AFRINIC's crisis has exposed a bargain that usually stays invisible: sovereign institutions can supply law, evidence and continuity duties to a regional number-resource registry, but the ledger loses its economic value if sovereign pressure turns into veto power. The address book is useful because it is narrower than the politics around it.
A regional internet registry is a strange object to place beside a sovereign state. It is private, contractual and technical. It keeps records, delegates resources, publishes lookup data, supports routing-security services and maintains the administrative machinery by which networks recognise who is responsible for which internet number resources. It does not command armies, write tax law, grant citizenship or plan national development. Yet its database conditions a material part of the digital economy. Banks, mobile operators, cloud platforms, internet exchanges, government networks, security teams, courts, counterparties and address-market participants all rely on the record being coherent.
AFRINIC makes that oddity unusually visible. A private, member-based organisation incorporated in Mauritius has served a region of sovereign states and Indian Ocean territories. Its records touch IPv4 addresses, IPv6 prefixes and autonomous system numbers. Its services affect WHOIS and RDAP lookups, reverse DNS, routing registry information and RPKI. Its governance crisis has drawn in Mauritian courts, receivership, election disputes, litigation involving Cloud Innovation, intervention by global internet bodies, public argument over resource-holder rights and renewed debate about the survival of the registry as an institution.
The easy conclusion is that the state must take charge because the resources have become strategic. The opposite conclusion is that states should stay away because the internet works only when technical communities are left alone. Both are too crude. Sovereign institutions are not irrelevant to the registry record. Courts decide legal status. Company registrars confirm corporate existence. Telecom regulators can verify licences and public-network facts. Fraud investigators can show when a transfer request is unsafe. Sanctions authorities can make particular dealings unlawful. Public bodies can identify critical networks whose continuity matters to citizens. These are not decorative inputs; a registry that ignored them would be irresponsible.
But sovereign evidence is not sovereign command. A court order, a company filing, a regulator's notice or a sanctions obligation may tell the registry something that must be respected. It should not automatically give a state, a ministry, a litigant or a favoured institution the power to decide the regional ledger's ordinary outcome. The ledger's value lies in global uniqueness, common recognition and narrow trust. Once recognition becomes a prize to be won through national pressure, the resource becomes harder to price, harder to move, harder to finance and harder to rely on.
That is the central thesis. Sovereign institutions can supply facts, legal constraints and continuity obligations. They can police fraud, enforce lawful orders and protect public networks. They should not be allowed to convert those inputs into a veto over a regional coordination ledger that has to work across borders. AFRINIC's recovery will depend less on a triumphant governance narrative than on disciplined smallness: a ledger narrow enough to accept sovereign evidence without becoming an instrument of sovereign ambition.
A private ledger inside a sovereign world
The paradox at the centre of AFRINIC is not that a registry exists. Any large networked system needs a mechanism to prevent duplicate claims over shared identifiers. The paradox is that sovereign states rely on a private corporation to help keep part of their digital economy legible. AFRINIC is not a state. It is not a treaty organisation. It is not a continental regulator. It is not a ministry of telecommunications for Africa. It is a private registry operator whose usefulness depends on a regional community accepting its record.
That arrangement looks fragile because it is deliberately modest. The internet's number-resource system works by keeping the registry's mandate smaller than the politics around it. A registry does not have to decide whether one country's industrial policy is better than another's. It does not have to decide whether a state-owned carrier, a university network, a mobile operator, a bank, a hosting company or a public-security agency deserves more strategic priority. It should not become the forum in which every dispute about national digital development is translated into address allocation. Its narrower job is to maintain a shared record: who is recognised for which resources, who can act for them, what services follow from that recognition, and what evidence exists when that recognition is disputed.
This smallness is not weakness. It is the reason the system can be tolerated by many governments at once. States with different legal systems, market structures, languages, currencies, political alignments and levels of administrative capacity can accept a common record because the record is not supposed to embody any one state's programme. The ledger sits below sovereignty. It lets networks interoperate without asking each country to submit to another country's domestic policy.
The bargain begins to fail when any party forgets the ledger's limited nature. A government may see scarce IPv4 addresses and treat them as national capacity. A court may see a registry incorporated under domestic company law and treat its corporate vessel as the whole regional function. A regulator may see critical public networks and reach for control over the address record. A registry board may look at a service region and imagine itself as a political representative of that region. A global coordination body may worry about fragmentation and mistake institutional continuity for institutional immunity. Each view contains a piece of truth. Each becomes dangerous when it tries to become the entire answer.
AFRINIC's incorporation in Mauritius makes the point concrete. The host state's law governs the company. Its courts can supervise corporate status, receivership, winding-up proceedings, member records and disputes over authority. That is ordinary sovereignty. It does not follow that Mauritius owns the African number-resource ledger. Nor does it follow that a domestic corporate order should automatically become an address-policy answer for every network in the service region. The legal fact has to be translated into registry continuity, and that translation must be narrow, documented and reviewable.
The same is true for other sovereign inputs. A telecom regulator may be the best source for whether a provider holds a licence. A company registrar may be the best source for whether an entity exists. A court may be the proper source for whether assets must be preserved. A sanctions authority may define a legal prohibition that binds a party. Those inputs can improve the record. They become destructive only when the registry treats them, or is forced to treat them, as a general power to decide who should enjoy recognition.
The task, then, is not to choose between sovereignty and the registry. The task is to keep them in their lanes. Sovereignty acts through law, courts, regulators, public records, enforcement agencies and accountable decisions. The ledger acts through authentication, publication, continuity, dispute notation, record correction and narrow policy. A stable regional system needs both. It cannot survive either as a lawless private club or as a disguised national property register.
Scarcity made sovereignty tempting
IPv4 scarcity changed the politics of the address book. When addresses were abundant, a registry could look like an administrative convenience. When addresses became scarce, transferable, leased, financed, litigated and embedded in commercial contracts, the database began to resemble settlement infrastructure. It still does not carry packets. Routers do that. But it helps determine whether a holder is recognised, whether a buyer can complete a transaction, whether a lender can assess continuity risk, whether a lessee can trust a lease, and whether a court order can be implemented without damaging unrelated networks.
The mechanics are familiar. A 32-bit address space was adequate for the early internet and inadequate for the world that followed. IPv6 exists and will remain the long-term technical answer, but the transition has been slow, uneven and non-backwards-compatible. IPv4 still supports customers, hosted workloads, firewalls, allowlists, payment systems, consumer access, legacy applications, monitoring systems and interconnection with the rest of the internet. The result is an awkward half-world: official language still speaks of administrative resources, while operators, brokers, creditors and counterparties behave as though many IPv4 blocks are scarce capital.
AFRINIC's own exhaustion history illustrates the change. It entered soft-landing Phase 1 in 2017 and Phase 2 in 2020, under rules that reduced the maximum allocation size and attempted to stretch the remaining pool. Public reporting in 2026 described AFRINIC as still holding a limited number of unallocated IPv4 addresses, while the broader operational premise was plain: the remaining pool is a shrinking reserve, not a basis for long-term abundance. Scarcity is no longer a warning about the future. It is the condition under which governance decisions are made.
Scarcity invites sovereign language because the resource starts to feel like national capacity. A ministry may see address holdings as a digital reserve. A finance authority may see cross-border transfers as value leaving the country. A telecom regulator may see identifiers used by licensed networks and interpret mobility as sector planning. A public-sector chief information officer may see addresses embedded in government systems and think of resilience. An incumbent carrier may see possible address movement and think of competitive advantage. Once a resource has a price, every administrative delay becomes more than paperwork.
The temptation is understandable. It is also economically hazardous. Internet number resources are not spectrum licences, land parcels or customs-controlled goods. Their value depends on global uniqueness and global recognition. A state can regulate companies and contracts within its jurisdiction. It cannot make a locally preferred duplicate claim globally useful by decree. If every state treats addresses held by domestic entities as trapped national stock, address mobility falls, inbound supply becomes less attractive, lenders discount the resource and operators lose a way to monetise underused space for investment. Sovereignty asserted too bluntly can destroy the value it wants to preserve.
The registry can overclaim as well. Scarcity makes every discretionary lever more valuable. A hold is no longer a pause. A transfer limit is no longer a procedural detail. A resource review is no longer merely administrative. A policy interpretation can change the economics of a block worth real money. A registry that sits above scarce assets can begin to experience recognition as power and call that power stewardship. Some stewardship is necessary; a registry must prevent fraud, duplicated claims and inaccurate records. But scarcity makes discipline more important, not less. The more valuable the resource becomes, the less room there is for informal discretion disguised as community judgement.
AFRINIC therefore sits where two overclaims meet. States may overclaim by treating globally recognised addresses as domestic property. The registry may overclaim by treating its record as superior title. The coherent position is narrower. Operators build businesses around number resources and bear operational risk. States hold authority over companies, licences, taxation, fraud, insolvency and critical infrastructure within their jurisdiction. The regional ledger records and coordinates recognition so that the internet remains one interoperable system. Confusing those layers is how scarcity becomes a sovereignty crisis.
Evidence is not a veto
A regional ledger cannot be indifferent to national law. If a company has been dissolved, that matters. If a court has appointed an administrator, that matters. If a telecom licence has been revoked and the resource request relied on that licence, that may matter. If a fraud report shows that a transfer instruction came from an unauthorised person, that matters. If a sanctions rule lawfully binds the registry or a relevant service provider, that matters. Neutrality does not require blindness. It requires disciplined use of evidence.
The distinction between evidence and veto should be the first constitutional principle of number-resource governance. Sovereign institutions can produce facts, orders and constraints. They should not automatically acquire a roving power to determine the regional ledger whenever a resource touches their territory. The registry should ask: what fact has been established, by whom, under what authority, with what effect, for which resource, for how long, and with what appeal or review path? It should not ask whether a sovereign preference is politically attractive.
Company law offers a useful example. AFRINIC exists under Mauritian law. Its corporate records, receivership questions, possible winding-up issues and governance disputes necessarily pass through domestic legal machinery. The host state's courts can decide who has authority to act for the company, whether a corporate register should be rectified, whether a receiver may take certain steps or whether a liquidation application can proceed. These decisions matter. But they are not the same as address policy. The legal decision supplies a fact or order that the registry function must absorb without turning the court into the ordinary manager of regional recognition.
Telecom licensing works the same way. A national regulator may be the strongest source for whether a carrier is licensed, whether a public network exists, whether a merger has legal effect or whether a licence holder is under formal sanction. Such evidence may be relevant to identity, authority, operational need, risk or dispute status. Yet a regulator's unease about a transfer, foreign customer, leasing arrangement or commercial strategy should not silently become a regional ledger rule. If a state wants to impose domestic restrictions on address-related transactions, it should do so openly through law and accept that markets will price the restriction. It should not ask the registry to hide industrial policy inside validation.
Fraud evidence is even clearer. KrebsOnSecurity and other public reporting in 2019 described allegations that address records associated with defunct or acquired African businesses had been manipulated or sold through dubious channels. Those reports did not make every address-market transaction suspect. They made registry controls more important. A registry must be able to freeze suspicious changes, require proof of authority, protect stale records from hijacking, preserve logs and cooperate with investigators. But a fraud control is not a general mandate to decide that every out-of-region customer is illegitimate or that every holder must constantly re-justify ordinary commercial evolution.
The appeal of a veto is that it seems decisive. It gives a ministry, court, regulator or registry a way to stop something that feels risky. But vetoes are expensive when they are hidden. A published law can be challenged, complied with and priced. A court order can be read. A regulator's notice can be tested for scope. An informal registry delay caused by sovereign pressure cannot be priced with the same confidence. The market sees only uncertainty, and uncertainty becomes discount, litigation and avoidance.
Respecting sovereignty therefore requires precision. Real sovereignty does not need to smuggle itself into the ledger. It can act through legal instruments that identify the authority, the affected party, the exact restriction and the review path. A regional registry that accepts sovereign evidence while resisting hidden sovereign veto is more respectful of states than a system that lets every pressure point become an informal command.
Mauritius shows the host-state dilemma
Every regional registry is incorporated somewhere. Most of the time that fact is dull. It becomes decisive when the institution breaks. AFRINIC's incorporation in Mauritius mattered because the registry's governance crisis entered Mauritian courts. Proceedings and reporting over recent years have involved receivership, bank-account restraints, election supervision, board formation, member-record disputes, questions about the receiver's authority and winding-up litigation. A body that performs a regional coordination function remained, at a basic legal level, a domestic corporation.
This is the host-state dilemma. The host state does not become sovereign over the region merely because the registry is incorporated there. But its courts and company law can affect the registry on which the region relies. Non-host states bear consequences without controlling the forum. Host-state institutions may face pressure from litigants, members, international coordination bodies, local politics and governments that care about the outcome. The registry is pulled outward as a regional internet institution and inward as a domestic legal person.
The dilemma should not be resolved by pretending local law is illegitimate. Courts are not intruders simply because the company they supervise performs a global or regional function. AFRINIC signs agreements, holds accounts, employs staff, keeps corporate records and operates under statutes. When governance fails, a court may be one of the few institutions with lawful power to preserve assets, appoint temporary control and require a path back to a board. Public statements by registry-system actors in 2023 treated receivership as a way to preserve continuity and restore governance; independent commentary also framed receivership as a rule-of-law mechanism, even while raising questions about process and accountability.
The opposite mistake is to demand immunity in the name of regional function. A private body cannot become sovereign because its service region is large. If a registry asks courts, creditors or members to step aside whenever ordinary legal scrutiny becomes inconvenient, it asks for public-style insulation without public-style foundation. Functional protection may be justified in a narrow sense: keep lookup services running, protect data, prevent disorderly seizure of operational assets, maintain staff capacity and avoid collateral damage to networks. But functional protection is not institutional worship. It should preserve the service, not sanctify every discretionary choice of the incumbent operator.
The host-state problem should therefore push AFRINIC and the wider registry system toward continuity architecture. RDAP, WHOIS, reverse DNS, RPKI repositories, authenticated change histories, member records, dispute metadata and service dependencies should be able to survive board failure, litigation, receivership and even corporate restructuring. If the ledger depends entirely on the goodwill or solvency of one local legal shell, the system has confused continuity of function with continuity of institution.
This distinction is not hostile to Mauritius. It protects Mauritius from becoming the region's unwilling political chokepoint. A Mauritian court deciding a company-law issue should not have to carry, in every order, the burden of determining the future of African number-resource coordination. A registry designed with replicated records, independent audit trails, defined failover, objective succession triggers and narrow dispute processes would reduce pressure on the host state. The court would decide legal facts. The continuity architecture would keep the ledger alive.
The lesson extends beyond AFRINIC. Incorporation is necessary. Local law is unavoidable. But a regional ledger becomes fragile when emergency litigation in the host state becomes the only practical continuity plan. The more economically valuable and operationally embedded the ledger becomes, the more auditable, portable and legally separable its function must be.
Courts should preserve the record, not govern it
Courts are essential because private institutions sometimes need lawful constraint. They can freeze, preserve, appoint, restrain, compel disclosure, hear evidence and decide responsibility. In AFRINIC's crisis, courts have been unavoidable because corporate authority, member rights, receivership and possible winding-up are legal questions. But courts are a poor ordinary manager of a live registry. Judges can decide rights. They cannot efficiently run address-policy nuance, routing-security transitions, reverse-DNS continuity, transfer-market expectations and member-service queues.
That is why a court-facing registry needs a preservation principle. In a live dispute, the default should be the last verified operational state unless a court or independent adjudicator specifically orders a change. The registry may mark a resource disputed. It may block conflicting transfers. It may require additional authority evidence. It may preserve logs, freeze risky updates and notify affected parties. It should not casually revoke, reassign, disable or pollute live resources as a form of institutional self-help.
The AFRINIC-Cloud Innovation dispute shows why the principle matters. Internet Governance Project analysis in 2021 described AFRINIC's attempted reclamation of Cloud Innovation's addresses as an aggressive response to concerns over out-of-region use and contractual interpretation; the same analysis criticised Cloud Innovation's legal tactics as damaging. One need not adopt either party's full account to see the institutional lesson. When a registry threatens live resources and a member responds through courts, the ledger becomes the battlefield. The consequences spread beyond the litigants to customers, counterparties, staff, other members, banks, public authorities and the region's trust in the record.
The proper judicial role is to separate the disputed question from unrelated continuity. A court can decide whether the registry had authority to terminate a membership, whether a contract permits a remedy, whether a receiver may act, whether a bank restraint is proportionate or whether a corporate register must be corrected. It should be careful with remedies that destabilise registry services for non-parties. Likewise, a registry should not use the risk of broader instability as a reason to escape scrutiny. Criticality is an argument for precision, not immunity.
A narrow court order can be highly protective. Preserve the record. Preserve services. Preserve the disputed party's last verified position unless rights are adjudicated. Preserve evidence. Prevent unauthorised changes. Require transparency from the receiver, board or registry operator. Define what must not be touched. Then let the registry continue its technical function. That approach respects sovereignty because it lets courts act through law while avoiding judicial policy by emergency motion.
The alternative is expensive and unstable. Litigants seek leverage through injunctions. Registries frame legal review as a threat to internet stability. International actors intervene in local courts in ways that look protective to some and overbearing to others. Markets cannot tell whether a transfer delay reflects law, risk, politics or registry discretion. Operators begin to price the court system into the address block itself. That is not legal order; it is institutional fragility made visible.
AFRINIC's crisis argues for a more explicit dispute architecture. High-consequence registry actions should have independent review. Operational services should continue during review wherever technically possible. Registry records should carry transparent dispute flags rather than silent punishment. Courts should receive precise evidence about technical consequences. Remedies should be proportionate to the specific breach. No party should be able to convert a contested policy interpretation into a threat to unrelated connectivity.
Courts are not enemies of the ledger. They are one of the ways sovereign law keeps private institutions honest. But if the ledger is designed badly, courts are forced into the role they should least want: emergency governors of a regional internet registry.
Compliance must be legal precision, not political convenience
Sanctions and compliance are among the hardest sovereignty pressures for a regional registry because they combine law, banking, contracts, geopolitics and reputation. A registry may be incorporated in one country, serve members in dozens more, rely on banks exposed to other legal systems, employ staff with different obligations and interact with global technical systems. A member may be lawful in its home state yet difficult for a bank or counterparty elsewhere. A transfer buyer may satisfy registry policy but trigger compliance concerns for a payment provider. A public-sector network may be critical domestically while subject to foreign restrictions.
The temptation is to turn the registry into a compliance sovereign. That would be a mistake. A regional number-resource ledger is not a sanctions office, export-control agency, financial-intelligence unit or human-rights tribunal. It lacks the mandate, tools, evidentiary machinery, due-process rules and political accountability for that work. Its proper role is narrower: identify the legal obligation, the actor bound by it, the service affected, the evidence supporting it, the duration, the available review path and the least disruptive way to preserve unrelated records and running networks.
This is not a plea for ignoring law. If a binding order applies to AFRINIC, it must comply. If a bank cannot lawfully process a payment, the registry must manage the operational consequences. If a court prohibits dealing with a party, the registry cannot pretend neutrality means disobedience. But compliance must be anatomised. Does the rule prohibit issuing new resources, accepting payment, updating contacts, maintaining RDAP data, signing RPKI objects, approving transfers or all of these? Does it bind AFRINIC, a bank, a member, a counterparty or a service provider? Does it require rejection, suspension, reporting, a licence application or record notation? The answers decide whether compliance is lawful precision or institutional overreach.
The same discipline is needed for sanctions-like pressure without a formal legal basis. A government may distrust a member. A regulator may dislike a foreign buyer. A regional body may warn that a transfer pattern threatens continental interest. A global coordination actor may say a proposal risks fragmentation. Such claims may be worth hearing. They are not, without more, legal commands. If a registry treats them as commands, it imports politics into the ledger while denying members the clarity they would receive from actual law.
Capital markets care about the difference. A buyer can price a published sanctions rule. It can diligence a court order. It can structure around a known payment restriction. It cannot price a registry culture in which unstated geopolitical discomfort becomes delay. Hidden compliance is economically worse than hard law because it cannot be tested. The result is not safety but discount, avoidance and litigation.
AFRINIC's environment makes this especially sensitive. African states differ in external alignments, banking exposure, security concerns, procurement practices, data-policy instincts and geopolitical relationships. A registry that tries to harmonise all of that inside its own discretion will become political terrain. A registry that says, in effect, "bring binding law, authenticated corporate facts, court orders and specific regulatory notices; we will comply narrowly and preserve continuity" can remain useful.
This approach protects states as well as members. A sovereign that wants to restrict a transaction should act openly through its own legal instruments. Those instruments can be debated, challenged, enforced and priced. A sovereign that relies on registry pressure avoids accountability and weakens the common record. Serious sovereignty does not need a private regional institution to launder its decisions into the database.
Compliance therefore belongs at the edge of legality. It should enter the registry through defined channels and leave a clear trace of what was done and why. It should not become a general theory of registry ambition.
Transfer controls can destroy the value they protect
IPv4 transfers make sovereignty anxieties concrete because they involve visible economic movement. An address block may be held by a domestic operator, sold to another local network, leased to a foreign customer, transferred within the region or, where policy allows, moved across RIR boundaries. Money moves. Recognition moves. Business opportunity moves. In countries with fragile currencies, tight foreign-exchange rules or strategic-sector sensitivities, a ministry may reasonably ask why scarce digital capacity should be allowed to leave.
The protectionist instinct is not irrational. A regulator can worry that a distressed operator might sell addresses and later lack capacity. A government can worry about dependence on imported cloud services. A competition authority can worry that large platforms or foreign buyers will outbid local networks. A central bank can worry that address sales may become a path for moving value across borders. A development ministry can worry that Africa's historic disadvantage in IPv4 distribution will be worsened if addresses flow outward.
Yet an address-transfer wall can impoverish the market it aims to protect. A trapped asset is worth less. If a holder cannot sell to the highest-value user, it receives a lower price. If a buyer fears future exit restrictions, it demands a discount. If a lender cannot rely on transferability, it lends less or not at all. If underused addresses cannot move, productive networks must buy elsewhere or remain constrained. A country that traps address value in the name of development may reduce the capital available to its own operators.
The regional level faces the same danger. AFRINIC's policy environment has been shaped by debates over out-of-region use and transfer limits. Public commentary on the early Cloud Innovation conflict framed part of the dispute as an effort to enforce a regional border around resources obtained through AFRINIC. Public reporting in 2026 described a policy environment that, in many circumstances, limits the ability of members to transfer IPv4 resources outside the AFRINIC-administered region. Supporters can argue that such rules protect African resources. Critics can argue that they destroy liquidity and increase registry lock-in. The economic question is not settled by slogans. It turns on whether the rule increases real network development or merely traps value under administrative control.
Transfer controls are most damaging when they are informal. If a state openly regulates sale proceeds, tax treatment or strategic-resource transactions, market participants can at least read the rule. If the restriction appears as registry delay, vague compliance review, political concern or policy ambiguity, the market cannot tell whether the problem is law, missing evidence, administrative weakness or hidden veto. Opacity reduces confidence in the ledger, and confidence is part of the resource's value.
The correct registry posture is not laissez-faire indifference. Transfers require proof of authority, accurate records, fraud controls, dispute checks and policy compatibility. A registry may properly block a forged transfer, refuse a transaction involving a non-existent company, require good standing, observe a court freeze or record a competing claim. But it should not turn every transfer into a test of whether movement satisfies national economic aspiration unless that requirement is explicit, lawful and regionally adopted.
Small and medium-sized operators are often the forgotten constituency. For them, an IPv4 block may be one of the few scarce assets on the balance sheet. The ability to sell, lease or finance it can fund fibre upgrades, data-centre equipment, customer migration, security, redundancy or IPv6 deployment. A rule framed as protecting the region can take optionality away from the very networks it claims to help. Conversely, a completely frictionless market without fraud controls can expose the same operators to hijacking, pressure and predatory acquisition. The settlement has to be narrow: protect the integrity of the record, punish fraud, obey law, disclose restrictions and avoid hidden industrial policy.
Markets can survive hard law. They struggle with soft veto. AFRINIC's challenge is to keep transfer governance visible enough that operators, courts and states know whether a restriction is a legal command, a registry rule or merely politics wearing technical clothes.
Telecom policy cannot absorb global uniqueness
Telecom planning is one of the strongest arguments for state involvement and one of the weakest arguments for state control of the regional ledger. Governments regulate spectrum, licences, universal-service funds, interconnection, emergency communications, lawful-interception duties, quality of service, consumer protection, public broadband, cybersecurity obligations and public-sector procurement. They know that connectivity is no longer optional. They also know that IPv4 scarcity still affects network design and deployment cost.
But telecom planning and internet-number uniqueness are different kinds of problems. Telecom planning allocates domestic rights, duties and incentives. The uniqueness layer prevents two networks anywhere from claiming the same identifier in ways that break interoperability. A ministry can decide how to license mobile operators. It cannot make a locally preferred duplicate IPv4 claim globally useful by decree. A regulator can require a carrier to serve rural areas. It cannot force every foreign network to recognise a national address record if that record conflicts with the shared system.
This is why treating AFRINIC as an instrument of national telecom policy would corrode the ledger. Suppose a state wants addresses preserved for licensed carriers rather than banks, content networks, universities, hosting providers or private enterprises. Suppose it wants outbound transfers blocked until domestic broadband targets are met. Suppose it wants a state-owned operator prioritised because that operator serves public obligations. Suppose it wants public-sector networks to receive preferential treatment during scarcity. Each goal may be defensible inside domestic policy. None should enter the regional ledger without a clear rule and recognition that other states in the same service region may have different goals.
The service region is not a single planning unit. African states differ in market structure, language, currency, public capacity, operator scale, court reliability, security posture, cloud dependence and geopolitical alignment. A rule that seems protective in one country may entrench incumbents in another. A restriction that helps a state-owned backbone may harm an independent regional carrier. A policy that pleases one ministry may reduce liquidity for a neighbouring operator. There is no continental telecom-planning sovereign hidden inside AFRINIC.
The registry's value comes from sitting below those conflicts. It can maintain a record that an operator in Nigeria, Kenya, South Africa, Egypt, Ghana, Morocco, Mauritius or the Seychelles can use without asking every other state to endorse its domestic policy. The record should know the holder, contacts, resources, status, transfer history, dispute flags and associated services. It should not decide whether a country's industrial strategy prefers one class of network over another.
Regulators still matter. They can improve accuracy by providing licence facts, public contact points, fraud alerts, emergency coordination and evidence about corporate authority. They can help public-sector networks understand registry responsibilities. They can educate operators about record hygiene and routing security. They can also tell governments when registry overreach threatens national infrastructure. The useful regulator is a supplier of facts and a defender of due process, not a hidden governor of the record.
The same caution applies to regional political initiatives. A multi-state digital-development body may have legitimate policy interests. It may convene governments, promote infrastructure, coordinate cybersecurity and advocate for African networks. But government endorsement does not automatically turn a board slate, transfer policy or registry practice into sovereign law. A regional programme is not a demos. It cannot replace member trust, corporate legality, technical restraint and reviewable process.
Telecom policy should surround the ledger, not swallow it. The state may build networks, regulate operators and protect consumers. The ledger should remain narrow enough that all those states, and all their competing policy choices, can still rely on one shared record.
Critical networks need continuity, not custody
The strongest emotional case for sovereign intervention is critical infrastructure. Public-sector networks, emergency services, hospitals, banks, power utilities, airports, universities, internet exchanges, government identity systems and national-security networks all depend on stable addressing. If a registry dispute threatens those systems, a government cannot shrug and say the matter is private. It will be blamed for the failure, and rightly so.
But the conclusion should be continuity, not custody. A state does not need to own the regional ledger to protect public networks. It needs to know which resources its critical systems depend on, whether the records are accurate, who is authorised to update them, which RPKI and reverse-DNS dependencies exist, which contracts govern usage, what happens during a dispute, and how continuity is preserved if the registry becomes unstable. Those are resilience questions. They are not solved by turning the registry into a political trophy.
AFRINIC's crisis shows why this matters. Receivership, bank restraints, inability to maintain ordinary board functions, attempted elections, annulled votes, later board restoration and continuing litigation all raised the same question: what must continue if the institution falters? The answer is not every authority claim made by AFRINIC, its critics, global coordination bodies or governments. The answer is the function: unique records, public lookup services, routing-security publication, reverse DNS, authenticated changes, dispute notation, transfer integrity and preservation of running networks.
Critical-infrastructure thinking should push the registry toward separability. Records should be versioned and backed up. RPKI succession should be planned. RDAP and WHOIS continuity should have tested failover. Reverse-DNS delegations should not break because a board dispute is unresolved. Disputed resources should be isolated without contaminating unrelated records. Public-sector networks should maintain authority documents before a crisis. Courts should understand which orders would damage non-parties. Governments should be able to receive emergency facts without being handed a veto over ordinary transactions.
The registry must also resist a common rhetorical move: because public networks depend on us, we must be protected from challenge. The more critical a function is, the more accountable and replaceable its operator should be. A power grid is not made safer by giving one private company unreviewable discretion over hospitals. A banking settlement system is not made safer by saying the operator cannot be sued. Criticality increases the need for audit, redundancy and lawful constraint.
Governments have their own work to do. If public agencies hold or rely on number resources, they should treat registry relationships as infrastructure risk. They should map dependencies, maintain contact accuracy, make procurement contracts preserve continuity, understand payment and sanctions paths, and prepare evidence for corporate changes. A state should not discover during a registry crisis that a hospital network's address record depends on an outdated contractor contact or a forgotten email account.
Sovereign evidence is useful here. A ministry can certify that a network supports emergency services. A court can require preservation of a disputed public resource. A regulator can alert the registry that a licence transfer changes network control. A national cybersecurity agency can report hijacking or route-origin anomalies. These inputs improve the ledger. They do not make the state owner of the ledger.
The public interest in number resources is real. It is precisely because it is real that the ledger must remain disciplined. The state needs continuity guarantees it can trust. Operators need continuity guarantees they can price. The registry needs continuity guarantees that do not depend on institutional self-mythology. Custody is a political instinct. Continuity is the engineering and legal requirement.
Data sovereignty is not address sovereignty
The politics of data sovereignty often bleed into address governance. Governments that worry about citizen data leaving the country, foreign cloud dependency, platform power and extraterritorial surveillance may also worry about number resources used by foreign customers or commercialised across borders. The concepts feel related. Data flows. Addresses route. Networks cross borders. Domestic law struggles to contain global infrastructure. But the analogy can mislead.
Data sovereignty concerns the legal treatment, storage, access and processing of data. Address uniqueness concerns the non-duplication and recognition of identifiers. A country may require certain data to be stored locally, encrypted, processed by licensed providers or accessed only under local conditions. Whether those measures are wise is a separate question. The address record's first-order function is different. It tells the world which network is recognised for which resource and how related services should be found.
A localisation instinct becomes dangerous when it treats address recognition as a territorial container. An IPv4 address registered to a company in one jurisdiction may support customers elsewhere. A cloud platform may serve many countries from shared infrastructure. A security provider may announce prefixes from distributed points. A content network may move traffic according to performance. The operational geography of an address is not the same as the incorporation geography of its holder, the billing geography of its customer or the policy geography of a regulator.
AFRINIC's past disputes over out-of-region use sit on this fault line. One side treats regional allocation as implying regional use. Another treats number resources as globally routable assets whose value comes from supporting networks wherever business and contracts require. The serious question is not whether geography is irrelevant. It is which geography matters for which purpose. Company registration may matter for membership. Network location may matter for need assessment. Customer location may matter for compliance or abuse response. Routing origin may matter for security. None of these should be collapsed into a simple claim that a regional registry owns the destiny of every address it once allocated.
The data-sovereignty analogy also creates false confidence in technical control. A state can make it harder to move or process data in certain ways. It cannot make the internet's global recognition layer work by national declaration alone. If a country or region imposes address rules that operators and counterparties regard as arbitrary, the result is not sovereignty in the strong sense. It is discount, workaround, litigation, reduced inbound confidence and possible fragmentation of trust.
This does not mean data-policy authorities should ignore address governance. Address records can reveal operational dependency. RDAP and WHOIS data affect investigations. RPKI affects routing security. Abuse contacts affect cybersecurity response. Public-sector cloud strategies may depend on stable IPv4. These concerns argue for better evidence, lawful process and resilience planning. They do not justify treating the registry as an extension of data-localisation policy.
A narrow ledger is friendlier to serious data sovereignty than a politicised one. If the record is accurate, auditable and limited, governments can build lawful data rules around known infrastructure. If the record becomes a battleground for symbolic sovereignty, everyone loses clarity. Operators hide structure. Governments distrust records. Courts receive confused evidence. Markets price political risk. Users get less stable service.
The better distinction is between legal authority and technical containment. Sovereigns can regulate companies, contracts, procurement, security practices and data-handling obligations. The ledger should maintain global uniqueness and evidentiary clarity. Trying to achieve digital sovereignty by bending the address book is like trying to control trade by editing a shipping directory. It may create leverage for a moment. It does not create durable order.
Insolvency separates the corporation from the function
Insolvency is where institutional mythology meets legal architecture. If a registry is a company, what happens when the company cannot function? If it holds records for a region, are those records corporate assets, public infrastructure, member data, trust material, service outputs or something else? If a court appoints a receiver, what exactly is being preserved? If a creditor or litigant seeks winding up, what can be distributed and what must remain part of the coordination system?
AFRINIC has made these questions concrete. In 2023, the Bankruptcy Division of the Supreme Court of Mauritius appointed an official receiver in proceedings affecting AFRINIC. Public statements described the receiver's role as maintaining the status quo of assets, preserving the value of the business, overseeing elections and helping restore ordinary governance. In 2026, The Register reported that ICANN had successfully applied to become a party to Cloud Innovation's application to wind up AFRINIC, with ICANN arguing that numbering resources allocated through AFRINIC are not assets of AFRINIC available for distribution in a winding-up.
One need not adopt ICANN's broader institutional framing to accept the narrow point. A registry corporation is not the same thing as the number resources in its database. The corporation may own servers, contracts, bank accounts, software licences, office equipment and receivables. It may employ staff and operate services. But the addresses themselves are not ordinary company inventory to be distributed to creditors. Nor should the function of maintaining uniqueness vanish because the incumbent corporate shell is in legal distress.
The distinction cuts both ways. Those defending AFRINIC should not imply that because the function is critical, the incumbent institution must be preserved in every respect. Those attacking AFRINIC should not imply that because the corporation can be wound up, the ledger can be treated like an ordinary asset pile. The corporation and the function are separable in principle. The hard task is making separability real before crisis forces it.
Insolvency also exposes a liability mismatch. Registry agreements and fee schedules were built around membership services, not infrastructure-scale harm. Yet registry decisions can affect address value, network continuity, transfer certainty and public trust. When an institution has high-consequence discretion and limited capacity to absorb the consequences, every receivership or winding-up question becomes politically charged. Creditors want remedies. Members want services. Courts want legal categories. Other RIRs want continuity. Governments want stability. Operators want their records left alone. The original institutional form looks too small for the economic reality now resting on it.
The conservative answer is to make the function portable. Registry state should be replicated and auditable. Service dependencies should be documented. Succession triggers should be objective. RPKI and reverse-DNS transition should be planned. Member rights, resource-holder rights and corporate membership should be distinguished carefully. Dispute resolution should preserve the last verified state. A successor or interim operator should be able to run the technical ledger without inheriting every political claim of the failed institution.
This is not a call to dissolve AFRINIC casually. Disorderly collapse would be costly. Staff knowledge matters. Institutional memory matters. Existing systems matter. A region cannot run on slogans. But preserving continuity is not the same as preserving institutional immunity. The more clearly the function can outlive the corporation, the less any party can hold the region hostage by threatening either collapse or untouchability.
Insolvency is therefore not a side issue. It is the legal test of whether the number-resource system has understood its own evolution. A ledger for scarce, operationally embedded resources cannot depend solely on the solvency and legitimacy of one private corporation.
The crisis exposed every theory of authority
AFRINIC matters beyond Africa because it is the registry where the hidden bargain became visible. Public reporting and institutional records have described allegations of historic internal misconduct, including 2019 reporting on address-block misappropriation; the Cloud Innovation dispute; bank-account restraints; multiple lawsuits; inability to maintain ordinary board and CEO functions; receivership; attempted elections; annulled elections; later board restoration; continued litigation; ICANN intervention; and debates over bylaws, member rights and possible winding up. Not every allegation is proven. Not every actor's interpretation should be accepted. The pattern is enough: a narrow registry function became entangled with courts, markets, governments, member politics and global coordination bodies.
The election turmoil is especially instructive. The Register reported that AFRINIC had been unable to elect a board for a period after 2022, that a receiver arranged elections in 2025, that concerns arose about powers of attorney and voter documentation, that a June 2025 election was suspended and annulled, and that a later election produced a board in September 2025. Public reporting also described discomfort among some stakeholders about Smart Africa-endorsed candidates holding most seats and about continuing legal uncertainty. AFRINIC later signalled a return toward budgeting, interim management and strategy work while accusing Cloud Innovation, Larus and associated campaigns of trying to paralyse the organisation. Cloud Innovation and Larus have rejected that framing and argued that the deeper issue is registry power over scarce resources without commensurate liability.
For this article's purpose, the party dispute is less important than the institutional lesson. A regional registry cannot rely on ambience. It cannot say "community" and expect everyone to stop asking who voted, under what authority, with which records and with what legal status. It cannot say "stability" and expect courts to ignore claims. It cannot say "sovereignty" and expect markets to ignore liquidity. It cannot say "private company" and expect public actors to ignore critical infrastructure. Every old ambiguity becomes costly once the ledger conditions scarce value.
The crisis also exposed a representational problem. A service region is not a sovereign people. A mailing list is not a demos. A board election is not a continental constitution. A government-backed digital-development initiative is not consent from every affected operator. A resource member is not automatically the same thing as a registered company member under domestic law. The more these categories are blurred, the more legitimacy becomes vocabulary rather than structure.
Yet the crisis should not be read as proof that regional coordination is worthless. AFRINIC's services remain important. Staff continued operations through difficult periods. Members need a working registry. African networks need accurate records, reverse DNS, RPKI, transfer processing, support and policy clarity. The lesson is not to abolish the ledger. The lesson is to stop asking the ledger to carry political, economic and sovereign meanings it cannot safely bear.
The crisis made the bargain visible because every actor reached for a different theory of authority. AFRINIC invoked regional function and member service. Cloud Innovation invoked contractual rights, court protection and asset continuity. ICANN invoked global coordination and continuity. Courts invoked Mauritian company and insolvency law. African policy actors invoked continental digital interest. Resource-holder advocates invoked decentralisation and protection from registry overreach. Each theory saw part of the problem. None should be allowed to swallow the ledger whole.
AFRINIC's recovery, if it is to be durable, will depend less on a victorious narrative than on institutional modesty. The registry must do less mythology and more record discipline. States must supply evidence and law without treating every address as national inventory. Courts must preserve continuity without becoming policy managers. Markets must accept fraud controls and lawful holds without accepting hidden veto. That is a hard settlement, but it is the only one consistent with a regional ledger in a sovereign world.
The settlement is a smaller, harder ledger
Trust in a regional ledger does not come from grandeur. It comes from narrowness. The more a registry confines itself to objective, auditable and necessary tasks, the more likely states, courts, operators and markets are to accept its record. The more it expands into political representation, commercial approval, moral judgement or sovereign-style custody, the more every stakeholder has reason to resist.
A narrow ledger has practical properties. It records the recognised holder and authorised contacts. It maintains a chain of changes. It publishes lookup data within privacy and accuracy limits. It supports reverse DNS and routing-security services. It records dispute status without turning dispute into punishment. It processes transfers under clear rules. It accepts court orders and lawful evidence. It preserves running-network continuity. It reports service metrics. It separates administration from high-consequence adjudication. It treats policy as a bounded coordination tool, not as a constitution for a region.
This narrowness makes the ledger durable. A registry that refuses to decide national industrial policy can serve countries with incompatible industrial policies. A registry that treats courts as sources of orders and evidence can operate across legal systems without becoming a court. A registry that treats regulators as fact suppliers can use sovereign competence without becoming a regulator. A registry that keeps transfer rules visible can support markets without pretending addresses are ordinary commodities. A registry that plans for operator succession can survive board failure without demanding reverence.
The same narrowness disciplines state ambition. If a state wants to restrict a transaction, it should act through law. If it wants to protect a public network, it should document the dependency. If it alleges fraud, it should provide evidence. If it treats address resources as strategic assets, it should explain the legal basis and accept that counterparties will price the restriction. The registry should not become the place where political preferences are laundered into technical outcomes.
For AFRINIC, the next useful signals will not be limited to whether the organisation publishes a budget, elects a stable board or wins a particular motion. Those things matter, but they are not enough. Watch how courts frame continuity. Do they distinguish the corporation from the function, preserve the last verified operational state and avoid remedies that damage non-parties? Watch how governments and regional bodies speak about AFRINIC. Do they ask for audit, continuity, lawful evidence and due process, or do they ask for control? Watch transfer policy. Is it justified by record accuracy, fraud prevention and transparent scarcity rules, or by vague regional destiny? Watch compliance practice. Are sanctions, licence notices, fraud reports and court orders translated into labelled, limited actions, or does compliance become a black box?
Watch also whether AFRINIC's recovery rhetoric treats scrutiny as medicine or threat. A registry emerging from years of crisis should welcome clearer member records, election evidence, financial reporting, service metrics, legal-risk disclosure and separation of powers inside its own processes. If scrutiny is framed mainly as destabilisation, the organisation will be tempted to demand deference before it has rebuilt trust.
The final signal is architectural. Does the regional system plan for a world in which any registry shell can fail? The revised attention across the internet-number system to RIR lifecycle, emergency service provision and possible derecognition shows that the old assumption of institutional permanence has weakened. The task is to make continuity real without giving the incumbent club a new form of unreviewable power. The test is whether records, services and security chains can survive transition while operators and states retain lawful challenge.
AFRINIC's sovereignty problem is not that states care too much. It is that everyone has begun to care while the ledger still carries assumptions from a lower-stakes age. Sovereigns are right to protect courts, licences, public networks, fraud enforcement and critical infrastructure. Operators are right to demand predictable recognition and mobility. Markets are right to price uncertainty. Courts are right to insist that private institutions remain within law. The registry is right to insist that uniqueness must not collapse.
The settlement is not a louder sovereign claim. It is a smaller ledger. AFRINIC should not be a continent in corporate form. It should not be an ownership theory. It should not be a sanctions office, a ministry, a development bank or a court. It should be a narrow coordination ledger that can accept sovereign evidence without surrendering to sovereign veto.
That sounds modest. In institutional design, modesty is often the highest form of seriousness. The internet's number-resource system works only while many actors with incompatible politics agree to recognise the same record. The record can command that agreement only by staying smaller than the politics around it.

