Summary

  • In the ARIN region, utilisation review is less a last-pool rationing drama than a recurring evidence discipline around a mature scarcity market: IPAM exports, customer assignment files, reservation plans, reassignment records, legacy-holder authority, merger files, transfer readiness and lender diligence.
  • The legitimate case for review is anti-hoarding and ledger hygiene. A public registry cannot rely on stale promises when IPv4 has capital value, transfers are common and counterparties use public records to price risk. But legitimacy depends on proportional proof, confidentiality, equivalent evidence, notice, cure and clear audit clocks.
  • ARIN's useful role is narrow. It should keep the responsibility ledger accurate and make evidence predictable. It should not decide whether a holder's customer model, capital plan, reserve posture, sale timing, public-sector procurement cycle or corporate restructuring is commercially virtuous.

The audit arrives as paperwork and lands on the balance sheet

The first sign of an address-utilisation audit is often a modest administrative question. A network operator requests additional IPv4 space, asks for transfer pre-approval, prepares a specified-recipient transfer, cleans up reassignment records, or tries to settle an inherited legacy file before a financing round. The registry asks how the current addresses are being used. The question is simple enough. The answer is rarely simple.

Inside the company, the request moves quickly from the network desk to the rest of the institution. Engineering opens the IP address management system. The operations team exports DHCP pools, static customer ranges, loopback plans, router infrastructure, NAT pools, hosting assignments, security appliances, anycast nodes and disaster-recovery reservations. The product team explains why some ranges are held for customer onboarding that has already been sold but not yet provisioned. The enterprise-sales team warns that several quiet-looking prefixes are bound into long-term customer contracts and cannot be renumbered without months of notice. The legal team asks what customer names can be disclosed. The finance team asks whether the audit will delay a transfer, a loan, a sale or a data-centre expansion.

That is the economic character of an address-utilisation audit in the ARIN region. It is not merely a compliance form. It is a conversion of operational memory into externally reviewable evidence. The cost is not only the staff hours spent answering ARIN. It is the delay, exposure, uncertainty and internal negotiation caused by the need to prove that addresses are neither idle trophies nor disposable lines in an old database.

This is a mature-market problem. ARIN's free IPv4 pool was depleted on 24 September 2015, and ARIN's own IPv4 guidance now points ordinary applicants toward special reserved-policy cases, the waiting list, specified-recipient transfers and IPv6. That official fact is an exhibit, not an ideology. The market fact is sharper: in North America and the Caribbean, IPv4 has become inventory, collateral, bargaining leverage, continuity capital and operational reputation. A utilisation question therefore touches asset value even when the question is framed as registry administration.

The mature-market setting also changes the moral tone. A small operator that acquired addresses through a transfer is not in the same position as an applicant asking for a final fragment from an exhausted free pool. A university holding early space is not necessarily hoarding merely because its files are old. A public agency may keep address reserves because procurement, security review and continuity planning move slowly. An enterprise may hold a renumbering buffer because banks, vendors and customers need planned migration windows. A hosting provider may keep clean blocks aside because reputation, reverse DNS and customer segmentation matter. None of these facts automatically proves efficient use. They prove that utilisation cannot be reduced to a ping scan or a crude "busy address" ratio.

ARIN's policy materials make the audit power visible. The Number Resource Policy Manual says ARIN may review the current usage of resources maintained in its database, and that an organisation must cooperate with reasonable related documentation. It also says review may occur when new resources are requested, when ARIN has reason to suspect fraud or policy contravention, when reassignment or reallocation rules appear unmet, or at other times unless a full review has been completed in the preceding 24 months. The policy also requires ARIN to communicate conclusion and any further actions after a review. Those words create a review economy: evidence demand, response burden, audit clock, and closure.

The strongest defence of this power is anti-hoarding legitimacy. A scarce, unique public resource cannot be administered on blind trust. If applicants can ask for more while sitting on unexamined inventory, honest operators pay a scarcity premium and late entrants face a rigged game. If transfer recipients can take large blocks without showing operational need under the relevant policy, the registry record becomes a settlement machine for speculative control. If legacy files can remain stale forever, counterparties must price uncertainty into every deal. Review therefore has a legitimate function: it keeps the responsibility ledger attached to real networks.

The danger is that the same review can become discretionary pressure. A registry that asks whether a range is assigned, reserved, used for infrastructure or being renumbered is maintaining evidence. A registry that asks whether the holder's business model is desirable, whether a reserve is morally pleasing, whether a lender should rely on the addresses, whether a customer class is sufficiently local, or whether a transfer price is socially acceptable has moved into a different role. It is no longer checking the ledger. It is judging capital deployment.

That distinction is the centre of the issue. ARIN should be an evidence institution. It should make the record precise enough that buyers, sellers, lenders, operators, customers, abuse desks and public bodies can rely on it. It should not use the audit file as a licence to become a business-model judge.

ARIN's maturity makes audit economics quieter, not smaller

The ARIN region does not present the same audit atmosphere as a registry under obvious governance stress or a region living through a final-fragment allocation fight. The region contains deep incumbent holdings, old enterprise and university allocations, a sophisticated transfer market, large cloud and hosting buyers, public-sector networks, private-equity due diligence, lenders that understand IPv4 value, address brokers, managed-service providers and counsel who know how to assemble a file. That maturity can make audit risk look routine. It can also make the cost easier to miss.

In a mature market, the audit is part of ordinary corporate hygiene. A company preparing a transfer wants to know whether the seller is the current registered holder, whether the source is free of resource-status disputes, whether earlier transfers or allocations create waiting-list restrictions, whether reverse-DNS control can move, whether route-origin evidence can be rebuilt, and whether customer assignments are clean enough to explain. A buyer wants to know whether the resource can be used on an operational network and whether the recipient's need evidence will satisfy ARIN's transfer requirements. A lender wants to know whether a borrower can maintain the record, renew agreements, avoid service stoppage and answer a registry review without freezing the collateral story.

The audit is therefore priced into transactions even when no formal review is under way. A clean holder file supports price. A messy file creates a discount. A block tied to an old company name, missing officers, stale points of contact, unclear asset history or unreconciled customer records becomes less liquid because a future buyer must pay to clean it. If the file is clean enough that ARIN review would be boring, the address block behaves more like reliable inventory. If it is not, the asset carries a process premium.

This is not because ARIN is the owner of the network. It is because public recognition matters in a market for unique number resources. A private contract between buyer and seller is not enough if the public registry cannot recognise the transfer. A lender's security interest is weaker if the borrower's registration record cannot survive basic scrutiny. A merger agreement is less useful if the acquiring entity cannot show that it obtained the assets using the resources, or the entity that held them, in a way ARIN can process. A board resolution does not route packets, but it may decide whether the public ledger can be updated.

Maturity also expands the evidence universe. An early internet company might have used addresses for a campus network, a dial-up service or a simple hosting platform. Today's holder may have multiple subsidiaries, outsourced network operations, acquired customer books, data-centre leases, reseller arrangements, public-sector contracts, security segmentation, internal infrastructure, customer privacy obligations and reserved capacity for projects that have capital approval but no live traffic yet. The address file is no longer one network diagram. It is a set of institutional promises.

ARIN's policies reflect this mixed economy. Section 8.2 recognises transfers tied to mergers, acquisitions and reorganisations, and it states that resources transferred under that section are not subject to a needs-based assessment during the transfer process. Sections 8.3 and 8.4 govern specified-recipient transfers inside and across regions, while section 8.5 supplies recipient requirements such as operational use, minimum transfer size, documentation for use within 24 months, efficient utilisation of previous blocks, and alternative additional-block criteria. Section 9 recognises out-of-region use where the applicant has a real and substantial connection with the ARIN region. These are not abstract clauses. They are the vocabulary by which a mature market turns corporate change into registry continuity.

The difficulty is that vocabulary can become opaque to smaller firms. A large buyer can hire brokers, lawyers and address specialists. A rural ISP, local hosting company, tribal network, Caribbean provider, university department, municipal network or mid-sized enterprise may rely on one engineer, one finance lead and a lawyer who does not regularly handle number-resource evidence. The fixed cost of an audit falls harder on them. The same request for reasonable documentation that a large platform treats as ordinary deal support can consume weeks for a small operator.

That distributional effect matters. If audit readiness becomes affordable only for large incumbents and professionalised address investors, the review system will unintentionally favour concentration. The registry can say its rules are neutral. The market will know that the cost of proving compliance is not neutral. A mature market is capable of handling evidence discipline. It is also capable of using process cost as an entry barrier.

IPAM is the first witness, but not the only one

The most honest utilisation file begins in IPAM. A well-kept IP address management system can show which ranges are assigned, reserved, routed, delegated, retired, held for customer orders, marked for renumbering, used by infrastructure, tied to subsidiaries, or available for future deployment. It can show dates, owners, descriptions, linked tickets and sometimes customer identifiers. It can export a map of the address estate that is more accurate than any outside scan.

Yet IPAM is a witness, not a verdict. It exists to keep the network from colliding with itself. It does not always exist to persuade a registry reviewer, a lender, a buyer or a court. Older networks may have migrated from spreadsheets to commercial IPAM and then to another tool. Some ranges may be labelled with old business-unit names. Some inherited blocks may use comments that only long-tenured engineers understand. Some customer records may exist in billing rather than IPAM. Some infrastructure ranges may be quiet because they are standby paths. Some records may be deliberately vague because they relate to security functions, public-safety customers, government users or high-value enterprise services.

This is why a proportional audit should accept equivalent proof. If IPAM and customer assignment records establish a range's function, detailed traffic logs should not be required simply because they exist. If a signed customer order, billing entry and technical assignment ticket show that a range is committed, live packet evidence may be unnecessary. If a routing plan and renumbering schedule explain why a temporary overlap is needed, a short-term underutilisation snapshot should not be treated as hoarding. If a public-sector contract requires address capacity after a staged security review, the evidence may be procurement documents and project milestones rather than immediate traffic.

Equivalent proof is not a loophole. It is the only way to make review accurate. A network is a set of interacting commitments. Traffic visibility, assignment records, contracts, routing state, reverse DNS, RPKI objects, customer tickets, invoices and engineering plans each answer different questions. A crude audit that overweights one kind of proof will reward networks that happen to produce that proof and punish legitimate networks that do not. It will favour large cloud-like documentation over older enterprise reality, and high-volume access telemetry over careful privacy-preserving operations.

The same principle applies to reassignment records. ARIN's reassignment guidance distinguishes how organisations report customer reassignment and reallocation data, including options through ARIN Online, Reg-RWS and RWhois. That public machinery is useful because downstream use should not vanish behind an allocation. But reporting systems have their own cost. RWhois requires continuous availability and data continuity. Large holders with very many NETS face practical interface limits and may need to enter searches directly. Residential privacy rules allow substituted names and private residence labels in certain contexts, with accurate upstream abuse and technical contacts visible. These details show that public record discipline already recognises a tension between transparency and confidentiality.

An audit that ignores this tension will get worse evidence, not better evidence. If operators believe every assignment detail may be used expansively, they will disclose as little as possible. If they believe redacted, aggregated or category-based proof can satisfy the actual question, they have reason to build cleaner files. The audit system should therefore reward useful evidence, not maximal exposure.

IPAM readiness also belongs inside corporate routine. Boards and lenders should ask a simple question: if ARIN asked tomorrow for reasonable utilisation documentation, could the company answer within a defined time without inventing the file from scratch? The answer should not depend on one engineer's memory. It should sit in maintained systems, change controls, assignment policies and periodic internal reviews. That is ledger hygiene. It is cheaper than emergency archaeology.

Customer-assignment evidence is commercially sensitive

The hardest proof often concerns customers. A provider can say that a /22 is assigned to enterprise access, that a /23 serves hosting customers, that a /24 is tied to a bank, that a set of smaller ranges supports managed firewall customers, or that a block is reserved for a signed wholesale order. The registry may reasonably ask for proof. The provider may reasonably resist handing over customer names, site locations, service designs, contract values, security use cases or network maps beyond what the question requires.

That friction is not obstruction. It is a real economic cost of review. Customer-assignment evidence can reveal a provider's sales pipeline, geographic footprint, strategic accounts, regulated customers, security segmentation and pricing posture. In some cases it can identify vulnerable services. A public-sector or health-sector assignment may say more than the address count. A financial-services customer may object to address-use details leaving the contractual chain. An enterprise may allow its provider to document the category of use but not to disclose deployment sites. A university may have research networks with confidentiality constraints. A cloud or managed-service provider may have customers whose names cannot be shared without notice.

The registry's need is narrower. It needs enough evidence to decide whether addresses are being used, reserved for a documented operational purpose, or legitimately requested under policy. It does not need to become a customer registry for every holder. The distinction matters because address administration sits above many private contracts. The public responsibility ledger should say who is responsible for the resource and how the resource is delegated at the appropriate level. It should not become a commercial dossier.

Confidentiality protocols are therefore part of audit legitimacy. ARIN's fraud-reporting process says information collected during investigations will be treated as confidential, though disclosure may be required in court or to law enforcement. ARIN's transfer materials state that it respects the privacy and confidentiality of each organisation when linked ticketed transfer requests are processed. Those statements are factual exhibits. The larger economic principle is that confidential evidence must have a predictable handling path: who sees it, how it is stored, when it is destroyed or retained, whether redaction is accepted, how court or law-enforcement disclosure is handled, and whether the public record will expose only what is necessary.

Without that predictability, operators face a bad choice. They can over-disclose and risk customer or security harm. They can under-disclose and risk an adverse finding. Or they can avoid transactions and requests that might trigger review. The first outcome weakens privacy and competition. The second weakens the ledger. The third weakens liquidity.

An evidence system that accepts customer categories, signed attestations, redacted contracts, sample assignments, third-party auditor letters or hashed exports in appropriate cases can be tougher than one that demands raw detail. It can ask better questions: is the range assigned to a real customer class, is the assignment current, is the reserve tied to a contractual obligation, does the holder have a retention policy, can a reviewer test a sample, and is the evidence consistent across IPAM, billing and network operations? That is review as discipline.

The wrong question is whether a reviewer personally likes the customer model. Some providers sell dedicated public IPv4 as part of managed services. Some lease or subdelegate addresses through contracts. Some operate wholesale structures. Some keep addresses for customers who require a documented public range but generate little visible traffic. These arrangements can be legitimate or abusive depending on evidence. They should not be judged by aesthetic discomfort. They should be judged by whether the public record remains accurate, responsibility is clear, use is real, and policy requirements are met.

Reserves and renumbering are not synonyms for hoarding

The word "unused" is dangerous because it sounds objective. A block not currently carrying visible traffic may still be economically and operationally committed. It may be a reserve for customer migration. It may be a renumbering overlap. It may be tied to a disaster-recovery site that should be quiet until the day it is needed. It may support a public-sector project with long procurement gates. It may be held for an enterprise customer whose firewall change window occurs once a quarter. It may be clean reputation inventory for mail, payments or security products. It may be a de-aggregation buffer needed to avoid routing disorder.

None of this means every reserve is valid. A claim of future use can be a polite name for warehousing. The point is that a serious audit needs category law. It should distinguish dead inventory from planned inventory, speculative hoarding from signed demand, old allocations from transfer-ready surplus, renumbering buffers from vague growth claims, and security reserves from unexplained silence.

ARIN's transfer policies already recognise some of this. A recipient may qualify for a larger initial block or an additional block by documenting the use of at least 50% of the requested IPv4 block size within 24 months. The policy also allows a transfer for the purpose of renumbering, where an organisation with a larger block than it needs may receive a smaller block if it transfers the larger block within one year; current use of the larger block can help satisfy criteria for the smaller block. These provisions show that timing and transition plans are part of legitimate utilisation, not exceptions to it.

Renumbering is especially important in a mature market. The clean economic story says that surplus addresses should move to higher-valued use. The engineering story says that movement requires overlap. Customers, routers, DNS, firewalls, mail systems, certificates, vendor security records, monitoring rules and documentation cannot all change at the instant a contract closes. If a holder is selling a larger block and moving onto a smaller block, an audit that ignores overlap will punish the very behaviour that improves market allocation. The result will be defensive holding.

Reservation evidence should therefore be judged by specificity. A vague "future growth" note deserves little weight. A board-approved expansion plan, signed customer order, data-centre build schedule, public-sector procurement award, migration calendar, security segmentation plan or renumbering ticket deserves more. The best reserve file says what the addresses are for, who owns the decision, what event releases the reserve, when the plan will be reviewed, and what happens if the plan is cancelled. That kind of record prevents hoarding more effectively than a crude traffic snapshot.

The institutional risk is that anti-hoarding rhetoric becomes anti-reserve rhetoric. Networks cannot operate without reserves. Scarce resources must be used efficiently, but efficiency does not mean eliminating buffers. An airline with no spare aircraft, a hospital with no emergency beds, or a water system with no reserve capacity may look efficient in a spreadsheet and fragile in reality. Addressing is not identical, but the principle travels. Some spare capacity is part of continuity.

ARIN's role should be to ask whether the reserve is documented and proportionate. It should not decide that every quiet range is suspicious or that every business plan must fit a single operating model. A proportional audit should be comfortable saying: this reserve is credible; this one is too broad; this one needs a review date; this one should be returned or transferred; this one is a renumbering overlap with a clear endpoint. That is evidence discipline.

Legacy files turn history into present cost

ARIN's region is unusually rich in legacy address history. Universities, research institutions, corporations, public agencies, early internet providers and older technology firms may hold resources that predate today's agreement structure and today's market value. ARIN's legacy-resource guidance says that legacy holders not under an ARIN agreement can maintain unique registration in Whois/RDAP, update publicly available data, manage reverse DNS delegations, maintain registry records in ARIN Online and access DNSSEC, while access to RPKI and IRR requires an ARIN agreement. It also records that early allocations were made under older administrative arrangements and that ARIN has provided legacy registration services since its formation.

These facts matter because legacy files are often not clean in the way modern transfer buyers want. The holder name may reflect an old corporate entity. A university department may have changed names several times. A public agency may have reorganised. A company may have merged, spun out units, sold assets, changed states, dissolved subsidiaries or adopted a new brand while the registry file kept the old label. The addresses may be routed, reverse-delegated and operationally important, yet the paper trail may require reconstruction.

For a utilisation audit, legacy status changes the evidence burden. The question is not only whether the addresses are used. It is whether the organisation answering the question can show authority. Who is the recognised holder? Who can update points of contact? Which officer can sign? Did a merger transfer the assets that use the addresses? Did a bankruptcy or sale leave the resources with an operating successor? Are the addresses in an old department's name but used by a central IT organisation? Did a public university foundation, hospital system or state agency become the practical operator?

This is where audit readiness becomes institutional memory. The address estate may be technically healthy and legally messy. Cleaning it takes corporate records, board minutes, asset-purchase agreements, merger certificates, state filings, letters from successors, network diagrams and sometimes affidavits. The work is dull until a transaction depends on it. Then it becomes urgent and expensive.

Legacy holders have incentives to postpone the work. If the network runs, if reverse DNS works, if contacts are good enough and if no transfer is planned, why spend money on old records? The answer is optionality. A clean legacy file can be transferred, financed, brought under an agreement for routing-security services, used in a corporate reorganisation, or defended in a review. A messy file may still run, but it carries a future discount. The market values not only the addresses but the evidence that the public record can move when the business needs it to move.

Safe-harbor correction is essential here. A holder that finds an old contact, stale company name, missing reassignment, inaccurate public comment or inherited ambiguity should have a predictable way to correct it without converting every correction into suspicion. If the system punishes housekeeping, housekeeping will be delayed. If it rewards voluntary correction, the ledger improves. A mature registry should want holders to come forward before a transaction, dispute or audit forces the issue.

The safe harbor should not protect fraud. If a party obtained resources through false documents, unauthorised changes or a defunct entity with no successor, ARIN has a legitimate interest in review and possible reclamation. ARIN's fraud-reporting process identifies false documentation for obtaining resources, transfer approval, unauthorised Whois changes and resource hijacking as within its number-resource fraud scope. That is a different category from an old but genuine holder repairing a file. A good review system must keep those categories distinct.

Transfers, M&A and lenders make audit readiness market infrastructure

Transfers are where utilisation evidence becomes price discovery. A buyer considering ARIN-region IPv4 does not only ask how many addresses are in the block. It asks whether the source is the current registered holder, whether the source is in a resource-status dispute, whether any recent transfer or allocation limits apply, whether reserved-pool restrictions matter, whether the recipient can meet 8.5 requirements, whether a renumbering plan is needed, whether out-of-region use requires additional proof, whether reverse DNS can move, and whether route-origin evidence can be rebuilt without interruption.

The official transfer page lists operational steps: source and recipient submit separate requests, ARIN links tickets after review, fees are invoiced, each request is processed independently, and approval leads to invoicing and agreement execution where applicable. It also tells source organisations to review ROAs, IRR objects and reverse DNS delegation plans during transition. This is not mere clerical sequence. It is settlement infrastructure for a scarce asset.

The audit file affects both sides of the deal. For the source, a clean utilisation and authority record supports the claim that the resources can leave without hidden dispute. For the recipient, a credible need file supports approval and internal board comfort. For both, delay is expensive. Purchase agreements may have outside dates. Financing may depend on closing. Data-centre projects may wait for addresses. Customers may be expecting onboarding. A registry question that takes weeks rather than days can become a deal term.

Mergers and acquisitions add another layer. Section 8.2 avoids a needs-based assessment during a qualifying M&A transfer, but it still asks for evidence that the recipient acquired the assets using the resources or acquired the entire current registrant, and it requires the new entity to sign an RSA covering transferred resources. That is a sensible distinction. The merger file is not a new demand forecast. It is a chain-of-title and continuity file. The audit question is not "do you deserve these addresses as a new applicant?" It is "did the business reality that used these addresses move to the successor?"

Lenders care about the same distinction. IPv4 collateral is not a simple physical asset. Its value depends on public recognition, transferability, routability in practice, customer continuity, reputation, and the absence of unresolved registry problems. A bank or private lender looking at address-backed financing will want representations that the borrower is recognised, fees are current where applicable, points of contact are controlled, there are no known disputes, transfer restrictions are understood, and utilisation evidence can survive review. A sloppy file raises the interest rate or kills the loan.

This is not an argument for treating ARIN as a financial regulator. It is the opposite. Because private capital is already pricing address evidence, the registry should keep its role predictable and narrow. It should not surprise markets with broad discretionary inquiries at the moment of transfer unless policy triggers justify them. It should not use transfer review to conduct open-ended business judgement. It should ask the questions needed to decide recognition, need and policy compliance, then close the loop clearly.

The danger is capital control by procedure. No registry needs to announce that it controls capital if it can delay, cloud or condition movement through uncertain evidence demands. Markets react to practice. If participants believe that transfer timing depends on discretionary appetite, they discount the asset. If they believe that evidence categories are stable and closure is real, they pay for the asset rather than for political-risk insurance.

Proportionality begins with the question being asked

A fair audit starts by naming the question. Is ARIN checking an additional resource request? Is it testing transfer-recipient need? Is it reviewing reassignment compliance? Is it investigating suspected fraud? Is it validating a legacy correction? Is it resolving an M&A chain? Is it following up on a public record inaccuracy? Each question needs a different proof stack and a different remedy.

When the question is additional IPv4 need, a forward-looking deployment plan and current utilisation of previous blocks are central. When the question is transfer-recipient need, the 24-month use forecast, efficient utilisation thresholds and operational-network purpose matter. When the question is M&A, asset continuity and successor authority matter. When the question is reassignment compliance, downstream records and privacy-appropriate publication matter. When the question is fraud, original documents, authority, timing and intent may matter. Treating all these reviews as one generic audit gives too much power to the reviewer and too little guidance to the holder.

Proportionality also concerns sensitivity. Start with the least intrusive evidence capable of answering the question. IPAM summaries, assignment categories, dated internal tickets, customer counts, signed attestations, invoices, redacted contracts, deployment plans, route records, reverse-DNS delegations and officer letters may be enough. Customer names, raw logs, detailed topology, security-sensitive maps or commercially revealing customer lists should be escalated only when less sensitive proof cannot answer the question.

This is not special pleading by operators. It is how any serious evidence system should work. A tax authority does not need every trade secret to verify revenue. A building inspector does not need the tenant's customer list to check occupancy. A registry does not need to absorb a network's entire commercial brain to decide whether number resources are being used, reserved or transferred under policy.

Notice and cure are part of proportionality. If ARIN finds a deficiency, the holder should understand the policy basis, the evidence problem, the action needed, the deadline, the consequence of non-response and the appeal or reconsideration path. The cure may be simple: update points of contact, correct a reassignment, clarify a reserve, provide a missing officer letter, revise a utilisation table, return a genuinely unused block, or narrow a transfer request. Immediate severe remedies should be reserved for severe facts, such as fraud, unauthorised changes, abandonment, non-payment under an agreement, refusal to cooperate or a genuine continuity risk.

ARIN's fee and return materials show that one kind of consequence already has defined timing: for resources under a Registration Services Agreement, service stoppage for non-payment occurs when an invoice is 120 days past due, and revocation at 180 days past due, with reinstatement paths before reissue. The audit economy needs similar clarity in spirit, even where the exact deadlines differ by context. The holder should not have to guess whether a documentation issue is a housekeeping problem, a transaction delay, a service-status risk or a revocation threat.

Audit clocks are legitimacy devices. ARIN's 24-month full-review limitation matters because it prevents constant discretionary reopening without cause. Closure matters because it tells the holder what further actions, if any, are required. The market needs that closure. A buyer, lender or board cannot price an audit that never ends. A registry can preserve discretion for new facts without leaving old files permanently radioactive.

Public-sector, university and enterprise records need a broader proof vocabulary

Some of the most difficult utilisation files are not held by speculators. They are held by institutions that move slowly for good and bad reasons: public agencies, universities, hospitals, utilities, research networks, large enterprises and old industrial firms. Their address estates may be large, historically layered and partly invisible to ordinary traffic analysis. Their internal records may be governed by procurement cycles, public-record rules, security classifications, grants, research projects, campus autonomy, legacy departments and outsourced service contracts.

A university may have addresses assigned to laboratories that no longer publish clear network descriptions. A hospital system may keep capacity for clinical systems that cannot be renumbered casually. A state agency may use public addressing across public-safety networks, portals, contractors and disaster-recovery facilities. A utility may have operational technology, office IT, customer portals and emergency systems separated by policy. A large enterprise may have acquired smaller firms for decades and inherited prefixes whose business units no longer exist as separate legal entities.

An audit that expects a single commercial ISP-style assignment file will misunderstand these holders. The right question is not whether the file is pretty. It is whether the institution can produce reliable equivalent proof. That proof may include asset inventories, campus network maps, signed departmental attestations, project budgets, security policies, procurement awards, change-control tickets, enterprise architecture records, public service continuity plans and renumbering impact statements. The evidence may be less elegant than a modern IPAM export and still be more truthful.

Public institutions also create special confidentiality issues. A government network may be unable to disclose site-level addressing. A university research project may involve sensitive collaborators. A hospital may have regulated data and security obligations. A utility may treat network topology as critical infrastructure information. The registry does not need to become a blind trust, but it needs procedures that allow proof without public exposure.

There is also a fairness problem. Public-sector and university holders are often accused of sitting on old abundance because they received resources in a different era. Some criticism is justified. Old holdings should not be immune from good recordkeeping. If addresses are genuinely unneeded, returning, transferring or redeploying them may be economically sensible. But the age of a block is not proof of waste. A campus, hospital, energy grid or public agency can have low visible churn and high continuity dependence. Quiet infrastructure is not idle merely because it is not retail broadband.

The mature-market answer is structured review, not moral panic. Ask for internal accountability: who owns the address plan, how often is it reviewed, what is assigned, what is reserved, what is stale, what is candidates for return or transfer, and what cannot be renumbered without serious cost? A holder that can answer those questions is practicing ledger hygiene even if its estate is old. A holder that cannot answer them is not necessarily malicious, but it is creating risk for itself and for the market.

Small operators pay the fixed-cost penalty

Every audit has fixed costs: understanding the request, collecting evidence, reconciling systems, redacting sensitive data, getting officer sign-off, answering follow-up questions and waiting for closure. Large organisations spread those costs across legal departments, network engineering teams and address specialists. Small operators do not. A regional ISP, Caribbean provider, rural broadband cooperative, local data centre, independent hoster or municipal network may have fewer people and less formal documentation even when its address use is legitimate.

This fixed-cost penalty changes behaviour. A small provider may over-share public IPv4 because it cannot afford to buy more and cannot risk a slow transfer. It may keep old assignments in place because cleaning records feels risky. It may avoid acquiring address space even when a transfer would improve service. It may depend more heavily on upstreams or large platforms because independent address control requires paperwork it cannot staff. It may pay brokers and lawyers a higher percentage of deal value than a large buyer would. Process becomes regressive.

The same penalty appears in safe-harbor correction. A large firm can run an internal cleanup project. A small operator may discover stale contacts only when an employee leaves or a customer complains. If the correction path is intimidating, the operator delays. Delay then makes the eventual problem worse. A registry that wants accurate records should make ordinary corrections easy, documented and low-fear.

Proportionality should therefore include scale. A small holder still has to prove use and authority. But the expected form of proof should not assume enterprise bureaucracy. A signed IPAM export, customer-category table, billing sample, network diagram and officer attestation may be a reasonable first packet. If inconsistencies appear, ask for more. Do not begin with the evidence burden of a public company acquisition unless the facts justify it.

The market benefits when small operators can maintain independent address files. If they cannot, address control concentrates in incumbents, hyperscale platforms, national carriers and professional address investors. That may make records cleaner in the short run and competition weaker in the long run. A registry that keeps evidence discipline affordable for smaller firms supports a more plural market.

This is also where education matters. ARIN can publish examples of acceptable utilisation proof without implying that examples are exclusive. It can explain redaction, category proof, reassignment hygiene, renumbering plans, reserve review dates and common legacy-file fixes. It can distinguish audit preparation from panic. The registry does not need to lower standards to lower uncertainty. Often it only needs to make the standard legible.

Anti-hoarding legitimacy and the capital-control trap

The anti-hoarding case is real. IPv4 scarcity gives holders incentives to warehouse, speculate, delay correction, exaggerate future need and exploit old records. A registry that never reviews utilisation would invite abuse. Honest buyers would pay more. Operators with real customers would suffer. The public record would become less reliable. The market would reward the party best at administrative inertia.

But anti-hoarding rhetoric has a trap. Once the registry treats every unoccupied address as suspect and every transfer as a test of moral worth, it begins to mimic capital control. The holder no longer asks "what evidence proves use?" It asks "what answer will satisfy the authority?" Buyers no longer price scarcity alone. They price approval risk. Lenders no longer ask only whether the borrower holds address assets. They ask whether a future reviewer can reinterpret the file. Operators no longer correct records freely. They fear that correction creates admissions.

Capital control by registry process does not need harsh language. It can be accomplished through uncertain timing, broad evidence demands, repeated follow-ups, vague closure, expansive readings of purpose, selective triggers or the use of review to pressure unrelated disputes. The market will understand. Liquidity will fall. Holders will become defensive. Addresses will move more slowly to productive use. The anti-hoarding tool will create more hoarding.

The way out is narrowness. ARIN should be tough where the ledger is at stake: false documents, unauthorised changes, defunct holders without eligible successors, non-responsive contacts, missing reassignment obligations, unsupported additional requests and transfer-recipient need that does not satisfy policy. It should be restrained where business judgement is at stake: pricing, leasing structure, customer mix, reserve strategy, financing, sale timing, corporate capital plans and public-sector procurement calendars, unless those facts directly bear on a defined policy requirement.

The distinction can be tested with one question: what registry fact is being protected? If the answer is uniqueness, current responsibility, contactability, transfer recognition, justified need, reassignment accuracy or fraud prevention, the review is probably within the registry's natural role. If the answer is that the holder's business model seems unattractive, the transfer price seems high, the reserve feels excessive without defined criteria, or the market use offends an older allocation culture, the review is drifting.

This does not make the registry weak. A narrow institution can be stronger because its actions are defensible. The anti-hoarding case is most legitimate when holders can see the boundary: prove real use, explain reserves, keep records current, answer reasonable questions, correct defects, and do not use false documents. That is a hard standard. It is also a standard compatible with market liquidity.

Audit as ledger hygiene

The best way to understand ARIN utilisation review is as ledger hygiene. A ledger does not exist to admire business models. It records responsibility, enables coordination and reduces transaction cost. In number resources, that means unique registration, current contacts, accurate reassignments where required, transfer recognition, legacy-file authority, reverse-DNS continuity, routing-security eligibility, fraud resistance and closure after review.

Ledger hygiene has a public benefit. It helps an abuse desk find the right door. It helps a buyer verify a source. It helps a lender underwrite collateral. It helps a public agency understand a supplier's address posture. It helps a small operator prove legitimate use. It helps a university clean old records. It helps ARIN defend the remaining pool and the transfer system against sham claims. It helps the market distinguish scarce inventory from administrative fog.

The hygiene frame also clarifies remedies. If the defect is stale contact information, fix the contact. If the defect is an inaccurate reassignment, correct or remove it. If a reserve is undocumented, document it or release it. If a transfer recipient cannot meet need requirements, narrow the transfer or wait until the need file is stronger. If a legacy chain is incomplete, recover authority before transfer. If fraud is proven, stronger remedies may follow. The remedy should fit the ledger defect.

This is different from discretionary pressure. Pressure asks what the registry can extract because the holder needs approval. Hygiene asks what the record needs in order to be reliable. Pressure increases fear. Hygiene increases predictability. Pressure raises the cost of correction. Hygiene lowers it. Pressure turns scarcity into permission. Hygiene turns scarcity into accountable evidence.

The mature ARIN market needs the second model. Address scarcity is not going away. Transfers, reorganisations, legacy cleanups, public-sector dependencies and lender diligence will continue. The question is whether the registry review layer becomes a source of confidence or an additional risk premium.

Watchpoints for the next 12 to 24 months

The first watchpoint is review timing. Market participants should track whether utilisation reviews tied to transfers, additional requests, legacy corrections and reassignment issues have predictable response cycles and real closure. A 24-month audit clock matters only if holders know when a full review has been completed and what issues remain.

The second watchpoint is evidence vocabulary. ARIN and the market should converge on practical proof categories: IPAM export, customer assignment table, redacted contract, officer attestation, billing sample, routing and reverse-DNS evidence, renumbering plan, reserve release date, public-sector procurement record, third-party audit letter and equivalent proof for unusual holders. The list should guide, not trap. The important test is whether holders can prepare before crisis.

The third watchpoint is confidentiality. Customer evidence, legacy authority files, M&A documents, lender diligence and public-sector network records are sensitive. The market will be more willing to correct records and complete transfers if confidential proof is handled through predictable channels and if public outputs disclose only what the ledger requires.

The fourth watchpoint is safe-harbor correction. Holders should be able to fix stale contacts, old organisation names, reassignment errors, reverse-DNS inconsistencies and inherited files without fear that every correction becomes a bad-faith signal. Fraud should remain outside the safe harbor. Ordinary housekeeping should be encouraged.

The fifth watchpoint is small-operator burden. If only the largest firms can afford audit readiness, the review system will reinforce concentration. ARIN can maintain standards while publishing clearer examples, accepting proportionate proof and avoiding unnecessary escalation.

The sixth watchpoint is the capital-control boundary. If utilisation review starts to feel like a judgement on leasing, pricing, reserve strategy, financing or customer model rather than a check on defined registry facts, the market will add a risk discount. If review stays narrow, it can reduce the discount by making records cleaner.

The final test is simple. After an audit, can a serious outsider tell who is responsible for the resource, whether the file is current, what defects were cured, whether a transfer or request can proceed, and whether the holder has a credible evidence discipline? If yes, the audit has improved the ledger. If the only result is fear, delay and ambiguous power, the registry has failed its own economic function.

ARIN's best contribution is therefore modest and consequential: ask for proof, protect confidential evidence, accept equivalent proof where it answers the question, give notice, allow cure, close reviews, and remember that the address ledger is infrastructure for networks and markets. It is not a licence to become the judge of how every holder should turn scarce IPv4 into service, continuity or capital.