Summary
- AFRINIC staff preserved important services during the board and receivership crisis, but staff were not the only continuity actors. Resource Members and network operators kept originating routes, maintaining transit and peering, managing customer systems, and carrying existing number resources through years of institutional uncertainty.
- The public record suggests substantial persistence rather than normality. AFRINIC later acknowledged an allocation backlog, while its retrospective report described slow approvals and interrupted decision authority. Existing networks continued partly because stable registrations and operator-controlled routing can outlast a registry's governance machinery.
- A durable model should convert this informal customer backstop into rights: preservation of the last verified state, timely notice and correction, decision stays where live networks are at risk, service-level evidence, independent review, tested data succession, and number-resource portability. The operators bearing the loss should be principals of continuity, not merely recipients of reassurance.
The last line was outside the registry office
The easiest account of AFRINIC's crisis is institutional. A board lost quorum. Directors disappeared from ordinary office. A chief executive position remained vacant. Courts appointed temporary custodians. Staff maintained systems. Other Internet organisations issued statements of concern and support. Elections were attempted, annulled, redesigned, and finally completed.
That account is important, but it places the camera inside the institution. The continuity that mattered most was happening outside it. Internet service providers kept customers online. Mobile and fixed networks continued carrying traffic. Hosting companies maintained servers and address plans. Universities, public bodies, enterprises, content networks, and security teams kept relying on number resources whose registration authority sat inside a company unable to govern itself normally.
Those networks did not need a board resolution to originate every BGP route. Their routers, transit contracts, peering sessions, operational staff, power systems, customer support, and security controls remained under their own authority. Existing registration records and RPKI objects supplied important coordination and trust inputs, but packets continued because thousands of independent systems kept performing their part.
That makes AFRINIC's customers the continuity backstop. “Customer” here includes Resource Members and operational users of AFRINIC services, while recognising that a legal member, a registered resource holder, a network operator, and a downstream end user may be different parties. The backstop was not a formal emergency programme. It was the distributed capacity of affected networks to preserve service despite uncertainty at the registry layer.
The phrase should not erase AFRINIC staff. The institution's later consolidated report credits teams with keeping registry operations, technical systems, member services, payroll, and other obligations moving through difficult conditions. The Number Resource Organization also praised staff. That work mattered. The point is that registry-side persistence was only one side of continuity.
The other side absorbed the consequence. When an allocation was delayed, a network had to adjust growth. When authority for a high-risk change was uncertain, the holder had to preserve its current state. When litigation raised questions about registry powers, operators had to monitor the risk while continuing to serve customers. If a record, reverse delegation, RPKI object, or transfer could not be changed promptly, the operational workaround occurred downstream.
The governance system celebrated institutional resilience without measuring the customer subsidy that made resilience possible.
A registry records; operators run
The Internet Numbers Registry System exists to preserve uniqueness, distribute number resources, and maintain accurate registration data. Those functions are essential. They are also different from operating the networks that use the numbers.
AFRINIC does not originate most routes associated with resources in its service region. Resource holders and their network providers do. AFRINIC does not maintain each customer's routers, peering relationships, access network, data centre, firewall rules, load balancers, cloud deployments, or support desk. It provides coordination services around the identifiers those systems use.
This separation explains why the running Internet did not collapse when AFRINIC's corporate governance did. Existing allocations did not vanish merely because the board lacked quorum. BGP speakers continued exchanging routes. Transit and peering contracts continued. DNS resolvers, application servers, and customer devices continued using stable addresses. Most operational decisions remained local to the network.
The separation also explains why registry failure remains dangerous. Operators can keep using a stable state, but they still need accurate registration, contact changes, reverse DNS, RPKI, Internet Routing Registry updates, transfers, new resources, and dispute handling. A long governance crisis converts those dependencies from routine services into risk concentrations.
Continuity therefore has two clocks. The packet clock runs in seconds and minutes. Networks must route around faults immediately. The registry clock often runs in hours, days, or weeks because identity checks, policy decisions, legal review, and authorised changes take time. Corporate litigation runs slower still. Operators bridge these clocks.
If a registry cannot decide, the network usually cannot pause its customers until a court resolves authority. It preserves the last known working configuration, finds capacity elsewhere, delays a project, uses address translation, arranges a commercial resource relationship, changes routing, or accepts additional operational risk. These choices are not proof that the registry problem is harmless. They are evidence that the customer absorbed it.
The distinction should discipline institutional claims. “The Internet continued” cannot be credited solely to the registry. “The registry remained reachable” cannot be treated as proof that every network obtained the changes it needed. Continuity is co-produced, and the party carrying the residual risk deserves enforceable protection.
Existing registrations were stored continuity capital
AFRINIC's crisis occurred in a mature number-resource environment. Thousands of members already had IPv4, IPv6, and autonomous system number registrations. Many corresponding routes, reverse delegations, IRR objects, and RPKI authorisations were already in use. That installed base acted as continuity capital.
A stable record does not need to be reapproved every day. A BGP announcement can continue as long as the operator and its peers maintain it. A valid ROA can continue until expiry or change conditions require intervention. Reverse DNS can keep answering. Public registration data can keep serving reads. The system's inertia protects running networks when corporate decision-making slows.
This is desirable. Critical infrastructure should degrade gracefully. It would be alarming if every member's connectivity required a daily affirmative act by a registry executive or director. The last verified state should survive absence, litigation, staffing change, and short operational failures.
But stored continuity capital can be mistaken for institutional performance. If old records remain usable while new allocations, transfers, identity changes, or dispute decisions wait, aggregate Internet reachability may look healthy. The cost appears in delayed expansion and constrained choice rather than mass outage.
AFRINIC's July 2025 communication made this difference concrete. It said new IPv4 and IPv6 allocations resumed exceptionally on 1 July to clear a backlog and enable the proper functioning of entities across Africa. The statement did not disclose the size, age distribution, reasons, or customer consequences of the backlog. It did establish that existing continuity coexisted with deferred demand.
The institution's consolidated 2022-2024 report, published later, described interruptions in decision-making authority, slow approvals, shifting priorities, and recurring operational constraints. It also said Member Services handled large ticket volumes and that high service availability was sustained. Those propositions can both be true. Availability can remain high while consequential decisions slow.
The backstop was therefore strongest for operators whose existing state remained sufficient. It was weaker for a growing network needing new resources, a company undergoing legal succession, a holder seeking a transfer, or a member requiring a high-risk security or registration change. Continuity was uneven because dependence on fresh registry action was uneven.
BGP persistence shows who kept doing the daily work
Public routing history offers a bounded view of AFRINIC's own network and of the wider separation between registry and operator. RIPE NCC's Routing Information Service observed broad persistence in several core IPv4 prefixes originated by AFRINIC's AS33764 through the principal crisis years, although one prefix showed a material visibility decline in 2025. That evidence supports substantial reachability of important registry infrastructure. It does not prove every application or decision function was normal.
For customer continuity, the more important architectural fact is that member networks originate their own routes through autonomous systems and upstream relationships. A registry record helps establish allocation and contact context. RPKI can authorise origins. The routing decision is still executed across operator networks.
Every persistent customer route during the crisis represented repeated operational work: maintaining equipment, sessions, policies, capacity, security, monitoring, and commercial relationships. Route collectors see the resulting announcement, not the payroll, engineer, vendor, spare part, fibre repair, power backup, or incident response behind it.
This is why one should not infer customer tranquillity from BGP stability. A route can remain visible while a network freezes changes because it fears an unavailable registry remedy. It can remain visible while capacity becomes expensive. It can remain visible while a transfer is delayed or an RPKI change awaits review. Operators often choose continuity precisely by not disturbing a fragile state.
The public record does not contain a complete historical dataset linking every AFRINIC ticket to customer routing or service consequences. It would be irresponsible to invent one. It is still possible to identify the direction of risk. The registry's governance problem did not suspend the network's duty to serve. The operator continued first and sought institutional certainty second.
A customer-centred continuity report would combine route and service data with the registry events that required action. It would show how many operators needed changes, how long they waited, which temporary workarounds they used, whether growth or security was affected, and when the registry restored normal handling. Without that join, stable route graphs conceal the labour and option costs absorbed by customers.
The backlog is the visible edge of hidden adaptation
An allocation backlog is not only a queue inside AFRINIC. It is a set of plans outside AFRINIC that could not proceed as expected. Each request may represent new customer connections, network expansion, a public service, cloud capacity, a business launch, address replacement, or resilience work. Not every request is urgent, and not every delay causes harm. The institution should measure rather than assume the consequences.
The July 2025 statement did not publish that measurement. It said allocations resumed exceptionally to clear a backlog and enable entities to function. The word “exceptionally” is revealing. It suggests that a function ordinarily governed by standing authority had required special treatment during the temporary arrangement.
Operators facing such uncertainty have several possible adaptations. They may defer expansion. They may intensify address sharing through carrier-grade NAT, with cost and traceability consequences. They may seek transferred or leased IPv4 space, if policy, contract, and market access permit. They may deploy IPv6 while retaining dual-stack systems. They may rearrange existing pools, reclaim addresses from customers, or change product design. They may accept concentration risk because a planned second site cannot receive resources.
The public record does not show how often each response occurred. They are mechanisms that a proper impact study should test, not facts to attribute to every member. Their importance is that all transfer cost from the registry's authority gap to the operator's architecture and customers.
A registry could report this without exposing confidential requests. It could publish monthly arrivals, completion times, age bands, request type, reason for delay, number requiring receiver or court direction, and aggregate customer-impact categories supplied voluntarily by members. It should distinguish applicant delay from institutional delay and routine review from missing decision authority.
The oldest unresolved cases matter more than the mean. A healthy volume of fast routine tickets can make average performance look good while a small number of high-impact allocations or transfers remain stuck. The report should show the tail, not just the throughput.
When the backlog cleared, the institution should also record whether temporary workarounds created technical debt. Continuity is not complete when the ticket closes if the customer must still unwind emergency NAT, renumber an interim deployment, correct stale security records, or renegotiate a contract.
Stability was purchased with frozen change
In high-risk infrastructure, doing nothing can be the safest short-term action. If authority is unclear, preserving the last verified registration may be better than approving an irreversible transfer or revocation. If credentials cannot be validated, delaying a change may protect the resource holder from fraud. If litigation affects a claim, a stay can protect both sides.
This conservative bias probably contributed to continuity during AFRINIC's vacuum. Existing records, routes, and services could persist while uncertain decisions waited. The approach fits a receiver's preservation mandate better than aggressive institutional change.
Yet frozen change imposes a cost. A company can be unable to update its legal name after restructuring. A departing employee may remain in an authority chain longer than desired. A legitimate transfer may miss a commercial date. A network may be unable to correct route-authorisation scope promptly. A dispute flag may linger. A customer acquisition may require address capacity that cannot be confirmed.
The right governance question is not whether delay is always bad. It is who decides, under what evidence, for how long, with what review, and who bears the consequence. A preservation rule should state the protected state, the risks that justify freezing it, and the event that ends the freeze.
Operators should receive a reason code and review date. High-impact cases should have a neutral escalation route. If no ordinary corporate organ can decide, the receiver should have a published authority schedule identifying which acts are routine, which require independent technical and legal review, and which require court direction. Silence should never become an indefinite policy.
The customer backstop was strongest where operators could tolerate stasis. The more an operator needed change, the more the governance vacuum became operational. This is why continuity must include adaptability, not merely survival of yesterday's configuration.
Staff resilience and customer resilience should not be made rivals
AFRINIC's staff deserve credit for maintaining systems under uncertain authority. The consolidated report describes teams choosing duty under slow approvals and unstable priorities. The NRO's September 2023 statement similarly praised staff for sustaining operations and services. These are institutional claims, but they are consistent with the observed persistence of important public services and later ability to conduct recovery work.
Customer-centred analysis does not diminish that contribution. It completes it. Staff kept the registry side available; operators kept the service side alive. One could not fully substitute for the other.
The danger lies in using staff dedication to avoid governance accountability. Employees should not have to carry ambiguous decision powers because a board is absent. Their willingness to maintain systems should not justify postponing lawful oversight. Nor should customer workarounds be used to say service quality was normal.
A resilient institution protects staff with authority boundaries. Routine technical maintenance can proceed under standing delegation. High-risk decisions require dual control and recorded approval. Security incidents have an emergency path and later review. Deferred matters are visible rather than hidden in personal judgment. Temporary office-holders cannot silently transfer political or policy responsibility to engineers.
It protects customers with service commitments and remedies. If a change cannot be processed, the member receives a reason, risk assessment, temporary alternative, and review date. If a critical service degrades, the institution publishes the affected function and recovery status. If the registry cannot perform, an authorised substitute can maintain the record and publication layer without rewriting rights.
Both protections require evidence. Heroic narratives are fragile because they turn continuity into personal virtue. Systems should remain safe when staff change, customers grow, litigation resumes, or public attention fades.
The crisis lesson is not that AFRINIC survived because one group was heroic. It is that a distributed ecosystem carried the function despite weak formal continuity architecture. Governance should now recognise and engineer that distribution.
Members, customers, operators, and end users occupy different risk positions
AFRINIC governance often compresses several groups into “the community.” That language obscures who has a right and who bears a cost.
A Resource Member may hold the contract and vote. The network using the resources may be an affiliate, lessee, managed-service customer, or technical operator. An upstream carrier may originate or propagate the route. An enterprise or public institution may depend on the addresses without knowing AFRINIC exists. End users experience service failure but usually have no standing in registry governance.
Continuity design must map these positions rather than assume one member vote represents every dependency. The legal member needs notice and review of registry decisions. The operational user needs enough continuity information to protect the network. Downstream customers need service commitments from their provider. Courts and regulators need a clear account of which party holds which obligation.
This does not mean AFRINIC should govern every downstream contract. The registry should remain narrow. It must preserve accurate records and avoid actions that unnecessarily destabilise running networks. Operators remain responsible for their own services and customer agreements.
The distinction matters when evaluating harm. A registry may say no member resource was revoked, while a delayed RPKI or reverse-DNS change affects an operational user. A network may keep routes visible, while its customers face degraded growth or security options. A member may vote, while end users cannot evaluate whether election choices protect service continuity.
An impact assessment should therefore trace mechanisms, not invoke a broad public. Which registry act changes which record? Which operator must respond? Which service or customer group is exposed? What alternative exists? What is the time to harm? Who can seek review?
When the chain is visible, continuity obligations become proportionate. A low-risk contact correction does not need the same approval as a resource transfer. A disputed revocation affecting live customers deserves a stay and independent adjudication. A public-read outage needs rapid technical response. A governance election needs member rights, not claims to represent every Internet user.
Customer continuity becomes governable only after the word “customer” is disaggregated.
The hidden subsidy should be measured
Operators subsidised registry continuity whenever they spent money or accepted risk because ordinary institutional service was unavailable or uncertain. The subsidy may include engineering time, legal review, additional transit, address-market costs, delayed revenue, duplicated systems, conservative security choices, or management attention.
No complete public dataset quantifies these costs across AFRINIC's membership. The absence is itself a governance gap. Institutional reports tend to count the registry's expenditure and service availability. They rarely count the costs displaced to members.
A credible measurement programme could begin without demanding confidential financial statements. AFRINIC could survey members using defined categories and publish distributions. It could ask whether a registry delay caused project deferral, extra address expenditure, customer impact, security postponement, legal cost, or no material effect. Responses should identify confidence and avoid double counting.
Ticket data could then be joined to impact categories under privacy safeguards. For example, the institution could report that a number of high-age requests involved planned network expansion, without naming the companies. It could show median and tail delay by service and identify which cases required exceptional authority.
Independent operator evidence is important because an institution has an incentive to define continuity through what it can measure easily. Member surveys can also be biased toward those with strong views, so response rates, population, and uncertainty must be published. The aim is not to manufacture a damages total. It is to identify where costs moved.
Such evidence would improve prioritisation. If reverse-DNS changes are time-sensitive but low cost, one response is appropriate. If allocation delays block access projects, another is needed. If uncertainty causes holders to avoid beneficial RPKI changes, security controls deserve special escalation.
The hidden subsidy also belongs in accountability. A registry with strong cash reserves can appear financially resilient while members finance workarounds. Institutional solvency and ecosystem efficiency are different measures. Both matter.
Reassurance without a denominator is not continuity reporting
AFRINIC and peer organisations repeatedly reassured stakeholders that operations continued. Reassurance can prevent panic and discourage unsafe reactions. During active litigation, an institution may also need to protect security, privilege, and personal data.
The problem is not reassurance. It is the absence of a denominator. “Services remained available” should identify which services, measurement window, probe coverage, exclusions, incidents, and success criteria. “Members were served” should identify the member population, request volume, completion, backlog, and unresolved tail. “Allocations resumed” should state the affected period and recovery progress.
The current AFRINIC statistics portal displays a large operational footprint, including thousands of members, substantial IPv4 and IPv6 registrations, autonomous system numbers, route objects, RPKI ROAs, and resource transfers. Those live figures demonstrate scale. They do not reconstruct the crisis years or prove that each customer received timely service.
A continuity dashboard should preserve historical snapshots. For public services it would show availability, validity, freshness, and incidents. For member services it would show arrivals, closures, ageing, reason codes, escalation, and decision authority. For registry integrity it would show unauthorised-change findings, reconciliation results, and correction times. For customer effect it would show reported operational impacts and workarounds.
The dashboard should distinguish existing-state continuity from change-service continuity. A registry can be excellent at serving public reads from a stable database while weak at processing high-risk updates. Combining them into one percentage makes the stronger service conceal the weaker.
It should also distinguish institutional and network layers. AS33764 route visibility can support a claim about reachability of AFRINIC-originated infrastructure. It cannot certify thousands of member networks. Conversely, continued member routing cannot certify AFRINIC's internal controls.
The customer backstop becomes visible only when these denominators are reported together. It is the space between what the registry delivered and what operators still had to do.
Preservation should protect the last verified operational state
The strongest immediate right for operators during registry crisis is preservation. A disputed institutional claim should not trigger unnecessary revocation, route-authorisation disruption, reverse-DNS loss, or redistribution while an independent forum examines the evidence.
Preservation is not immunity. Fraud, duplication, urgent security compromise, and clear contractual breaches may require action. The rule should be proportionate: preserve the last verified state unless a greater and evidenced continuity risk requires change.
The state must be defined precisely. It includes the recognised registration holder, resource range, authorised contacts, transfer status, RPKI objects, reverse delegations, IRR data, dispute flags, and active court or review orders. A timestamped record lets a successor or reviewer know what is being preserved.
If a change is blocked, the member should know why and how to challenge it. If a security change is urgent, a controlled emergency path should allow narrow action without deciding the whole dispute. If ownership or corporate control is contested, the registry can record the dispute while leaving running networks stable.
This approach aligns continuity with the parties bearing operational loss. It avoids using live customers as leverage in a disagreement between registry, resource holder, creditor, or temporary office-holder. It also protects the registry from pressure to make irreversible decisions under uncertain authority.
Preservation must have an end. Reviews need deadlines. A frozen state can become harmful as contacts, security conditions, and business realities change. The plan should specify periodic reassessment and escalation to independent adjudication.
The customer backstop should never be forced to carry a frozen configuration indefinitely. Preservation buys time for a fair decision; it is not a substitute for one.
Portability converts endurance into accountability
AFRINIC members had voice through elections, but during the vacuum their registry relationship remained structurally difficult to exit. A network could change transit provider without changing its public identity. It could not simply move number-resource registration to another competent registry under a guaranteed, ordinary portability right.
That asymmetry weakens accountability. If an institution can delay, misgovern, or become legally paralysed while customers must remain, transparency has limited market consequence. The operator's choices are to endure, litigate, reorganise around the problem, or accept the risk.
Number Resource Society's positive relevance is structural. It argues for operator rights, coordinated protection, portability, and a registry model that protects uniqueness without turning one institution into an irreplaceable gatekeeper. Portability would let the customer choose another registration service while preserving the numbers, public network identity, and customer continuity.
The idea requires rigorous engineering. Two registries cannot simultaneously publish incompatible authoritative claims. RPKI trust and publication must transition coherently. Reverse DNS and public registration data must remain available. Dispute metadata, transfer history, and lawful restrictions must travel. The original and successor registry need a clear cutover and rollback rule.
Advance consent can be built into service agreements and common recognition rules. An emergency authority can activate a temporary provider under objective triggers, with notice, correction rights, a limited term, and independent review. Permanent movement should require authenticated holder instruction or competent adjudication.
Portability would not make courts irrelevant. Contract, fraud, and control disputes still need law. It would narrow the operational stakes by separating the asset's registration continuity from the survival of one corporate operator.
AFRINIC's customers demonstrated that the network can be resilient below the registry. Portability would extend that resilience into the registry layer itself.
The continuity backstop should become a formal compact
The next crisis should not depend on quiet operator adaptation. AFRINIC and its members can adopt a continuity compact that assigns rights and duties before failure.
AFRINIC's duties would include maintaining accurate last-verified records, publishing service-level evidence, preserving change history, separating routine and high-risk authority, testing recovery, notifying members of material incidents, providing timely reasons, and supporting authorised succession. It would avoid using revocation or publication changes as leverage in unresolved disputes.
Members' duties would include maintaining current legal and technical contacts, securing credentials, supplying corporate-authority evidence, reporting material incidents, keeping resource use and routing records accurate, and participating in periodic continuity tests. Operators would retain responsibility for routing, network security, customer communication, and local redundancy.
Peer registries or an independent continuity provider could hold encrypted or access-controlled backups, tested for completeness and restoration. Their custody would not imply policy authority or ownership. Activation would require defined triggers and a published scope.
An independent reviewer would test reconciliation, incident response, and member remedies. Courts would remain the final authority for disputes within their jurisdiction, but the technical system would isolate litigation from running networks wherever possible.
The compact should include a cost model. Registry fees should fund not only normal administration but also tested continuity. Members should know which reserve, insurance, escrow, or service arrangement supports recovery. A failure fund should not become a discretionary political resource.
Most importantly, activation should recognise the customer as principal. Notices should explain what changes for the holder, how service continues, how to correct an error, and how to return or move. Continuity cannot be a private arrangement among registry institutions while affected operators learn of it after the fact.
Formalising the backstop does not centralise the Internet. It acknowledges the distributed reality that already carried AFRINIC through crisis and gives it enforceable boundaries.
Recovery tests should begin from the member's dependency
Registry recovery exercises are often designed from the server outward. Administrators restore a database, start an endpoint, verify that a repository responds, and declare the service recovered. Those checks are necessary. They do not establish that a member can complete the action on which its network depends.
A customer-centred test begins with scenarios. A member whose authorised contact has left must replace the contact without exposing the resource to takeover. A network under active attack must narrow or revoke a route authorisation. A company merger must preserve registration evidence while legal names change. A reverse-DNS delegation must move without creating a long inconsistency. A legitimate allocation request must continue when the normal approver is unavailable. A disputed transfer must be frozen without disabling the running network.
Each scenario should be exercised across the full chain: member notice, identity and authority evidence, staff handling, technical change, secondary review, publication, external observation, correction, and closure. The test should record the elapsed time and every point at which a board, chief executive, receiver, vendor, or court direction is required. If one unavailable person can stop the chain, the institution has found a continuity defect even if all public endpoints remain online.
Members should participate in controlled exercises rather than merely receive the result. A representative sample can include small providers, national operators, universities, cloud and hosting companies, public networks, and organisations operating across legal jurisdictions. Their role is not to learn confidential details about other members. It is to test whether the announced remedy works under realistic evidence, time, and connectivity conditions.
The result should distinguish technical recovery from rights recovery. A restored RDAP server proves publication capability. A successful authorised change proves administrative capability. A timely challenge proves accountability. A clean rollback proves that an erroneous recovery action will not become permanent. All four are needed before a registry can say the member service recovered.
Exercises also reveal customer-side prerequisites. A member with stale contacts or no internal authority record can delay its own recovery. That finding should produce advance remediation, not blame during an emergency. AFRINIC can issue periodic continuity receipts listing contacts, registered resources, security services, and emergency routes for correction. The member confirms or contests the record while ordinary governance is available.
The final report should publish scenarios, success criteria, aggregate results, unresolved dependencies, and remediation dates. Security-sensitive architecture and individual evidence remain protected. Failed tests should not be hidden; a controlled failure is valuable because it prevents an uncontrolled one.
This approach changes the meaning of readiness. The question is no longer whether AFRINIC can restart its systems. It is whether an operator can preserve or change the registration state needed to keep customers safe when AFRINIC's normal authority chain is unavailable. That is the dependency the crisis exposed, and it is the dependency a continuity programme must prove.
What the public evidence permits us to say
The evidence supports several conclusions. AFRINIC experienced prolonged absence of ordinary board and executive authority. Staff and technical systems substantially persisted. Public routing data for AFRINIC's own network supports broad reachability of important prefixes with a material exception requiring explanation. AFRINIC later acknowledged that new allocations had resumed exceptionally to clear a backlog. Its retrospective report described high availability alongside interrupted decision authority, slow approvals, large ticket volumes, and operational constraints.
A board was eventually elected, but transition work and litigation continued.
The evidence also supports an architectural conclusion. Member networks remained responsible for originating routes and serving their users. Existing registration and security state could persist while institutional decisions slowed. The running Internet therefore had a distributed buffer outside the registry.
The public record does not quantify every operator workaround or downstream loss. It does not prove that all customers experienced delay. It does not show that AFRINIC failed to perform a particular service merely because a company adapted. It does not permit attribution of a routing event to corporate litigation without joined evidence. It does not justify ignoring the registry staff whose work maintained important services.
“Customers were the continuity backstop” is therefore not a claim that AFRINIC did nothing. It is a claim about residual responsibility. When institutional authority and service capacity were incomplete, operators still had to keep the Internet working. Their ability to absorb the gap prevented governance failure from becoming an immediate universal network failure.
That endurance should not be romanticised. A backstop is the last protection before harm, not a free resource. Governance should reduce how often it is used, measure its cost, and give it rights.
The most credible recovery would treat operators not as a passive audience for continuity statements but as the parties whose running systems define success. The ledger must remain accurate. Registry services must remain available. Courts must resolve genuine disputes. But the priority is the network and its customers, not the institutional comfort of the gatekeeper.
Sources and analytical limits
The Internet Engineering Task Force's RFC 7020, The Internet Numbers Registry System supports the distinction between number-resource registration functions and operation of the networks using those resources. It does not assign corporate authority in Mauritius or determine AFRINIC member rights.
The Number Resource Organization's September 2023 statement on the Official Receiver and AFRINIC's Through the Journey of AFRINIC are used for attributed claims about staff and service continuity during the governance crisis. They are not independent service audits.
AFRINIC's Consolidated Annual Report 2022-2024 supports the institution's retrospective descriptions of interrupted decision authority, slow approvals, large ticket volumes, service availability, staff work, membership growth, and technical activity. The report does not supply a complete customer-impact dataset or prove every service claim independently.
AFRINIC's 22 July 2025 communique supports the statement that new IPv4 and IPv6 allocations resumed exceptionally on 1 July to clear a backlog. It does not disclose the backlog's full size, age, cause, or effect on each applicant.
The AFRINIC Statistics Portal is used only to show the scale and variety of the current registry footprint around publication. Its dynamic figures are not treated as historical measurements for 2021-2025.
The RIPE NCC Routing History API documentation and RPKI History documentation define the public observation limits behind the article's discussion of routing and RPKI evidence. Collector visibility is not universal reachability, and archived payload history is not a complete repository or member-service audit.
AFRINIC's RDAP documentation, RPKI trust anchor page, and RPKI repository access documentation establish service boundaries and intended public access. Current documentation does not prove historical availability, integrity, or request-processing performance.
The AFRINIC Constitution 2020, 2024 Court of Civil Appeal judgment, and 13 October 2025 board-and-receiver statement support the member, authority, receivership, and transition context. They do not establish individual customer harm.
No complete historical member-ticket ledger, applicant-impact survey, customer outage dataset, private routing telemetry, commercial workaround record, contract file, security-incident archive, or sealed court evidence was available in the public material reviewed. The article therefore distinguishes observed service persistence and acknowledged backlog from analytical mechanisms that require further measurement. It does not claim that every member suffered, that every delay was caused by missing governance authority, or that operator resilience eliminated the need for AFRINIC's staff and services.

