A hosting company in Lagos, Nairobi or Johannesburg can build the network correctly and still inherit a risk it cannot engineer away. Its routers may be stable. Its upstreams may be diverse. Its contracts may include service credits, abuse clauses, notice periods and remedies. Its engineers may publish route-origin authorisations, maintain reverse DNS, keep contact data current and monitor route leaks. Yet the business can still be forced to answer a question that sits above all of those controls: what happens if the registry entry beneath the address block becomes contested, frozen, reclassified, delayed, or caught inside a court-supervised fight over who is entitled to speak for the registry?
That question is no longer hypothetical in the AFRINIC region. A buyer of IPv4 addresses has to ask whether settlement can close without a future challenge. A lessor has to ask whether commercial delegation will be treated as ordinary network use, a policy violation, or evidence in a wider struggle over the registry's mandate. A bank financing a data-centre expansion has to ask whether the address inventory supporting the customer base can be valued without a governance discount. A cloud customer has to ask whether its provider's IP layer is exposed not only to hijacks and outages, but also to member-status disputes, litigation, election uncertainty, receivership instructions, and claims about whether an address resource is a tradable input or only an administrative entitlement.
This is registry-layer risk. It is the premium created when the recordkeeper for numbering resources becomes an additional uncertainty layer above routing, customer contracts, IPv4 valuation, transfer settlement, leasing responsibility, bank and court confidence, public authority and member trust. The registry does not forward packets in the ordinary sense. It does not run a customer's application. But it records who is recognised as the holder of a block, who may ask for changes, whether reverse DNS can be delegated, what public contact data can be relied upon, how RPKI material is published, whether a transfer is accepted, whether a dispute contaminates a resource, and whether a member is in good standing. When those decisions are predictable, the registry is almost invisible. When they are contested, every counterparty prices them.
The premium is therefore not a metaphor. It is a practical cost that appears whenever registry finality has to be investigated instead of assumed.
AFRINIC is the clearest modern test case because its crisis touched nearly every component of that premium. It had a reported history of corruption allegations around address records. It became the scene of a high-value enforcement fight over IPv4 use and commercialisation. Its bank accounts were frozen in a dispute with Cloud Innovation. Its board failed, its chief executive position could not be normalised, and a court-appointed receiver was asked to preserve continuity and arrange elections. A June 2025 board vote was suspended and annulled after allegations involving powers of attorney and voter authority. A later board election created a path back to corporate governance, but not a full exit from litigation. By 2026, AFRINIC was simultaneously describing a return to budgeting and strategy and warning that litigation and procedural challenges still threatened to paralyse it. ICANN intervened in a winding-up context to argue that numbering resources should not be treated as corporate assets available for distribution.
The market does not need to decide every disputed fact in that history in order to price the risk. It only needs to observe that the registry process itself has become economically material. A narrow ledger utility is supposed to reduce transaction costs by making resource status boring, verifiable and durable. AFRINIC's crisis shows what happens when the ledger is also treated as gatekeeper, development instrument, regional-control device, enforcement forum, corporate prize, litigation target and symbol of continental authority. The record does not lose all value. It loses finality. That is enough to change prices, contracts and trust.
The crucial distinction is between protecting the registry function and protecting every authority claim made by the incumbent institution. The function matters because Africa and the Indian Ocean region need a reliable numbering ledger, public registration data, reverse DNS, RDAP, WHOIS, IRR and RPKI continuity. The incumbent organisation matters only to the extent that it can perform those functions with accuracy, restraint and accountability. If the institution becomes fragile, the ledger needs a continuity firewall. If the institution becomes too discretionary, the ledger needs a mandate firewall. AFRINIC's crisis demonstrates that both firewalls are missing, incomplete, or too dependent on improvisation.
The premium above the routing table
Network operators are trained to separate technical risk from commercial risk. A route leak, a fibre cut, a DDoS event and a failed upstream can be modelled through redundancy and response. A bad customer contract can be modelled through liability caps, payment terms and termination rights. Registry-layer risk is harder because it is both technical and institutional. It sits in the layer that tells everyone else whether a given organisation is recognised as the authoritative holder of a resource. It is not the route itself. It is the recognition that makes routing, customer service, transfer settlement and security publication legible to the rest of the internet.
The same prefix can carry different economic risk depending on the registry process around it. If a block is cleanly registered, transferable under known rules, supported by stable reverse DNS and RPKI services, and free from unresolved disputes, it can support customer contracts and financing with relatively little special explanation. If the same block is held under a disputed agreement, subject to unclear leasing treatment, exposed to policy reinterpretation, or tied to litigation over the registry's authority, counterparties ask for more. They ask for indemnities. They ask for price discounts. They ask for escrow, representations, legal opinions, carve-outs and termination rights. They may still transact, but the transaction becomes heavier.
That heaviness is the premium. It appears in diligence hours, legal budgets, opportunity cost, delayed customer onboarding, cautious banks, reluctant insurers, conservative auditors and lower liquidity. A resource holder may experience it as a transfer that takes longer than expected. A cloud customer may experience it as a clause saying the provider is not liable for registry action. A lender may experience it as a haircut against the address-supported revenue stream. A court may experience it as an emergency request that mixes corporate law, contract interpretation and the continuity of a regional internet coordination function.
AFRINIC matters because the premium is not limited to one transaction. Once the registry itself becomes a source of uncertainty, everyone with AFRINIC-administered resources has to decide how much of the same premium applies to them. A small ISP that has never met Cloud Innovation may still wonder whether severe registry remedies could disturb customer continuity. A buyer with no role in AFRINIC politics may still wonder whether a transfer could be slowed by litigation, governance change or policy ambiguity. A bank with no interest in internet governance may still wonder whether address inventory can be treated as reliable support for revenue. Risk spreads through analogy.
The spread is especially powerful because IPv4 is scarce. Scarcity turns registry process into a value-bearing control point. A mistake in an abundant system may be inconvenient; a mistake in a scarce system may destroy capital value or recurring revenue. When a registry decision can affect millions of dollars of address inventory, the registry's own governance is no longer background association politics. It becomes part of the price of using the resource.
This is why the AFRINIC crisis cannot be analysed only through official statements by RIRs, ICANN, the NRO or AFRINIC itself. Those statements are useful evidence for dates, roles and institutional claims, but they are not enough as the framing. The stronger frame is institutional economics: what happens when a private, member-based, regionally mandated recordkeeper administers scarce identifiers that have become inputs into commercial infrastructure? What happens when the recordkeeper has broad discretion but limited balance-sheet capacity? What happens when legal remedies against the registry threaten the registry's ability to operate? What happens when control of the board becomes economically valuable because the board can influence litigation, transfer policy, bylaw design and the treatment of commercial address use?
Public reform arguments from outside the official RIR consensus, including RIR Watchdog-style criticism, Number Resource Society advocacy, LARUS-linked commentary and Cloud Innovation's own public campaign, often press on this same pressure point even when their interests differ. They challenge the assumption that continuity is identical to deference to the incumbent registry. That challenge should not be accepted uncritically; commercial actors also have incentives. But it should not be dismissed as mere anti-registry noise. In a scarce-address world, the legitimacy of the registry depends on the ability to protect the function without converting the function into a shield for unreviewable institutional power.
A registry is a settlement utility before it is a community symbol
An internet number registry is often described in technical or community language. The economic description is more useful here. A registry is a settlement utility for unique network identifiers. It does not create the value of a hosting business, a carrier network, an enterprise service or a cloud platform. It records the resource claims on which those businesses rely. It lowers search costs by telling the industry which organisation is associated with which block. It lowers contracting costs by allowing a buyer, lender, lessor, customer, law firm or security team to rely on a recognised public record rather than reconstructing every historical allocation. It lowers operational risk by maintaining update channels, contact data, reverse delegation and routing-security publication services.
That settlement function is valuable because it is narrow. A land registry becomes dangerous if it starts judging whether a warehouse owner runs the socially preferred kind of business. A securities depository becomes dangerous if it can freeze settlement because it dislikes a shareholder's commercial strategy. A payments utility becomes dangerous if it can reinterpret cleared balances according to a broad social mandate after counterparties have relied on them. Number registries are not identical to land registries, securities depositories or payment systems, and IP addresses are not ordinary freehold land or simple securities. But the same institutional lesson applies. The more valuable the recorded position, the more the recordkeeper must separate integrity from discretion.
AFRINIC's public functional description is broad enough to show the stakes. It is a Mauritian nonprofit and member-based organisation serving Africa and part of the Indian Ocean. It distributes and manages IPv4 addresses, IPv6 prefixes and autonomous system numbers. It runs member services, WHOIS and RDAP, reverse DNS, an internet routing registry, DNSSEC-related work and resource certification through RPKI. It operates within the global system of five regional registries, with number resources coming through IANA functions performed by Public Technical Identifiers. These are facts about function. They do not settle the question of how much discretion the institution should hold over commercial reliance once scarcity has made the records valuable.
The settlement layer becomes economically sensitive because it sits above assets whose value is produced elsewhere. The value of an IPv4 block is produced by scarcity, network compatibility, customer demand, reputation, clean routing history, technical deployment and contractual use. Registry records make that value transferable and defensible. A block that is routed but poorly documented can work for a time, but it carries a diligence penalty. A block that is cleanly registered, transferable and supported by stable publication services commands greater confidence. Registry process is not administrative trivia. It changes the discount rate applied to the same string of numbers.
This is why AFRINIC's story should not be reduced to a fight between a registry and one member, or between defenders of Africa and commercial address holders. Those are political frames around a deeper institutional problem. A settlement utility with scarce-resource consequences must be reliable even when major members are disliked, when policy debates are heated, when courts are involved, and when historical records contain defects. Its purpose is not to ensure that every actor shares the same view of address economics. Its purpose is to keep uniqueness, registration accuracy and lawful change authority dependable enough that other markets can function.
AFRINIC's crisis shows what happens when that purpose blurs. A transfer is no longer just a transfer; it becomes a test of regional philosophy. A membership credential is no longer just evidence of who may vote; it becomes a possible path to board control. A court order is no longer just a remedy between parties; it becomes a signal about whether registry continuity is protected. A policy change is no longer just a rule; it becomes a capital-control instrument if it limits the mobility of valuable resources. A public statement is no longer just communication; it becomes a market-moving claim about what the court, registry or board has recognised.
The remedy starts with seeing the registry as a narrow settlement utility first. It may support development, training, community participation and policy discussion. Those functions may be useful, and in a developing-region context they can have real practical value. But they should not launder broad economic control into what ought to be a ledger. The scarcer IPv4 becomes, the more this distinction matters. A broad gatekeeper can create the instability it claims to prevent. A narrow ledger can preserve continuity while leaving commercial, contractual and legal disputes to institutions better suited to them.
How AFRINIC's crisis became a market signal
The AFRINIC crisis has many legal and factual branches. Its economic sequence is simpler. First, IPv4 scarcity increased the market value of address records. Second, historical allocation and record weaknesses made the integrity of those records more important. Third, AFRINIC tried to assert enforcement authority over a large holder in a way that the holder treated as existential. Fourth, litigation escalated from a resource dispute into institutional paralysis. Fifth, receivership preserved the organisation but did not settle the scope of registry power. Sixth, elections intended to restore corporate legitimacy became another confidence event. Seventh, later board restoration reduced one kind of risk while leaving litigation, bylaws, member authority and resource mobility unresolved.
That sequence made AFRINIC a signal to the rest of the RIR system. It showed that a registry can fail without the internet immediately going dark. It also showed that absence of immediate outage is not evidence of low cost. The damage appears as legal expense, delayed service restoration, scepticism about transfers, member anxiety, contested elections, external interventions, possible emergency-registry planning and caution in contracts involving AFRINIC-administered resources. The visible network can keep running while the institutional premium rises.
The reported history of corruption allegations created the first confidence wound. In 2019, KrebsOnSecurity reported on claims by researcher Ron Guilmette that dormant or defunct African address space had been commandeered and sold through companies linked to a former AFRINIC policy coordinator, Ernest Byaruhanga, who resigned. AFRINIC's then chief executive said the organisation was aware of the allegations and conducting an investigation. The reported estimated value of the affected address space exceeded $50 million. For an economic analysis, the purpose is not to adjudicate every allegation. It is to note what the scandal revealed: registry records, shell entities, historical succession and change authority had become valuable enough to invite fraud and organised exploitation.
A registry emerging from such a scandal naturally wants to prove that it can audit, correct and enforce. That instinct is understandable. A ledger that cannot correct fraudulent or defective entries is not trustworthy. But a post-scandal registry faces a trap. The same power needed to repair bad records can frighten legitimate holders if it is expressed as broad discretion. Fraud correction, contractual review, policy interpretation, commercial-use policing and regional-resource politics must be separated. If they are merged, members cannot know whether a review is a ledger-integrity measure or an effort to regain institutional control over valuable assets.
The Cloud Innovation dispute exposed that ambiguity. Public analyses describe AFRINIC's June 2020 and March 2021 concerns as involving discrepancies between the purposes and geography described when resources were obtained and the actual use of millions of IPv4 addresses, including use through leasing and out-of-region customers. Cloud Innovation disputed AFRINIC's interpretation and treated the threatened termination of its Registration Service Agreement and potential resource reclamation as a business-destroying action. AFRINIC treated the matter as enforcement of policy and contract. Courts then became the battlefield.
By July 2021, the dispute had reached a level that no settlement utility should regard as normal. AFRINIC's bank accounts were provisionally frozen up to $50 million in connection with Cloud Innovation's damages claims. The precise legal merits are for the courts. The economic lesson was already visible. A decision about whether a registry could terminate a member or reclaim address resources had become capable of threatening the registry's own operating funds. The recordkeeper's enforcement action produced a countermeasure that endangered the recordkeeper's continuity. That is a design failure whether one blames the registry, the litigant, the remedy, or all three.
The effects spread from the parties to the institution. AFRINIC operated without a board for years. It could not normalise its chief executive position or perform all functions under ordinary governance. The organisation's role as a regional utility was preserved by staff and later by court intervention, but the political economy changed. Board control became more valuable because the board could shape litigation posture, bylaw reform, transfer policy, enforcement priorities, external cooperation and the future of scarce-resource mobility. Once control over the registry has that economic weight, an election is not merely an association ritual. It is a control event.
That is why the June 2025 election controversy mattered. The receiver appointed a nomination committee with senior foreign legal expertise and an election services provider, signalling how expensive legitimacy had become. ICANN raised concerns about the nomination process and a corporate-registration issue in which Cloud Innovation had appeared as a registered member in Mauritian filings, a classification later described as erroneous and attributed to the Registrar of Companies rather than to AFRINIC or the receiver. The Supreme Court allowed the election to proceed while requiring clarification. Days later, voting was suspended and then annulled after allegations involving powers of attorney and voter documentation.
The reported details are institutionally corrosive even if later proceedings narrow them. ISPA South Africa said representatives of resource holders found that votes had already been cast on their behalf through powers of attorney they said they had not granted. AFStar alleged fraudulent powers of attorney. ICANN asked the receiver for explanations and warned that inadequate answers could lead to a compliance review and emergency registry arrangements. The receiver annulled the election and sought a limited extension to organise new elections. A process meant to end limbo reproduced limbo.
AFRINIC later elected a board in September 2025. That mattered. A registry needs corporate organs, budgets, management appointments and the ability to act. By February 2026, AFRINIC representatives were publicly describing a return to budgeting and strategy, including interim management appointments and planning for 2027-2030. Yet the same period brought further litigation narratives. AFRINIC accused Cloud Innovation, Larus and associated campaigns of creating a web of litigation and procedural roadblocks. ICANN was allowed to intervene in a winding-up application to explain that numbering resources are not assets of AFRINIC for distribution in liquidation. That combination is the market signal: corporate revival does not automatically erase registry-layer risk.
Scarcity turned registry process into capital control
AFRINIC's registry-layer risk cannot be understood without IPv4 scarcity. In an abundant regime, registry decisions still matter, but errors can often be cured through fresh allocations, gradual renumbering or practical workarounds. In a scarce regime, the same decision can shift millions of dollars of value. IPv4 addresses have become inputs in hosting, cloud services, security reputation, customer acquisition, leasing, transfers and balance-sheet planning. They are not ordinary property in the registry-law sense, but they plainly support economic reliance.
AFRINIC's position was unusual because it reached scarcity later than other RIRs. Global IPv4 depletion in 2011 gave each RIR a final /8 of around 16.8 million addresses. APNIC, RIPE NCC, LACNIC and ARIN had already exhausted or heavily restricted their free pools before AFRINIC reached later soft-landing phases. AFRINIC entered Phase 1 of its soft-landing process in March 2017 and Phase 2 in January 2020. Its exhaustion materials describe a regime of small maximum allocations, need justification, compliance checks and limits intended to conserve the remaining pool while IPv6 adoption proceeds.
Conservation policy is understandable. The danger is that scarcity gives every registry rule an asset-price effect. A rule limiting transfer size, transfer geography, eligibility, leasing recognition, member standing or demonstrated need is not just governance. It changes liquidity. A resource that can move across markets under predictable conditions has one value. A resource trapped inside a contested regional framework has another. A block that can support leased customers under clean registry recognition has one risk profile. A block whose use may later be judged inconsistent with an original application has another.
This is why the phrase "capital control" fits parts of the AFRINIC debate. A state uses capital controls to restrict the movement of financial assets across borders or out of a monetary system. A registry can create a functional analogue when it uses regional-policy language to restrict the mobility of scarce address resources. The analogy is imperfect; IP resources are unique identifiers, not currency deposits. But the economic effect can be similar. Mobility limits protect one policy objective while imposing a liquidity discount on holders and counterparties.
Regional protection arguments are strongest when they prevent fraud, hoarding, speculative extraction or depletion of a pool intended for networks in the region. They are weakest when they pretend that a finite residue of IPv4 can determine Africa's long-term connectivity or when they treat commercial use as illegitimate merely because the registry dislikes the pricing. Africa's internet growth will depend on a mix of IPv6 deployment, imported IPv4, efficient reuse, market transfers, local infrastructure, competition, interconnection and customer demand. Treating the remaining AFRINIC pool as a development treasury risks overstating what the ledger can deliver.
Scarcity also changes legal incentives. If a /16 can be worth millions of dollars and a large portfolio can support substantial recurring leasing revenue, every severe registry action invites litigation. If a registry asserts that it can terminate membership, freeze resources or require re-justification after commercial reliance has formed, it should expect high-value legal resistance. If a holder can use litigation to immobilise the registry, the registry's continuity architecture is weak. Scarcity raises the stakes for both sides and exposes whether the governance model was built for an abundant administrative era rather than a scarce market era.
The address market is not an embarrassment to be explained away. It is part of the operating environment. IPv4 addresses are bought, sold, leased, financed and embedded in customer services even while registry doctrine often insists that they are not property in the ordinary sense. This gap between legal vocabulary and market behaviour is one of the sources of registry-layer risk. A registry can deny ownership language, but it cannot deny reliance. Courts, banks, customers and operators will still ask what happens to value when registry recognition changes.
AFRINIC's historical position made the tension sharper. Its region had a relatively small share of global IPv4 but retained a visible free pool later than others. Administrative allocation fees were far below market value. That invited arbitrage. Cloud Innovation, registered in the Seychelles, received millions of AFRINIC IPv4 addresses and built a leasing-related business through associated arrangements. AFRINIC later alleged that the use did not match the justified need and regional expectations. Cloud Innovation disputed the interpretation and treated the registry's threatened remedy as existential. Both positions reflect the same market fact: the resources had become valuable enough to fight over.
The registry cannot wish this market away. If it refuses to recognise leasing realities, leasing becomes less visible, not less real. Customers still use addresses. Holders still delegate operational control. Contracts still allocate responsibility. Abuse still occurs. The difference is that the registry has less structured information about who is using what, under which authority, and with which accountability. A ledger utility should prefer legible delegation to shadow delegation.
At the same time, leasing cannot become a way to evade responsibility. If a holder leases addresses to customers who abuse them, misroute them, create reputation harm or violate clear rules, the holder must remain accountable for registry-facing obligations. The registry needs a way to know the responsible holder, not necessarily every customer detail. The holder needs to know what information is required and what is not. Customers need continuity protections. The market needs clarity on whether leasing affects transferability, RPKI publication, reverse DNS, contact data and abuse reporting.
AFRINIC's policy challenge is to convert an adversarial question into an administrative one. Rather than asking whether IPv4 leasing is ideologically acceptable, the registry should ask what facts are necessary to preserve uniqueness, contactability, abuse responsibility, dispute isolation and lawful change. Does the holder remain the responsible party? Are sub-delegations documented? Is abuse-contact data accurate? Are RPKI authorisations under a controlled process? Are reverse delegations handled transparently? Are customer contracts clear about registry action and transition risk? These are registry questions. Whether the leasing price is attractive is not.
Transfer settlement needs the same discipline. A transfer should be evaluated through objective criteria: identity of transferor and transferee, authority documents, absence or disclosure of disputes, compliance with clear prospective policy, payment and fee status where relevant, preservation of security objects, and public record update. The registry should not use transfers as a forum for broad economic approval. If a policy restricts inter-RIR movement, it should state clearly whether it applies to existing resources, future resources, disputed resources or fraud-correction cases. Retroactive ambiguity is a litigation machine.
Asset valuation depends on these details. A buyer discounts an AFRINIC-administered block if the transfer path is unclear. A lender discounts it if registry discretion can impair customer revenue without predictable review. A lessor discounts it if customer continuity depends on contested policy. An operator discounts it if RPKI or reverse DNS can be disrupted by member-status fights. Scarcity creates value; registry uncertainty subtracts from it. The result is not an abstract governance concern, but a lower or more volatile economic value for resources administered through the troubled process.
The bank and court confidence layer is also real. When AFRINIC's accounts were frozen in 2021, the message to counterparties was not only that a lawsuit existed. It was that a registry's own operating capacity could be pulled into a member dispute. When ICANN later intervened in a winding-up context, the message was that courts might be asked to decide what a regional registry's corporate insolvency means for numbering resources. Banks, auditors, insurers and commercial counterparties notice when a settlement utility's legal container is that exposed.
The answer is not to declare IPv4 private property in the broadest sense or to deny all market use. It is to build a responsibility framework. Holders can commercialise use within clear obligations. The registry records responsible parties and preserves security and contact accuracy. Transfers settle through objective criteria. Disputes are flagged without unnecessary service disruption. Fraud is corrected with evidence. Customers receive continuity windows. Courts have a clear map of what is and is not an asset of the corporation. A market can function under those constraints. It cannot function well under rhetorical uncertainty.
The mandate firewall
AFRINIC's crisis exposes how institutional mandates expand through attractive language. A registry begins with the narrow task of maintaining uniqueness, registration accuracy and orderly distribution. It then speaks of development, community, regional self-governance, stewardship, scarcity, abuse prevention and stability. Each word has legitimate content. Together they can also launder a narrow administrative mandate into broad control over economic behaviour.
This is not unique to AFRINIC. All registries face the temptation. When an institution controls a critical record, it can confuse the importance of the record with the breadth of its own judgment. Because the ledger is necessary, the gatekeeper concludes that its opinions about proper use, business models, regional destiny or market morality are also necessary. The result is a mandate ratchet: every crisis justifies more discretion, and every act of discretion creates more reason for counterparties to fear the registry.
The ledger-versus-gatekeeper distinction is therefore not rhetorical. It is a control principle. A ledger asks narrow questions. Is the resource unique? Who is the recognised holder? Is the representative authorised? Is the contact accurate? Is there a court order? Is the transferor entitled to transfer? Does the transfer create duplicate recognition? Are security and publication objects consistent? Is a dispute status precise? A gatekeeper asks broader questions. Is the business model desirable? Is the use sufficiently regional? Is the holder contributing to development? Is commercialisation morally acceptable? Does the board approve of the market outcome?
Some broad questions may belong in policy debate, competition law, contract law, fraud enforcement or national regulation. They should not automatically become registry conditions. The registry has neither the balance-sheet capacity nor democratic legitimacy to act as a general economic regulator of internet-number use. It is a coordination institution for unique identifiers. When it becomes a gatekeeper over scarce capital-like resources, the mismatch between power and liability becomes acute.
AFRINIC's enforcement dispute illustrates the danger. If the registry's concern is that an allocation was obtained through false statements, that is a ledger-integrity issue. If the concern is that a holder's customers are outside the region or that leasing is an unattractive commercial model, the issue becomes more contested. The registry may point to contract language and policy history. The holder may point to reliance, network practice and lack of clear prospective rules. The difference should determine the remedy. Fraud can justify severe correction. Ambiguous commercial-use disagreement should not jump straight to existential termination.
Mandate laundering also occurs through "community" language. The AFRINIC community is real in the sense that operators, members, policy participants and regional institutions discuss and influence rules. But "community" is not a substitute for authority verification, participation quality or minority protection. A low-turnout or procedurally contested process can produce a policy with formal validity and weak economic legitimacy. A vocal coalition can claim to speak for Africa while representing only a slice of affected operators. A member who cannot vote reliably or challenge forged authority is not protected by the word community.
Regional rhetoric creates another hazard. Africa's need for connectivity, local infrastructure and digital development is genuine. But using that need to justify broad registry control over IPv4 mobility can be economically counterproductive. Scarce addresses locked inside uncertainty do not automatically serve African users. Liquidity, clear records, transferability and confidence can help operators obtain and use resources more efficiently. A registry that treats mobility as betrayal may reduce the value of the resources it claims to protect.
The mandate firewall should therefore separate four things that are too often blended. First, registry integrity: uniqueness, accurate holder data, lawful authority and fraud correction. Second, market responsibility: abuse contactability, delegated-use accountability and customer continuity. Third, regional policy: conservation, participation and development objectives that must be prospective and clear. Fourth, institutional interest: the incumbent organisation's desire for deference, budget security and litigation advantage. Only the first two are intrinsic to the ledger. The third may guide policy within limits. The fourth should not be smuggled into resource status.
The cure is not an anti-registry ideology. A registry with no enforcement capacity would invite fraud, hijacking, inaccurate records and abuse. The cure is mandate discipline. AFRINIC should be strong where a settlement utility must be strong: uniqueness, proof of authority, anti-fraud controls, transparent record changes, security continuity, precise dispute flags and court compliance. It should be restrained where a settlement utility should be restrained: judging business models, retrospectively reopening reliance without fraud, using security services as leverage, or converting regional development claims into asset immobility.
Continuity is not incumbency
The most difficult institutional lesson from AFRINIC is that protecting the registry function is not the same as protecting the incumbent institution from accountability. The internet needs the function. It needs accurate records, stable services, uniqueness, RDAP, WHOIS, reverse DNS, IRR and RPKI. It needs a way for African and Indian Ocean resource holders to update records, settle transfers, maintain security objects and participate in policy. It does not need every discretionary act by the current organisation to be treated as identical to the public interest.
Incumbency can be valuable. Staff knowledge matters. Existing systems matter. Regional history matters. A sudden replacement of a registry would create risk of its own. The argument is not that AFRINIC should be casually bypassed or discarded. It is that continuity planning must be function-specific. If a board fails, the ledger should continue. If accounts are restrained, essential services should continue. If elections are annulled, updates and security publication should continue. If a winding-up application proceeds, courts should know what must not be treated as distributable corporate value. If an emergency operator is considered, the record should move with dispute metadata, authority controls and service obligations intact.
This is the continuity firewall. It prevents institutional distress from contaminating the ledger. It also prevents the incumbent from using the threat of systemic harm as a shield against review. A registry should not be able to say, in effect, that any challenge to its authority is an attack on the internet. Some challenges are disruptive or self-interested. Some are necessary because the registry has exceeded its mandate. A continuity firewall lets courts, members and external institutions distinguish between preserving service and immunising control.
AFRINIC's receivership period showed both the value and the limits of improvisation. The appointment of a receiver helped preserve continuity and create a path toward elections. It also placed substantial weight on court-supervised administration and external advice. That may be necessary in a crisis, but it is not a normal operating model. A settlement utility should not depend on ad hoc judicial choreography to know who can sign, who can vote, who can instruct staff, how accounts are managed and how critical services are protected.
External institutions face the same distinction. ICANN, the NRO and other RIRs may be necessary in a severe continuity scenario. They can provide technical advice, emergency service support, data preservation, continuity planning and explanation of global coordination. Their legitimacy is strongest when they protect the ledger and weakest when they appear to protect the incumbent club. Support should be auditable, limited, reversible and tied to specific continuity functions. It should not become a blank cheque for broad registry discretion or a way to centralise power in the RIR system without solving the liability and accountability problems exposed by AFRINIC.
The winding-up context sharpened this distinction. ICANN's intervention to argue that numbering resources are not assets of AFRINIC available for distribution in liquidation addressed a real systemic concern. If a court treated address blocks as ordinary corporate property of the registry, the global uniqueness system would be endangered. But protecting the non-distributable character of number resources does not answer every governance question. It does not decide how AFRINIC should treat leasing. It does not validate every enforcement posture. It does not erase member accountability problems. It protects the function from a dangerous insolvency theory. That is important precisely because it is narrow.
Continuity without accountability becomes entrenchment. Accountability without continuity becomes systemic risk. AFRINIC's next phase should be judged by whether it can hold both ideas at once. The registry function must be kept stable enough that customers and operators are not collateral damage. The institution must be reviewable enough that scarcity does not become an excuse for unbounded control. A mature registry system would not force the market to choose between those two goods.
Member trust and the authority problem
AFRINIC is member-based, but member trust is not automatic. It depends on whether resource holders believe the rules are clear, the elections are genuine, the records are accurate, the fees are justified, the board is accountable, the staff can operate without factional pressure, and the registry's power is matched by review. When those links weaken, members may still pay fees and use services. Trust becomes compliance rather than confidence.
The accountability gap has several layers. The first is participation. Many network operators have more urgent problems than registry politics. They must keep customers online, manage costs, comply with local regulation and build infrastructure. Policy lists, bylaws and board elections are easy to ignore until a crisis hits. That creates space for organised groups, consultants, insiders and commercially interested blocs to shape outcomes. The result can be formally open and substantively unrepresentative.
The second layer is legal status. If resource members' rights under bylaws do not map cleanly onto registered-member status under Mauritian law, the accountability system has a structural ambiguity. A registry can tell resource members they are the community while the corporate-law vessel recognises a narrower group for certain acts. In ordinary times, the ambiguity may be tolerated. In a dispute, it becomes a weapon. Parties ask who can vote, who can sue, who can receive notices, who can approve changes and whose resolutions matter.
The third layer is authority documentation. A member-based registry must know who speaks for an organisation. That sounds simple until proxies, powers of attorney, subsidiaries, former officers, merged companies, inactive entities, consultants and lawyers enter the process. The June 2025 controversy made authority documentation visible because the alleged problem involved people voting on behalf of resource holders through contested powers of attorney. But the same risk applies to resource updates and transfers. If an authority document can move votes, it may also move economic rights.
The fourth layer is liability. Members rely on AFRINIC's records and decisions, but the registry's financial exposure may be small relative to the harm a severe decision can cause. A member whose resources are wrongly frozen, whose transfer is wrongly delayed, whose RPKI publication is disrupted, or whose customer contracts are damaged may face losses far beyond annual fees. If the registry's contracts disclaim broad liability while preserving broad discretion, trust weakens. Members then seek discipline through courts, campaigns and alternative structures.
AFRINIC can close the gap only by making member trust less dependent on belief. Members should have verifiable voting receipts, pre-election authority checks, clear proxy limits, published challenge windows, audit summaries and independent review of contested credentials. They should know how invoices, arrears, disputes and litigation affect standing. They should have a clear distinction between rights as resource holders and rights in corporate governance. They should see when policy changes affect existing reliance and when they apply only prospectively.
The organisation should also treat communication as a control surface. During crisis, vague reassurance is not enough. Members need service-status information, update-queue status, legal constraints, election timelines, bylaw proposals, financial exposure and continuity plans. They do not need theatrical certainty. Overconfident statements can damage trust if later events contradict them. A registry rebuilding legitimacy should prefer precise, modest, verifiable communication over institutional rhetoric.
Member accountability also requires restraint from members with disproportionate leverage. A large holder can use member processes, litigation and public campaigns in ways that smaller holders cannot. If that leverage becomes a path to control the registry or immobilise it, other members will seek countervailing blocs, including governmental or regional coalitions. That dynamic can turn a membership association into factional politics. The way out is not to suppress large holders or external groups. It is to reduce the prize value of control by narrowing the registry's discretion.
Downstream accountability is harder. Customers of members do not vote. They may be the parties most harmed by service disruption. A registry continuity compact should therefore include customer-protection principles. Severe action against a resource holder should preserve running networks where possible, give transition windows, avoid security-service disruption except in narrow cases, and disclose dispute status precisely. A member's wrongdoing, if proven, should not automatically make innocent customers collateral damage.
Trust will return quietly if these controls work. Members will spend less time reading court filings. Transfers will close with fewer bespoke protections. Customers will ask fewer registry-specific questions. Legal budgets will fall relative to operational budgets. Elections will still matter, but they will not be seen as existential contests over the ledger. That is the measurable form of legitimacy in a settlement utility.
What counterparties now have to diligence
Registry-layer risk becomes visible when it turns into questions that lawyers, customers, banks and counterparties must ask before doing ordinary business. In a lower-risk registry environment, many of these questions are routine. In AFRINIC's environment, they become deal terms.
A buyer of AFRINIC-administered IPv4 space asks whether the transferor's title, membership status and authority are uncontested. It asks whether the block has any dispute notation, audit history, policy challenge or litigation exposure. It asks whether the registry's transfer policy is stable, whether staff can process the request under current governance, whether an adverse party could seek an injunction, whether inter-RIR movement is available, and whether a later reinterpretation could call the transaction into question. The buyer may require warranties, indemnities, delayed payment, escrow or conditions tied to registry confirmation.
A lessor asks a different set of questions. It wants to know whether commercial delegation is tolerated, clearly recognised, or only ignored until a dispute makes it visible. It wants to know what information must be provided about downstream use, who is responsible for abuse, who controls RPKI, who manages reverse DNS, and what happens if the lessee's activity creates reputational harm. If the registry treats leasing as suspect without defining the precise harm, the lessor prices regulatory uncertainty. If the registry recognises responsible delegation, the lessor can make the customer relationship more transparent.
A customer asks whether the provider can maintain service if a registry dispute affects the resource. This is not a question about the customer's application layer. It is a question about the substrate on which the application depends. If the provider's addresses are under litigation, subject to possible revocation, or tied to a holder whose standing may be challenged, the customer may ask for alternative address pools, migration rights, continuity plans and notification duties. A large enterprise may demand those terms. A small customer may never know the risk exists.
A bank or investor asks whether address-supported revenue can be treated as reliable. IPv4 inventory may not be ordinary property, but it can support business value. A hosting company with a clean address base has more capacity to sign customers. A carrier with sufficient resources can avoid expensive renumbering. A lessor can generate revenue from delegated use. If registry discretion can impair that revenue without predictable review or compensation, the valuation changes. The bank may lend less, demand more collateral, or exclude address-dependent revenue from the base case.
A court asks still another set of questions, often under time pressure. Is the dispute about a private contract, a corporate governance fight, a public-interest technical function, or all three? Are the number resources assets of the registry, rights of the member, or records in a global uniqueness system? What happens to RPKI if an injunction restrains a party? Who can instruct staff during a receivership? How should a winding-up application preserve essential services? Courts are capable of answering legal questions, but they need an institutional map that does not force them to improvise internet-number governance in the middle of emergency relief.
Security teams and abuse desks also price uncertainty. RDAP, WHOIS and reverse DNS are not merely formal services. They help mail providers, cloud platforms, incident responders and counterparties decide whom to contact and how to interpret a resource. If updates stall because of member-status uncertainty, reputational harm can outlast the legal dispute. If a disputed resource is over-flagged, counterparties may overreact. If the registry changes data under uncertain authority, trust falls. The registry layer is valuable because it supplies shared facts. It becomes risky when those facts look contingent on institutional struggle.
RPKI adds a sharper edge. If a route-origin authorisation remains valid, many networks may continue to accept a route. If certification publication is disrupted, mismanaged or used as an enforcement weapon, the operational consequences can be severe. AFRINIC's crisis has not been defined primarily by RPKI failure, but any continuity architecture must treat RPKI as a critical service. Security assertions should not become hostage to ordinary commercial disputes. Nor should a successor or emergency operator improvise key custody, trust anchors or repository migration in the middle of litigation.
The premium is not evenly distributed. Large holders can hire lawyers, lobby, build public campaigns and pursue court remedies. Small African operators may lack the time and money to engage. A small ISP whose business depends on a few prefixes wants the registry to be reliable, not philosophically triumphant. A university, hospital, government agency or merchant connected through that ISP may not know what AFRINIC is. Downstream users bear continuity exposure without member voice. Registry discretion is therefore a distributional issue as well as a governance issue.
This is where AFRINIC differs sharply from regional-friction cases elsewhere. In some regions, registry risk may arise from language, currency, banking constraints, small-market participation, geography or uneven policy access. In AFRINIC's case, the distinctive risk is not ordinary regional diversity. It is that governance failure made registry process itself a priced risk layer. The process by which directors are elected, records are audited, resources are reviewed, powers of attorney are accepted, lawsuits are handled and external interventions are framed has become part of the operating cost of using AFRINIC-administered resources.
The legal-budget incentive
One of the least romantic features of the AFRINIC crisis is also one of the most important: litigation changes incentives. Every major actor can plausibly claim to be defending continuity while imposing costs on others. AFRINIC says litigation has delayed restoration, consumed funds and obstructed training, research and member services. Cloud Innovation and related critics say litigation is necessary because registry discretion threatens economically critical resources without commensurate liability. ICANN says it intervenes to protect the numbering system. Opponents say outside intervention can overstep local law or entrench the incumbent club. Each claim has a rational core.
The problem is that the registry model gives no actor a cheap, trusted dispute channel for high-stakes conflicts. If AFRINIC threatens severe action, the holder goes to court. If the holder's litigation threatens AFRINIC's continuity, AFRINIC appeals to members, other RIRs, ICANN and courts. If elections are contested, parties litigate authority. If a public statement claims judicial support for a business model, the registry seeks restraint. If bylaws appear inconsistent with corporate law, groups fight over revisions. The legal system becomes the missing appeal layer, the missing prudential regulator and the missing emergency-continuity mechanism.
That creates a legal-budget incentive. Money that should support member services, record quality, technical infrastructure, training, security and policy implementation is redirected into litigation. Members then ask whether fees are funding the ledger or the war. The registry asks members to support stability. Critics ask members to resist power grabs. Every legal filing becomes part of a campaign to allocate blame for the cost. The cost itself becomes evidence in competing stories.
A serious recovery has to make that incentive visible. AFRINIC should be able to tell members, without compromising legal strategy, how much of its budget is tied to operational continuity, ordinary litigation, enforcement defence, election disputes, bylaw work, external-system compliance and claims involving specific parties. Members need to know whether they are paying for narrow ledger protection or for broad institutional positions. Transparency will not end the conflict, but it can prevent legal spending from becoming another opaque discretion zone.
Independent review becomes economically valuable in this context. An appeal body, arbitration process or court-linked technical panel with clear authority over resource-status disputes could lower the need for all-or-nothing litigation. It would need independence from AFRINIC's board and major holders. It would need technical competence, confidentiality rules, publication of narrow decisions and emergency procedures. It would not eliminate court jurisdiction in Mauritius. It would give courts and parties a more precise record to rely on.
The same is true for election disputes. The June 2025 annulment shows how expensive unclear proxy and power-of-attorney rules can be. If member authority is validated before voting, challenges are bounded, evidence is preserved and disputes are decided by a trusted mechanism, the cost of elections falls. If not, every election can be attacked after the fact. AFRINIC needs election controls not because elections are sacred, but because board legitimacy affects market confidence.
The legal-budget incentive also argues for narrower enforcement remedies. If the only meaningful remedies are warning letters, termination, reclamation and court fights, rational parties will escalate. A graduated remedy ladder would reduce that. Correct contact data. Require a compliance plan. Pause a disputed transfer. Escrow a change. Appoint an independent auditor for a disputed holder. Preserve customer continuity while a merits decision is made. Restrict future allocations without disturbing past reliance unless fraud is shown. Severe action should exist, but it should not be the ordinary way the registry proves seriousness.
AFRINIC's critics also face a responsibility. A holder defending legitimate reliance can still impose systemic risk through maximal litigation. A call to wind up the registry may be understandable as a pressure tactic or governance critique, but without a detailed transition plan it creates uncertainty for all resource holders. A claim that another framework would be more trusted is not enough. Who operates RDAP? Who controls RPKI publication? Who validates transfers? Who preserves dispute metadata? Who pays staff? Who answers courts? A critique without continuity architecture becomes another risk premium.
The legal budget story is therefore not about blaming one side for using courts. Courts are necessary when rights are contested. The question is why so many registry functions become court-dependent. AFRINIC's recovery should be judged by whether it reduces the range of disputes that threaten the whole institution. If legal spending remains a substitute for governance design, the premium will persist even under a functioning board.
What recovery would actually look like
AFRINIC's recovery will not be proved by a single election, budget, communique, court order, ICANN letter or conference presentation. Those may be useful steps. The test is whether the registry-layer premium falls. Can members transact with fewer special protections? Can buyers and lessors rely on settlement? Can small operators update records without political anxiety? Can courts handle disputes without threatening the ledger? Can customers treat registry status as a background dependency rather than a boardroom risk? Can the institution distinguish the ledger from its own authority?
The first recovery requirement is a record-confidence programme. AFRINIC should publish a roadmap for historical record integrity, material-change audit trails, authority verification, disputed-resource categorisation and correction procedures. It should identify how it distinguishes fraud, clerical error, corporate succession, abandonment, policy breach, commercial-use disagreement and court restraint. The roadmap should protect sensitive data while giving members and courts enough confidence that severe decisions are evidence-based. It should emphasise containment: defects in one resource or member record should not spread to unrelated resources.
The second requirement is an authority system for members and representatives. Before major votes or material resource changes, representative authority should be verified under clear rules. Proxy and power-of-attorney limits should be consistent between online and in-person processes. Authority instruments should be logged, challengeable and revocable. Members should receive confirmations when someone claims to act on their behalf. Election results should be auditable without exposing private data. Post-election challenges should have deadlines and remedies. The June 2025 episode should never be repeated under vague documentation practices.
The third requirement is a transfer and leasing framework based on objective recording. AFRINIC can preserve regional policy goals, fraud controls and holder responsibility without treating every commercial arrangement as an ideological threat. Transfer rules should be prospective, precise and appealable. Leasing should be made legible through responsible-party obligations rather than forced underground. RPKI, reverse DNS, RDAP and abuse-contact duties should be assigned clearly. If the registry disapproves of a business model, it should identify the concrete registry harm rather than rely on general discomfort with commercialisation.
The fourth requirement is a severe-action firewall. Revocation, deregistration, forced renumbering, RPKI disruption, reverse DNS removal and broad member termination should be extraordinary remedies. They may be necessary in cases of fraud, duplicate recognition, abandonment, serious breach or clear legal order. They should not be routine policy tools. Independent review, notice, cure periods and customer-continuity measures should be built in. A registry that can destroy cheaply will be priced as a risk even when it rarely uses the power.
The fifth requirement is financial and legal transparency. Members should see enough to know whether fees fund operations, litigation defence, enforcement disputes, election repairs, bylaw work, external advice or emergency continuity. AFRINIC need not reveal privileged strategy. It should reveal the scale and categories of legal exposure. Legal budgets are not just expenses; they indicate how much governance failure is still being paid for. A recovered registry will spend proportionally less on institutional war and more on boring services.
The sixth requirement is a court-continuity protocol. AFRINIC, its members, courts and relevant technical institutions should know in advance what happens to registry state if the board is incapacitated, a receiver is appointed, accounts are restrained, a winding-up application proceeds, an election is annulled, or an emergency operator is considered. The protocol should identify custody of data, service failover, RPKI continuity, reverse DNS delegation, update authority, member notices, pending transfers, dispute flags and credentials. The goal is to prevent courts from having to improvise under pressure.
The seventh requirement is external support with boundaries. ICANN, the NRO and other RIRs may be necessary in a severe continuity scenario. Their role should be function-specific and auditable: technical advice, emergency service support, data preservation, continuity planning and explanation of global coordination. They should not appear to decide local corporate law, bless broad registry discretion, or use AFRINIC's weakness to centralise power in the RIR club. System-level support is legitimate when it protects the ledger and services, not when it protects institutional status from accountability.
The eighth requirement is bylaw reconciliation. AFRINIC's resource-member participation must fit the Mauritian corporate vessel. If resource members are not registered members in the company-law sense, the rights of resource members must be defined in a way that courts, members and the board can understand. If community resolutions or another mechanism are used, they must be more than symbolic. The economic constituency of the registry must have credible voice without creating legal ambiguity that can be weaponised.
The ninth requirement is credible portability under defined failure conditions. Traditional RIR regionalism resists this idea, but AFRINIC shows why it is necessary. Portability does not mean duplicate registries for the same block or private declarations of independence. It means a controlled way for registration services, or in extreme cases resource-holder relationships, to move or be supported when the incumbent registry cannot perform. Dispute status, uniqueness, security continuity and court orders must travel with the record. Portability disciplines governance because it reduces lock-in.
The tenth requirement is modest public language. AFRINIC should resist the temptation to frame every conflict as an attack on Africa or every criticism as bad faith. Its opponents should resist the temptation to frame every registry act as tyranny. The strongest recovery signal will be administrative dullness: clean records, clear rules, stable services, timely updates, bounded disputes, lower legal spending and reduced need for emergency statements. The registry's legitimacy will be borrowed daily from users who find it reliable. It will not be restored by declaration.
Watchpoints for the next phase
Several watchpoints will show whether AFRINIC is reducing registry-layer risk or merely changing its surface. The first is the winding-up litigation and ICANN's participation. A sound outcome would protect the non-distributable character of numbering resources, preserve essential services and make clear that corporate remedies cannot casually break the ledger. It would also avoid turning AFRINIC into a legally untouchable incumbent. The court should see both the company and the function. Confusing either one for the other would preserve the premium.
The second watchpoint is the new board's handling of bylaws and member authority. If reforms clarify resource-member participation, proxy rules, registered-member status and challenge procedures, board legitimacy will become less fragile. If reforms are perceived as removing rights, entrenching a slate, favouring governments, favouring a commercial bloc or bypassing resource holders, the September 2025 restoration will not settle much. The board's best move is to make its own power narrower and better checked.
The third watchpoint is the treatment of inter-RIR transfers and resource mobility. AFRINIC can protect against fraud and ensure accurate records without using regional language to create excessive lock-in. If policy moves toward broad restrictions on outbound movement or commercial delegation, resource holders will price lower liquidity. If policy becomes too permissive without audit, critics will price fraud and extraction. The balance must be explicit, prospective and tied to concrete registry harms.
The fourth watchpoint is RPKI and publication-service resilience. Public debate tends to follow lawsuits and elections because those are visible. The deeper continuity question is whether RDAP, WHOIS, reverse DNS, IRR and RPKI can continue neutrally during disputes. AFRINIC should publish enough technical-continuity assurance to show that security and publication services are not dependent on factional outcomes. Emergency plans should be tested, not merely asserted.
The fifth watchpoint is legal-budget normalisation. If legal spending and court-driven action remain central to AFRINIC's operating story, the recovery will remain partial. If the organisation can shift resources toward member services, technical resilience, audit tooling, policy clarity and training while narrowing litigation to bounded disputes, the premium will fall. Members should watch not only who wins cases, but whether fewer registry functions require cases.
The sixth watchpoint is the ICP-2 revision and derecognition framework. The wider RIR system is revising the policy architecture for recognising and potentially derecognising an RIR. That work can become a real continuity framework or a centralisation instrument. A good framework would define objective triggers, service-preservation duties, data custody, member rights, independent review and emergency limits. A bad one would give incumbent institutions broad power to replace a failing registry without addressing the discretion and liability problems that helped create the failure.
The seventh watchpoint is market behaviour. The registry-layer premium will be visible in transfer terms, legal diligence, leasing contracts, customer questions, insurance positions, banking comfort and member participation. If AFRINIC-administered resources require unusual indemnities or discounts, recovery is incomplete. If transactions become routine, the institution is healing. The market will not issue a press release. It will simply demand fewer protections.
The eighth watchpoint is whether public debate stops treating AFRINIC as a morality play. The crisis contains bad incentives, possible wrongdoing, aggressive tactics, institutional fragility and legitimate fears on more than one side. A serious analysis does not need a single villain. It needs a design lesson. A registry that controls a scarce, economically embedded ledger must be narrow, auditable, reviewable and continuous. A holder that relies on the ledger must accept responsibility for accurate records and customer-facing obligations. Courts must preserve the function without becoming the registry. External institutions must support continuity without converting support into control.
AFRINIC is not important because it is an embarrassing exception. It is important because it reveals what the scarcity era does to registry institutions. IPv4 scarcity made records valuable. Valuable records made registry discretion consequential. Consequential discretion made liability, auditability, member authority, court design and portability central. Governance failure then moved from boardrooms and mailing lists into the economics of routing, contracts and address markets.
The outcome to seek is not a triumphant registry or a triumphant litigant. It is a lower-risk ledger. A member should be able to pay, update, transfer, delegate, certify and serve customers without pricing a court-supervised institutional fight above every transaction. A customer should not have to understand the registry's board history to judge a provider's continuity. A court should not have to guess how a corporate remedy affects RPKI. A buyer should not need a special AFRINIC discount because process itself feels unstable. That is the economics of registry-layer risk: when the recordkeeper becomes uncertain, every other layer pays a premium until the ledger becomes boring again.

