Summary

  • APNIC has a legitimate reason to test whether IPv4 delegations, transfers, NIR records, contact data, and historical-resource claims still reflect real control; without that discipline, the registry becomes a stale ledger that raises transfer, lending, routing, and procurement risk.
  • The economic risk begins when utilisation review moves beyond evidence of real deployment and record accuracy into judgement about whether an operator's growth plan, customer mix, reserve capacity, transfer purchase, or commercial model is acceptable.
  • In the Asia-Pacific region, the NIR layer makes audits more valuable and more delicate: local registries can reduce language and evidence friction, but layered review can also turn one registry question into a multi-institution inspection.
  • A credible APNIC audit regime should be proportional, confidential, evidence-equivalent, time-bounded, appealable, and focused on registry facts; it should not operate as a hidden rationing system for post-exhaustion IPv4 capital.

The File On The Table

The file does not look political at first. It looks like an ordinary transaction folder: one transfer agreement, one address schedule, a spreadsheet exported from an IP address management system, a list of customer assignments, a network diagram that has been simplified for disclosure, several invoices for routers and access circuits, a board note approving the purchase, and a lender's condition that the buyer must prove the addresses will not become a registry problem after closing.

The buyer is a growing access provider in Southeast Asia. Its IPv6 plan exists, but its customers still need reachable IPv4. The company has a small cloud practice, a fixed-wireless base outside the capital, and several enterprise contracts that require static public addresses for security, remote access, and payment systems. It has been leasing some capacity, placing other subscribers behind carrier-grade NAT, and losing bids to incumbents that carry larger historical address estates. Buying a clean IPv4 block is not a luxury. It is how the company avoids turning every new customer into a support ticket.

The seller is not suspicious either. It is a mature operator that has consolidated platforms, moved some internal services, and found more address space than it needs for the next stage of its network. The block is routed. The contacts are reachable. The parties can identify the holder. No one is pretending that address space is abundant. The price reflects scarcity, not charity.

Then the audit question appears. Is the address space really in use? Has past delegation been documented? Does the recipient have a detailed plan for the transferred resources? Has the seller complied with applicable policy? Are customer records accurate enough? How should confidential assignments be proved without exposing the buyer's customers? If some addresses are reserved for delayed enterprise contracts, are they unused inventory, prudent capacity, or hoarding? If a National Internet Registry sits between the regional registry and the member, whose records decide the answer?

This is where address-utilisation audits become economically interesting. The review can protect the file. A buyer wants to know that the registry record will not be challenged after money changes hands. A lender wants to know that a block accepted as collateral will not be frozen by a stale-contact dispute or a retroactive compliance objection. A cloud customer wants a public route that will not be pulled into a registry argument. A small ISP wants assurance that its own honest use will not be discounted because it lacks a large compliance department.

But the same review can also change the transaction's nature. A registry that asks whether the record is accurate performs a coordination function. A registry that asks whether the recipient's business plan is worthy performs an allocation function. A registry that asks whether an address block is real protects the market. A registry that decides whether the market should exist becomes a market participant without capital at risk.

The difference is not semantic. It decides who prices scarcity.

Accuracy Is Not The Enemy

There is a naive version of the anti-audit argument, and it is wrong. It says that any utilisation review is merely bureaucracy. That misunderstands what a registry is supposed to do. The number-resource layer is useful precisely because independent networks need a common reference point. If the record says one organisation controls a block, the rest of the Internet needs reasonable confidence that the statement is not fictional. If an address block has been transferred, counterparties need to know that the new holder is now visible in the registry. If an old historical record is updated, the person requesting the change must be able to show authority. If an allocation has been issued through a National Internet Registry, the APNIC system still needs to answer the public coordination question: who is responsible for the space, and where should operational enquiries go?

Without that discipline, the costs move elsewhere. Upstream networks demand more warranties. Cloud platforms reject bring-your-own-IP requests. Banks discount collateral. Buyers price in a defect risk. Sellers accept lower offers because diligence takes longer. Abuse desks chase the wrong party. Route filters and security tools lean on private knowledge instead of public registry facts. The public record becomes less useful, and the market becomes more dependent on insiders who know which stale entry is harmless and which stale entry is dangerous.

That is not freedom. It is opacity.

An audit that protects accuracy can therefore increase liquidity. It gives the buyer a cleaner title-like file, even if the registry refuses the language of title. It gives the seller a way to demonstrate that a block is not trapped in a private dispute. It gives an NIR a method to reconcile local records with the regional database. It gives APNIC a way to find administrative drift before drift becomes a transfer failure. It gives the public a narrower, more reliable record.

The useful audit asks questions that match the registry function. Is the holder the same party the registry thinks it is? Do the contact and organisation records still work? Is the address block uniquely recorded? Are there conflicting claims? Are transfers recorded through a recognised channel? Are large customer delegations reflected in a way that supports troubleshooting while respecting confidentiality? Are reverse-DNS, route-origin, and public-contact dependencies aligned with the holder's actual operating structure? Does a request for more address space depend on claims about prior use that can be checked?

These questions can be annoying. They should still exist. Registry accuracy is not decorative. It is infrastructure for routing, contracts, procurement, financing, security review, and customer continuity. The critique is not that APNIC should never ask for evidence. The critique is that evidence must remain tied to registry facts.

The boundary matters because IPv4 is no longer a free-pool administrative item. It is scarce capital. The old language of efficient use carries a different economic weight once every address has an opportunity cost.

Scarcity Changed The Audit

In the allocation era, utilisation review had a simple justification. A registry held a finite pool and applicants wanted blocks from it. If one applicant received more than it could use, another applicant might receive less. A needs test, however imperfect, was a rationing method for a pool that had not yet been allocated. The review asked whether a request from the common stock was plausible.

The post-exhaustion world is different. Much of the economically relevant IPv4 supply now moves through transfers, leasing, mergers, acquisitions, cloud architectures, customer assignments, and recovered resources. The registry is no longer simply deciding how much free space to give out. It is recording movements of address capital that operators already value, finance, reserve, and deploy. In that setting, a broad utilisation audit can become a second allocation hearing after the market has already spoken.

APNIC's own policy materials show the tension. They set out core registry goals: globally unique assignments and allocations, public registration for troubleshooting, contactability, and an accurate description of resource distribution. They also preserve allocation-era ideas: request documentation, detailed plans, usage rates, policy compliance, and the eighty percent rule for subsequent IPv4 delegations. For transfer recipients that already hold IPv4 resources, the policy asks for a detailed plan for use of the transferred resource within twenty-four months and evidence around prior holdings. For historical-resource transfers into current APNIC account holders, the policy also contains a notable restraint: APNIC says it does not require technical review or approval of the resource's current use to approve that transfer and does not review the private agreements between the parties.

That mix is revealing. The registry needs enough evidence to keep the record honest. But the policy book also carries old rationing muscles. The danger is that those muscles flex in the wrong setting.

When a new free-pool delegation is being considered, utilisation evidence can prevent waste of a remaining public allocation channel. When a transfer buyer has paid market price for addresses, the question should narrow. Does the transfer preserve uniqueness? Is the source the recognised holder? Is there a dispute? Is the recipient visible and accountable? Are the registry records complete enough to support future operations? A plan for use may be relevant, but it should not become an open-ended judgement about whether the buyer's business deserves the addresses.

The economic reason is straightforward. A market purchase is itself evidence of demand. Capital is not perfect proof; companies can speculate, misjudge, or hoard. But capital at risk is more informative than a registry's forecast of an operator's future customers. The buyer pays the acquisition price, carries the balance-sheet risk, faces the customers, and absorbs the failure if deployment is late. The registry does not.

This does not mean the buyer gets a blank cheque to falsify records. It means the review should be calibrated to the harm the registry is positioned to prevent. Duplicate claims, false authority, hidden disputes, stale contacts, fraud, and gross non-use used to extract additional free-pool space are registry harms. A buyer's conservative reserve for enterprise contracts is a business judgement. Treating both as the same kind of problem turns scarcity governance into capital control.

APNIC's Review Program Is A Test Case

APNIC's current Resource Delegation Review Program is an unusually concrete test case because it is not hypothetical. APNIC says it began planned reviews of resource delegations across the APNIC registry and National Internet Registries at the end of 2023, initially to ensure registry accuracy. Following preliminary investigations, the program was expanded in 2025 to include steps intended to strengthen policy compliance and registry integrity. The program now includes data analysis across APNIC and NIR records, policy-compliance spot checks, internal policy and procedure review, account-accuracy review, NIR support and training, and review of standard NIR agreements.

The latest public update matters for this article because it brings the review into the present. In July 2026, APNIC reported that the primary activity is reviewing all IPv4 resource delegations and transfers made by each NIR and APNIC over a ten-year period. It said data analysis of TWNIC and KRNIC delegations and transfers had been completed with minor queries and clarifications resolved, joining JPNIC as completed. It also said APNIC was continuing with VNNIC and IDNIC, that IRINN and CNNIC initial data reviews were in progress, and that APNIC's own registry-data analysis would begin in the third quarter of 2026.

Those facts should not be dismissed as housekeeping. A ten-year review across NIRs and APNIC covers the years in which IPv4 scarcity became a balance-sheet issue, transfer markets matured, leasing expanded, cloud architectures hardened around public-address scarcity, and route-security evidence became commercially relevant. The program is looking at precisely the period in which an address record stopped being a low-stakes administrative entry and became a market instrument.

The good version of such a program is easy to defend. If an NIR made delegations that do not match regional policy, APNIC needs to understand the gap. If transfer records contain inconsistent source or recipient data, the public ledger needs repair. If account contacts are wrong, someone must update them. If a standard NIR agreement lacks clarity, the ambiguity should be fixed before an operator is forced to solve it during a crisis. If spot checks show that onboarding or delegation decisions are weak, APNIC can improve evidence rules before the weakness produces fraud or a market discount.

The dangerous version is equally clear. A retrospective ten-year review can be used to reopen commercial decisions that operators reasonably treated as settled. It can convert local-language NIR evidence into a second APNIC inspection. It can make a member prove not only that a delegation occurred, but that its business path still looks like a policy officer's expected model. It can treat reserve capacity as suspicious because a spreadsheet does not show immediate customer use. It can pressure transfers by creating uncertainty about whether old policy judgements will be reinterpreted under present scarcity politics.

The program's economic legitimacy therefore depends less on the word "review" than on the remedies attached to review. Accuracy repair is one thing. Retrospective business-plan veto is another.

The NIR Layer Cuts Both Ways

APNIC's region is not a single administrative surface. Its National Internet Registries are part of the institutional texture. They exist to provide registry services in local language and culture, and APNIC's operational policy for NIRs recognises that this can improve service for ISPs requiring resources. The same policy also admits that the NIR structure historically added complexity to APNIC's ability to ensure efficient resource utilisation, and it requires NIRs to implement applicable APNIC address-management policies while allowing additional local policies that do not conflict with regional or global rules.

That is a useful arrangement when it lowers evidence cost. A Korean, Japanese, Vietnamese, Indonesian, Iranian, Taiwanese, or Chinese operator may have company documents, customer evidence, procurement records, regulatory materials, and network plans that are easier to understand through local registry practice than through a single English-language office. Local registry familiarity can make a utilisation review more accurate, not less. It can distinguish an ordinary domestic business record from a suspicious one. It can understand why a customer assignment is documented a certain way, why a facility is named in local shorthand, or why a regulated service must reserve addresses before public launch.

But the NIR layer also creates a layered-risk problem. An operator can satisfy its local registry and still face uncertainty if APNIC later asks whether the NIR's decision met regional expectations. An NIR can hold permanent justification records while APNIC holds only the allocation request and public database response. APNIC's operational policy says an NIR is not required to provide justification information for smaller requests within its allocation window but must maintain such information permanently. That design reduces friction at the moment of allocation. It also means later review depends on record survival, local interpretation, and trust between institutions.

In capital terms, the problem is not merely delay. It is uncertainty over which layer owns finality. If a resource holder's market value depends on registry recognition, then finality has monetary value. A transfer buyer wants to know that NIR-reviewed space will not become less bankable because APNIC later asks for a second opinion on history. A lender wants a record that can be explained without reconstructing a decade of local registry practice. A cloud customer wants the address block to be accepted as operational identity, not treated as a file waiting for institutional reconciliation.

The answer is not to abolish local registries inside the audit. The answer is to make evidence boundaries explicit. NIR evidence should be respected when it proves the registry fact. APNIC should be able to ask for clarifications where the regional record would otherwise be inaccurate. But a member should not be exposed to endless re-litigation because APNIC and an NIR have different institutional incentives. If the NIR is the service layer, then APNIC's review should ask whether the service layer kept the regional ledger accurate, not whether every local commercial plan can be regraded from Brisbane years later.

This is especially important for small and mid-sized operators. Large incumbents can survive an institutional file chase. Smaller networks cannot. Every round of multi-layer clarification has a cost: staff time, translation, legal review, customer disclosure, management attention, banking delay, and lost deployment windows. That cost does not show up in the registry's audit statistics. It shows up in who can afford to participate in the address market.

The Real Economic Object Is Option Value

Utilisation audits often sound as if they are about waste. They are really about option value.

A scarce address block gives its holder choices. It can activate customers without buying at a bad moment. It can keep enterprise deals alive while contracts close. It can support a new point of presence. It can make a cloud or content relationship more credible. It can be sold, leased, reserved, renumbered, or pledged. It can reduce dependence on carrier-grade NAT. It can keep a bidder in a public procurement where static reachability matters. It can be held as insurance against a supplier failure. Those choices are economically valuable even before every address is lit.

An audit regime that cannot distinguish option value from hoarding will misprice the network. The operator with a prudent reserve looks inefficient. The operator that runs too hot looks compliant until customers arrive faster than addresses can be sourced. The incumbent with large historical space looks stable because its reserve is invisible inside old allocations. The entrant that buys capacity before revenue arrives looks speculative. A registry that equates visible immediate use with virtue can therefore reward yesterday's abundance and punish tomorrow's demand.

This is the quiet anti-competitive effect of crude utilisation review. Neutral rules can preserve incumbent advantage without saying the word incumbent. If the test is current utilisation, the mature holder wins because its installed base is already recorded. If the test is forecast confidence, the well-capitalised holder wins because it can produce better documents. If the test discounts reserve capacity, the fast-growing holder loses because it must commit before the customers are fully visible. If the test treats transfer purchases as suspicious until the buyer proves use, the market becomes harder precisely for those who most need supply.

APNIC's region makes that problem sharper because Asia-Pacific markets are uneven. Some economies carry dense incumbents, mature NIR systems, long operating histories, and deep address holdings. Others carry fast-growing broadband, mobile, cloud, fintech, public-service, and data-centre demand against thinner address inventory. A review rule that looks mathematically even can have unequal economic effects. It can ask a new cloud-adjacent provider to prove in advance what an old telco obtained when addresses were cheaper and less contested.

That is why the audit should not be a morality test against unused addresses. It should be a falsity test against dishonest records. There is a difference between artificial hoarding and rational inventory. Artificial hoarding hides control, misstates use, creates shell demand, blocks transfer clarity, or uses policy ambiguity to extract more from a common pool. Rational inventory reflects contracts, growth, redundancy, security segmentation, public-address product tiers, customer churn, disaster recovery, migration timing, and the unavoidable fact that a network cannot buy a single public IPv4 address at the exact second a customer signs.

The registry can ask for evidence that a reserve is connected to plausible operations. It should not demand that every address be stripped of future value before recognising the holder's control.

Transfers Need Due Diligence, Not A Second Allocator

The transfer market is where the audit boundary becomes hardest to maintain. APNIC's policy says transfer records should ensure an accurate description of the current state of address distribution and that APNIC will maintain a public log of number-resource transfers. That is a registry function. The buyer, seller, broker, escrow provider, lender, and upstream networks all benefit when the public record shows that a transfer happened and the new holder is accountable.

Yet APNIC's transfer policy also asks recipients to demonstrate a detailed plan for use of transferred resources within twenty-four months, with additional conditions for recipients that already hold IPv4 resources. In a world without free-pool abundance, that plan can easily become the place where the registry re-enters allocation discretion through the back door. The question stops being "can the registry record this transfer accurately?" and becomes "does the registry approve the buyer's predicted use?"

The difference is not academic. A buyer may acquire a block for a sequence of uses: immediate public-address products, cloud onboarding, enterprise contracts under negotiation, replacement of leased space, reserve for regulated customers, and reduction of CGNAT pressure. Some of those uses are certain. Some are probabilistic. Some are confidential. Some depend on the transfer closing. Some are more like insurance than deployment. A detailed plan can describe this, but it cannot eliminate uncertainty. Business plans are not proof of the future. They are management instruments.

If the registry treats the plan as a gate into the transfer, the buyer faces a regulatory-style risk without regulatory accountability. The registry does not pay the seller's carrying cost while the file waits. It does not compensate the buyer for a delayed customer launch. It does not absorb currency movement, escrow expense, legal fees, or financing conditions. It does not lose the procurement when a rival with inherited space can move faster. It can delay a deal with a request for clarification that sounds minor from the outside and is material inside the transaction.

A better design treats transfer review as due diligence on registry-recognisable facts. Is the source the recorded holder? Is the source current enough to act? Is the block subject to a dispute, hold, or minimum holding period? Is the recipient an APNIC account holder where required? Are contacts and records ready to be updated? Is there a plausible, non-fraudulent operating reason for acquisition? Does the recipient understand the registry duties attached to the resources? Are NIR responsibilities clear where a local registry is involved?

Those questions protect the ledger. They do not require APNIC to decide whether a cloud product, broadband rollout, leasing strategy, or enterprise reserve is an efficient use of capital. Market participants can price those choices. The registry's comparative advantage is not investment judgement. It is record integrity.

Historical-resource treatment points toward the right restraint. APNIC's policy says it does not require technical review or approval of current use to approve certain historical-resource transfers, and it does not review private agreements between parties. That distinction should not be treated as a historical oddity. It is a reminder that the registry can recognise a transfer without becoming the commercial judge of the asset.

Confidential Proof Is Part Of The Product

Utilisation evidence can be commercially sensitive. Customer assignments can identify enterprise clients, government agencies, security architectures, financial-service endpoints, wholesale relationships, growth markets, or planned points of presence. Network diagrams can reveal redundancy weaknesses. Purchase orders can expose supplier strategy. A lender's collateral schedule can expose financing terms. A cloud migration plan can expose customer churn. An NIR file can contain local business records that were never meant to travel across institutional layers.

APNIC's policy acknowledges this problem in the request context. It says supporting documentation may be highly confidential to applicants and their customers and that APNIC will protect confidential information through systems, practices, procedures, and staff confidentiality. That promise is not a side note. It is part of the economics of the audit.

If operators believe that proving utilisation requires over-disclosure, they will behave defensively. They will under-explain, delay transfers, avoid updating records, prefer private leasing arrangements, or keep evidence outside the registry until forced. The registry may then complain about opacity that its own evidence design has helped create. A high-trust review can bring real information into the file. A low-trust review drives real information into private channels.

The solution is evidence equivalence. APNIC does not need the same document from every operator if different documents prove the same registry fact. For a growing ISP, IPAM exports, assignment summaries, customer classes, and network plans may be enough. For a cloud customer, account architecture, bring-your-own-IP approval, and route/security evidence may be more relevant. For an NIR member, local registry certification may carry weight. For a lender-driven transaction, collateral schedules and warranties may help show control without exposing every downstream customer. For an operator with security-sensitive customers, third-party attestations or aggregated assignment evidence may prove use without publishing the customer's map.

Equivalence is not softness. It is precision. A review that demands one canonical proof package regardless of business model is administratively tidy and economically blunt. A review that defines the fact to be proved and accepts multiple reliable ways to prove it is harder to administer but more faithful to the registry's role.

This is where APNIC can create market confidence. A transfer buyer should know in advance what level of evidence will satisfy the review. An NIR should know what APNIC will accept from local records. A member should know which evidence can remain confidential, which must become public, which can be aggregated, and which will trigger follow-up. A lender should know whether a registry diligence file is likely to survive ordinary questions. Predictability reduces the risk premium.

Opacity does the opposite. If members cannot tell whether the next question is about registry accuracy or business judgement, every audit becomes a pricing event.

Routing Evidence Is Useful But Not Enough

One tempting shortcut is to equate utilisation with routing visibility. If a prefix is seen in BGP, it must be used. If it is not seen, perhaps it is idle. The shortcut is attractive because routing data is visible, machine-readable, and less intrusive than customer files. It is also incomplete.

Some real uses are not cleanly visible as public origin announcements. Addresses may sit behind a provider aggregate. They may be used in enterprise, managed, or security architectures where public routing is only one part of control. They may be reserved for migration windows, disaster recovery, address-renumbering projects, or customer cutovers. They may be in quarantine after reputation contamination. They may be temporarily unrouted during a transfer, M&A integration, or cloud onboarding. They may be assigned to infrastructure that depends on reverse DNS, allowlists, or service contracts more than obvious route-map novelty.

Conversely, a routed prefix does not prove economically clean use. A holder can announce space while downstream records are stale, customers are hidden, contacts are wrong, or authority is unclear. Route visibility is evidence of operation, not proof of good registry state. An audit that relies too heavily on public routing data can miss private defects and punish legitimate quiet uses.

The same is true of reverse DNS, RPKI, RDAP, Whois, IRR entries, and abuse contacts. Each is a useful evidence channel. None is the whole story. A registry audit should triangulate. It should treat routing and security records as public signals that support a file, not as a substitute for understanding the actual registry fact being tested.

This matters for transfer buyers because address value increasingly depends on a bundle of evidence. A clean block is not merely a list of numbers. It is a record history, a current holder, contacts, reverse-DNS continuity, route-origin readiness, reputation state, NIR or APNIC recognition, transfer eligibility, and confidence that a future review will not reopen settled matters. A utilisation audit can strengthen that bundle if it clarifies which signals matter. It weakens the bundle if it treats any missing signal as proof of wrongdoing.

The right standard is not perfect visibility. It is reasonable confidence.

Audit Burden Is A Market Filter

This article should not become another essay about documentation burden. The burden exists, but the narrower point is that audit burden filters the market. It decides which networks can survive review without changing strategy.

A large incumbent can assign a regulatory affairs manager, a network-planning team, external counsel, and an IPAM vendor to the file. It can absorb a month of questions. It can produce historical documents because it has archives and staff continuity. It can show usage across old allocations because its installed base is large. It can wait out the transfer market.

A smaller operator may have better growth economics and worse evidence economics. Its network engineer may also be the person who prepares the review. Customer records may exist but not in a format that maps neatly to APNIC categories. Local language documents may need explanation. Its reserve capacity may be concentrated in a few pending contracts. Its cash cost of delay is higher. A question that is "reasonable" for a large operator can be decisive for a small one.

That asymmetry matters because address scarcity already favours incumbents. They received much of their space earlier, when proof costs were lower and addresses were less capitalised. If later entrants must buy at market price and then carry a heavier review burden, the registry has amplified the advantage of history. It may not intend to do so. The effect remains.

This is why proportionality is not merely fairness language. It is market design. A small transfer should not require the same file as a multi-million-address restructuring. A member with clean recent evidence should not be asked to reconstruct every old customer assignment unless a specific inconsistency justifies it. A review of APNIC/NIR registry alignment should not require individual operators to carry institutional reconciliation costs unless their own record is defective. A request for clarification should explain the specific registry risk being addressed.

Proportionality also reduces gaming. If members understand that review questions are tied to concrete risks, honest operators will prepare the right evidence and dishonest operators will have fewer vague spaces in which to hide. If questions feel discretionary, everyone learns to optimise for presentation rather than truth.

Markets do not require the absence of rules. They require predictable rules that allocate cost to the right problem.

When The Audit Becomes A Business-Plan Inspection

The dangerous audit has recognizable features.

It asks for business forecasts without explaining which registry fact the forecast proves. It treats a reserve for future customers as suspect unless every address has an immediate named endpoint. It uses "efficient use" as a general moral standard rather than a criterion attached to a specific delegation context. It treats transfers as if the buyer were requesting a free allocation from a common pool. It uses old policy language to evaluate modern capital decisions. It changes evidence expectations after the transaction has begun. It does not distinguish fraud risk from ordinary commercial uncertainty. It creates uncertainty over whether an NIR decision is final. It does not provide reasons precise enough for the member to fix the problem. It threatens severe remedies before offering narrow cure.

At that point the audit is no longer just protecting registry accuracy. It is inspecting the operator's business plan. It asks whether the operator is growing fast enough, using addresses soon enough, reserving too much, leasing too openly, selling too freely, serving the right customers, or fitting the preferred model of network development. The registry becomes a capital committee without shareholders, a lender without a balance sheet, and an industrial-policy office without public accountability.

This is the form of mandate laundering that scarcity makes tempting. A phrase such as "registry integrity" can cover very different acts. Correcting a stale contact is registry integrity. Preventing a false transfer is registry integrity. Reconciling NIR records is registry integrity. But delaying a legitimate buyer because staff distrust the buyer's market strategy is not registry integrity. It is discretion dressed in technical clothing.

The danger is not that APNIC staff are uniquely bad. The danger is structural. Any institution that holds the recognition key to a scarce asset will be pulled toward broader authority unless its role is deliberately constrained. Scarcity raises stakes. Higher stakes justify more review. More review creates more institutional knowledge. Institutional knowledge invites more judgement. Judgement becomes policy. Policy becomes a gate. The gate becomes a source of power.

The economic check is simple: would running networks still require this question if IPv4 had no market value? If yes, the question probably belongs to the registry layer. Uniqueness, control, public contact, dispute status, transfer recording, security assertions, and operational continuity would still matter. If no, the question may be a scarcity-control question masquerading as technical governance. Customer geography, asset monetisation, reserve philosophy, leasing morality, and management's appetite for growth are not registry facts.

APNIC's best defence against this drift is to make the boundary public and boring.

What A Bounded APNIC Review Should Look Like

A credible utilisation-review regime should start with a written purpose statement that separates accuracy review from allocation judgement. The purpose is to keep the registry true, not to decide the most virtuous use of IPv4 capital. It should define the registry facts under review: holder identity, source authority, contactability, delegation record accuracy, transfer eligibility, NIR alignment, customer-assignment evidence where required, and compliance with specific policy conditions attached to the relevant resource type.

It should then publish evidence tiers. Low-risk files need light evidence. Higher-risk files need more. Fraud indicators, conflicting claims, large unusual transfers, NIR data mismatches, stale contacts, suspicious account changes, or requests for additional scarce pool resources can justify deeper review. Ordinary reserve capacity, confidential customers, or transfer purchases should not automatically be treated as suspicious.

It should accept equivalent proof. IPAM exports, aggregated assignment records, NIR confirmations, customer-class schedules, third-party attestations, route and security records, invoices, network diagrams, board approvals, and transaction documents can all prove different parts of the same file. The question is not whether the member uses APNIC's favourite format. The question is whether the evidence reliably proves the registry fact.

It should protect confidentiality by design. Public records should contain what the public needs for coordination. Private evidence should remain private unless disclosure is required by law or necessary for a specific public registry function. Aggregated evidence should be preferred where customer detail is unnecessary. Sensitive operator information should not become an informal bargaining chip.

It should provide reasons and cure. If a record fails review, the member should know what fact failed, which evidence was insufficient, what cure is available, what timeline applies, and what service continuity will be preserved during the cure period. Severe remedies should be reserved for fraud, abandonment, unresolved authority defects, or persistent refusal to correct material registry errors.

It should include appeal and independent review for value-moving decisions. A utilisation question that affects transfer recognition, holder status, reverse DNS, RPKI, or resource continuity is not a casual administrative act. It can move market value. That requires procedural discipline.

It should publish aggregate statistics without exposing member files. How many reviews were completed? How many required clarification? How many led to record correction? How many involved NIR reconciliation? How many produced material non-compliance? How long did reviews take? Were any resources returned, revoked, or corrected? Aggregated transparency gives the community a way to see whether the program is improving accuracy or becoming a discretionary pressure system.

Above all, the review should have a stop rule. Once the registry fact is proved, the file should close. No audit should become a permanent option to revisit business judgement.

The Ledger Must Not Become The Gatekeeper

APNIC's institutional strength lies in being a trusted ledger for the Asia-Pacific number-resource layer. The ledger must be accurate enough for networks to rely on it. It must be stable enough for buyers, lenders, customers, upstreams, cloud platforms, and public bodies to build around it. It must be narrow enough that operators do not fear the registry as a business regulator.

Those requirements reinforce each other when the audit is bounded. Accuracy increases confidence. Confidence increases liquidity. Liquidity helps scarce IPv4 move toward higher-valued use. Higher-valued use strengthens operators that actually carry customers and capital risk. A registry that can correct records without judging the whole economy becomes more useful.

They collide when the audit is discretionary. If APNIC can unsettle a transfer through a broad business-plan inquiry, every address block carries an institutional risk premium. If NIR evidence can be reinterpreted years later without a clear finality rule, locally served members face a hidden discount. If reserve capacity is treated as hoarding, operators underinvest in growth and resilience. If review outcomes are opaque, insiders gain an information advantage. If cure and appeal are weak, registry staff become de facto capital allocators.

The point is not that APNIC should ignore artificial hoarding. A fake utilisation file, shell customer list, false authority claim, or policy-evasion transfer damages the registry and the market. The point is that the remedy must target the falsity. The existence of scarce value does not give the registry a general claim over how that value is held.

This is the Heng Lu scarcity argument applied to a narrow APNIC file. Scarcity should narrow the registry's duty, not broaden it. Once IPv4 became valuable, the registry's legitimacy depended more, not less, on restraint. It must protect uniqueness, accuracy, transfer records, auditability, and operational continuity. It must not convert the scarcity premium into institutional rent.

That distinction is uncomfortable for registry institutions because it gives them less moral room. It says the registry can be essential without being sovereign. It can ask hard questions without becoming a planner. It can review evidence without acquiring a veto over commerce. It can support NIRs without turning the regional layer into a second national regulator. It can correct the ledger without owning the economy written in the ledger.

The APNIC Resource Delegation Review Program will be judged by that boundary. If it resolves stale records, clarifies NIR responsibilities, improves account accuracy, catches false delegations, and makes transfers cleaner, it will add value. If it becomes a standing mechanism for regrading business plans, it will add risk.

The Buyer Still Needs An Answer

Return to the transfer file. The buyer can show the capital commitment, the contracted and probable customer demand, the current use of leased and provider-assigned space, the limits of CGNAT, the cloud and enterprise contracts, the IPAM plan, the NIR or APNIC account path, and the public records that will be updated after closing. It can explain why some addresses will be used immediately and some must be reserved. It can accept contact, abuse, reverse-DNS, and route-security responsibilities. It can promise to keep records accurate.

What it cannot provide is certainty that every address will be consumed exactly as forecast. No operating company can. Demand changes. Customers delay. Equipment ships late. Public tenders move. Cloud accounts are re-architected. Regulators ask for redundancy. Security teams change segmentation. IPv6 adoption grows in some places and stalls in others. The very point of holding scarce address capacity is to manage uncertainty.

So the APNIC audit should give the buyer a clear answer. If the file proves holder authority, transfer eligibility, accountable records, and a plausible operating use, the registry should record the transfer and close the review. If a fact is missing, APNIC should identify the fact and the cure. If fraud or conflict appears, APNIC should isolate that defect and protect continuity while it is resolved. What APNIC should not do is keep the buyer in a state where registry recognition depends on whether staff remain satisfied with a business plan after the money has moved.

An audit regime that answers clearly improves the market. An audit regime that keeps discretion alive taxes the market.

The distinction is the economics of address-utilisation audits in one sentence: verification makes IPv4 more bankable; inspection makes it less bankable.

For APNIC, the choice is institutional. It can use utilisation review to make the Asia-Pacific registry more reliable during the most capital-intensive phase of IPv4 scarcity. Or it can allow review to become a soft rationing instrument that favours incumbents, raises entry costs, and leaves every transfer buyer wondering whether the ledger is a record or a permission slip.

The Internet needs the first version. The second version is how a clerk becomes a landlord.

Sources and Further Reading