AFRINIC's crisis is often described as a corporate-governance drama, a dispute with one large address holder, or a regional chapter in the long exhaustion of IPv4. It is all of those things. Yet the more important story is institutional. AFRINIC is testing whether a Regional Internet Registry can keep the legitimacy of an allocation-era body after the resource it administers has become a priced, financed, litigated and politically sensitive input to commerce.

That distinction matters because the original registry bargain was modest. Internet numbers had to be unique. Someone had to distribute address space, record which network was responsible for which block, support reverse DNS and related services, and give operators a common source of registration truth. The registry did not sell property in the ordinary sense. It did not create demand for connectivity, build data centres, sign broadband customers, carry enterprise contracts, or pay the cost of renumbering a live network. It maintained a ledger around a technical resource that was scarce but still administratively obtainable.

IPv4 exhaustion changed the economic meaning of that ledger. An entry in the registry database is no longer a bureaucratic convenience around a low-priced input. It is part of the control surface for assets that networks lease, buy, pledge, value, defend and depend on for customer continuity. The registry still does not route packets. But its recognition layer can affect whether an operator can transfer a block, lease it, update records, keep customers connected, obtain financing, resist a challenge, or persuade a counterparty that the resource is clean. That is enough to turn record-keeping authority into economic authority.

AFRINIC is the sharpest case because almost every post-exhaustion pressure appears there at once: late-stage IPv4 exhaustion, scarcity rents, contested transfer and leasing economics, old allegations about registry-record manipulation, the Cloud Innovation dispute, Mauritius litigation, receivership, board-election failures and reruns, ICANN and NRO interventions, proposed lifecycle rules for RIRs, and a larger argument over whether registries should remain ledgers or become gatekeepers. None of these episodes should be reduced to a morality play. Some allegations are contested. Public reporting is not the same thing as a court finding. AFRINIC's critics are not disinterested bystanders. Still, the structural lesson does not depend on one side being saintly. A registry whose powers were built for allocation now operates over assets whose economic life resembles infrastructure finance.

AFRINIC describes itself as a nonprofit, member-based organisation registered in Mauritius and serving Africa and parts of the Indian Ocean. Its public materials describe the familiar RIR functions: distribution and management of IPv4, IPv6 and autonomous system numbers; WHOIS and RDAP; reverse DNS; RPKI; member services; and a community policy process. The Number Resource Organization said in 2023, after the appointment of an official receiver in Mauritius, that the receiver was expected to preserve AFRINIC's business value, oversee elections, help form a board, appoint a chief executive and maintain registry services. Those facts are important. They show that the registry function is real and worth preserving. They do not by themselves answer the post-exhaustion question: who bears the cost when a low-liability coordinating body acquires high-consequence power over scarce assets?

The answer should not be that registries must become ordinary property exchanges. Internet number resources are not land. They require global uniqueness, routing coherence, accurate public records and operational coordination. Nor should the answer be that exhaustion gives registries unlimited discretion to reinterpret old allocation language as a continuing economic veto. The credible settlement lies between those poles. It recognises reliance without pretending that IPv4 is simple property. It protects the ledger without laundering it into a political mandate. It gives courts and continuity bodies enough clarity to preserve service while disputes are heard. Above all, it asks a hard question of AFRINIC and of the RIR system as a whole: can the official registry path be made safer, cheaper and more predictable than the workarounds?

The old bargain was built on administrative scarcity

The old RIR bargain rested on a narrow coordination problem. IPv4 and IPv6 addresses and ASNs must be globally unique. Operators need registration data. Peers, upstreams, customers, courts, abuse desks and security systems need a way to know which organisation is associated with which resource. A central registry for each region solved that problem better than ad hoc private lists or a political ministry could. It created a common record and a policy forum without asking every network to trust every other network individually.

AFRINIC's own institutional language reflects that design. Its policy materials describe an internet registry as an organisation responsible for distributing IP address space and registering those addresses. They describe the policy process as open, transparent and fair. They distinguish number-resource policy from general business practice. They reflect the hierarchy by which IANA or PTI allocates resources to an RIR, which then allocates or assigns resources to members and records delegated authority. In that model, legitimacy comes from necessity and restraint. The registry is tolerated because somebody must keep the uniqueness ledger, and because the registry claims not to be a commercial owner of the numbers.

That bargain was strongest when a registry was still allocating from a free pool. Demonstrated need, conservation and anti-hoarding rules had a practical justification. If demand exceeded unallocated supply, a registry needed criteria for rationing. It could ask an applicant to justify the request because it was allocating a new resource out of a common pool. It could say the applicant was not buying an asset at market value but receiving a right to use numbers under a community policy framework. The annual fee paid for service, not for the underlying scarcity value.

Even then the story was not perfectly clean. Legacy allocations, early administrative decisions and differences between regions created uneven starting positions. Some holders received large blocks in a world that did not price IPv4 as a scarce asset. Others arrived later and faced stricter rules. But as long as unallocated supply remained available, the political economy could be softened by the expectation that new entrants had a path to addresses. Exhaustion removed that safety valve.

AFRINIC reached its exhaustion phases later than the other RIRs. Its public exhaustion material has described movement into soft-landing Phase 1 on March 31, 2017, and Phase 2 on January 13, 2020. It also places that history in the global sequence: IANA's central IPv4 pool reached a critical depletion point in 2011, and by 2015 most RIRs were distributing from final-reserve arrangements. AFRINIC's later exhaustion made its remaining supply commercially and politically salient. A region with relatively more unallocated IPv4 in a world of global scarcity becomes a magnet for arbitrage, policy anxiety and claims of regional protection.

The exhaustion problem is not only that fewer addresses remain. It is that already allocated addresses take on a different character. A free-pool allocation rule asks who receives new supply. A post-allocation control rule asks whether a holder may keep, move, lease or monetise a resource on which it and its customers already rely. The two powers are not morally equivalent. The first is rationing new access. The second can affect continuity, valuation and contractual expectations after the holder has built around the resource.

The phrase "not property" often blurs this difference. RIRs and their supporters have good reasons to resist crude property analogies. Number resources are entries in a global coordination system, not parcels of land. But "not property" does not mean "no reliance." Airlines do not own air routes in the same way they own aircraft. Banks do not own regulatory licences as freehold estates. Domain registrants do not own root-zone entries as physical objects. Yet commercial systems recognise that licences, permissions, entries and contractual entitlements can carry reliance interests, transfer value and due-process expectations. IPv4 addresses now sit in that family of economically valuable, institutionally mediated claims.

That is why AFRINIC's old legitimacy vocabulary no longer carries the whole burden. A registry can still reject fraud, prevent duplicate recognition, require accurate contacts, maintain reverse DNS, support RPKI and record disputes. Those are ledger functions. But if it wants to exercise broader discretion over already allocated resources, it needs a stronger bargain: clear standards, prospective rules, independent review, transition periods, proportional remedies, liability alignment and meaningful member consent. Without those safeguards, the registry's authority exceeds the logic that originally justified it.

Scarcity rents turn policy words into money

Scarcity rents are the hidden engine of the dispute. When a resource can be obtained or maintained at administrative cost but used, leased or transferred at a much higher market value, every rule around recognition becomes economically charged. A phrase that once sounded like bureaucratic housekeeping can become a capital-control instrument.

Internet Governance Project's 2021 analysis of the AFRINIC dispute emphasised two economic facts: the rising market value of IPv4 and the attempt to draw a regional boundary around a supply of addresses issued under administrative rules. It noted that AFRINIC held a relatively small share of total IPv4 space and entered exhaustion later than other RIRs, leaving it with comparatively valuable remaining supply for longer. That does not prove that every applicant, broker, lessor or address holder behaved properly. It does explain why conflict escalated. Where scarcity rents exist, institutions that decide recognition also decide who captures value.

Terms such as "demonstrated need", "within the region", "custodianship", "written approval" and "community resource" acquire a second life after exhaustion. "Demonstrated need" can decide whether millions of addresses remain attached to a business model. "Within the region" can function like a capital-control boundary. "Written approval" can alter transfer timing, closing risk and financing. "Custodianship" can become a way for an institution that did not create the asset's market value to preserve a veto over its movement.

The transfer and leasing pressures are therefore predictable. Networks still need IPv4 for hosting, cloud services, broadband access, payment systems, enterprise connectivity, anti-fraud controls, advertising technology, content delivery, managed services and legacy compatibility. IPv6 deployment is essential, but it has not made IPv4 commercially irrelevant. An operator needing addresses compares three imperfect paths: obtain resources through an official registry process; buy or transfer through an approved channel; or structure usage through leasing, customer assignment, nominee arrangements or other contractual devices. The more uncertain the official path, the more attractive the workaround.

That is why transfer architecture is legitimacy architecture. If a registry makes disclosed transfers slow, discretionary or ideologically suspect, it does not abolish demand. It pushes demand into less visible forms. Leasing can become a shadow allocation mechanism: not inherently fraudulent, not necessarily unlawful, but less transparent than a workable transfer system would be. The registry may then treat leasing as evidence of misuse. That response makes market participants even less willing to disclose. The cycle feeds itself.

Lu Heng's public "Policy Mirror" argument describes this as a shift from ledger to capital control. According to that critique, AFRINIC's policy direction classifies resources, restricts some outbound movement, requires written approval, refuses to recognise unapproved transfers and subjects incoming resources to AFRINIC policy. AFRINIC and its supporters would probably describe similar measures as stewardship, development protection and fraud prevention. Neither vocabulary should be accepted uncritically. The economic point is simpler: post-exhaustion transfer rules do not merely tidy a database. They allocate mobility.

Enforcement has the same property. Lu Heng has argued elsewhere that audits, frozen transfers, retroactive review and compliance objections turn price discovery into permission seeking. The phrasing is adversarial, but the channel is familiar to anyone who studies regulated markets. A transaction that may be delayed by an uncertain compliance objection clears at a discount. Buyers ask for warranties and indemnities. Sellers accept lower prices or withdraw supply. Intermediaries add legal risk to their margins. Holders keep idle stock rather than enter a process they distrust. Operators with genuine deployment needs pay more or take less secure arrangements.

The regional-development argument complicates the picture. A restrictive policy can be defended as protecting African resources for African connectivity. That concern is not frivolous. Many African networks face capital constraints, uneven infrastructure, expensive transit and policy environments that are already difficult. A region can reasonably worry that scarce identifiers issued for local development will be exported to richer markets. But a rule that traps value can also hurt local operators. If it lowers the market value of African-held resources, discourages inbound supply, makes financing harder or encourages opacity, it operates less like protection and more like a tax on the region's own networks.

A region is not enriched merely because assets are harder to move. Development depends on whether operators can obtain inputs, finance expansion, sell or lease underused resources, attract partners and plan continuity. A registry that wants to preserve regional development should make the official path more credible than the grey path. It should reduce transaction friction, publish clear standards, protect records and make transfer or delegation disclosure safe. If it instead turns policy into a permission economy, the scarcity rent migrates to lawyers, intermediaries and informal structures.

The post-exhaustion test is therefore practical. Can AFRINIC make the official ledger the cheapest and safest route for legitimate activity? If so, it remains a trusted registry. If not, it becomes a gatekeeper whose power market participants price, insure against and route around.

Ledger or gatekeeper

The ledger-versus-gatekeeper distinction is the analytical line around which AFRINIC's legitimacy now turns. A ledger preserves a shared record. It identifies the recognised holder, records contacts, reflects authorised changes, supports reverse DNS and RPKI, protects uniqueness, and marks disputes without turning every dispute into operational punishment. A gatekeeper decides whether a holder's business model is acceptable, whether customers are sufficiently local, whether changed use invalidates earlier need, whether leasing is morally suspect, and whether a live resource should be frozen, reclaimed or prevented from moving.

No registry can be a ledger only in the most literal sense. Fraudulent authority must be rejected. Duplicate claims must be stopped. Forged transfer documents cannot be recorded. Abandoned resources require a recovery path. Court orders must be respected. Abuse-contact data and routing-security metadata must not become meaningless. The question is not whether any gate exists. The question is how narrow, objective and reviewable the gate is.

When a registry says no because the paperwork is forged, the record is disputed, the holder cannot be identified or a court has restrained a change, the registry strengthens the ledger. When it says no because it dislikes a holder's commercial model or wants to impose a contested theory of regional use on resources allocated years earlier, it weakens the ledger. It converts a coordination utility into an economic regulator without the accountability usually attached to economic regulation.

AFRINIC's dispute with Cloud Innovation shows how quickly the line can blur. As described by IGP and The Register, AFRINIC alleged that Cloud Innovation had breached service-agreement or policy obligations relating to large IPv4 holdings. IGP reported that AFRINIC raised concerns about discrepancies between registered use and actual countries of use, inconsistency between originally justified need and later utilisation, and a bylaw provision concerning members originating services in the AFRINIC region. Cloud Innovation disputed AFRINIC's interpretation and argued that AFRINIC was demanding intrusive re-justification of ordinary ISP usage.

Those allegations and defences are not decided here. The institutional fact is enough: a registry compliance question became a business-continuity question. AFRINIC's threatened actions, as reported, could have led to termination and reclamation. Cloud Innovation treated that as a threat to its business and customers. Litigation followed. IGP criticised AFRINIC for overreach and Cloud Innovation for litigation tactics that threatened the registry's viability. The Register later described a long sequence of cases, receivership, election difficulties and renewed disputes.

A ledger-first registry would try to isolate such a dispute. It would ask: who is the holder of record; what documents created the registration; what claims are contested; what operational services must continue while the matter is heard; what changes should be frozen; which downstream users are exposed; which forum can review the decision independently; and what remedy would be proportionate if a breach were proved. A gatekeeper asks a more expansive question: does this holder's present business fit our institutional conception of acceptable use? Once that second question dominates, it can swallow the first.

The problem is aggravated by liability asymmetry. Lu Heng's 2026 public critique says the RIR model centralises high-consequence power over economically critical number resources while retaining symbolic liability. That statement comes from an interested market participant, but the governance concern is real. If a registry can affect resources worth far more than the annual member fee, and if the holder cannot realistically choose a different registry for the same resource, ordinary contractual limits of liability start to look like insulation for discretionary power.

The answer is not to make registries insurers of every market loss. That would be unaffordable and would probably make them more defensive. The answer is to align power and responsibility. A low-liability registry should have narrow powers. A registry that claims broad discretion over transfers, leasing, region of use and revocation needs stronger review, clearer standards, procedural burdens, remedies, insurance or public-law accountability. There is no stable middle position in which a private association exercises sovereign-like economic leverage with help-desk-level downside.

Record integrity is not the same as economic command

AFRINIC's legitimacy problem cannot be understood without the earlier allegations about record integrity. KrebsOnSecurity reported in December 2019 that researcher Ron Guilmette and South African journalists had alleged that large IPv4 blocks assigned to defunct or acquired African organisations were commandeered and sold through companies linked to former AFRINIC policy coordinator Ernest Byaruhanga. Krebs reported that Byaruhanga resigned after the scheme was publicised and that AFRINIC's then chief executive, Eddy Kayihura, said an investigation was under way. Those are reported allegations, not final findings stated here.

Even so, the episode is significant because it shows that the registry record is itself a valuable control surface. If dormant records, corporate succession gaps, historical WHOIS changes or internal authority can be manipulated, the harm is not limited to one address block. It damages confidence in the chain of recognition. It makes members wonder whether the ledger is merely a record of rights or a field of institutional vulnerability. It also creates pressure on the registry to prove its toughness after embarrassment.

That temptation is understandable. A registry criticised for weak records will want audits, corrections and enforcement. But a legitimacy-conscious response must distinguish record repair from economic command. The proper answer to suspected record manipulation is better ledger governance: audit trails, authority verification, dormant-holder procedures, corporate succession checks, transparent correction categories, independent review, and clear dispute metadata. The improper answer is to treat record-integrity failure as a mandate to regulate business models.

This distinction is easy to lose in practice. An audit that asks whether the recognised holder is real, authorised and contactable is a ledger instrument. An audit that asks whether the holder's current customer geography sufficiently resembles an old need justification may become a gatekeeping instrument. A correction that reverses forged authority restores the ledger. A correction that retroactively penalises a lawful change in business model risks confiscatory effects. The same administrative form can serve either purpose.

AFRINIC's institutional difficulty is that record integrity, scarcity rents and policy conflict arrived together. A weak record history encourages tougher enforcement. Scarcity makes enforcement expensive. Policy language supplies broad categories. Litigation then turns each decision into an institutional risk. Once those forces combine, even a defensible registry action can look like self-protection, and even a dubious holder can cloak itself in the language of due process.

This is why the burden on AFRINIC is higher than a simple demand for clean records. It must show that it can repair the ledger without converting every repair into a discretionary economic judgement. It must be able to say, with evidence and restraint, that a change is blocked because authority is defective, not because a lawful market transaction offends allocation-era instinct. It must be able to mark uncertainty without using uncertainty as leverage. It must make record confidence a substitute for gatekeeping, not an excuse for it.

Mandate laundering and the regional claim

Post-exhaustion legitimacy is also a problem of language. RIRs use words such as community, stewardship, region, consensus, public resource, continuity and development. Each points to something real. Each can also expand a narrow coordinating mandate into a thicker authority claim than the institution can justify.

Lu Heng's "mandate laundering" critique names this mechanism directly. In that view, a private legal shell gradually comes to sound as though it possesses political authority over a region because it repeats procedural and regional language often enough. The critique is polemical and should be read as advocacy. Yet the institutional risk is genuine. A registry can begin with the narrow duty to keep unique number records and end by speaking as if it represents the economic destiny of an entire continent.

AFRINIC's service region is real. Its members are real. Its technical staff and operational services are real. Its role in African internet development is not imaginary. But a service region is not a sovereign people, and a policy list is not a legislature. The policy-development process can produce legitimate registry policy when the policy remains within a function that affected parties can reasonably delegate to that process. Once policy controls the economic mobility of already allocated resources, the representation problem becomes harder.

"Community" is the most unstable word in this vocabulary. It can mean the people active on a mailing list, the paying resource members, network operators, governments, civil-society participants, end users, the African internet community, or the global numbering system. Those groups overlap but are not interchangeable. A small active policy class may be sincere and technically competent, but it cannot automatically speak for dormant members, downstream customers, lenders, small ISPs, data-centre operators, national digital ministries or companies whose resource holdings are at stake. A formally open door does not convert low participation into consent.

The same caution applies to "stewardship." Stewardship is a defensible word when it means protecting uniqueness, records, continuity and trust. It becomes evasive when it is used to avoid specifying who has rights, who bears costs and who reviews discretion. A steward with narrow powers is a trustee of the ledger. A steward with broad unreviewed powers is a gatekeeper wearing public-interest language.

Regional development can be laundered in a similar way. "Africa needs a registry" is true. "Therefore AFRINIC's present interpretation of its mandate must prevail" does not follow. "The ledger must survive" is true. "Therefore the gatekeeper cannot be challenged" does not follow. "Number resources should not be treated as ordinary corporate assets" is true. "Therefore resource holders have no reliance interests" does not follow. Legitimacy is lost precisely in these substitutions.

NRS's public campaigning exploits this weakness from the other direction. Its member-facing language has emphasised money, records, votes, chokepoint power, legal exposure and limited liability. NRS is not a neutral academic body; it has its own institutional project and is associated with Lu Heng's wider critique of the RIR model. But the reason such rhetoric can gain traction is that the underlying anxiety is not invented. Members who see the registry as a boring ledger are harder to mobilise against it. Members who fear it has become a gatekeeper are not.

Official interventions face the same legitimacy trap. ICANN and the NRO have a legitimate interest in preventing collapse or fragmentation of the numbering system. Courts should understand that number resources administered through AFRINIC are not office furniture to be divided in a liquidation. But official bodies weaken their own position if they appear to defend every discretionary act of an incumbent registry rather than the operational ledger. Their strongest role is to preserve function, data, uniqueness and continuity while leaving contested economic claims to proper review.

Leasing is a market signal, not merely a moral problem

IPv4 leasing is often discussed as if it were mainly a defect of character. In a post-exhaustion world it is also a market signal. Leasing grows when networks need addresses but do not want, cannot obtain, or cannot safely internalise full registry-facing exposure. It may be used for ordinary customer delegation, for temporary expansion, for cloud and hosting demand, for continuity during transition, or for more speculative strategies. It cannot be understood only as evasion.

LARUS's public positioning frames first-party IPv4 leasing as a continuity product. Its argument, in broad terms, is that customers can use addresses from LARUS's own pool while LARUS carries registry-layer contract risk, audit risk, termination mechanics and intermediary risk upstream. It presents direct holding as potentially exposing an operating company to payments, audits, policy interpretation, compliance disputes, suspension, termination and revocation machinery, while ordinary contractual recovery may be small compared with renumbering cost and customer disruption.

That is commercial positioning, not neutral scholarship. It should be treated as the argument of a market participant selling a service. But it captures a genuine question: what is the safest structure for using IPv4 when the registry layer itself is perceived as a risk surface? In a high-trust registry environment, direct holding may look superior. In a low-trust environment, leasing from a holder with scale, legal experience and continuity infrastructure may look safer to some operators than becoming a direct member exposed to uncertain registry interpretation.

This is the paradox of anti-leasing enforcement. A registry that attacks leasing as inherently suspect may be attacking the market's workaround for registry distrust. If it wants less opaque leasing, it should make official recording and disclosure more attractive. It should give operators a clear way to record operational control, sub-assignment, customer delegation and lease-like use without turning disclosure into an invitation to confiscatory review. If every disclosure increases enforcement risk, rational actors disclose less.

The policy challenge is to separate three categories. Fraudulent transfers, forged authority and hijacked resources should be stopped. Operational leasing and customer delegation should be recordable where the recognised holder remains accountable and registry data remains accurate. Speculative hoarding or arbitrage may offend allocation-era sensibilities, but it should not automatically become a revocation matter unless a clear rule, adopted prospectively and paired with review, makes it so. Without those distinctions, a registry collapses fraud control, market dislike and economic regulation into one enforcement bucket.

Leasing also exposes the limits of regional restriction. A holder in one jurisdiction can support customers in another. A cloud or hosting platform can serve users across borders. A customer may buy connectivity from a provider whose routing, billing, ownership and operational locations do not fit simple regional categories. If the registry insists on a clean regional map that does not match network economics, parties will produce contractual forms that satisfy the letter while defeating the purpose, or they will leave the official record incomplete.

The better approach is not laissez-faire indifference. A registry should care who is accountable, who can update records, how abuse contacts work, whether reverse DNS is stable, whether RPKI authority is clear, whether a court order exists, and whether a resource is disputed. It should be less interested in policing every commercial reason why a holder lets another network use addresses. The ledger wins when it records reality accurately enough to reduce risk. It loses when it demands that reality reshape itself around allocation-era categories.

Courts, receivers and the continuity bargain

Court involvement in AFRINIC is sometimes treated as an embarrassment to internet governance, as if law has intruded into a technical commons. That is the wrong way to read it. RIRs are private legal entities incorporated somewhere. AFRINIC is incorporated in Mauritius. When contracts, corporate law, insolvency concerns, elections and member rights collide, courts are not aliens. They are part of the legal environment in which the registry exists.

The difficulty is that courts are asked to handle disputes whose technical consequences extend beyond the ordinary company. A winding-up petition against a normal firm affects employees, creditors, contracts and assets. A winding-up petition involving an RIR also raises questions about registration data, reverse DNS, RPKI, uniqueness, resource-holder reliance, members in many jurisdictions and global coordination. Judges need a map that separates the registry function from the corporate shell without pretending the shell is irrelevant.

The Register reported in 2026 that ICANN successfully applied to become a party to Cloud Innovation's attempt to wind up AFRINIC. ICANN's stated purpose, as reported, was to help the court understand AFRINIC's unique role and to make clear that numbering resources allocated through AFRINIC are not assets of AFRINIC available for distribution in a winding-up. That is a valuable narrow intervention. A court should not treat AFRINIC-administered number resources as a warehouse inventory.

But that principle has limits. Saying AFRINIC does not own number resources does not prove that holders have no reliance interests. Saying the registry function is critical does not prove that every AFRINIC enforcement act is proportionate. Saying AFRINIC should not be wound up casually does not prove that the current corporate shell, board, policy interpretation or legal strategy must be immune. The continuity bargain should preserve the last verified operational state while disputes are heard. It should not transform continuity into institutional untouchability.

Receivership is similarly double-edged. The NRO's 2023 statement welcomed the appointment of an official receiver as a mechanism to preserve business value, run elections, form a board, appoint leadership and maintain services. IGP interpreted receivership as evidence that private governance had a rule-of-law recovery mechanism. That reading has force. Courts and receivers can stop a private association from collapsing into paralysis.

Yet receivership also shows that the old architecture lacked a clean internal failure mode. If a registry requires a court-appointed receiver to organise elections and keep services running, the numbering system needs more explicit continuity design. The receiver can be a bridge. It cannot by itself settle whether enforcement is proportionate, whether resource holders have reliance rights, whether members trust the policy process, whether board authority is legitimate, or whether the registry record can be separated from institutional self-defence.

Continuity should therefore be technical before it is political. A resilient RIR system should have verified escrow of registry data, clear failover arrangements for RDAP and WHOIS, reverse-DNS contingency, RPKI succession planning, service-level transparency, dispute isolation, emergency operating authority and rules preserving the last verified state while contested claims are reviewed. None of that is anti-AFRINIC. It is what a critical institution builds if it believes the function matters more than the office.

Lu Heng's "registry continuity fallacy" argument makes this distinction in more adversarial terms: the shell is replaceable; the ledger is the function to preserve. One need not accept every proposed remedy to accept the distinction. A registry system that depends on hostage logic -- if this corporate body fails, operational continuity fails -- has not earned post-exhaustion legitimacy. It has merely made its own fragility a source of leverage.

The work around ICP-2 revision is therefore important. Public reporting in 2025 and 2026 described efforts by the RIR community and ICANN to revisit ICP-2 so that RIR recognition would address the full lifecycle of a registry, including assistance and possible derecognition mechanisms. That is overdue. But a stronger ICP-2 could either solve or replicate AFRINIC's legitimacy problem. If it protects data, services, succession, affected-resource-holder reliance and narrow emergency authority, it strengthens the ledger. If it centralises discretionary power in ICANN or an RIR club without clear rights for holders and members, it merely builds a larger gatekeeper above the regional one.

Elections, members and the economics of trust

Member trust is not a public-relations asset in a post-exhaustion registry. It is part of the economic environment around scarce resources. If members trust the institution, they are more likely to keep records accurate, disclose transfers, accept adverse decisions, participate in policy and treat elections as legitimate. If they do not, they litigate, organise outside campaigns, withhold information, use proxies defensively, structure around the registry and seek emergency intervention.

AFRINIC's election history shows how procedural legitimacy becomes economic legitimacy. The 2025 annulled election was not merely an internal mishap. It concerned control over the board of a registry able to influence enforcement, transfers, budgets, bylaws, member status and recovery strategy. The Register reported concerns about powers of attorney, voter documentation, ICANN's questions, ISPA South Africa's objections and the receiver's annulment. Those reports do not prove every allegation. They do show why voting authority now matters to resource valuation. A member who doubts the vote may later doubt the policy, the enforcement decision and the transfer review that follows from the board's authority.

The policy-list process faces a parallel problem. AFRINIC's policy materials describe a process in which anyone may participate, mailing-list discussions are publicly archived and consensus is assessed through the Policy Development Working Group. That openness has value. It is better than closed rule-making. But open participation is not the same thing as affected-principal consent. A policy list can be dominated by people with time, ideology, institutional familiarity or organised campaigns. Ordinary operators may be absent because they are running networks. Small members may not understand a clause's downstream effects until it becomes a transfer delay, a compliance inquiry or a valuation discount.

Post-exhaustion rule-making should therefore classify policies by effect. Some rules concern pure registry hygiene: formats, contactability, publication, authentication, security metadata. Others concern allocation from a remaining pool. Others affect transfer recording, economic mobility, enforcement, member rights or continuity. The more a policy affects already allocated resources, the stronger the consent and review requirements should be. A mailing list can decide a small technical format more easily than it can impose retroactive economic restrictions.

This does not mean that policy must be frozen. It means the standard of legitimacy must rise with the cost imposed. If a rule changes the value, liquidity or reliance position of existing resources, affected holders should receive explicit notice, impact analysis, transition time, dissent summaries, legal-risk analysis and independent appeal. "Bottom-up" and "community consensus" are not magic phrases. They must describe a process capable of carrying the weight placed on it.

Member-authority verification is the practical starting point. The same kind of system that verifies an election vote should verify transfer authority, member representatives, powers of attorney, record updates and dispute submissions. If members believe authority can be forged, borrowed, confused or captured, every registry action becomes suspect. Trust returns only when authority is hard to fake, easy to challenge and visibly documented.

The economics of trust are severe because the registry is not an ordinary supplier. A dissatisfied customer can change software vendors. A resource holder cannot simply move its AFRINIC-administered address block into another RIR's registry without policy and recognition effects. Exit is constrained. Where exit is constrained, voice and due process must be stronger. Otherwise a low-trust monopoly of recognition becomes a risk premium attached to every resource it administers.

Who pays the legitimacy discount

Weak legitimacy is paid as a discount. It appears in lower transfer prices, stronger indemnity demands, longer closing timelines, higher legal costs, more defensive leasing structures, idle inventory and customer caution. It appears when an operator chooses a provider with cleaner continuity assurances, when a buyer discounts a block because registry approval looks uncertain, or when a bank hesitates to recognise number-resource value in a financing plan. The registry still exists, but its record no longer lowers transaction cost as effectively as it should.

The cost does not fall evenly. Large cloud operators, brokers, legal departments and well-financed address holders can diversify across regions, buy advice, hold inventory and wait through delay. Smaller African ISPs, hosting companies, data centres, enterprise networks, universities and public-service operators have fewer options. They may depend on one registry account, one narrow pool of addresses, one financing relationship and customers who do not understand why a registry dispute has entered the operations plan. For them, uncertainty at the registry layer is not an abstract governance problem. It is business-continuity risk.

This is where regional protection can become self-defeating. A policy described as keeping African resources in Africa may reduce the value of resources held by African operators, make sales or financing harder, delay expansion, discourage outside capital and push transactions into opacity. If the aim is to develop African connectivity, rules should increase the capacity of local networks to raise capital, acquire resources, lease unused inventory, sell when necessary and participate in predictable markets. Locking value inside a discretionary registry system may sound protective. It can function like a tax on the very operators it claims to protect.

Small operators also suffer more from procedural opacity. A large firm can hire RIR specialists, attend meetings, monitor policy lists, answer audits, challenge review letters and lobby for its preferred text. A small provider may miss a mailing-list debate, misunderstand voting credentials or learn about a policy only when a transaction is delayed. In that environment, "open to all" becomes open mainly to specialists. The administrative burden is regressive.

The same problem applies to governments. States in the AFRINIC region have legitimate interests in connectivity, digital public services, schools, hospitals, banking, IXPs, national cloud capacity and emergency communications. They may be tempted to support strong central protection of AFRINIC when the institution looks threatened. But state support that increases registry discretion can transfer more political value into the registry and make capture more attractive. Governments should want reliable number records, not a larger political prize around number records. A boring ledger is better for sovereignty than a dramatic gatekeeper.

For courts, the legitimacy discount appears as complexity. A judge facing winding-up, receivership, election rules, member status, powers of attorney or resource claims needs a clear institutional map. If the record is clean and the registry's role is narrow, the court can preserve services while deciding legal issues. If authority, records, voting status and policy scope are all contested, the court becomes the forum for questions the institution should have made easier to resolve. Legal cost then spreads beyond the parties to networks and customers with no role in the original dispute.

For the global RIR system, AFRINIC's discount is contagious. Other registries may be better governed, better capitalised, less litigious or more trusted. Yet AFRINIC creates precedent. It teaches resource holders elsewhere that registry failure is possible, that a court receiver is possible, that voting authority can matter, that emergency derecognition policy may be developed, and that central institutions may intervene. That knowledge changes how holders think about ARIN, RIPE NCC, APNIC and LACNIC as well. A failure in one region becomes a pricing input for the whole registry model.

The discount can be reduced only by making the official registry path more valuable than the workaround. That means lower transaction friction, clearer authority, visible audit trails, narrow enforcement, portable continuity and honest treatment of IPv4 economics. If the ledger is the safest path, members will use it. If the ledger becomes a choke point, members will minimise exposure to it.

What post-exhaustion legitimacy would require

AFRINIC can recover legitimacy in the post-exhaustion sense, but not by repeating allocation-era vocabulary. The test is operational. Does the registry reduce the risk premium attached to AFRINIC-administered resources? Does it make official recording safer than avoidance? Does it separate ledger protection from institutional self-defence? Does it recognise reliance without pretending that IPv4 is ordinary property? Does it preserve continuity without demanding immunity?

The first requirement is record confidence. AFRINIC should be able to show, within appropriate confidentiality limits, that resource records, member authority records, transfer histories, contact data, reverse DNS and RPKI-related records are controlled through auditable change processes. Historical irregularities should be classified rather than buried: alleged fraud, dormant-holder uncertainty, corporate succession gaps, ordinary corrections, court-constrained status and disputed entitlement. The aim is not public theatre. It is confidence that the ledger is knowable.

The second requirement is a narrow enforcement model. Fraud, forged authority, duplicate claims, abandoned resources, court orders, abuse-contact non-response and security-integrity emergencies belong in the registry's core domain. Commercial leasing, changed customer geography, ordinary business-model evolution and market pricing should not become enforcement matters unless a clear rule adopted prospectively makes them relevant and provides proportionate remedies. Retroactivity is the hidden confiscation risk in post-exhaustion governance.

The third requirement is transfer and leasing realism. AFRINIC should separate free-pool allocation criteria from post-allocation transfer recording. It can require proof of holder authority, accurate contact data, fee compliance, court-order clearance, dispute marking and clean chain of recognition. It should be cautious about using needs assessment or regional morality to block transactions involving already allocated resources. If it wants to preserve regional development, it should do so through incentives, transparency and supply growth rather than trapping capital.

The fourth requirement is liability-power symmetry. AFRINIC need not accept unlimited damages exposure. But if its liability remains limited and its capital base modest, its powers should be modest too. High-consequence actions should require independent review, clear standards and preservation of the last verified operational state during dispute. Revocation should be structurally separated from ordinary administration. Downstream customers should not become leverage in a fight between a registry and a holder.

The fifth requirement is member-authority verification. Elections, powers of attorney, transfer authority, member representatives, corporate changes and dispute submissions should be governed by a coherent authentication and challenge system. The 2025 election problems made this unavoidable. Members will not regain trust because AFRINIC says it is community-driven. They will regain it when authority is difficult to forge, quick to contest and transparently recorded.

The sixth requirement is continuity architecture. AFRINIC may remain the registry operator, and a functioning African registry is better than improvisation. But critical services should not depend on the uncontested survival of one corporate shell. Escrow, failover, RPKI succession, reverse-DNS continuity, RDAP and WHOIS resilience, and interim-service provisions are not attacks on AFRINIC. They are the infrastructure of trust.

The seventh requirement is rhetorical restraint. AFRINIC does not need to abandon the language of regional development or community. It should stop asking those words to do legal and economic work they cannot bear. A service region is not a blank cheque. A policy list is not a sovereign. A registry record is not a moral approval certificate. The more modest the institutional claim, the stronger the legitimacy.

The narrow road back to boring authority

The best registry is boring. It lowers transaction costs. It keeps records clean. It makes fraud harder and ordinary business easier. It gives courts a clear map. It gives members reason to disclose rather than conceal. It gives buyers and sellers predictable procedures. It lets networks route, renumber, lease, transfer and finance with less institutional noise. It is not invisible, but it is rarely the protagonist.

AFRINIC has become the opposite: a registry whose governance, litigation, elections, enforcement theories, critics and continuity arrangements are themselves part of the risk environment around the numbers it administers. That does not mean AFRINIC should be destroyed. It means its recovery cannot be judged by survival alone. A board seated after turmoil, a budget approved after paralysis, or a court intervention that preserves services may be necessary steps. They are not sufficient proof of post-exhaustion legitimacy.

The standard is whether AFRINIC can create a legitimacy premium rather than a legitimacy discount. A premium would make AFRINIC-administered resources easier to value, transfer, lease, finance and use. It would encourage accurate records because disclosure would reduce risk. It would make policy participation worth members' time because the process would be tied to evidence and transition rules. It would give courts confidence that the last verified operational state can be preserved without endorsing every institutional claim. It would reduce the need for ICANN, the NRO or a receiver to rescue basic continuity.

The answer will not come from a single judgment, election, press statement, policy proposal or intervention by a global body. It will come from repeated behaviour: narrow rules, clean records, fair process, credible review, realistic transfer policy, verified member authority, honest treatment of leasing, and continuity design that protects the function rather than the incumbent's discretion. AFRINIC's crisis made the allocation-era bargain impossible to ignore. Its recovery, if it is to be more than institutional self-preservation, must build the post-exhaustion bargain that IPv4 scarcity now requires.

Sources and attribution

This analysis uses AFRINIC public materials as factual background for institutional identity, service region, policy structure, registry services and IPv4 exhaustion milestones; NRO material as background for the 2023 appointment of an official receiver; Internet Governance Project analysis for political-economy discussion of IPv4 scarcity, Cloud Innovation litigation and receivership; KrebsOnSecurity for the reported 2019 address-record manipulation allegations; The Register for reporting on the 2025-2026 election, ICANN, receiver, litigation and recovery timeline; and public Lu Heng, NRS and LARUS materials for market-participant critiques of registry-layer risk, mandate laundering, ledger-versus-gatekeeper power, portability and leasing continuity. Disputed allegations are attributed to the reporting or public actors that made them and are not treated here as adjudicated facts.