The hardest address-policy problem in African mobile broadband does not appear when a subscriber buys a data bundle. It appears earlier, in the operator's packet-core plan, where growth has to be translated into public IPv4 inventory, shared-address architecture, APN design, fraud evidence, enterprise promises and a migration path toward IPv6. CGNAT keeps that system moving. It also turns the few public addresses at the mobile edge into a scarce operating asset whose value depends on whether AFRINIC's registry evidence is stable, neutral and trusted.
A mobile launch can look almost finished before this constraint becomes visible. Radio teams have accepted new LTE or 5G sites. Backhaul has been tested. Smartphones are cheaper than in the last campaign. The marketing team has built a tariff ladder around larger data bundles, youth plans, social packages, fixed-wireless offers and small-business SIMs. Finance expects more usage, more payment activity, more enterprise attachment and higher return on spectrum and core investment. To the customer, the proposition is simple: more internet, at a price that makes daily use possible.
The public-IPv4 arithmetic is less generous. Millions of handsets, routers, tablets, merchant devices, cameras, transport terminals and field-service SIMs may pass through a mobile core that exposes a much smaller number of public IPv4 addresses to the rest of the internet. The address visible to a bank, marketplace, abuse desk or streaming platform is usually not the address of one person. It is a shared mask, produced by the operator's carrier-grade NAT design and by the size and cleanliness of the public pools behind that design. That mask has to support reachability, reputation, geolocation, subscriber attribution and enterprise separation at the same time.
This is the difference between an address ledger and an abstract governance debate. GSMA's Mobile Economy Africa 2026 describes mobile technologies and services as producing about $240bn of economic value in Africa in 2025, equal to 7.8% of GDP, supporting roughly 13m jobs and contributing about $45bn in public revenues. It projects about $290bn by 2030, says 63% of the population is covered by mobile broadband but not yet online, and expects about $76bn in mobile-network capex between 2025 and 2030. It also projects 5G reaching 21% of African connections, or 383m connections, by 2030. Those figures are exhibits, not a slogan. They show a sector in which a technical bottleneck at the public address edge can become a cost inside payments, enterprise connectivity, complaint handling and adoption.
The question is not whether CGNAT is legitimate. It is essential while IPv4 remains commercially relevant. The question is what it makes scarce IPv4 become inside a mobile business. It becomes a planning reserve, a product feature, a fraud-evidence dependency, a customer-support exposure, a wholesale bargaining chip and a transition constraint. AFRINIC does not route the packets and does not tune the NAT gateways, but its records help determine whether the operator can treat public address resources as dependable inputs or has to price registry uncertainty into every pool and every contract.
The mobile campaign before it reaches the street
Mobile broadband grows through campaigns as much as through standards. A carrier lowers the price of weekly data. A handset-finance partner widens access to entry-level smartphones. A school project buys connected tablets. A government form becomes easier to submit from a phone. A bank integrates SIM-swap or number-verification checks. A logistics firm adds SIMs to vehicles and depots. None of these events is primarily an address-policy event, but each produces sessions that have to exit the mobile core.
Before the campaign goes live, engineers need answers that customers never see. How many active sessions will share one public IPv4 address at the busy hour? How much public space should be reserved for ordinary internet APNs, private APNs, fixed-wireless routers, test systems, roaming, mobile-money partners and static-IP products? What port limits will keep heavy tethering from harming ordinary users? How long must translation logs be retained, and who can query them? Which pools have a clean enough reputation for banking traffic? Which enterprise products can honestly promise a public address rather than merely a managed path through shared translation?
These are not only engineering questions. They are capital-allocation questions. A public IPv4 address placed in the consumer CGN pool can support many ordinary users, but it may also concentrate reputation and complaint risk. The same address held for a private or public-static APN can support a higher-value enterprise product, but it reduces the reserve available for mass-market growth. An address kept idle is prudent if future access is uncertain, wasteful if the operator is hoarding against a risk that better registry processes could reduce. Scarcity makes every placement consequential.
The registry connection is indirect but practical. A mobile operator does not ask AFRINIC for a fresh allocation every time marketing approves a new bundle. It still needs confidence that the public pools supporting those bundles are recognized, contactable, delegable and defensible. A stale contact, disputed block, delayed reverse-DNS change or uncertain transfer does not change a radio plan by itself. It changes the risk around the public identity that the radio plan eventually depends on.
That is why the usage gap matters. When 63% of the population is already under mobile-broadband coverage but not yet online, growth depends on bringing lower-income and first-time users into routine digital life. Their first experience may be a bank login, school portal, marketplace listing, public-service form or remittance app. If that service treats a shared CGNAT address as suspicious or wrongly located, the user does not diagnose IPv4 scarcity. The product simply feels unreliable.
What growth figures hide in the packet core
Large mobile-economy figures can make the network sound like a smooth macroeconomic machine: value added, jobs, capex, public revenue, coverage and 5G penetration. Inside the packet core, growth is less smooth. Each additional subscriber creates sessions, state, logs, DNS queries, charging records, fraud signals and support obligations. IPv4 scarcity cuts across those systems because it decides how many subscribers must share a public identity at any moment.
A fixed broadband provider often plans around premises and customer routers. A cloud provider plans around virtual machines, elastic addresses, tenants and regions. A datacentre operator plans around racks, cross-connects, power, cooling and customers that bring or lease their own address arrangements. A mobile operator has a different pressure pattern. Its customers are numerous, mobile, intermittently active and often cost-sensitive. They include people using small prepaid bundles, households using fixed-wireless routers, merchants running payment terminals, enterprises buying private APNs and machines sending telemetry from the field.
The boundary matters. This is not the cloud-provider question, where public IPv4 is part of platform inventory and regional capacity. It is not the datacentre question, where address scarcity interacts with colocation, transit, tenant routing and asset valuation. Nor is it primarily an essay about support cost as CGNAT's hidden tax. Support cost is one symptom here. The centre of gravity is mobile-broadband expansion: how public IPv4 scarcity shapes the architecture, products and evidence obligations of mobile access networks before IPv6 can carry the whole burden.
The mobile core turns scarcity into ratios. A single public address may represent many subscribers, but not all subscribers create the same risk. A low-volume messaging user, a tethered laptop, a gaming handset, a shop router, a bank-branch backup link and a camera fleet all place different demands on ports, persistence and attribution. If the operator treats them identically, some products break. If it separates them too finely, public address reserves disappear into special cases.
The public address therefore behaves like scarce productive capital. It helps convert spectrum, towers, devices and marketing into usable internet sessions. It can be leased, reserved, sold as a premium feature, embedded in enterprise commitments or held as a continuity buffer. When the record behind that asset is clear, the operator can make explicit trade-offs. When the record is uncertain, the operator often becomes conservative: it hoards, over-shares, limits promises, or pushes customers into vague managed services because the public evidence behind the pool is not stable enough.
CGNAT is architecture, not a cosmetic workaround
Carrier-grade NAT is sometimes described as a workaround for IPv4 exhaustion. That is true but incomplete. In a mobile network it is architecture: address plan, gateway placement, pool design, port policy, logging, lawful-response process, abuse handling, product segmentation and customer experience. Once many users share public egress, the operator has created a public identity machine. It must be designed, not merely installed.
RFC 6598 made one part of that architecture explicit by reserving 100.64.0.0/10 as Shared Address Space for service-provider NAT deployments. The space is not globally routable and is meant for use inside provider networks, not as ordinary public internet space. The RFC also warns about reverse-DNS leakage and about forwarding shared-address traffic across service-provider boundaries except in limited arrangements such as hosted CGN. In mobile terms, this allows large private addressing domains to exist inside the carrier while scarce public IPv4 remains at the edge.
RFC 6888 describes the carrier-grade NAT as an ISP-network function that shares one public IPv4 address among several subscribers, with subscribers having limited or no control over it. Its requirements are practical: paired address pooling to reduce needless external-address churn for a subscriber's sessions, configurable port limits, filtering behavior, logging considerations and port-allocation trade-offs. Those requirements are technical, but the consequences are commercial. A strict port limit can make a heavy tethering user cheaper to serve and more likely to complain. A generous limit can improve experience and consume more shared capacity. More detailed logging can improve attribution and increase storage, privacy and access-control burdens.
In mobile broadband, the CGNAT decision also determines where blame lands. External systems usually see the public address first. A bank may see many accounts authenticating through the same address. A gaming service may report a restrictive NAT type. A geolocation database may place a handset near the packet gateway rather than near the user. An abuse desk may see scanning or credential attacks from an address shared by thousands of innocent subscribers. The operator must translate that public signal back into subscriber context, usually with timestamp and port data. If logs are incomplete, clocks differ, records are stale or the public address has a poor reputation, the translation is contested.
This does not make CGNAT a mistake. Without it, African mobile operators would face a harsher collision between growth and IPv4 exhaustion. It does mean that every public address placed behind the CGN becomes more valuable than a line in an inventory table. It carries many users' experience, many counterparties' interpretation and many internal teams' ability to explain what happened.
Public IPv4 pools become product inventory
The mobile operator's public IPv4 pool is not one homogeneous bucket. It is divided by risk, revenue and promise. Some addresses support ordinary consumer egress. Some support enterprise APNs. Some may be reserved for fixed-wireless access that customers expect to behave like home broadband. Some support test functions, fraud-response relationships, roaming, customer-care diagnostics or legacy systems. Some are cleaner or better understood by geolocation and reputation databases than others. The operator's address plan is therefore a product plan.
Consumer mobile broadband usually accepts shared public egress. Most subscribers care that applications work, not that their handset receives a public IPv4 address. Shared egress keeps prices lower and makes mass adoption feasible. The problem appears when sharing is too dense or poorly matched to use cases. An address that carries too many unrelated sessions may be rate-limited, misclassified, blocked or mislocated by platforms outside the operator's control. The customer sees a failed login, a suspicious-activity challenge, a blocked game, a slow relay path or a service that insists the user is somewhere else.
Enterprise mobility changes the calculation. A retailer may need point-of-sale terminals to reach a payment processor through an allowlisted address. A bank may use mobile backup links for branches and expect documented egress. A broadcaster may need predictable field connectivity. A logistics provider may need vehicles and depots separated from consumer traffic. A public agency may require auditable routing for field tablets. These customers often pay for public identity, not just radio coverage.
That creates a scarcity price. A public IPv4 address in an enterprise APN can support higher revenue and clearer auditability, but it cannot simultaneously serve as a high-density consumer egress address. A static public IPv4 add-on can be commercially rational, but it turns registry-administered space into a product margin. If the operator cannot be confident that the block's registry evidence, reverse DNS and contact data will remain stable, it becomes more cautious about selling multi-year commitments tied to that block.
The distributional effect is important. Large mobile incumbents often have deeper historical holdings, more legal capacity and more room to reserve clean ranges. Smaller operators, MVNOs, regional fixed-wireless providers and specialized IoT firms may depend on leased space or upstream host-network arrangements. If AFRINIC's records and processes are predictable, smaller firms at least know the rules of scarcity. If recognition, updates or dispute handling feel discretionary, scarcity reinforces incumbency in a way that has nothing to do with radio quality or customer service.
APNs turn scarcity into class separation
The Access Point Name is where mobile policy becomes network behavior. An internet APN carries ordinary consumer traffic. A private APN connects enterprise devices into a controlled domain. A public-static APN can give selected customers stable public reachability. An IoT APN can apply different routing, charging and firewall treatment. A mobile-money or banking APN may require stricter separation and monitoring. The APN is not merely a product label. It is how the operator converts scarcity into classes of service.
IPv4 scarcity makes APNs valuable because they ration public identity without denying mobile access. Ordinary users can sit behind CGNAT. Devices that only send telemetry can use private address plans. Enterprises that need inbound reachability can buy static public IPv4, private tunnels or managed secure access. Sensitive partners can receive dedicated routes. In a market where affordability remains a central adoption constraint, this segmentation is useful: it avoids spending public addresses on devices that do not need them.
Segmentation also creates room for ambiguity. A customer may believe it has a dedicated enterprise service when the public egress is shared with other tenants. A reseller may advertise "static IP" while relying on a host network's policy and records. A camera or telemetry deployment may work until remote access, lawful request handling or partner whitelisting exposes the address arrangement. A public-sector customer may discover after procurement that the product does not provide the separation its auditors expected. The hidden address facts eventually become visible.
The registry's role is not to approve APN design. It is to keep the public resources used by those designs legible. If an enterprise APN relies on an AFRINIC-administered block, the public record should support the operator's claim that the block is legitimately controlled, reachable and contactable. If reverse DNS is part of the service, the delegation process should be predictable. If a transfer or lease arrangement underpins the pool, the chain of responsibility should not collapse into private assurances that no outside counterparty can verify.
Clear registry evidence encourages clearer APN products. An operator that can point to stable public records can be honest about which products are shared, which are static, which are portable, which are provider-controlled and which are temporary. An operator that fears registry uncertainty may have an incentive to describe the service vaguely, route obligations through contracts, or keep address arrangements out of the customer's view. That may help the sale, but it weakens the ecosystem's ability to handle incidents, audits and migration.
APNs also show why national and regional contexts meet. A bank, utility, ministry or logistics firm may operate across borders while buying mobile connectivity country by country. The egress address may sit in a different operational geography from the device. Compliance, geolocation, incident response and lawful request handling then need public evidence of the network and entity behind the address. AFRINIC's records cannot answer every legal question. They can stop the first question from being a mystery.
Mobile money and banking make shared identity expensive
Mobile money changes the cost of weak attribution. A data session may be linked to account creation, SIM-swap checks, device fingerprinting, merchant payment, remittance, loan application, customer support or fraud investigation. GSMA's Africa report notes that SIM Swap and Number Verification APIs are already being used to reduce mobile-money fraud for banks and fintechs. That detail matters because it shows the mobile network becoming part of the trust machinery for financial services.
CGNAT complicates that machinery. A public IPv4 address may represent many subscribers in a short period. A fraud system that treats the address as a strong identity signal can block legitimate users who happen to share egress with suspicious traffic. A system that dismisses the signal entirely may miss useful context. A system that geolocates the address to a core node may create false anomalies. The right use of public IP in fraud analysis is cautious and contextual, but caution requires evidence: who controlled the address, when, through what gateway, and whether the operator can map the external address, port and timestamp to a subscriber under lawful process.
RFC 6888's discussion of logging is directly relevant. Abuse handling may require identification of a subscriber from external IPv4 address, port and timestamp. The mapping information needed for that task can be large, and destination logging raises privacy concerns unless there is a clear administrative reason. In a payments environment, that balance is not academic. Too little attribution increases fraud losses, false denials and regulatory pressure. Too much collection creates privacy, retention and access-control risk. Scarce public IPv4 pushes more users behind shared egress, increasing the value of precise, disciplined logs.
AFRINIC's part remains bounded. It should not collect subscriber mappings or become a fraud platform. It should maintain public evidence that lets a bank, fintech, abuse desk or lawful authority identify the responsible network and reach the right contact. If an investigation begins with an IPv4 address, the registry record should not send the investigator toward a stale entity or a disputed control story before the operator can even check its own records.
This is also a place where development language can distort the mandate. Mobile money is economically and socially important, so it is easy to invoke inclusion or fraud prevention to justify wider control over address use. The narrower answer is stronger. Fraud prevention needs accurate public contacts, responsible resource holders and clear correction of false records. It does not require AFRINIC to decide which mobile-money partners, enterprise products or APN architectures deserve public IPv4. The line matters because a registry that stays within evidence can be trusted by many different operators; a registry that expands into product judgment will be treated as a political actor.
The financial-services lesson is simple: a weak public IP signal can still be useful if everyone understands its weakness. It becomes harmful when shared identity is mistaken for individual identity, or when the public record points to the wrong responsible party. Mobile broadband needs the first condition to improve and the second condition to disappear.
Enterprise mobility buys evidence as much as bandwidth
Many enterprise customers buy mobile connectivity because it reaches places fixed networks do not reach reliably enough: branch backup, mobile routers, field offices, vehicles, construction sites, clinics, point-of-sale terminals, industrial sensors and temporary events. But the product is not only reach. Enterprises also buy evidence. They need to know what address their traffic appears from, whether partners can allowlist it, whether DNS and logs can support audits, whether traffic is separated from consumer egress, and whether the operator can explain an incident without improvisation.
Legacy systems make this harder. A modern application can be built with IPv6, identity-aware access and application-layer controls. Many real enterprise environments are older. Partner firewalls may still rely on IPv4 allowlists. Security teams may treat a static public address as the easiest control to document. Payment processors may require known egress. Industrial devices may assume IPv4. A mobile operator can propose better architectures, but commercial reality often demands an IPv4-compatible product.
Scarcity lets operators create tiers. Basic business SIMs use shared egress. Higher tiers receive static public IPv4, private APNs, managed VPNs or dedicated paths. Large customers get more documentation and stronger service terms. This is rational if the scarcity price is transparent. Customers that genuinely need public IPv4 pay for it, and the revenue can support better logging, IPv6 migration, APN separation and support tooling.
The model breaks when public identity is sold without public certainty. An enterprise contract can say "static IP", but the operational value depends on whether the address is stable, documented and reachable under a known operator's control. If an address is leased through a fragile arrangement, if registry contacts are wrong, if reverse DNS cannot be maintained, or if a dispute clouds resource status, the enterprise buyer has purchased a weaker product than it may understand. That weakness may remain invisible until an audit, migration or incident.
Registry certainty therefore affects enterprise competition. Incumbents with large historical pools can sell cleaner products, reserve better ranges and absorb address-risk reviews. Smaller providers may offer competitive service but lack the same address cushion. A neutral registry does not equalize historical holdings. It can, however, make the process for updates, transfers, contacts and disputes predictable enough that smaller firms are not punished by procedural opacity.
Enterprise mobility also feeds the IPv6 transition. Customers that see the real scarcity price of public IPv4 have more reason to modernize applications, accept IPv6 where possible and reserve IPv4 for compatibility. Customers that receive vague bundled promises have less reason to change until failure arrives. Stable registry evidence helps operators have the honest conversation: IPv4 is finite and valuable; IPv6 is the scalable path; the current public pool is documented, but it should not be the foundation for every new service.
Geolocation and complaints expose the public mask
The public address is a poor proxy for a mobile subscriber, yet many systems still use it as one. Geolocation databases attach a city or region. Websites set rate limits. Streaming platforms apply location rules. Social networks flag unusual login patterns. Abuse desks send complaints to the registered holder. Lawful requests may arrive with IP, port and timestamp. In all of those workflows, the public address is a starting point even when everyone knows it is incomplete.
CGNAT makes the starting point less precise. RFC 6598 notes that geolocation systems identify the location of the CGN server rather than the end host. In mobile networks, that can be sharply misleading. A subscriber may move across cells and cities while the public egress appears tied to a gateway location. For advertising, content rights, banking checks, local services and public portals, that mismatch can create friction. The user does not care that the address is technically shared. The service either works or it does not.
Abuse complaints show the same problem in another form. If spam, scanning or credential attacks come from a public address, a complaint may reach the operator. The operator has to determine whether the source was one handset, a tethered laptop, an enterprise APN, an IoT fleet, a reseller or a compromised router. That requires accurate logs and a clear public record of who was responsible for the address at the relevant time. If the registry record is stale or disputed, the complaint path starts with avoidable uncertainty.
Lawful requests are more sensitive. Operators need procedures to map public IP, port and time to subscriber data while protecting privacy and following local law. The registry record is not enough to identify a person, and it should not be treated as enough. It is the public anchor that helps establish which network controlled the resource. If that anchor is weak, the operator may still have accurate internal logs, but the external confidence chain is messier.
These issues are sometimes grouped under support cost, and support cost is real. Customer-care teams are left explaining failures that sit between NAT behavior, remote platform policy, geolocation, reputation databases and public records. But this article's focus is upstream of the call-centre burden. The deeper question is how mobile operators design shared public identity so that the rest of the internet can interact with it responsibly.
The division of labor should be clear. AFRINIC should keep resource records, contacts and delegations accurate enough that the responsible network can be reached. Operators should maintain lawful, privacy-respecting attribution inside their own systems. Platforms should stop treating shared mobile egress as if it were a household router. Regulators and courts should understand the difference between a public address and a subscriber. The system fails when any one actor pretends the public mask is more precise than it is.
IPv6 coexistence changes the bargain
IPv6 is the durable technical answer to IPv4 scarcity, but coexistence is the mobile operator's present tense. African operators planning 4G expansion and 5G growth can use new devices, new packet-core investment and new APN designs to push more traffic onto IPv6. Mobile networks often have more control over devices and access configuration than fragmented fixed networks, which can make them strong candidates for IPv6-first operation. The GSMA projection of 383m 5G connections by 2030 makes that modernization window significant.
Coexistence, however, is not a clean cutover. Subscribers use applications, banks, government portals, schools, games, merchant systems and enterprise tools that may still depend on IPv4 somewhere in the path. Payment partners may have IPv4-based controls. Old industrial equipment may not be ready. Foreign counterparties may require allowlisted IPv4 egress. Customer support teams may not distinguish between an IPv6 reachability failure, an IPv4 CGN port issue, a DNS problem and a remote application bug. Users only see whether the service works.
CGNAT remains the bridge on the IPv4 side. Dual-stack reduces pressure when traffic moves to IPv6, but it does not remove all public IPv4 demand. NAT64 and related mechanisms can help with IPv6-only access to IPv4 destinations, but they bring their own operational and compatibility questions. Public IPv4 still matters as egress, reputation anchor, enterprise product and investigation starting point. The trajectory may point to IPv6; the balance sheet still contains IPv4.
This is why registry certainty remains valuable during transition. A stable IPv4 ledger gives operators a clear economic signal: IPv4 is finite, expensive and documented; IPv6 is the scalable growth path. An unstable ledger muddies that signal. Operators may hoard addresses because they fear future recognition problems. Leasing may move into less transparent arrangements. Enterprise products may be written defensively. IPv6 may still advance, but as an escape from institutional uncertainty rather than as a planned modernization program.
The right bargain is not to weaken IPv4 evidence in order to force IPv6. It is to make IPv4 scarcity visible and predictable while helping members, vendors, enterprises and public agencies reduce dependence on it. AFRINIC can support IPv6 adoption through training, measurement, reverse-DNS and registration services, policy clarity and operational coordination. It should not turn IPv4 uncertainty into a lever of discretionary control. The more boring the IPv4 ledger becomes, the cleaner the IPv6 business case gets.
Coexistence also requires trust with customers. A bank will not move a control system to IPv6 because a registry speech says it should. It will move when the operator can show operational maturity, clear incident handling, stable legacy support and a path that reduces risk. Reliable public-address evidence is part of that maturity. It lets the operator manage the old layer while building the new one.
AFRINIC's crisis is evidence of registry-layer risk
AFRINIC's recent institutional stress matters to mobile broadband because it shows how registry-layer risk can become a business input. The point is not that every mobile operator was party to each dispute, or that every report should be flattened into one moral story. The point is that scarce IPv4 gives registry records economic value, and economic value makes the control plane worth contesting.
Public reporting on the 2019 address-theft scandal described millions of IPv4 addresses allegedly misappropriated through changes to registration records, with a senior staff member later dismissed and criminal complaints reported. For mobile economics, the important lesson is that registry data is not naturally inert. If a record can be manipulated, the manipulation can create market value. In a region where public IPv4 is already scarce, record security is not back-office hygiene. It is infrastructure protection.
The Cloud Innovation dispute exposed another side of the same scarcity: enforcement conflict, litigation, court orders and institutional stress around a large holder of AFRINIC-administered address space. The merits and claims have been contested in public and legal forums. A mobile operator does not need to take a position on every claim to draw the operational lesson. When registry authority and large address holdings collide, the registry can become a litigation venue as well as an administrative service.
Governance stress then widened the concern. AFRINIC entered court-appointed receivership in Mauritius in 2023 after board and governance difficulties. The NRO's public welcome of the receiver is useful as a factual exhibit of the continuity problem: restoring functional governance, member services and a proper board had become a matter for the wider number-resource community. Later public accounts described a June 2025 election process annulled after voting-irregularity concerns, followed by a later board-restoration process. Whether one reads those events optimistically or cautiously, they show that registry authority depends on recognized decision-making, not only database uptime.
For a mobile operator, the risk appears during change. Existing routes may keep working. Subscribers may keep browsing. But product teams need new APNs, reverse-DNS changes, customer documentation, transfers, mergers, contact updates and IPv6 projects. If governance is uncertain, ordinary changes invite extra legal and risk review. Staff may keep services running professionally, but counterparties still ask whether decisions will survive challenge.
The lesson is not that AFRINIC should compensate for weakness by becoming more discretionary. That would worsen the gatekeeper problem. The recovery path is narrower and duller: secure records, publish clear statuses, keep member services predictable, correct errors through evidence, explain dispute handling without alarming unrelated users, and make routine changes boring again. Boring is valuable in a mobile packet core.
Neutral stewardship is stronger than development gatekeeping
IPv4 scarcity attracts moral language. Addresses can be called regional assets, public resources, development tools or inclusion enablers. Those descriptions are understandable. Mobile broadband does support employment, tax revenue, payment activity, public-service access and household opportunity. The danger comes when the moral language is used to expand a registry's role beyond neutral number stewardship into discretionary control over which commercial uses deserve recognition.
The mobile-broadband case shows why restraint is not passivity. The same public IPv4 block can support low-cost consumer egress, a private APN for a hospital, mobile backup for a bank, merchant terminals, a school project, an IoT fleet, a small ISP's upstream arrangement or a rural fixed-wireless product. The registry usually cannot see enough of the customer contract, national regulation, fraud requirement, enterprise dependency or price structure to rank those uses from a central office. It can see whether the resource record is accurate, the holder is responsible, policies are followed and contacts work.
Neutral stewardship should therefore mean stronger evidence, not weaker authority. AFRINIC should maintain uniqueness, registration accuracy, contactability, delegation integrity and reviewable administration. It should protect records from theft and misrepresentation. It should apply community-adopted policies through due process. It should support IPv6 and operational capacity. It should correct false records. Those are not small duties. They are exactly the duties that make scarce public identity usable.
Gatekeeping would create the wrong incentives. If operators believe certain mobile products will be judged politically, they may hide arrangements, avoid updates, lease privately or describe APN products vaguely. That makes the public ledger worse. If they believe the registry will focus on accurate evidence and fair process, they have more reason to keep records current, disclose operational responsibility and price scarcity honestly. Neutrality is a way to get better information.
It also protects AFRINIC itself. A registry that claims a wide development mandate can be blamed for retail data prices, rural coverage, mobile-money fraud, enterprise adoption and IPv6 speed, none of which it controls directly. A registry that claims a bounded ledger mandate can be judged against standards it can meet: accurate records, resilient services, member support, transparent correction, secure systems, contact quality and lawful governance. In a post-crisis recovery period, narrower authority is often more credible authority.
Mobile broadband needs public institutions that understand their lane. Spectrum policy, device affordability, taxation, competition, rights of way, energy reliability and digital literacy all influence inclusion. The number registry contributes by making scarcity legible and predictable. It should not launder broader development aspirations into ad hoc control over public identity.
The planning rule for the next mobile decade
Africa's next mobile decade will be shaped by more than address policy. Affordability, spectrum, tower power, fibre backhaul, taxation, handset finance, competition, regulation and content relevance will all matter. Public IPv4 will not outrank them. It will decide how efficiently some of their gains can be converted into reliable services. A continent with a large covered-but-not-online population cannot afford avoidable ambiguity at the public edge of mobile networks.
The operator's planning rule should be explicit: treat public IPv4 as scarce productive capital, treat CGNAT as a designed evidence system, and treat IPv6 as the only scalable end state. That means reserving public pools with a clear purpose, writing APN products honestly, separating enterprise and sensitive traffic where the promise requires it, retaining attribution logs under disciplined legal controls, correcting geolocation and reputation data aggressively, and using every 4G and 5G modernization window to remove avoidable IPv4 dependence.
The registry's planning rule should be just as explicit: be a neutral ledger, not a development gatekeeper. Keep records accurate, contacts current, reverse DNS and routing evidence predictable, disputes bounded, member services resilient and governance lawful enough that ordinary changes do not feel like institutional bets. The registry does not have to make IPv4 abundant. It has to keep scarcity from becoming ambiguity.
If that works, operators can make sharper commercial choices. A consumer pool can be shared without pretending it is individual identity. A static public-IP APN can be priced as a scarce product. A bank can understand when a public IP is only a weak signal. An enterprise customer can see whether it is buying public reachability, private routing or an application-layer abstraction. An IPv6 migration can be justified by economics rather than panic. Smaller providers can compete without a procedural handicap layered on top of historical scarcity.
If it fails, the sector still grows, because demand is strong. But growth carries a governance surcharge. Operators hold larger buffers, write vaguer contracts, push more traffic through crowded translators, move address arrangements into private channels and spend more time explaining shared identity to counterparties that do not trust the public record. Incumbents with older holdings benefit. Newer entrants and specialized providers face more friction. Customers experience the result as blocked apps, premium charges, failed audits, confusing support and slower product launches.
The mobile planning room is the right place to end. The radio sites are ready, the campaign is scheduled and the market is waiting. The engineers still have to decide how scarce public IPv4 will be shared, sold, logged, reserved and displaced over time by IPv6. Those decisions sit below the speeches and above the subscriber's screen. AFRINIC's value to that room is not a grand narrative about the future of the internet. It is the quieter guarantee that the public-address evidence behind the mobile core will hold when growth tests it.

