The deadline room

Imagine a public-service continuity room at the end of a fiscal year. The tax authority is preparing for the final filing surge. Customs is moving a new declaration gateway into production. A hospital network is testing access from regional clinics. A civil registry is about to open a digital identity renewal window. Procurement officers, agency lawyers, security engineers and a deputy permanent secretary are working through the familiar checklist: database replication, cloud failover, payment-gateway uptime, help-desk staffing, DDoS protection, disaster-recovery drills and the enforceability of vendor service-level agreements.

Then a quieter dependency enters the room. The e-government portal is reachable through public IPv4 blocks. Some of those blocks are registered to a ministry. Some sit with a state-owned telecommunications provider. Others were first allocated to an old public data centre, an education network, a hospital trust or a contractor that has changed legal form since the original procurement. Reverse DNS has to point to the right names. RDAP and Whois contacts have to reach people who still work for the responsible agency or operator. Route objects and RPKI authorizations have to support the autonomous systems that actually announce the prefixes. When foreign banks, airlines, customs brokers, development-finance partners or health systems see traffic from those addresses, they rely on the registration and routing evidence to decide whether the traffic is expected, attributable and safe.

The ministry controls the application budget. It controls the public announcement. It may control the help desk and the vendor contract. It does not directly control the regional internet registry where the public numbering record is maintained. That record sits in a technical coordination system built for unique-number administration, not for the tempo of tax deadlines, court hearings, hospital referrals, benefit-payment cycles or emergency communications. The mismatch is usually invisible. It becomes visible when the registry layer is uncertain, slow, disputed or legally constrained.

AFRINIC is the useful case through which to examine that mismatch. Its public materials describe it as the nonprofit, member-based Regional Internet Registry for Africa and the Indian Ocean, registered in Mauritius and entrusted with managing IP address space and Autonomous System Numbers. It also operates or supports the surrounding services that make number resources legible: Whois, RDAP, reverse DNS, the Internet Routing Registry and RPKI. These are not decorative appendages to the internet. They are part of the evidence by which networks, security teams, counterparties and courts understand that a public address block belongs with a particular holder, route, contact and operational claim.

The argument is deliberately narrow. It is not a theory that every state should command a regional registry. It is not a claim that number resources should become national trophies. It is not a demand that a registry become a ministry. It is that governments and public services often depend on registry continuity without controlling the registry. When AFRINIC's record layer becomes uncertain, the practical risk is not internet-governance drama in the abstract. It is continuity exposure for tax filing, customs clearance, hospital connectivity, benefit payments, court systems, police and emergency communications, procurement platforms, identity services, education networks, municipal services and state-owned infrastructure.

That exposure is economic before it is ideological. Public IPv4 reachability is a production input for modern state capacity. Registry records are the chain of custody for that input. If the chain of custody is weak, stale, contested or administratively fragile, public services inherit a risk they rarely price, audit or contract for. The address book does not run the public sector. But the public sector has built more of its digital machinery around the address book than many officials realize.

The registry layer under public administration

Most public-sector technology maps stop too high in the stack. They show the ministry, the system integrator, the cloud provider, the disaster-recovery site, the payment processor, the cybersecurity operations centre, the data-protection officer and perhaps the national computer emergency response team. They usually do not show the registry account, the resource certificate repository, the maintainer object, the reverse-DNS delegation, the abuse contact, the administrative contact or the old allocation file that explains why a block was first assigned. That omission is understandable. Registry information looks technical, and in normal times it is technical. Under stress it becomes institutional evidence.

The public sector depends on that evidence in indirect ways. A tax portal may use addresses announced by a national backbone operator. A customs platform may be hosted by a public-private data centre. A national health network may connect hospitals through a state carrier. A court filing system may expose APIs to banks, law firms and police databases. A procurement platform may need global reachability for bidders, auditors and aid-funded project supervisors. Each service has an application owner, a budget owner and a security owner. Fewer have a registry owner.

The registry layer matters because the public internet is not simply a set of cables and routers. It is a system of claims about who is entitled to originate routes, receive incident reports, publish reverse mappings and maintain authoritative contact data. RDAP and Whois do not make packets move, but they make accountability legible. Reverse DNS does not create a tax account, but it affects how counterparties classify traffic and read logs. RPKI does not guarantee uptime, but it gives other networks a cryptographic basis for accepting or rejecting route announcements. IRR records can still influence filtering, peering and escalation practices. Together these records form the administrative envelope around reachability.

For public agencies, that envelope is often inherited rather than designed. An address block may have been obtained by a ministry before the central digital-government office existed. It may have been assigned through a local internet registry, transferred during a state-owned enterprise restructuring, held by a research network on behalf of public institutions or buried inside a long telecoms contract. The people who negotiated the original arrangement may have retired. The business unit that paid the fees may no longer exist. The vendor operating the portal may have no power to change registry records, while the registry contact may have no authority over the production application.

This is a familiar institutional problem: the party bearing the public consequence is not always the party holding the operational lever. In public finance, such gaps create contingent liabilities. In utilities, they create resilience failures. In internet numbering, they create address dependency without command. A national system can be architected with redundant servers and still remain exposed if its public identifiers are tied to a registry relationship that is poorly documented, disputed, inaccessible or vulnerable to institutional delay.

AFRINIC's turbulence turns that hidden layer into a visible one. A registry that cannot reliably complete governance routines, faces litigation over its legal status or struggles to restore confidence after disputed elections may still keep technical services running. Staff professionalism can preserve day-to-day operations for a long time. Public-sector risk management, however, cannot stop at the question of whether packets moved yesterday. It must ask whether the institutions needed to prove, update and defend those records will function when a filing deadline, hospital incident, public-procurement challenge or emergency-service outage puts time pressure on the state.

Dependency without command

The public sector is accustomed to outsourcing. Governments procure data centres, cloud capacity, managed security, fibre, payment gateways, call centres and software platforms. Outsourcing itself is not the problem. The problem is a form of dependency in which the state can contract for the visible service but cannot easily command the underlying recognition layer. Public IPv4 reachability sits in that category. A ministry may be able to terminate a hosting contract, yet it cannot by contract alone force a regional internet registry to accept a particular interpretation of resource status, membership standing, routing evidence or administrative authority.

That does not mean AFRINIC controls African governments. It does not run ministries, route national traffic by itself or own the infrastructure of public agencies. The power is subtler. A registry record is a common reference point accepted by operators, security teams, counterparties, auditors and courts. If that reference point becomes contested, the cost of proving continuity rises for everyone built on top of it. The registry is not the state, but a public service may still depend on its record.

Dependency without command appears in several forms. The first is legal. AFRINIC is incorporated in Mauritius. Its receivership, litigation and corporate status are governed through Mauritian legal processes. A ministry in another country may have critical services that depend on AFRINIC-administered resources, yet it may not be a direct litigant, member, creditor or governance participant in the proceeding that determines institutional continuity. Its public downside exists outside the courtroom where the registry's future is being argued.

The second form is contractual. A government may hold a service-level agreement with a telecoms provider that promises connectivity and fault response. That agreement may not specify who controls the AFRINIC account, who must keep contacts current, who has authority to approve reverse-DNS changes, what happens if the provider's registry membership is suspended, or how RPKI material will be preserved during a dispute. The provider may promise uptime while relying on a registration relationship that the public customer has never reviewed.

The third form is operational. Public services are sticky. Renumbering a consumer marketing site is manageable; renumbering a tax authority, customs gateway, national hospital network, police communication interface or public-procurement system is slow and risky. IP addresses appear in firewall rules, API allowlists, partner integrations, fraud systems, DNS records, certificates, monitoring tools, backup scripts, log parsers and old documentation. Every hard-coded dependency turns a nominally administrative issue into a practical migration cost.

The fourth form is reputational. Government services must be trusted by citizens, businesses and foreign counterparties. If a public portal's address records are stale, disputed or associated with confusing contact data, the agency may face more friction in incident response, email delivery, bank integration or international data exchange. No citizen cares whether the problem is RDAP, reverse DNS, a route object or a resource certificate. They experience failed access, delayed clearance, a benefit payment that cannot be confirmed, or a payment portal treated as suspicious by a bank.

This is why a public-sector analysis must remain close to continuity. The registry is not the electricity grid, but it records a condition of network identity on which the grid's digital systems may rely. It is not a court, but its records may be treated as evidence. It is not a ministry, but its availability affects ministerial capacity. The practical question is not who commands whom. It is how a public service remains reachable, attributable and defensible when the record layer beneath it is outside direct administrative command.

Why AFRINIC is the useful exhibit

AFRINIC is not merely a troubled institution used to decorate a theoretical point. It is the registry for a service region containing dozens of states, many fast-growing digital public sectors and many operators whose address histories differ sharply from those in North America or Europe. Its public materials identify a mission around efficient distribution of internet number resources, member services, training, routing security, reverse DNS, Whois, RDAP, IRR and RPKI. That breadth is precisely why the institution matters. When it works well, it quietly lowers coordination costs across an enormous and diverse region.

The official description also shows why public-sector dependency is easy to miss. AFRINIC presents itself as a technical and member-based body. Its policy process is described in bottom-up terms: proposals, open discussion, consensus assessment and adoption. This language is familiar to network operators. It is less familiar to finance ministries, hospital administrators, customs directors, public-procurement boards or municipal-service managers. Public agencies may rely on the outputs of the process without understanding the channels through which those outputs are maintained.

That reliance sits against a difficult public record. In 2019, KrebsOnSecurity reported allegations of a large African IP address heist connected to record manipulation and companies tied to a former AFRINIC executive. In 2021, the Internet Governance Project described AFRINIC's dispute with Cloud Innovation as a crisis involving scarcity, alleged policy violations, litigation, bank-account freezes and arguments about how aggressively a registry should enforce regional-use interpretations. In 2023, the Number Resource Organization welcomed a Mauritian court's appointment of an official receiver and described the receiver's task as preserving AFRINIC's assets, maintaining the status quo and overseeing elections to restore governance.

The later record did not immediately remove uncertainty. The Register reported that AFRINIC had been unable to appoint a chief executive or elect board members for years; that a 2025 election was suspended and then annulled after concerns over powers of attorney and voter documentation; and that a later election produced a board while leaving the institution facing active critics, court questions and ICANN work on policies for dysfunctional registries. In 2026, The Register also reported AFRINIC statements that it was rebuilding budgets and strategy, followed by renewed reporting on litigation and ICANN's intervention in a winding-up application.

These events should be treated carefully. Some claims are allegations. Some are contested by the parties. Some reports reflect the view of AFRINIC, Cloud Innovation, ICANN, the NRO, journalists or outside commentators. A public agency does not need to decide every legal merit in order to learn from the record. The important fact is that the registry layer has been subject to a long period of institutional uncertainty visible enough for courts, global coordination bodies, members and the technical press to comment repeatedly.

That is enough to change the risk model. A public agency need not take sides in the Cloud Innovation dispute to learn from it. It need not endorse or reject any board to understand the procurement effect of boardlessness. It need not accept official registry narratives as framing authority to see that record-layer continuity is now part of the public-service resilience problem. AFRINIC is the exhibit because its stress is documented, multi-year and directly tied to the services on which public-sector reachability depends.

Scarcity turned numbering records into economic infrastructure

IPv4 scarcity changed the institutional nature of registry records. When addresses were abundant, the registry relationship could be treated as a technical administrative matter. Requests were justified, blocks were allocated, contacts were registered and networks grew. Scarcity made each record more valuable, not because the record itself is magical, but because it is the recognized claim around a useful and limited production input. A routable IPv4 address still supports hosting, access, cloud compatibility, fraud control, legacy equipment and public reachability in systems that cannot yet operate on IPv6 alone.

AFRINIC's exhaustion material records the broad arc. The global free pool was depleted after IANA distributed the final large blocks to the regional registries. Other regions exhausted their free pools earlier. AFRINIC entered Phase 1 of its soft-landing process in 2017 and later identified Phase 2 as the current exhaustion phase. The details of allocation size, reservation and evaluation criteria matter to applicants. For public-sector economics, the key point is that scarcity turned administrative timing and policy interpretation into material economic events.

The change affects government in two ways. First, public agencies need addresses as a practical input, even when they plan to move more services to IPv6 or private addressing behind NAT. Citizen-facing portals, inter-agency APIs, public email gateways, DNS resolvers, hospital remote-access systems, utility-control access points and partner-facing dashboards often rely on routable IPv4. IPv6 migration helps, but it does not instantly remove every IPv4 dependency in citizen devices, partner networks, old vendor products, foreign bank systems or international transport integrations.

Second, governments are buyers in markets shaped by scarcity. If a state-owned utility needs addresses, its options may include new allocation if available, provider-assigned space, leased space, cloud-hosted endpoints or renumbering around a different architecture. Each option has a cost and a risk. Policies that make record updates slow, uncertain or discretionary do not affect only private address brokers. They affect the price and availability of inputs that public services must procure.

This is where address dependency becomes an institutional-economics problem. A scarce input has a shadow price even if the government obtained it long ago for an administrative fee. A public IPv4 block embedded in a national service carries option value, replacement cost and operational risk. If registry uncertainty reduces confidence in that block's status, the state has suffered a real economic harm before any visible outage occurs. The harm may appear as higher vendor bids, legal review, emergency renumbering, insurance exclusions, expensive workarounds, procurement delay or a tighter form of vendor lock-in.

The public sector is particularly exposed because it cannot always optimize quickly. A private company may redesign a product, change hosting providers or accept temporary disruption for a subset of customers. A tax authority cannot casually miss a filing deadline. A hospital cannot ask patients to wait while a routing-policy dispute is resolved. A customs system cannot tell ports to clear containers manually for weeks because an upstream number-resource record is under question. Scarcity has therefore made accurate, stable registry records part of the economic infrastructure of the state.

This does not make addresses equivalent to land, spectrum or currency. It means they behave like a stubborn production input in digital administration. Their public value lies less in their resale price than in avoided disruption. An address block acquired years ago may look like a legacy artifact in an asset register. If it anchors a national payment interface, a police evidence exchange or a hospital referral network, it is a continuity asset.

What the 2019 address-theft reporting teaches

The 2019 address-theft reporting around AFRINIC is a useful warning for public agencies because it shifts attention from governance theatre to record integrity. KrebsOnSecurity described a multi-year investigation by Ron Guilmette and journalists into address blocks allegedly taken from African entities, including defunct or acquired companies, and routed into commercial use through companies tied to a former AFRINIC executive. The article reported an estimated market value above $50 million for the documented addresses and noted that AFRINIC said it was investigating.

The factual details matter, but the institutional lesson is broader. Registry records are not inert. If the records around a dormant public agency, a dissolved state contractor, an old education network or a merged state-owned company are weak, someone may be able to exploit them. The exploit need not look like a dramatic routing hijack. It may look like paperwork, stale contacts, forgotten credentials, a corporate-registry mismatch or a change that no current official notices until the block is already used elsewhere.

Public sectors are full of such legacy assets. A ministry may have received address space during an early internet project. A university hospital may have been connected through a donor-funded research network. A national education network may have held resources on behalf of public institutions. A state IT agency may have absorbed predecessor entities without consolidating their registry records. A privatised or corporatised telecoms operator may retain infrastructure that still serves government functions. Each transition creates the possibility of a broken chain of custody.

Theft or unauthorized transfer is not the only danger. Stale records can also slow emergency response. If a public hospital block is abused by a compromised host, incident responders need valid contacts. If a government gateway is blocked by a partner network, the routing and registration evidence must be clean enough for escalation. If an old reverse-DNS zone points to the wrong nameserver, email and logging systems may behave unpredictably. Integrity is not merely about preventing criminals from selling addresses. It is about preserving confidence in routine administration.

The address-theft episode also shows the political consequences of weak records. After a registry is accused of failing to protect address space, pressure grows for audits, resource reviews and stronger enforcement. That pressure may be legitimate. But it can expand the registry's discretionary role if it is not carefully bounded. The same institution asked to repair record integrity may then claim broader authority over business models, geography of use or commercial arrangements. The cure becomes risky if it drifts from evidence-based correction into general control over lawful network use.

For governments, the lesson is to audit before scandal. Public agencies should not wait for a registry crisis to discover who holds their public address space. They should know the registered holder, current contacts, maintainer structure, reverse-DNS delegation, RPKI status, origin ASNs, contractual party, renewal obligations and legal authority for updates. In a world of scarce IPv4, the old address book is not an archive. It is an asset register for continuity.

There is a second lesson: records need owners who outlast projects. A tax-modernization programme may close after deployment. A health-connectivity grant may end when clinics are connected. A municipal broadband pilot may be folded into a national carrier. If the registry records remain attached to the project office, the continuity risk survives the project. Public administration is good at creating committees for new services; it is less good at maintaining the low-status records beneath them. AFRINIC's address-theft reporting is a reminder that adversaries and opportunists notice neglected records before ministers do.

Cloud Innovation as a continuity stress test

The Cloud Innovation dispute is often narrated as a confrontation between AFRINIC and a large address holder. For public-sector purposes that narration is too small. The dispute is a continuity stress test: what happens when a registry believes a member has breached policy or contract, the member believes the registry is exceeding its authority, and both sides use courts and public argument while live address resources remain embedded in customer networks?

The Internet Governance Project's 2021 account described AFRINIC's allegations that Cloud Innovation's actual use differed from registered usage and that AFRINIC asserted a regional-use theory tied to membership and need. It also described Cloud Innovation's objections, including arguments against intrusive review and against an interpretation that would require registry permission for ordinary changes in service. AFRINIC threatened termination and reclamation; Cloud Innovation went to court; bank-account freezes and multiple cases followed. The legal merits were and remain contested. The continuity lesson is plain.

Revocation is not like terminating a newsletter subscription. Address resources may sit underneath real customers, long-term contracts, public-facing services and routing-security practices. If a registry acts destructively before an independent forum has resolved a dispute, innocent downstream users can become collateral damage. If a holder can paralyse the registry through litigation, the whole region can inherit institutional risk. The public sector should be uncomfortable with both failure modes.

This is why proportionality matters. A registry must be able to investigate fraud, misrepresentation, non-payment and abuse. It must also distinguish between preserving a disputed record and destroying operational reliance. A public-service continuity architecture should prefer dispute isolation: record the conflict, block conflicting transfers if necessary, require evidence, preserve the last verified operational state where possible and let an independent process decide severe remedies. The registry should not be claimant, investigator, judge and executioner when the practical effect may include network disruption for people who are not parties to the dispute.

Cloud Innovation also shows how public-sector risk can arise without the public sector appearing in the pleadings. Suppose a government service is hosted by a provider whose address space is subject to a dispute with AFRINIC. The ministry's contract may say nothing about that dispute. The service may continue to work until a registry action, route-filtering decision, partner-risk assessment or court order changes the environment. By then the agency may have no quick path to substitute addresses without breaking integrations.

The dispute should therefore be read less as a singular controversy than as a warning about institutional leverage. When the registry layer is used to enforce broad policy judgments, the effect can extend beyond the immediate holder. When members litigate aggressively against the registry, the effect can extend beyond the member. In both directions, public-service continuity depends on rules that protect accurate records and running networks while the merits are decided elsewhere.

This point is not special pleading for any one company. It is a design principle for public systems. Courts, regulators and governments can impose severe remedies because they have public-law procedures, appeal channels and enforcement discipline. A registry has administrative authority because networks accept its coordination role. When that administrative authority is used in ways that could cut through hospitals, courts, customs platforms or emergency-service integrations, public agencies need assurances that continuity has been designed into the process, not assumed after the fact.

Receivership and election gaps as procurement signals

Receivership is a legal remedy, but for public procurement it is also a signal. The Number Resource Organization's 2023 statement said the Supreme Court of Mauritius had appointed an official receiver whose role included maintaining the status quo of AFRINIC's assets, preserving business value, overseeing elections, facilitating a proper board and enabling a chief executive appointment. The NRO welcomed the development as a way to restore functional governance and keep registry services available. That is an important factual exhibit: even within the registry system, formal legal intervention was treated as a mechanism for preserving continuity.

A receiver does not automatically mean technical collapse. In fact, the point of receivership is to prevent collapse. Staff may continue answering tickets, maintaining databases and publishing services. Yet procurement officers and public-sector risk managers do not look only at today's service desk. They ask whether the supplier, regulator or critical coordination body is governed, solvent, authorized and capable of making decisions. AFRINIC's difficulty in sustaining ordinary governance routines therefore matters even if its technical staff continued to work.

The 2025 election sequence deepened the concern. The Register reported that AFRINIC had been unable to elect a board for years; that a receiver organized elections; that ICANN raised concerns; and that the June 2025 process was delayed, then suspended and annulled after concerns over voter documentation and powers of attorney. Later reporting said a new election produced eight directors in September 2025, giving AFRINIC a board again, but not freeing it from litigation, criticism or possible court challenges. By February 2026, AFRINIC representatives were describing improved morale, budget work and a strategy process. By March and May 2026, public reporting again showed renewed disputes and ICANN intervention in litigation.

For a public agency, this timeline does not require a prediction that AFRINIC will fail. It requires recognition that the record layer has been institutionally volatile. A ministry planning a national digital identity system, a customs single-window platform, an education network upgrade or a hospital connectivity renewal should not assume registry continuity is a background constant merely because services have historically worked. It should ask how address records will be maintained if the registry is in receivership, if elections are disputed, if bank accounts are constrained, if ICANN contemplates emergency mechanisms or if a court proceeding affects institutional authority.

Procurement confidence is built on boring answers to such questions. Who can sign? Who can approve changes? Who can give undertakings? Who is liable? What is the escalation path? Which court has jurisdiction? What happens if the registry's governance is challenged during a service migration? If the public agency cannot answer, bidders will price the uncertainty or ignore it until a crisis. Neither outcome is good public finance.

The same issue appears in donor-funded and regional projects. A customs modernization financed by development banks, a public-health connectivity programme, a national research and education network or an emergency-services communications upgrade may involve cross-border vendors and auditors. Those actors will not necessarily understand AFRINIC's history. They will simply see a regional registry with visible governance turmoil. The public sector should be prepared to show that its own continuity plan does not depend on pretending that turmoil is irrelevant.

This is also a reputational matter. Public agencies ask citizens and firms to trust online services with tax records, biometric identity data, company filings, court documents, customs declarations and health information. If the underlying network identity depends on an institution whose governance is publicly contested, the answer cannot be a shrug that the application layer is separate. The application layer is what the public sees. The record layer is what many external systems use to decide whether the application deserves trust.

Public IPv4 in the machinery of state capacity

State capacity is often discussed through revenue collection, law enforcement, health delivery and infrastructure. Digital government adds a less visible layer: the ability to maintain dependable network identity. A tax authority that cannot keep its portal reachable loses revenue and legitimacy. A customs system that cannot clear declarations delays trade. A hospital network that cannot maintain secure connectivity weakens clinical operations. A court platform that cannot exchange documents reliably slows justice. A benefits system that cannot process online claims turns administrative risk into household risk.

Public IPv4 addresses are not the only way these services work, but they remain deeply embedded. Even where an agency uses cloud services, public endpoints are still bound to addresses, DNS, certificates, routing and security controls. Even where a private network carries sensitive traffic, public gateways, VPN concentrators, monitoring systems and partner APIs may rely on routable IPv4. Even where IPv6 is deployed, dual-stack reality means IPv4 remains part of the operational baseline for many citizens, devices and counterparties.

The economics of address dependency resembles the economics of old but essential infrastructure. A bridge built decades ago may not be glamorous, but if it carries ambulances and freight, its maintenance is part of public capacity. An IPv4 block acquired long ago may look like a legacy artifact, but if it anchors a hospital network, a police records exchange or a procurement portal, it is a continuity asset. Its value lies not only in market price but in avoided disruption. The cost of losing confidence in it includes procurement delay, user confusion, partner reconfiguration, cybersecurity review, emergency communications failures and political accountability.

Renumbering illustrates the point. Engineers can describe renumbering as a technical process; public administrators experience it as a coordination project. Every firewall, DNS entry, vendor integration, monitoring dashboard, partner allowlist, certificate process, log-retention rule and citizen-facing message must be checked. Some dependencies are undocumented. Some counterparties respond slowly. Some systems are operated by contractors whose contracts do not include emergency renumbering. Some public services have statutory deadlines that cannot move. A registry-layer disruption can therefore translate into weeks or months of administrative work.

The public sector also has less tolerance for selective disruption. A private platform may decide to degrade service for a subset of customers during migration. A government cannot easily tell taxpayers in one region, patients in one hospital or importers at one port that their service is temporarily lower priority because a number-resource dispute is being resolved. The distributional politics of public service make continuity more than an engineering preference. It is part of the state's obligation to treat citizens and firms predictably.

That obligation extends to state-owned infrastructure. Electricity companies, ports, rail operators, water utilities and public telecoms carriers increasingly run digital interfaces for billing, control, service restoration, customer notices and emergency coordination. Some are legally separate from government. Some operate as commercial companies. But their failure is politically public when citizens lose access to service, when ports cannot clear cargo, or when emergency communications are degraded. Address dependency often passes through these corporate forms before appearing as a public problem.

This is why the registry layer should be included in national digital-infrastructure inventories. Not as a trophy, and not as an invitation to politicize number resources. It should be included because public IPv4 reachability is an input to service delivery. Inputs need owners, risk registers, contracts, fallback plans and periodic audits. If the state depends on the registry record, it should at least know how that dependency is structured.

RDAP, reverse DNS, IRR and RPKI as public-service evidence

The public debate around regional internet registries often focuses on allocation and ownership. Public-sector operations also depend on the less dramatic services that surround an allocation. RDAP and Whois provide registration and contact data. Reverse DNS links addresses back to names. RPKI lets holders publish Route Origin Authorizations that help networks validate whether an ASN is authorized to originate a prefix. IRR databases can hold routing-policy objects used by operators. These services are not all equal in technical force, but each can become important evidence during a failure, audit or security event.

Consider RDAP and Whois first. When a public-sector address is involved in an incident, external responders look for a responsible party. If the contact points are obsolete, the issue may escalate slowly or to the wrong institution. If the address appears registered to a contractor rather than the public agency, accountability may be confused. If the record is disputed, foreign banks, cybersecurity vendors, airlines, development-finance partners or peer governments may hesitate before treating the traffic as legitimate. Contactability is part of trust.

Reverse DNS is similarly mundane until it fails. Many security systems, mail systems and operational logs use reverse mappings as signals. A customs gateway with broken or misleading reverse DNS may not go offline, but it can accumulate friction. Email from public agencies may face deliverability problems. Logs may become harder to interpret. Incident responders may lose an easy path from address to service owner. Public agencies often treat reverse DNS as a minor technical setting; in practice it is part of institutional naming.

RPKI is more consequential for reachability. A valid ROA can help protect against route hijacks and mis-originations, while a missing or wrong ROA can cause routes to be rejected by networks that perform route-origin validation. For a public agency, RPKI management must be tied to change control. If a state-owned telecom announces a ministry's prefix, the authorization must match. If the agency changes providers, route-origin authorization must change safely. If registry access is delayed or disputed, a routing-security measure can become a continuity hazard.

IRR records occupy a more uneven but still relevant position. Some networks rely heavily on registry-quality data, some use route objects as one input among many, and some rely on local arrangements. Public agencies should not assume that an IRR object alone proves reachability. They should assume that counterparties may use it as evidence when building filters, resolving incidents or checking whether a route looks expected. In a crisis, every coherent piece of evidence reduces friction; every stale piece increases it.

These functions are why the record layer must be protected from both corruption and overreach. A careless or compromised record can publish bad evidence. An overreaching institution can threaten to remove or contaminate evidence as leverage in a dispute. A resilient public-sector design would preserve verified RDAP, Whois, reverse-DNS, IRR and RPKI state during litigation, insolvency or governance conflict unless an independent decision specifically requires alteration. The default should be continuity of running public services, not administrative self-help.

AFRINIC's own service catalogue acknowledges the relevance of these functions. It lists Whois, RDAP, reverse DNS, DNSSEC, IRR and RPKI among its work. Official registry material may not settle the policy debate, but it does identify the operational surface. The public sector should treat that surface as part of its digital estate. If a ministry would not deploy a hospital system without backup power, it should not deploy it without knowing who can maintain the route and registration evidence that keeps it reachable and attributable.

The fiscal cost of vague address control

Registry uncertainty has a fiscal cost even when no public service goes down. Procurement markets price risk. A vendor bidding to operate a national portal will ask who controls the public addresses, whether the address space is portable, whether reverse DNS and RPKI changes can be made on schedule, and whether the registry relationship is clean. If the answers are vague, the vendor may add contingency, limit liability, demand change-order rights or push the agency toward the vendor's own address space, deepening lock-in.

Cloud procurement does not remove the issue. A government can use hyperscale platforms and still need stable public endpoints, allowlists, mail infrastructure, VPN gateways, public DNS, payment integrations and partner APIs. Moving into a cloud provider's address space may reduce direct registry exposure, but it also makes the public service dependent on the provider's network identity and acceptable-use decisions. Keeping government-controlled addresses may preserve portability, but only if the registration and routing evidence are maintained properly. Either way, the address layer remains part of contract economics.

State-owned utilities face a similar problem. Electricity, water, rail, ports and telecoms operators often run both public and operational networks. Some inherited large or fragmented address holdings. Some serve ministries and emergency services. If their registry status is uncertain, public risk moves through corporate form. A utility may be legally separate from the state, but its service failure is politically public. The same applies to education networks, municipal broadband projects, public hospitals and national research infrastructure.

The hidden fiscal cost also appears in insurance and audit. Cyber insurers, development banks and public auditors increasingly ask for evidence of asset control, incident response, third-party dependency and continuity planning. Address records are not yet always in their checklists. They should be. A public agency that cannot show who controls its address space, how route authorization is managed, how registry account access is protected and how disputes would be handled is carrying an unpriced risk. The cost may emerge later as a premium, audit finding or emergency appropriation.

The cost is compounded by public procurement's slow calendar. Major systems are tendered years before they reach steady operation. Address plans are frozen in design documents, network diagrams and security accreditations. A contractor that discovers registry uncertainty after award may have little incentive to solve it cheaply; a ministry that discovers it during acceptance testing may have little ability to retender. Public-sector bargaining power is strongest before signature and weakest when a statutory launch date is near. That is why address dependency belongs in tender documents, not in the post-incident lessons-learned file.

There is also a political-economy asymmetry. The benefits of ignoring registry risk are immediate and private to the project team: fewer questions, faster tendering and a cleaner launch narrative. The costs of registry failure are delayed and public: emergency spending, citizen inconvenience, parliamentary questions, lost tax receipts, delayed health services or customs backlog. When benefits and costs are separated in time and ownership, underinvestment in resilience is predictable. Public administration should describe it as a fixable design flaw.

The practical audit should be mundane. A government should know which public services depend on which prefixes, who is registered as holder, whether contacts are current, which nameservers serve reverse zones, which ASNs originate routes, which ROAs exist, which IRR records counterparties use, which fees or agreements must be maintained, which vendor contracts touch the resources, and who can act in an emergency. This is not a call for panic. It is a call to move the registry layer from the footnotes of network diagrams into the main risk register.

A continuity architecture for ministries and utilities

A public-sector continuity architecture for address dependency begins by separating the record from the institution operating it. The record must be accurate, versioned, auditable and recoverable. The institution operating the record should be accountable, but it should not be the only place where public-service continuity can be understood. Governments do this elsewhere. They keep copies of land records, vital records, procurement contracts and emergency plans. They should apply the same discipline to public numbering dependencies.

The first element is inventory. Every ministry, agency, state-owned utility, hospital network, court system, education network and public digital platform should map the prefixes it uses. The map should identify whether the space is provider-assigned, provider-independent, leased, transferred, legacy, held through a local internet registry or embedded in a cloud service. It should connect each prefix to public services, vendors, ASNs, DNS zones, reverse zones, RPKI authorizations and incident contacts. Without inventory, continuity planning becomes guesswork.

The second element is authority. The state should know who can update registry records, approve reverse-DNS changes, issue or revoke ROAs, modify route objects and respond to RDAP or Whois inquiries. It should require dual control and succession for those functions. If a single contractor employee or retired administrator holds practical control, the risk is not theoretical. Public-sector identity management should extend to registry portals and routing-security tools.

The third element is contractual clarity. Connectivity and hosting contracts should specify registry responsibilities. They should require current contacts, timely change support, notice of disputes, preservation of RPKI and reverse-DNS state during transition, cooperation in renumbering, and evidence of fees or membership standing where relevant. Contracts should also prohibit providers from using registry access as leverage in unrelated commercial disputes involving public services. Public continuity should be isolated from private bargaining where possible.

The fourth element is non-destructive dispute handling. If a registry, provider, lessor or agency disputes the status of a resource, the default should be preservation of the last verified operational state while evidence is assessed. Conflicting transfers can be frozen; disputed records can be flagged; severe remedies can await independent adjudication. This is not a demand that bad actors keep benefits indefinitely. It is recognition that public services should not be made collateral damage in a fight about administrative authority.

The fifth element is failover for publication and security services. RDAP and Whois data, reverse-DNS delegations, IRR records and RPKI materials require tested continuity plans. RPKI in particular cannot be treated as a file backup. Key custody, repositories, manifests, revocations, trust anchors and relying-party behaviour require careful design. If a regional registry were to face technical or legal inability to publish reliably, public agencies should know how their route-origin evidence would be preserved or migrated under a recognized process.

The sixth element is periodic rehearsal. A plan that exists only as a paragraph in a disaster-recovery policy will not survive a real registry event. Agencies should test contact changes, reverse-DNS updates, ROA replacement, provider migration and incident escalation under controlled conditions. They should discover in rehearsal whether the registry account belongs to a defunct project office, whether the provider can obtain approvals outside business hours, whether legal counsel understands the resource agreement, and whether the security operations centre can distinguish a routing incident from an application outage.

Finally, continuity architecture requires governance escalation. Public agencies should establish standing contacts with national network operators, computer emergency response teams, public procurement authorities and, where appropriate, AFRINIC account channels. The goal is not political control. It is operational readiness. When a filing deadline, hospital incident or emergency-service event coincides with registry uncertainty, the state should not be discovering its address dependency for the first time.

What a defensible registry bargain should look like

AFRINIC can still be understood as an institution worth preserving, but not because any registry deserves immunity from accountability. It is worth preserving if it can perform the narrow, critical functions on which the region's networks and public services depend: uniqueness, accurate registration, reliable publication, fair procedures, secure routing support, transparent membership governance and proportionate dispute handling. Those functions are valuable precisely because they are boring. The more dramatic the institutional claim becomes, the less confidence it inspires in risk managers.

The bargain AFRINIC should offer the public sector is practical. It should make clear that public-service continuity is a first-order concern in disputes. It should distinguish between record correction and punitive enforcement. It should publish enough operational assurance around RDAP, Whois, reverse DNS, IRR and RPKI to let major public agencies and operators assess dependency. It should support member elections and governance reform without pretending that a service region creates a single political mandate. It should welcome independent audit of continuity functions because trust in the record is the product.

Governments, in turn, should resist the temptation to turn registry weakness into a claim for political command. Public-sector dependency does not prove that ministries should control AFRINIC's database. It proves that the state must understand the dependencies supporting its services, require proper contractual protections from operators and vendors, and support institutional designs that keep the record layer neutral, portable, auditable and resilient. The public interest is not served by replacing one gatekeeper with another.

The address-theft allegations showed the damage caused when record integrity is weak. The Cloud Innovation dispute showed how enforcement can become existential when scarce resources are embedded in business and customer continuity. Receivership and election discontinuity showed that even a technical registry can become a procurement and confidence issue. The 2025 and 2026 governance record showed that recovery is possible but fragile. Together, these episodes make a single point: registry continuity is not an abstract preference. It is part of public-service resilience.

The same principle should guide any emergency intervention. If another regional registry, ICANN, a court-appointed officer or a successor entity ever had to preserve AFRINIC functions, the goal should not be to win a governance argument. The goal should be to keep records coherent, services available, changes controlled and live public networks protected. The record layer should be capable of surviving institutional stress precisely because its users, including governments, cannot pause their services while internet-governance actors settle authority.

A defensible bargain therefore has two sides. Registries should not be reduced to passive filing cabinets incapable of correcting fraud. Public agencies should not treat registries as invisible utilities with no governance risk. The middle ground is more demanding and less theatrical: narrow authority, strong audit trails, appealable decisions, non-destructive dispute handling, service continuity for critical public functions and transparency about operational dependencies. That bargain is less exciting than crisis rhetoric. It is much more useful to ministries, hospitals, courts and utilities.

Back to the deadline room

The opening continuity room should add one more column to its risk board. Next to cloud, cyber, payments, staffing and disaster recovery, it should list the registry layer. Under that heading should sit the public IPv4 blocks, the registered holder, RDAP contacts, reverse-DNS authority, RPKI state, route origins, vendor obligations, dispute history and failover plan. The column will look technical. It is not merely technical. It is the chain of custody for reachability.

Once that column exists, the conversation changes. The tax authority can ask whether the filing portal's addresses are held directly, through a provider or through a legacy entity. Customs can ask whether a provider migration would require new ROAs before the statutory go-live date. A hospital network can ask whether regional clinics rely on reverse-DNS records managed by a contractor that is no longer in scope. A court system can ask whether law-firm and police integrations contain hard-coded allowlists. A benefits agency can ask whether its payment partners know who to contact if a route is filtered. A state-owned utility can ask whether public-facing service restoration tools depend on a registry account controlled by a business unit that no longer exists.

These questions are not glamorous. They do not produce the sort of announcement that accompanies a new portal or data centre. But they are the questions that separate a service with a website from a service with institutional resilience. A public portal is not just code. It is a chain of dependencies running through addresses, names, routes, contracts, people and procedures. When any part of that chain is undocumented, the state is borrowing continuity from luck.

AFRINIC's recent history does not mean that every African public service is about to fail, nor that every agency should panic about its prefixes. It means the public sector has been given an unusually clear view of a dependency that was always present. A registry can face litigation and still publish records. A board can be disputed while tickets are answered. A receiver can preserve status quo while technical services continue. The risk is not always immediate outage. Often it is the accumulation of uncertainty until the next migration, incident, audit, procurement challenge or statutory deadline exposes the missing authority.

If there is a constructive lesson, it is that the public sector should stop treating the address book as an invisible convenience. The address book does not own the houses, command the streets or run the services. But when the houses are tax portals, customs gateways, hospitals, courts, benefit systems, emergency communications and state utilities, the address book must be dependable. Public-sector address dependency is the economics of that dependence: a state can control the service and still rely on a registry it does not control.

The deadline room does not need an abstract theory. It needs a list of prefixes, current contacts, reliable reverse DNS, valid routing evidence, contractual obligations, escalation paths and tested fallback. It needs to know which records can be changed, by whom, under what authority and how quickly. It needs to know whether a dispute at the registry or provider layer would preserve the last verified operational state or turn the public service into leverage. Above all, it needs to make the dependency legible before a routine deadline becomes a public-service emergency. The sustainable answer is not denial, capture or myth. It is continuity by design.