Summary

  • When one regional internet registry is in crisis, its peers can look like the sober adults in the room.
  • Imagine the meeting not as a constitutional seminar, nor as a recognition-policy workshop, but as a crisis call among people who know the registry machinery from the inside.

The call that sounds like stability

Imagine the meeting not as a constitutional seminar, nor as a recognition-policy workshop, but as a crisis call among people who know the registry machinery from the inside. A court in Mauritius has placed AFRINIC under an official receiver. The African registry has been unable to operate with ordinary governance for too long. Staff are still trying to answer members. Public records still have to respond. Reverse DNS, WHOIS, RDAP, routing-security publication and ordinary support cannot simply wait for lawyers to finish. Around the call are the other regional internet registries, the coordinating bodies around them and the people who understand that a registry failure can become a confidence event even if packets continue to move.

The conversation, at first glance, is about continuity. Who can provide technical information to the receiver? What functions must be kept alive? Which public messages reassure members without prejudging a local legal process? How should the wider system tell network operators that the unique-numbering ledger remains coherent? When the Number Resource Organization issued its September 2023 statement on the appointment of an official receiver for AFRINIC, that was the public version of this scene: a peer system welcoming a path back to governance, emphasizing continued services and saying it stood ready to support the receiver.

There is a reason such coordination feels responsible. The internet-numbering system depends on shared expectations. A regional registry is not merely a trade association with a database. It is the institution through which a region's networks receive and maintain recognized number-resource records. If one registry enters receivership or loses its board, the rest of the system cannot shrug. It must reassure operators that uniqueness will hold, records will remain available and the regional ledger will not become an open field of rival claims.

Yet the same scene has a second reading. The institutions on the call are not neutral emergency technicians in an abstract market. They are peers. Each runs the same kind of territorial registry. Each benefits from the same general legitimacy story. Each would prefer courts, members, governments and markets to treat a regional registry as a critical coordination institution rather than as a replaceable contractor. Each knows that if one registry can be disciplined too easily, replaced too easily, or held too directly liable for high-consequence harm, the precedent may one day travel. In that sense, the crisis call is also a club meeting.

The club need not conspire. It need not agree on prices or secretly allocate markets. The economics are simpler and more subtle. A group of incumbent coordinators facing a failure by one peer will tend to protect the system's brand, preserve the incumbent shell if it can be preserved, resist remedies that make exit look easy, and describe challenges to institutional authority as threats to stability. Some of that instinct is good. Some of it is dangerous. The difficulty is that both instincts use the same vocabulary.

AFRINIC is the stress test because its crisis makes the ambiguity visible. Receivership, disputed elections, allegations over voting authority, ICANN interventions, member litigation, claims about paralysis, arguments over winding up and public disputes over registry-layer liability have all forced the system to explain what it is protecting. Is it protecting the ledger, the users and the continuity of services? Or is it protecting the incumbent office and the discretionary authority of a peer?

The distinction is not rhetorical. It is the political economy of the RIR model. NRO coordination can preserve the registry system. It can also soften competitive pressure, socialize reputational risk, protect the weakest peer, reduce liability pressure and make discipline depend on institutions that may have every reason to avoid creating a harsh precedent. AFRINIC does not prove bad faith in peer coordination. It proves that peer coordination has incentives, and those incentives deserve analysis before they are treated as the voice of stability itself.

Why coordination is genuinely valuable

The first mistake in criticizing RIR coordination is to pretend that coordination is fake. It is not. The technical case for cooperation among regional internet registries is strong. Internet numbers require global uniqueness. A block of IPv4 address space or an autonomous system number is useful because everyone else can rely on the shared record that says who should be treated as the registered holder or user. That record has regional administrative boundaries, but its consequences are global. A network in Nairobi, Johannesburg, Lagos, Paris, Singapore or Sao Paulo does not want five incompatible stories about the same number resource.

AFRINIC's own policy material states the basic mechanics. Internet number resources are distributed through a hierarchy in which IANA allocates blocks to the regional registry, and the regional registry redistributes them to members under adopted policies. The policy manual describes goals that are not decorative: uniqueness, registration, aggregation, conservation, documentation and fairness. It also points to the operational services through which registry records become useful: WHOIS-style public registration, RDAP, reverse DNS, routing-related data and resource-certification functions. These are mundane systems, but their mundanity is the point. They are supposed to be boring enough that networks can build on them.

RIR coordination lowers the cost of keeping those systems coherent. The registries face similar technical problems: database accuracy, stale contacts, reverse-DNS delegation, routing-security publication, abuse-contact information, transfer records, returned space, fraud detection, member authentication and policy implementation. They also face common operational risks: cyber incidents, service outages, legal confusion, staff turnover, budget pressure and sudden spikes in member concern. A registry in crisis may not need a philosopher. It may need people from another registry who know how to keep a public query service alive, how to document a transfer queue, how to communicate with operators and how to preserve evidence without breaking routine service.

Coordination also supports policy learning. A rule that works poorly in one region may warn another region before it repeats the mistake. Election disputes, proxy rules, conflict declarations, appeal processes, publication practices and RPKI operations can all improve when registries compare experience. The RIR system was built on regional autonomy, but regional autonomy does not mean institutional amnesia. The operational craft of registry administration is portable.

Mutual aid is especially valuable during shocks. If a registry loses board authority, a receiver or court officer may not understand the difference between a company asset and the registry function. Peer registries can explain why a public database must continue even while corporate governance is disputed. If a bank freeze threatens ordinary payments, peers can help identify which services are essential. If a public statement risks panic, peers can provide language that distinguishes service continuity from the merits of litigation. If staff morale collapses, a signal from the wider system can reduce the feeling that the institution has been abandoned.

There is also a public-confidence function. Operators do not read every court filing. They watch whether the system around the troubled registry appears to understand the stakes. A coordinated statement can tell the market that the crisis has not become a free-for-all. That reassurance has value because internet coordination is partly belief. Networks accept number records because others accept them. The more the record looks like a stable shared reference rather than a local corporate file, the more useful it remains.

Those benefits should not be dismissed merely because the institutions providing them are incumbents. Incumbents often know the machinery best. In a crisis, expertise matters. A court-appointed receiver, a national regulator or a new board may need precisely the expertise that only peer registries can provide quickly. The problem is not that peers coordinate. The problem is that the same coordination which preserves continuity can also preserve peer privilege. The technical value of cooperation does not cancel the economic risk of club behavior. It makes that risk harder to see.

The club logic beneath mutual aid

A club, in this analysis, is not an allegation of unlawful coordination. It is a group whose members share a status, a brand, a set of norms and a repeated-game relationship. The regional internet registries are a club in this economic sense. Each is the recognized registry for a territory. Each administers a scarce coordination layer. Each depends on the willingness of networks, courts, governments and global institutions to treat its records as authoritative. Each benefits when the public sees RIRs as neutral stewards rather than as private gatekeepers with limited downside exposure.

That common interest changes the incentives of mutual aid. When a peer is failing, the other peers do not ask only whether the peer has met an abstract standard of accountability. They also ask what the judgment will do to the whole club. A public condemnation of one registry may invite questions about all registries. A court finding that registry discretion is too broad may encourage members elsewhere to challenge similar clauses or practices. A remedy that separates the ledger from the incumbent corporation may make the registry function look more portable than the club would prefer. A large damages theory in one region may draw attention to liability limitations in other regions.

The result is mutual forbearance. Peers may criticize process failures, but they will be cautious about declaring that a peer's core authority has lost legitimacy. They may support a receiver or reform process, but prefer a path back to the incumbent institution rather than a precedent of easy replacement. They may emphasize continuity, but avoid spelling out whether continuity belongs to services and data or to the officeholder. They may describe member litigation as a threat to the system while paying less attention to the possibility that litigation is the only available discipline when internal remedies are weak.

This forbearance can be rational without being noble. Each registry faces its own members, its own courts, its own political environment and its own resource controversies. A harsh standard applied to AFRINIC today may be applied to ARIN, APNIC, LACNIC or the RIPE NCC tomorrow. A peer that says "AFRINIC must be stripped of discretionary power because its governance failed" has created a sentence that others can quote back when its own governance is challenged. Institutions do not need to meet in secret to avoid such sentences. They learn caution by imagining their own future defendants' table.

Shared reputation reinforces the pattern. The public rarely distinguishes carefully among RIRs during a crisis. If one registry is described as captured, insolvent, boardless or unable to perform its functions, the whole model looks weaker. The club therefore has an incentive to frame the weak peer's crisis as exceptional and recoverable. Again, that may be true. But it also means reputational risk is socialized. The costs of one registry's failure are carried by the brand of all registries, so all registries have a reason to keep the failing registry inside the brand if possible.

This is where cartel-like incentives can emerge in an economic sense, without any claim of formal conspiracy. The RIRs do not need to agree to suppress competition in a smoke-filled room. Their territorial exclusivity already softens ordinary competition. Members generally cannot choose a different regional registry for the same regional relationship merely because service, governance or liability terms are unattractive. Coordination among incumbents can then reinforce the absence of exit by presenting the incumbent regional registry as the natural vessel of continuity. Potential alternatives - stronger portability, independent crisis operation, member-triggered external review, or separation of data custody from institutional discretion - can be treated as destabilizing before their merits are evaluated.

The economics are familiar from other self-regulating professions and network industries. Peer review is useful because insiders understand the craft. Peer review is weak because insiders share the craft's blind spots and fear reciprocal exposure. Banking clubs, clearing houses, medical boards, bar associations, exchanges and standard-setting bodies all face versions of the same problem. Coordination lowers systemic risk. It can also protect incumbents from sharper accountability.

The RIR case is especially delicate because the market discipline is thin. A bank can lose depositors. An exchange can lose listings. A professional can lose clients. A regional registry's members have far less practical exit. That makes peer coordination more powerful and more in need of constraint. If a club controls both the rescue narrative and the pathway to discipline, the public has to ask who marks the club's homework.

Liability-light power changes the rescue instinct

The incentive problem becomes sharper when registry power is compared with registry liability. Lu Heng's public writing puts the issue bluntly: the RIR model, in his view, now combines high-consequence authority over scarce number resources with contractual and financial responsibility that is far lighter than the harm a registry decision can cause. His examples point to liability caps and service-agreement structures across several registries, including provisions measured by fees or nominal amounts, while registry decisions can affect resource recognition, transferability, routing credibility and business continuity. The Register's March 2026 reporting summarized his position as an argument that the registry model was built for an earlier administrative world but now acts as a gatekeeper over commercial activity.

One need not adopt every conclusion in that critique to see the institutional-economic issue. IPv4 scarcity changed the cost of registry error. A mistaken or overbroad registry decision is no longer only an administrative inconvenience. It can affect a live network's customers, financing, merger value, leasing arrangements, collateral assumptions, security posture and ability to avoid renumbering. Yet the registry may not bear those downstream losses in any proportionate way. When authority is large and downside is small, institutional behavior changes.

Peer coordination then inherits the same mismatch. If the other registries are asked to support the troubled peer, they do not internalize the full private losses of members or counterparties either. They internalize the club's reputational loss and the system's continuity risk. That pushes them toward preserving the peer institution. The harmed holder's loss is private and often contested. The club's brand loss is immediate and shared. In a crisis, shared losses speak louder.

This is not simply a problem of moral sympathy. It is a problem of cost accounting. Suppose a registry wrongly threatens a resource holder, or an election process fails, or a receiver makes a decision whose effects are disputed. The affected parties may face legal bills, lost transactions, market discounts or operational uncertainty. The peer registries mostly face the risk that the public will lose confidence in regional registries. It is unsurprising that their first instinct is to stabilize the narrative around regional registries. The private costs of the contested decision sit outside their balance sheet.

Liability-light institutions also tend to prefer institutional remedies over market remedies. A market remedy might include exit, portability, independent operation, stronger damages, data custody outside the incumbent, or member-triggered review by actors not drawn from the same club. Those remedies reduce the incumbent's discretion. An institutional remedy, by contrast, preserves the shell: better elections, better bylaws, better communications, renewed board activity, peer support and revised standards inside the same model. Some institutional remedies are necessary. But if they are the only remedies the club can imagine, they become a way of preserving power while appearing to repair accountability.

The public rhetoric of stability can hide that trade. "Stability" sounds like the opposite of risk. In a liability-light system it can also mean that those who bear little downside ask those who bear large downside to wait, absorb uncertainty and avoid remedies that would disturb the incumbent model. The party with the address block, the network, the customer contracts or the court dispute is told not to endanger the system. The institution whose design created the pressure is told it deserves support because it is systemically important.

The better question is what kind of stability is being protected. Stability of the ledger is essential. Stability of accurate public records is essential. Stability of reverse DNS, RDAP, WHOIS, RPKI publication and ordinary member services is essential. Stability of an incumbent office's discretionary authority is not the same thing. A registry can be important without every registry decision being immune. A peer can need help without being entitled to peer protection from liability pressure.

AFRINIC makes this distinction unavoidable because its crisis is not just a service outage. It is a conflict over authority, representation, resource economics, institutional legitimacy and legal accountability. In such a setting, peer support that does not name its mandate can easily slide from preserving the public function into defending the peer institution. The slide may be gradual, polite and full of good intentions. It is still a slide.

AFRINIC as the stress test

AFRINIC's crisis has lasted long enough to become a test of almost every claim made about private internet governance. The facts are contested in places, and no serious analysis should turn press reporting into final adjudication. But the public sequence is clear enough to reveal the incentive problem.

AFRINIC serves Africa and parts of the Indian Ocean as the regional registry for IP addresses and autonomous system numbers. Its policy material describes a conventional registry function: distributing and registering number resources, maintaining uniqueness, supporting public records and implementing policies developed through open processes. For many years that institutional language allowed outsiders to treat AFRINIC as another regional member of a stable global family. Then the family had to deal with a relative whose governance no longer looked routine.

Public reporting and commentary describe a registry without an ordinary board for years, a dispute with Cloud Innovation over IPv4 resources, litigation in Mauritius, bank and governance pressure, and eventual receivership. The NRO's September 2023 statement welcomed the court receiver as a route to restoring functional governance, electing a board and appointing a CEO. It emphasized continued services to members and AFRINIC's participation in joint number-registry commitments. That statement is useful factual evidence of the peer system's posture: support the receiver, preserve services, restore the peer.

The Internet Governance Project read the receivership as evidence of resilience in private internet governance. Its October 2023 article argued that court-appointed receivership showed rule-of-law correction rather than collapse: public authority was acting as a safeguard while private governance repaired itself. That is a defensible view. A court receiver can be an accountability mechanism, not merely a sign of failure. But the IGP comment thread also showed how contested the interpretation was. Critics argued that RIRs had tried to influence Mauritius and protect themselves; John Curran, writing as ARIN CEO and NRO chair at the time, rejected the claim and framed the RIRs' role as support for AFRINIC and community self-governance. Even the argument about receivership became an argument about whether peer involvement was stabilizing or self-protective.

By 2025 the election process made the ambiguity sharper. IGP reported that AFRINIC had been operating without a board since 2022 and that the new election was the first since receivership. It described ICANN's concern about transparency and fairness, a court challenge by the Tanzanian Internet Service Providers Association, and ICANN's application over the nominations committee. The Supreme Court of Mauritius allowed the election to proceed, found ICANN lacked standing for its application, and ordered a communique clarifying that Cloud Innovation's appearance as a registered member was erroneous and attributable to company-registration handling rather than AFRINIC or the receiver. ICANN presented the result in a more favorable light than its critics did. The episode mattered because a global coordination actor tried to influence a regional registry election and was told by the local court that its standing was limited.

The Register then followed the election's breakdown. Its June 20, 2025 report said the election could proceed after ICANN's attempt to replace officials failed, while ICANN remained concerned. Its June 26 report described suspension and then annulment of the election after concerns over powers of attorney and voter documentation. It also reported that ICANN had warned that inadequate answers could lead to a compliance review and possibly an emergency registry arrangement. Its July 11 report said ICANN was angry that AFRINIC's receiver had not publicly explained the annulment and that Cloud Innovation was calling for the organization to be wound up. Those reports do not prove which side was right on every voting document. They do show how quickly continuity, election integrity and emergency authority merged.

The next phase added another layer. The Register reported in September 2025 that AFRINIC had elected a board, but that seven of eight elected directors had been endorsed by Smart Africa and that critics still questioned the arrangements. In February 2026 it reported that AFRINIC said it was back on track, with improved morale, interim management appointments, a budget and action plan, and work toward a 2027-2030 strategy. In March 2026 AFRINIC accused Cloud Innovation, Larus and associated campaigns of trying to paralyse it through litigation and procedural roadblocks; Lu Heng responded by framing the dispute as structural power detached from liability. In May 2026 The Register reported that ICANN had again intervened, this time becoming a party to Cloud Innovation's attempt to wind up AFRINIC, and that ICANN wanted the court to understand that numbering resources are not assets of AFRINIC available for distribution in a winding up.

This sequence is exactly the kind of case that peer coordination is supposed to handle. A registry under stress needs technical continuity, institutional memory, external credibility and crisis support. It is also exactly the kind of case in which peer coordination may overreach. Each intervention can be defended as protecting the public function. Each intervention can also look, to critics, like the incumbent system defending one of its own against local courts, members and alternative remedies. The evidence does not require a simple verdict. It requires a sharper distinction between protecting the registry function and protecting the registry office.

The difference between the ledger and the office

The phrase "protect the ledger, not the gatekeeper" is useful because it forces a practical test. The ledger is the shared record and the services that make the record usable. The gatekeeper is the institution's discretionary power over who may change the record, who may transfer resources, who may vote, who may be disciplined, whose evidence counts and whose business model is treated as legitimate. A healthy registry needs both a ledger and some gatekeeping. A crisis response should not treat them as the same thing.

Protecting the ledger means keeping number-resource records accurate, available, backed up, auditable and coherent. It means preserving the last verified state while disputes are heard. It means keeping WHOIS or RDAP services reachable, reverse DNS functioning, RPKI publication reliable and support channels alive. It means ensuring that member communications, billing needed for operations, security patches, logs, backups and evidence are maintained. It means preventing duplicate claims and unauthorized changes. It means telling the market what is known, what is disputed and what remains operational.

Protecting the office is different. It means defending the authority of the existing institution, board, receiver, committee, staff position or policy stance. Sometimes that is necessary because the office is the only practical vehicle for the ledger. Often the incumbent institution is indeed the fastest way to keep services alive. But the fact that the office operates the ledger does not mean every office decision is a ledger-protection decision. A resource enforcement action, an election rule, a public accusation, a litigation strategy, a takedown demand, a bylaw proposal or a market-policy preference may be contested without threatening the uniqueness of the numbering system.

Peer coordination becomes risky when it collapses this distinction. If the other registries say "AFRINIC must continue to serve members" and provide operational support, they are protecting the ledger. If they imply that any legal challenge to AFRINIC's officeholders threatens internet stability, they are protecting the office. If they help a receiver understand technical dependencies, they are protecting the ledger. If they appear to take sides in a disputed election beyond the minimum needed to preserve service continuity, they risk protecting the office. If they explain to a court that numbering resources are not corporate assets to be distributed, they may protect the ledger. If they use that point to imply that the incumbent registry should be insulated from all accountability, they protect the gatekeeper.

The same distinction applies to critics and litigants. A member can challenge registry overreach while preserving the ledger. A lawsuit can seek a narrow order that prevents an irreversible resource action without freezing ordinary services. A demand for winding up can be framed around continuity planning rather than destruction. But a challenger that seeks to paralyse routine registry operations, or treats institutional fragility as leverage, also attacks the ledger. The principle is symmetrical: neither the incumbent nor the challenger should be allowed to conscript the shared record into its private war.

AFRINIC's history shows why this distinction must be explicit. The registry's lack of ordinary governance created real service and confidence problems. At the same time, its dispute with Cloud Innovation and related actors involved economically valuable resources and contested claims about registry authority. The election controversies involved member representation, proxy documentation and institutional legitimacy. The winding-up fight raised the difference between the registry corporation and the resources it administers. A single word, "continuity", cannot responsibly cover all of these categories.

For NRO coordination, the ledger-office distinction should be the operating discipline. Mutual aid should be modular. Peers can provide technical continuity help, data-integrity advice, service-dependency mapping, security support, staff secondment, communications support and crisis documentation. They should hesitate before providing political cover for a peer's disputed discretionary acts. The narrower the aid, the stronger its legitimacy. The broader the aid, the more it looks like mutual protection.

Coordination as reputational insurance

One of the least discussed functions of NRO coordination is insurance. Not financial insurance in the formal sense, but reputational insurance. When a registry suffers a legitimacy shock, the other registries help absorb the blow by insisting that the system remains coherent, that the troubled peer can recover and that the shared model is still sound. This is valuable. It is also a subsidy.

Reputational insurance works because the RIR brand is shared. AFRINIC's crisis was not seen by outsiders merely as a local Mauritian corporate dispute. It triggered questions about the regional-registry model itself: What happens if a registry becomes dysfunctional? Can a receiver run one? Can elections be trusted? Can a member's litigation immobilize the institution? Can ICANN intervene? Can another RIR act as emergency registry? Are number resources assets, licenses, public resources or something stranger? Each question threatens the brand of the model, not only the brand of AFRINIC.

The other registries therefore have reason to describe AFRINIC's crisis as manageable within the model. The NRO statement after the receiver appointment did exactly what reputational insurance would predict: it welcomed a path to governance restoration, thanked staff, emphasized continued services and connected AFRINIC's recovery to shared registry commitments. There is nothing improper about that. Panic would have been worse. But it also reduced the chance that outsiders would ask more radical questions about whether the function and the incumbent institution should be separated.

Reputational insurance creates moral hazard when the insured peer does not bear enough cost for the risk it creates. If a registry knows that peer institutions will rally around continuity language, it may underinvest in accountability, conflict controls, documentation, liability discipline or member trust. This does not mean any registry plans to fail. It means the backstop changes incentives at the margin. A bank that knows it is systemically important behaves differently from one that expects ordinary failure. A registry that knows the peer system fears the precedent of its collapse may also behave differently, or at least be perceived that way by members.

The moral hazard is intensified by the scarcity of IPv4. Scarce number resources make registry decisions more valuable, disputes more intense and institutional errors more expensive. A registry that mismanages governance during abundance may inconvenience members. A registry that mismanages governance after exhaustion can move capital, bargaining power and regional development claims. If peers respond mostly by preserving the institutional shell, they may stabilize the surface while leaving the deeper incentive problem intact.

Reputational insurance also narrows public language. A peer group that is insuring the brand will prefer words like "support", "stability", "community", "continuity", "resilience" and "self-governance". It will avoid words like "liability", "incumbent protection", "member exit", "market discipline", "peer conflict", "mutual forbearance" and "moral hazard". The avoided words are precisely the economic words needed to understand the crisis. The result is a public discourse that sounds calm but lacks accounting.

AFRINIC's case shows both the need for the insurance and the need to price it. The African registry's records and services should not be allowed to collapse because governance failed. But the price of peer support should be stricter accountability, not softer scrutiny. A registry that receives the benefit of system-wide reassurance should accept system-visible obligations in return.

The competition that coordination can soften

It is awkward to speak of competition among regional internet registries because the RIR model is explicitly regional. AFRINIC does not compete with ARIN for African members in the way airlines compete for passengers. Yet the absence of ordinary competition is the point. Where exit is weak, accountability must come from somewhere else. If coordination among incumbents weakens the remaining substitutes for exit, it can have cartel-like incentive effects in the economic sense, even without price-fixing or secret collusion.

Competition in this context appears in indirect forms. Members can litigate. Courts can scrutinize. Governments can question jurisdictional risk. Markets can discount resources administered by a troubled registry. Operators can ask for portability. Critics can propose alternative record-keeping models. Global bodies can consider emergency operation. New institutions can claim to represent resource holders. Buyers and customers can shift demand toward providers with clearer continuity arrangements. These are not perfect substitutes for choosing another registry, but they are pressure channels.

Peer coordination can soften each channel. Litigation can be framed as destabilization rather than accountability. Court scrutiny can be met with warnings about transnational consequences. Portability can be described as fragmentation. Market discounts can be blamed on hostile campaigns rather than on institutional risk. Alternative models can be treated as irresponsible because they threaten the incumbent coordination story. Member movements can be described as capture attempts. Again, sometimes the warnings are true. Some litigation is opportunistic. Some alternatives are reckless. Some campaigns are self-interested. But if every pressure channel is treated as a threat to stability, the incumbent never faces real discipline.

This is why the economic analogy matters. The danger is not that the RIRs sit around deciding how to insulate themselves from members. The danger is that a set of territorial incumbents, tied together by a shared brand and common fear of precedent, will naturally prefer remedies that keep members inside the existing structure. They will compete on competence only weakly because members cannot easily move. They will judge each other's failures gently because a hard judgment rebounds. They will define the public interest in terms of institutional continuity because institutional continuity is what they jointly supply.

AFRINIC's dispute over resource economics made this pressure visible. Cloud Innovation and Larus, associated with Lu Heng, have advanced a view of registry-layer risk in which direct holding under RIR contracts exposes operators to thin contractual protection and high continuity downside. Larus's public material frames first-party leasing as a way to move registry-layer risk upstream to a provider claiming a stronger continuity position. That is party-position context, not proof that the claim is correct. But it is economically relevant because it shows a market response to perceived registry risk. When a registry layer is seen as unpredictable, private actors build products around absorbing or arbitraging that risk.

The incumbent system has every reason to dislike that interpretation. If customers start to believe that direct registry membership is not the safest position, or that the registry relationship is a liability layer to be managed, the ideological basis of the RIR model weakens. Peer coordination then faces a temptation: treat market responses to registry risk as evidence of bad actors rather than as price signals about the registry's own credibility. That temptation is strong because price signals are embarrassing. They reveal what reassuring statements cannot hide.

A more disciplined view would separate the conduct from the signal. A particular actor may litigate aggressively, market aggressively, or frame its position in self-interested ways. Those tactics can be criticized on their merits. But the underlying demand for continuity, bounded registry power and liability alignment may still be real. Competition often arrives through self-interested actors. That does not make the competitive pressure irrelevant. In political economy, discipline rarely comes from saints.

For NRO coordination, the test is whether peer bodies can tolerate pressure that improves accountability even when the pressure is uncomfortable. A coordination system that only accepts internal reform and rejects all external discipline will tend toward incumbent protection. A coordination system that distinguishes ledger continuity from institutional insulation can use external pressure to strengthen the system rather than merely defend the club.

The private-governance resilience story is incomplete

The Internet Governance Project's 2023 framing of AFRINIC receivership as evidence of private-governance resilience captures an important truth. A private registry under court-supervised receivership is not necessarily a failed model. It may show that domestic law can step in without nationalizing the function, that a receiver can preserve assets, and that leadership can be replaced through lawful process. In a world where governments often seek more control over internet infrastructure, that is not a trivial point.

But the resilience story is incomplete if it stops there. Rule-of-law intervention can be a strength and a symptom at the same time. A receiver may preserve operations, but the need for a receiver shows that ordinary governance failed. A court may supervise elections, but contested elections under receivership show that member representation has become fragile. A global coordination actor may help explain the registry function, but its involvement may also show that the private institution cannot command trust by itself. Resilience is not proved by survival alone. It is proved by the quality of the repairs.

The resilience narrative also risks underplaying the distribution of costs. If a registry enters receivership, operates without ordinary governance, delays services, faces election disputes and spends years in litigation, the system may still survive. But who paid for the survival? Members paid through uncertainty. Staff paid through institutional stress. Operators paid through delayed requests and risk premiums. Litigants paid through legal cost. The region paid through lost confidence. The other registries paid through reputational risk. A model that survives by pushing large costs onto users while preserving the incumbent structure may be resilient in the narrow sense and inefficient in the economic sense.

A good resilience account would ask how much of the crisis was absorbed by better governance and how much was merely deferred. Did receivership produce transparent records of what happened? Did election processes become more auditable? Did member authority rules become clearer? Did conflicts get logged? Did liability and remedy questions improve? Did peer support produce public accountability conditions? Did the registry's restored board accept limits on discretionary power? Or did the system simply move from visible crisis to renewed institutional assertion?

The Register's February 2026 report on AFRINIC being "back on track" captured the ambiguity. Improved morale, interim management appointments, a budget, an action plan and a future strategy are real signs of organizational life. The applause at APRICOT, as reported, matters because engineers and governance participants had reason to want AFRINIC functioning again. Yet recovery signs are not the same as incentive repair. A registry can return to meetings and budgets while the deeper economics of peer protection, weak exit and liability-light authority remain unresolved.

The March and May 2026 reporting showed how quickly recovery claims collided with renewed conflict. AFRINIC accused Cloud Innovation, Larus and associated campaigns of trying to paralyse it. Lu Heng replied that the real issue was structural power detached from liability. ICANN intervened in winding-up litigation to explain the unique role of AFRINIC and the non-asset character of numbering resources. Each side spoke the language of continuity. None of that suggests a settled equilibrium.

This is why economics is useful. It refuses to treat resilience as a moral label. A system is resilient if it preserves essential functions under stress while correcting the incentives that produced the stress. A system is merely durable if it survives by absorbing shocks without changing the incentive structure. Peer coordination can help produce resilience, but only if it makes the assisted institution more accountable. If coordination mostly helps the incumbent survive reputationally, then it produces durability for the office, not resilience for the ledger.

AFRINIC's case remains open in that deeper sense. The fact that the registry survived does not answer whether the peer coordination model disciplines registries adequately. It only proves that the system was not immediately fatal. The better question is whether the next registry in crisis will face clearer, stricter and more transparent peer support because AFRINIC taught the club to limit itself.

What ICANN interventions reveal about peer incentives

The coordination-incentives question is not an IANA-franchise story, and it should not turn ICANN into the central character. Still, ICANN's public interventions around AFRINIC reveal something about the broader coordination ecosystem in which the NRO operates. ICANN is not one of the five RIRs, but it sits near the recognition, oversight and global-numbering layer. When it intervenes in a regional registry crisis, the incentives of stability, standing and institutional protection become visible.

In June 2025 ICANN raised concerns about the transparency and fairness of AFRINIC's election process and sought court involvement over the nominations committee. The Supreme Court of Mauritius allowed the election to proceed, found ICANN lacked standing for the application, and ordered publication of a communique addressing the erroneous Cloud Innovation registered-member classification. ICANN still presented part of the outcome as responsive to its concerns. To supporters, ICANN was trying to protect election integrity. To critics, it was overreaching into a local member process.

After the election was suspended and annulled, ICANN demanded explanations and invoked the possibility of review and emergency registry arrangements if AFRINIC remained dysfunctional. Again, the move was understandable. A regional registry that cannot run a credible election poses a real continuity problem. Yet the same move also showed how emergency language can concentrate authority above the regional layer. If ICANN or a peer registry can step in because a receiver-run election fails, then the question becomes: who decides whether the failure is technical, legal, political or merely inconvenient to the incumbent system?

In 2026 ICANN intervened in winding-up litigation. Its stated concern, as reported by The Register, was to help the court understand AFRINIC's unique role and to make clear that numbering resources are not assets of AFRINIC available for distribution. That is an important distinction. Number resources should not be treated as ordinary corporate assets to be liquidated for creditors. But the intervention also illustrates the institutional reflex: when a local legal process threatens the corporate shell, the global coordination layer arrives to explain the public function. The public function deserves explanation. The risk is that explanation becomes institutional defense.

NRO coordination shares this risk, even though its institutional position differs. The other RIRs are not neutral outsiders when they speak about a peer's crisis. They are both experts and interested parties. They can tell a court or receiver what registry continuity requires. They can also benefit if the court treats the incumbent registry as the indispensable vessel of that continuity. The more persuasive their technical expertise, the more important it is to disclose the boundary of their interest.

The answer is not to exclude ICANN, the NRO or peer registries from crisis situations. That would be foolish. Local courts and receivers may need their expertise. The answer is to treat their statements as expert and party-position evidence, not as final framing authority. A statement that a registry service must continue is evidence about operational dependence. It is not proof that every action of the incumbent institution is legitimate. A statement that number resources are not corporate assets is evidence about the nature of the registry function. It is not proof that affected members lack economic reliance or remedies. A statement that emergency support may be needed is evidence of systemic concern. It is not proof that peer bodies should control the disciplinary process.

This evidentiary discipline is central to the economics of coordination. Incumbent institutions naturally prefer to define the crisis in terms they can solve: support, compliance, restoration, emergency registry, policy revision. Courts, members and markets need a wider vocabulary: conflict of interest, liability, exit, risk transfer, precedent, member voice and competitive pressure. If the global layer supplies only the first vocabulary, it will look like stability. It may also function as insulation.

AFRINIC shows that the global and peer layers need legitimacy constraints of their own. The more they intervene, the more they should disclose mandate, conflict, evidence and limits. Otherwise, the system will solve one accountability problem by moving discretion to a higher level whose incentives are even less visible to the affected members.

How to distinguish support from protection

The practical difficulty is that support and protection often look similar in real time. A peer registry offering staff expertise to AFRINIC may be protecting continuity. A peer registry publicly endorsing a recovery path may be protecting the incumbent. A legal letter explaining registry mechanics may be helping a court. The same letter may also be shaping the court toward a preferred institutional outcome. The line cannot be drawn by tone. It must be drawn by mandate.

The first test is functional specificity. Does the coordination act name the service it protects? "Keep RDAP available" is specific. "Preserve stability" is not. "Maintain reverse-DNS publication for last verified records" is specific. "Support AFRINIC's restoration" is broader. "Provide the receiver with technical information about resource records" is specific. "Stand with the registry against destabilizing actors" is not. The more specific the function, the more likely the act is genuine mutual aid. The broader the institutional language, the more likely it is peer protection.

The second test is neutrality toward disputed merits. Coordination should preserve the ability to decide disputes later. It should not quietly decide them by framing one side as instability and the other as continuity. In AFRINIC's case, the disputed merits included resource-use allegations, the effect of litigation, voting authority, receiver decisions, board legitimacy, winding-up claims and statements about leasing. A mutual-aid mandate can preserve records and services while those issues are decided. A protective mandate will tend to pre-judge which party represents the system.

The third test is reversibility. A support measure should be temporary and reviewable. Technical assistance, service continuity funding, backup custody, communications support and emergency advice can all expire or be audited. Political endorsement is harder to unwind. Once peer bodies publicly frame a registry as the victim of destabilization, later evidence of registry overreach becomes harder to admit without embarrassing the club. Reversible support is safer than irreversible narrative commitment.

The fourth test is conflict disclosure. Peer registries have institutional interests. They should say so. If a peer body supports AFRINIC in a court process, it should disclose that its members are incumbent registries with a shared interest in preserving the RIR model. That does not disqualify them. It makes their expertise easier to evaluate. A bank regulator, an exchange or a professional board would not be treated as interest-free merely because it understands the industry. The same standard should apply here.

The fifth test is member visibility. Support that affects members should be reported to members. If peers provide financial assistance, staff support, technical advice, legal declarations or emergency planning, members should know the categories, limits and expected outcomes. A coordination system that speaks only to courts, receivers and other institutions may keep services alive while deepening member suspicion. AFRINIC's election controversies show how damaging opaque authority can be. Member-facing reporting is not a courtesy. It is legitimacy infrastructure.

The sixth test is liability honesty. If peer bodies argue that a registry must be protected because its services are critical, they should also acknowledge who bears loss when the registry misuses power. Stability arguments should not erase liability asymmetry. If the system wants courts and members to preserve an incumbent institution, it should be willing to discuss remedies when the institution is wrong. Otherwise "criticality" becomes a one-way claim: important enough to protect, not accountable enough to pay.

The economics of precedent

Precedent is the silent actor in every peer-coordination crisis. The official statement may be about AFRINIC. The private calculation is about the next case. If AFRINIC can be placed under receivership and still restored, that is one precedent. If AFRINIC can be challenged in court without breaking services, that is another. If ICANN can be told it lacks standing in a regional election dispute, that is another. If a member can seek winding up and force global actors to intervene, that is another. If the other RIRs can support a peer without accepting liability or external review, that too is a precedent.

Institutions dislike precedents that reduce their discretion. They like precedents that increase the cost of challenging them. This is not a moral defect; it is institutional self-preservation. The question is whether the governance system channels that instinct toward public functions or lets it harden into incumbent defense.

AFRINIC's crisis threatened several uncomfortable precedents for the RIR club. One was that a regional registry's domestic corporate law can matter more than global governance rhetoric. AFRINIC is incorporated in Mauritius. Its receiver, elections, court orders and winding-up proceedings are not merely internal internet-community rituals. They pass through national courts. That means RIRs are not sovereigns. They are private legal entities carrying a public-like coordination function. The club has an incentive to stress the function because the legal entity is vulnerable.

Another precedent was that members or resource holders can turn registry disputes into systemic governance questions. Cloud Innovation's conflict with AFRINIC began in resource-use and agreement disputes but expanded into questions about registry authority, liability, elections, dissolution and the future of the model. A club of registries has reason to dislike that expansion because it turns a member fight into an institutional audit. Yet member conflict is often how hidden constitutional problems become visible.

A third precedent was that emergency registry support might become imaginable. The Register reported in 2025 that ICANN could ask another RIR to serve as an emergency registry if AFRINIC failed a compliance review. That possibility protects continuity, but it also admits a profound fact: the registry function is separable from the incumbent corporation. Once separability is admitted, the incumbent's bargaining power changes. Peer registries therefore have reason to make separability a last-resort doctrine rather than a general principle of accountability.

A fourth precedent was that the language of stability could be challenged. Heng Lu's public notes argue that protecting the number-registry system is not the same as protecting a registry's misuse of authority, and that continuity should protect the ledger rather than the gatekeeper. That formulation is self-interested in the sense that it comes from a major litigant and market participant. It is also analytically threatening to the club because it captures a distinction the official system often blurs. If the public accepts that stability can require restraining a registry, not merely supporting it, then peer rescue becomes conditional.

The economics of precedent explain why peer coordination often sounds more absolute than it needs to. A limited statement such as "we will help preserve RDAP, reverse DNS, RPKI and verified records while courts decide disputed authority" creates one precedent. A broader statement such as "the RIRs support AFRINIC's path back to self-governance and stand ready to help" creates a softer, institution-friendly precedent. The latter may be politically easier. The former is economically cleaner.

Good governance requires choosing cleaner precedents even when they are less comfortable. The RIR system should want the precedent that a registry can be supported operationally and scrutinized institutionally at the same time. It should want the precedent that peer assistance comes with conflict logs and public limits. It should want the precedent that member discipline is not vetoed by peer solidarity, but also that member litigation cannot paralyse neutral services. Those precedents would strengthen the system. The precedent that peers protect peers first would weaken it, even if it produces calmer statements in the short run.

A narrow discipline for NRO coordination

The conclusion is not that NRO coordination should be abandoned. That would replace a real incentive problem with a real operational risk. The conclusion is that NRO coordination needs a narrow discipline: strong enough to preserve the registry system, too bounded to become peer immunity.

The first principle is coordination transparency. Peer support should be logged in categories that members and courts can understand: technical advice, service-continuity support, data-integrity assistance, communications review, legal explanation, financial assistance, staff secondment, security help, election-process advice or emergency planning. The log need not expose sensitive security details or privileged legal strategy. It should disclose enough to show whether the support is functional or political.

The second principle is conflict logging. Every peer body involved in a registry crisis should disclose its institutional interest. Other RIRs share the RIR brand. They share a concern about precedent. They may share contractual models, liability assumptions and recognition interests. Those conflicts do not make their evidence useless. They make undisclosed evidence suspect. Conflict logging should become routine rather than accusatory.

The third principle is a limited mutual-aid mandate. Mutual aid should protect data, services, staff continuity, member communications, security and evidence preservation. It should not automatically validate the incumbent office's disputed enforcement positions, election choices, litigation strategy or market-policy preferences. If peer bodies believe they must support a broader institutional act, they should say why the act is necessary for ledger continuity and why narrower support would fail.

The fourth principle is liability and accountability disclosure. Stability statements should identify who bears loss if the registry is wrong. If a registry's liability is capped or practically limited, that fact matters to the credibility of its power. If peer support reduces pressure on the registry, the support should be paired with stronger review, not weaker scrutiny. A critical institution should not be able to use criticality as both shield and sword.

The fifth principle is independent crisis review. After a major registry crisis, the review should not be controlled solely by the peer club or the assisted registry. It should include independent legal, operational and member-facing assessment. The review should separate allegations from findings, service failures from governance failures, and continuity needs from discretionary choices. It should ask what peer support did, what it did not do and whether it changed incentives.

The sixth principle is member-facing reporting. Members are not scenery in a registry crisis. They are the parties whose resource records, fees, votes and operating plans are affected. A coordination system that reports upward to global bodies but not outward to members will deepen mistrust. Member reports should explain what services are protected, what disputes remain unresolved, what aid is being provided and what rights or processes members retain.

The seventh principle is no peer veto over member discipline. If members, courts or independent reviewers identify registry misconduct or overreach, peer bodies should not be able to bury the issue under stability language. Peers can warn against remedies that would break services. They should not veto accountability merely because it embarrasses the model. The same rule runs in the other direction: members should not be able to use litigation to break neutral services when narrower remedies exist.

The eighth principle is no use of stability language as immunity. Stability is a function to be protected, not a magic word that turns institutional choices into public necessity. The phrase should always invite a follow-up question: stability of what? Records, public query services, reverse DNS, RPKI, member support, election legitimacy, bank accounts, officeholders, policy preferences or litigation posture? Only some of these are continuity functions. The rest require separate justification.

These principles are not a replacement architecture. They do not decide the long-term future of RIRs. They do not write a recognition regime. They do not solve every conflict over IPv4 markets, resource title, portability, transfer restrictions or regional development. They are a narrower demand: when peers coordinate during a registry crisis, they should show that they are preserving the ledger rather than underwriting the gatekeeper.

AFRINIC has made that demand urgent. The African registry's crisis gave the RIR system an opportunity to show that peer coordination is more than mutual protection. It still can. The test is whether the next crisis statement reads less like a club defending its member and more like an accountable continuity mandate: here are the services at risk, here is the assistance offered, here are the conflicts disclosed, here are the disputes not prejudged, here are the member reports to come, and here is the line we will not cross.

The internet-numbering system needs cooperation. It also needs discipline for cooperators. The hardest institutional lesson of AFRINIC is that both statements can be true at once. Coordination can be the thing that saves a registry from operational failure. It can also be the thing that saves a registry from accountability. The difference is whether the peers remember that stability belongs to the users and the ledger, not to the comfort of the club.