criteria remain in place and registration is maintained. It also reflects conservation and regional-use principles. These duties are real.

But the same duties become dangerous if converted into a broad claim that the registry can continuously re-open the economic life of every holder. Networks evolve. Customers change. Corporate groups restructure. Addresses are leased, transferred, financed, routed through different geographies, used for cloud services, or held for continuity. Public records must keep pace with these changes, but the registry cannot treat every commercial change as a license to revisit the entire value position from the beginning. That would make the registry a permanent commercial supervisor rather than a ledger maintainer.

The legitimacy line lies in evidence and proportionality. A dormant record whose original holder no longer exists requires scrutiny. A suspicious chain of changes involving insiders requires forensic review. A request to update contact details after a routine corporate reorganization requires a different level of scrutiny. A holder accused of fraud requires a different process from a holder whose usage has shifted with customers. A high-consequence reclaim requires more evidence, notice and review than a correction to a stale contact. The registry's mistake is not in caring about accuracy. It is in failing to distinguish defect classes and remedies clearly enough that members can price the risk.

This is where the 2019 heist allegations and the Cloud Innovation dispute meet. The first shows why record correction is essential. The second shows why correction powers must be bounded. Together they produce a disciplined standard: strong controls against fraud, insider dealing, forged authority and dormant-record exploitation; modesty toward ordinary business evolution; public reasoning for high-consequence decisions; and independent review where registry discretion can destroy value.

The phrase "public resource" does not solve this tension. It describes the reason uniqueness and registration matter. It does not decide how much discretion a private membership registry should hold over operator-built value. Nor does the phrase "not owned as traditional property" solve it. Many economically important rights are not simple property: spectrum licences, concessions, leases, permits, franchise rights, receivables, software licences and contractual entitlements can all carry market value and require stable records. The registry may not be selling land, but it maintains entries around scarce resources that markets rely on. That reliance requires prudence.

Record correction after scandal should therefore be additive rather than theatrical. Add evidence. Add audit trails. Add notices. Add reasoned decisions. Add correction histories. Add member-visible controls. Do not erase uncertainty by pretending it never existed. Do not bury disputed history in private settlements. Do not weaponize accuracy against unpopular holders. Do not let public statements get ahead of documents. A corrected ledger that admits its history is more credible than a polished ledger that asks everyone to forget why the audit was needed.

This principle also protects the registry itself. A transparent correction process reduces accusations of selective enforcement. It gives staff a rule base. It gives courts a record. It gives members predictability. It reduces pressure on individual officers. It makes it harder for critics to portray every registry act as capture or retaliation. It narrows disputes to facts rather than institutional mythology.

AFRINIC's opportunity is to show that a post-scandal registry can become more exact and less imperial at the same time. It can strengthen record controls while reducing discretionary overreach. It can protect uniqueness while acknowledging operator investment. It can police fraud while avoiding capital confinement. It can maintain regional policy while recognizing that the internet and its address markets are global in use, value and counterparty reliance.

If it cannot do this, every correction will look political and every policy will trade at a discount.

Time is the final auditor

There is no quick legitimacy event after a scandal of this kind. Time is not sufficient, but it is indispensable. A registry can publish audits, elect a board, adopt controls, appoint managers, improve staff morale and explain its legal position. Counterparties will still wait to see whether the institution repeats old behavior under stress.

That is because legitimacy is a memory held by markets. If an election is challenged, does the registry publish evidence or retreat into silence? If a member criticizes a policy, does leadership answer the issue or attack the person? If a court order is misunderstood, does the registry correct the public record precisely or overstate its meaning? If a valuable record is disputed, does the registry preserve continuity while the matter is heard? If a conflict of interest appears, does the board disclose and recuse? If staff find old record defects, do they follow a defined process? If a policy change affects transfer mobility, does the institution publish economic impact and transition rules? Each episode deposits or withdraws trust.

The good news for AFRINIC is that legitimacy can be rebuilt. Institutional memory is not eternal. Operators care about service, predictability and cost. Lenders care about evidence. Buyers care about closing. Public agencies care about continuity. Cloud providers care about risk that can be documented and contained. If AFRINIC repeatedly supplies these things, the market will gradually reduce the surcharge. The recovery will not require every critic to become a supporter. It will require enough counterparties to decide that reliance no longer needs extraordinary protection.

The bad news is that the necessary conduct is boring. It is not the rhetoric of phoenixes, villains, communities or continental destiny. It is minutes, audits, logs, notices, corrections, redactions, reasoned decisions, voting records, conflict disclosures, budget discipline, service metrics, restrained litigation and communication that does not ask more from evidence than evidence can provide. Damaged institutions often dislike this phase because it lacks drama. Markets prefer it for the same reason.

For African connectivity, the stakes justify the tedium. The region needs networks that can raise capital, acquire or lease addresses, deploy IPv6 while still serving IPv4-dependent customers, build data centres, support universities, connect public services, host local platforms and participate in cloud supply chains. None of that becomes easier if the numbering layer is viewed as an unpredictable private chokepoint. Nor does it become easier if every dispute is framed as a civilizational struggle over the registry's existence. The practical question is narrower: can the ledger be trusted at acceptable cost?

AFRINIC's crisis has already taught the market to price distrust. The repair task is to make that pricing less rational. That requires credible audits of the address-heist legacy and related record controls; public correction of affected records where correction is possible; transparent treatment of election and proxy disputes; leadership renewal that is independent enough to disappoint every faction when necessary; communications that distinguish fact, allegation and aspiration; member systems that make voting and representation verifiable; liability and remedy rules that move consequence closer to power; and enough uneventful time for those disciplines to become habit.

The institution can survive without completing that work. It may keep staff, systems, recognition, board meetings and public statements. But survival without legitimacy leaves an invisible tax on every member and every downstream user that depends on the registry. The tax appears as delay, discount, warranty, escrow, duplicated proof, legal reserve, reputational hedge and alternative address strategy.

A court can appoint a receiver. Members can elect directors. ICANN can intervene in court to protect continuity. The NRO can express support. AFRINIC can issue communiques and budgets. All of that may be necessary. None of it substitutes for the slow economics of trust repair.

The ledger will become legitimate again only when reliance on it becomes cheap again. Until then, the scandal is not over. It has merely moved from the headlines into the price of doing business.