ARIN is the quiet North American test of whether a regional internet registry can remain a neutral ledger after IPv4 exhaustion has turned address space into scarce digital infrastructure capital. The institution is not in visible collapse. It has a published policy manual, a transfer process, a membership system, a public policy process, mature contracts and one of the deepest address markets in the world. That is exactly why it matters. A disorderly registry teaches through failure. A functioning registry teaches through boundaries. ARIN's boundary problem is that a registry built to ration and record a finite technical resource now sits above assets that operators buy, lease, finance, litigate over, assign to customers and treat as part of enterprise continuity.

The phrase "capital control" needs precision. ARIN is not a state, and its transfer policies are not currency restrictions enacted by a finance ministry. But institutional economics is concerned with function, not costume. A capital control is a rule that conditions the movement, conversion, transfer or deployment of valuable assets through an approval layer. It may be defended as prudence, fairness, stability, anti-speculation policy, record protection or administrative order. In IPv4, the asset is not money but recognised control over a globally unique number block. The approval layer is not a central bank but the registry record without which a transaction is incomplete. Once a block can be bought, leased, financed, sold with a company, embedded in a cloud platform, assigned to customers and valued in a deal, the rule that decides whether the recognised record may move is an economic control over capital.

ARIN is a strong case because much of the factual record is public. ARIN says it was established in December 1997 as an independent nonprofit corporation to provide IP registration services in its defined region after earlier IANA, InterNIC and Network Solutions arrangements became insufficient for a commercial and global internet. Its history page places the organisation in that transition from volunteer address administration to the RIR system. Its IPv4 addressing page says ARIN's free pool of IPv4 address space was depleted on 24 September 2015. Its Number Resource Policy Manual retains the familiar principles of registration, conservation, routability and stewardship. Its transfer guide explains that transfers of IP addresses and ASNs issued by ARIN or its predecessors are governed by ARIN policy, and that transfer requests must meet those requirements to receive approval.

Those documents are useful factual exhibits. They do not settle the institutional question. A registry can accurately describe its process while understating what its power has become. The official vocabulary of stewardship tells us how ARIN understands itself. It does not answer whether needs assessment after purchase suppresses liquidity, whether waitlist lockups create rationed capital, whether inter-RIR compatibility operates as a border, whether legacy holders are being pulled into a broader contract stack, or whether a member-based policy process can legitimately govern asset mobility for parties far beyond the voting class. The North American registry may be orderly. The harder question is whether order has been confused with neutrality.

Lu Heng's public writing supplies the sharper institutional vocabulary. In notes such as "Mandate Laundering" and related essays on registry continuity and liability, the core claim is that a narrow coordinating function can be wrapped in the language of community, policy, stewardship and region until a private administrative role begins to look like public authority. That is not a factual substitute for ARIN's own documents. It is an interpretive lens for reading them. The question it poses is simple: when a registry says it is protecting the public internet, is it protecting the ledger, or is it preserving a gate over capital that others created?

From rationing to settlement

The original case for a needs-based registry was strongest when a registry still had a meaningful free pool. Unique numbers could not be distributed by favour, accident or brute speed. A registry needed allocation criteria. Applicants had to show operational requirements. The registry tried to conserve a finite resource, prevent obvious waste, maintain aggregation where possible and keep public records accurate. In that world, technical need was mainly an allocation rule. It decided who received unallocated supply from an administrative pool.

IPv4 exhaustion changed the institutional problem. ARIN's ordinary free pool is gone. Reserved IPv4 remains for special cases such as IPv6 transition under NRPM 4.10 and critical-infrastructure micro-allocations under NRPM 4.4. Otherwise, ARIN directs applicants toward the waiting list or toward specified-recipient transfers under NRPM 8.3 and inter-RIR transfers under NRPM 8.4. Pre-approval is available while a prospective buyer searches for address space. The registry has therefore moved from being mainly an allocator of new supply to being the recognised settlement layer for the movement of supply that is already held by someone else.

That is a different economic role. In a free-pool allocation, the registry is deciding whether to issue a scarce resource from administrative inventory. In a transfer, the seller and buyer have already made, or are trying to make, a market transaction. ARIN does not set the price, and its transfer materials leave negotiations and financial terms to the parties. But the transaction does not fully settle unless the registry recognises it. The public record, reverse DNS, RPKI status, IRR data, Whois and RDAP entries, historical record and transfer trail must move coherently. Otherwise the buyer has purchased only a private promise, not a clean recognised position.

The registry is therefore part of the asset. It is not merely a librarian updating a catalogue after the economy has done its work. In IPv4, recognition is one of the things being purchased. A block that can be cleanly transferred, routed, secured and recorded is worth more than a block surrounded by registry uncertainty. A block that is disputed, locked, dependent on a hard needs review, caught between regions or difficult to bring under usable registry services is worth less. This is how an administrative record becomes a capital-market institution.

ARIN's defenders can answer, fairly, that some controls protect the ledger. Fraudulent transfers must be stopped. Duplicate claims must be prevented. Officer authority must be verified. Court orders and dispute notices may need to be respected. Security metadata must not be corrupted. Source and recipient records must remain usable. The difficult question is where those ledger-protecting controls end and economic gatekeeping begins. ARIN's post-exhaustion framework does not always hold the line.

The difference can be stated plainly. A ledger asks whether the record is true, whether the source has authority, whether the recipient can be identified, whether the resource is unique, whether a dispute exists, whether legal constraints block the change and whether security-state transition will be coherent. A gatekeeper asks whether the recipient's business plan deserves recognition, whether inventory holding is morally acceptable, whether another region shares the same policy philosophy and whether a holder should accept a broader contract package before it can reach higher-trust services. ARIN contains both functions. The capital-control problem begins when the second category is defended as if it were the first.

The administered transfer market

ARIN's transfer system is not a prohibition on trade. That is why it is analytically interesting. Crude prohibition would be easy to classify. ARIN's design is subtler. It recognises market transfers, then surrounds them with eligibility tests, process requirements, current-policy obligations, contract conditions, waiting-list consequences and documentary review. The market exists, but inside a gate.

For specified-recipient transfers inside the ARIN region, the source must be the current registered holder, the resources must not be involved in a dispute over their status, and a signed and notarised officer acknowledgement is required. The minimum transfer size is a /24. The source must not have received a transfer or allocation of IPv4 number resources from ARIN within the prior 12 months, subject to ownership-control exceptions. Reserved-pool resources, including those designated under NRPM 4.4 and 4.10, are not eligible for transfer. After transferring IPv4 resources to another party, the source cannot apply for IPv4 space through the ARIN waiting list for 36 months.

The recipient side is equally important. ARIN says recipients must meet the transfer requirements defined in NRPM 8.5. The transferred resources become subject to current ARIN policies. If the recipient is on the waiting list, it is removed and cannot reapply for 90 days. The procedural path requires separate tickets from source and recipient, ARIN staff linkage of those tickets, payment of the transfer processing fee, independent review of each request, invoicing, agreements where applicable and final completion when all fees and signatures are in place. ARIN's transfer guide says that once it receives the signed RSA and all applicable fees, resources will be transferred within two business days. That line is useful, but it describes the final step after approval, not the full economic uncertainty of qualification.

Inter-RIR transfers add another layer. ARIN says NRPM 8.4 transfers can occur only between RIRs that share reciprocal, compatible, needs-based policy. Its transfer page lists APNIC, LACNIC and the RIPE NCC as approved for transfers with ARIN, and AFRINIC as not approved. Inter-RIR transfers involving ARIN may not include IPv6. ARIN may require additional documentation to validate compatible needs-based policy, including certification from the receiving RIR and a valid-need showing by the recipient. It may refuse a transfer that does not meet the community-developed policies documented in the NRPM.

None of this is hidden. Its significance lies in what it does to liquidity. In a simple ledger model, the registry would verify source authority, recipient identity, uniqueness, dispute status, legal constraints and security continuity. ARIN's rules ask many of those questions, but they also ask more. They ask whether the recipient has enough operational need. They ask whether movement across regions matches a compatible policy ideology. They make receipt of transferred space interact with the waiting list. They place the transferred resources under current ARIN policies. They make ARIN's recognition the decisive settlement event.

The financial terms may be private, but the settlement risk is institutional. A buyer can agree to a price and still face uncertainty about qualification. A seller can have a clean block and still discover that the buyer's approval risk delays closing. A broker can find supply and demand, but much of the transaction value lies in navigating ARIN process. This is why transfer specialists, legal advisers and pre-approval services exist. They reduce search costs, but they also translate policy grammar into market execution. When a market needs translators for its settlement layer, the settlement layer is no longer frictionless infrastructure.

Capital controls rarely introduce themselves as hostility to markets. They usually arrive as order, prudence and protection. ARIN's transfer architecture does not say that capital may not move. It says capital may move if the source, recipient, timing, documentation, regional compatibility and stated operational plan fit the registry's policy framework. That is a managed market. The management may be calm and transparent compared with weaker institutions, but it is still management of scarce digital capital.

Needs assessment after purchase

The clearest capital-control feature is needs assessment. NRPM 8.5 requires transfer recipients to be under an RSA, requires operational use, sets a /24 minimum transfer size, lets organisations without an ARIN IPv4 allocation qualify for an initial /24, and requires larger initial or additional blocks to be justified. A recipient may qualify by documenting that 50 percent of the requested block will be used within 24 months and that 50 percent of the sum of previous IPv4 allocations is efficiently used. Alternatively, an organisation with allocations that demonstrates 80 percent efficient utilisation of the sum of previous allocations may qualify for a transfer equal to current IPv4 holdings, up to a /16, once every six months.

That logic belongs to rationing. In the allocation era, it was understandable. If a registry gives out scarce addresses from a common pool, it must decide how much an applicant should receive. But in a transfer market the buyer is not receiving a gift from ARIN. The buyer is acquiring recognised control from another holder at market price. The buyer reveals need by paying for the asset, accepting the engineering burden, carrying the customer risk and bearing the opportunity cost of tying capital to addresses rather than to another input.

Administrative need is a weaker signal than market commitment. A company may buy IPv4 capacity for immediate deployment, customer commitments, redundancy, future cloud growth, acquisition integration, renumbering risk, reputation management, contractual continuity or strategic reserve. Some of those reasons fit neatly into a 24-month utilisation forecast. Some do not. A registry analyst can evaluate documentation, but cannot know the commercial plan as well as the buyer, its customers, its lenders or its board. The review may be careful. It remains a public-administration style forecast over a private capital decision.

The standard defence is that without needs assessment, speculation and hoarding will divert addresses from real networks. The defence sounds plausible because it borrows the old morality of conservation. Yet after exhaustion it is incomplete. Inventory holding is not always waste. It can be risk warehousing, supply discovery, future deployment planning or liquidity provision. In markets for scarce inputs, intermediaries and holders often make supply more available by carrying risk before the final end user appears. If every buyer must prove immediate or near-term operational need, the market becomes less able to price future demand. Behaviour that can release supply from dormant holders becomes suspect because it does not resemble the allocation-era applicant.

There is also a distributional problem. Large incumbents can document need more easily. They have registry staff, counsel, utilisation records, engineering plans, historic assignments and experience with ARIN procedure. Smaller operators may have genuine demand but less procedural capacity. A regional ISP, hosting firm, security vendor or specialist platform may need a /23 or /22 to retain customers, improve mail reputation, support redundancy, prepare for a confidential customer launch or reduce dependence on address leasing. The more subjective the needs test, the more the small buyer pays a paperwork tax.

The institutional issue is not whether fraud and sham transactions should be ignored. They should not. The issue is the choice of instrument. Fraud control asks whether the asserted source has authority, whether the organisation exists, whether the same resource is being claimed twice, whether documents are forged, whether sanctions or court orders apply, and whether the record will remain true. Central planning asks whether the buyer's future business plan is worthy. Needs assessment after purchase blurs those questions. It turns a priced asset into capital inside a permission regime.

Waiting-list rationing in a market world

ARIN's waiting list is the clearest residual pocket of rationing after abundance. The IPv4 Waiting List page says ARIN's free pool depleted in September 2015 and that the waiting list is one path alongside transfers and reserved pools. If a request meets current requirements, the organisation is placed on the list for its approved block size. As IPv4 addresses become available, typically through revocations due to non-payment, they are used to fill approved requests on a first-approved basis, subject to the size of available blocks.

The limits are strict. Organisations holding more than a /20 equivalent of IPv4 space in aggregate, excluding certain special-use space, are not eligible. The maximum aggregate size for which an organisation may qualify at one time is a /22. An organisation may have only one waiting-list request at a time. Declining an available block causes ARIN to treat the request as fulfilled and remove it. The organisation must be current on fees when a block becomes available. Receipt of IPv4 space through the waiting list, an 8.3 specified-recipient transfer or an 8.4 inter-RIR transfer removes the organisation from the waiting list. Waiting-list space cannot be transferred to another organisation for 60 months, except through 8.2 merger, acquisition or reorganisation transfers.

The sympathetic reading is straightforward. If ARIN releases scarce returned or revoked space at administrative cost, recipients should not immediately flip it into the secondary market. A five-year lockup can prevent the waiting list from becoming subsidised inventory for traders. The /22 cap and /20 eligibility threshold can steer scarce remnants toward smaller applicants rather than large holders. The one-request rule reduces gaming. The fee-current requirement protects administrative continuity.

The economic reading is that the waiting list creates a separate class of capital. It is IPv4 space that can be used but not freely transferred for five years except in corporate continuity events. It also affects behaviour outside the waiting list. A company on the waiting list must consider whether a market transfer will remove it from the queue. A source that transfers resources can lose access to the list for 36 months. A recipient that completes a transfer can lose its waiting-list position and face a 90-day bar on reapplication. The queue therefore disciplines transfer strategy rather than merely distributing residual inventory.

This is a classic scarcity-politics problem. When a public or quasi-public institution keeps one non-market distribution channel alive after market scarcity has arrived, it must police the boundary between rationed supply and market supply. That policing produces lockups, eligibility limits, waiting periods, queue rules and anti-arbitrage restrictions. Each rule has a rationale. Together they show that the institution is no longer merely recording number resources. It is operating a small planned-economy pocket inside a capital market.

For small operators, the result is double-edged. The waiting list may be the only affordable path to a minimum block. But it also disciplines future choices. A small network that accepts waiting-list space receives relief while accepting a five-year transfer lock. A small network that pursues a market transfer may lose its place in the queue. A small network that waits may lose customers or growth. Large operators can run multiple strategies, carry inventory and use counsel. Smaller ones face sharper trade-offs. A system designed to protect fairness can still impose a scarcity tax on those least able to manage optionality.

Inter-RIR compatibility as an economic border

The inter-RIR transfer rule turns registry boundaries into economic borders. ARIN's guide states that 8.4 transfers may be conducted only between RIRs that share reciprocal, compatible, needs-based policy. This is not purely technical. It is not enough that the other registry can identify the source, prevent duplicate registration, update the public record and maintain security metadata. The other registry must be policy-compatible in a needs-based sense. Movement across regions therefore depends on a form of institutional ideology.

There are good reasons for some compatibility requirement. Without common minimum standards, inter-RIR transfers could create conflicting records, double claims, weak source verification, sanctions exposure or unauditable histories. A transfer between two registries is more complex than a transfer inside one database. The resource must leave one recognised system and enter another without corrupting either.

But compatibility can become protectionism. If the test is framed around needs-based policy rather than record integrity, the registry exports allocation-era assumptions into cross-border capital movement. A region that chooses a more market-oriented transfer model may become less compatible with a region that insists on need. A holder in one region may find that economic mobility depends not on whether the transaction is valid, but on whether two registry communities share the same policy vocabulary. That is how administrative geography becomes a capital border.

ARIN is more open than a closed registry. It recognises inter-RIR transfers with APNIC, LACNIC and the RIPE NCC. Yet the absence of AFRINIC compatibility in ARIN's public table shows how registry borders matter. A block may have economic value to a buyer in North America, but the ability to move it depends on policy relations between institutions. The buyer and seller are not the only parties. The capital must cross a registry frontier.

The analogy to capital controls is strongest here. States often justify cross-border controls by saying they preserve stability, prevent evasion or protect domestic priorities. Registry systems do something functionally similar when they condition inter-regional movement on compatible policy. They may not be protecting a currency, but they are protecting an institutional order. They decide which capital movements are recognised as legitimate between jurisdictions of registry authority.

This is also where service-region language becomes dangerous. A service region is an administrative footprint. It is not a polity. Canada, the United States and Caribbean or North Atlantic economies do not become a single constitutional subject because they share ARIN registry administration. Yet once address movement is conditioned by regional policy compatibility, the service footprint begins to look like an economic boundary. The registry does not merely serve a region; it governs the mobility of assets associated with that region.

Out-of-region use and the geography of recognised need

ARIN's out-of-region policy is more permissive than the most restrictive forms of regional control. NRPM 9 says ARIN-registered resources may be used outside the ARIN service region. But out-of-region use can justify additional number resources only if the applicant proves a real and substantial connection with the ARIN region and uses the same type of resources in-region. For IPv4 the in-region threshold is at least a /22; for IPv6 it is at least a /44; for ASNs the organisation must show the ASN is present on peering sessions or routers. The policy says ARIN determines whether business is being carried on in the region in a meaningful manner. Incorporation alone is not enough. Factors may include physical presence, staff, assets, services, sales to residents, meetings, investment capital, incorporation and other fact-based criteria, with the weight of those factors determined by ARIN.

This is a reasonable anti-shell rule in one sense. A registry does not want its region turned into a mailbox jurisdiction for global applicants with no real connection to the service area. If resources justified by out-of-region operations can also be used to justify requests in another RIR, double counting becomes a real concern. ARIN's requirement that officers attest that the same facilities are not used elsewhere addresses that concern.

Yet the policy also demonstrates how geography becomes an approval variable. Out-of-region use is permitted, but additional qualification depends on whether ARIN is satisfied that the applicant's regional connection is meaningful. The factors are not merely technical. They concern staff, assets, sales, meetings and capital. These are business-presence criteria. They tell applicants how much economic reality must sit inside the ARIN region before outside-region demand can count.

Each control can be defended in isolation. The aggregate effect is a registry-layer geography of capital. A globally operating network may route traffic, serve customers and deploy infrastructure in many jurisdictions. IPv4 addresses are technically global. Packets do not know the moral boundary of a service region. But recognised justification for obtaining or moving those addresses is filtered through regional presence. That filter can shape where companies incorporate, invest, staff, document demand and structure transactions. A private registry rule becomes a business-structure incentive.

For North America this may look benign because the region is already deep in capital, infrastructure and demand. The world's largest cloud, telecom, enterprise and platform buyers can satisfy regional presence tests easily. The burden falls more heavily on smaller, international or fast-moving companies whose business is real but not easily arranged into the registry's preferred geography. Capital controls often hurt marginal entrants first while incumbents experience them as compliance.

Legacy resources and the divisible ledger

ARIN's legacy resources expose the system's most important contradiction. Many IPv4 blocks were allocated before ARIN existed. ARIN's legacy resources page says that when ARIN was formed in December 1997 it was tasked with administering the database of IPv4 addresses and ASNs not administered by the RIPE NCC or APNIC, and that these earlier assignments are often called legacy number resources. It also says ARIN's Board decided at formation to provide registration services for those legacy resources without requiring the original holders to enter a Registration Services Agreement or pay service fees.

The current service distinction is revealing. Legacy holders not under an ARIN agreement can maintain unique registration in Whois and RDAP, update and manage publicly available data, manage reverse DNS delegations, maintain registry records in ARIN Online and access DNSSEC. They cannot access ARIN-hosted RPKI or IRR without being under an ARIN agreement. The legacy fee cap expired on 31 December 2023, with limited treatment preserved for legacy resources covered by active LRSAs entered into before 1 January 2024 and no additional legacy resources added after that date.

The policy point is simple: ARIN already knows the ledger is divisible. Basic uniqueness and registration can be preserved for some resources without full absorption into the modern contract stack. The most essential record functions can persist even where the holder has not accepted every service term. That is not an argument against agreements. It is evidence that the essential registry function is narrower than the full institutional package.

This matters because capital controls often grow through bundling. A registry can bundle record accuracy, reverse DNS, RPKI, IRR, transfers, agreements, fees and policy compliance. Some bundling is operationally efficient. But it can also move holders from a narrow ledger relationship into a broader control relationship. If the market increasingly expects RPKI and IRR, then access to those services becomes commercially important. Requiring an agreement for those services may be legally sensible, but it also gives the registry a path to bring legacy capital under the current policy and contract regime.

The legacy boundary therefore weakens the claim that thick registry control is technically inevitable. The network needs uniqueness. It needs accurate records. It needs dispute metadata. It needs reverse DNS and security continuity. It does not follow that every holder must be exposed to every institutional preference in the same way. A ledger-first registry would preserve essential record functions broadly and treat optional services through narrow, service-specific terms. A gatekeeper registry uses service layering to consolidate dependence.

The RSA and the asymmetry of risk

ARIN's Registration Services Agreement is a mature legal document. That maturity makes the risk allocation visible. Version 14.0, dated 15 August 2025, identifies ARIN as a Virginia nonprofit corporation and describes it as the RIR for the United States, Canada and designated Caribbean and North Atlantic islands. It defines included number resources to include registration rights for IP address space and ASNs issued by ARIN, plus identified legacy resources. It defines services broadly, including registry entries, reverse name service, RPKI, maintenance of records and administration of IP address space.

The agreement grants the holder the exclusive right to be the registrant in the ARIN database, the right to use the included resources within that database and the right to transfer registration pursuant to policy. That is not nothing. It is a recognised contractual position. But the same agreement makes services subject to ARIN policies, which may be amended, supplemented, restated, modified, made obsolete or replaced. Policy changes become binding on notice or publication. The agreement also permits ARIN to comply with government or judicial orders without liability or notice where applicable; requires information and cooperation; allows failures to cooperate to affect later transfer or additional-resource requests; allows fee changes through the published fee process; permits service stoppage and eventual termination and revocation for non-payment after notice periods; and allows ARIN to refuse transfers or additional allocations if resources are not utilised in accordance with policy.

The bankruptcy provisions are especially significant. The holder acknowledges express contractual rights, but also agrees that the number resources, services and related items are not property of the holder's bankruptcy estate within the meaning of the US Bankruptcy Code. ARIN may take lawful action, including intervention, to preserve its rights. The disclaimers and limitations of liability are equally stark. Services and registrations are provided on an as-is basis, consequential and similar damages are excluded, and aggregate liability is capped at the greater of fees paid in the prior six months or US$100.

This is not unusual drafting for an organisation that wants to avoid open-ended liability. But it creates an institutional asymmetry. The holder may have purchased or developed an IPv4 position worth far more than its ARIN fees. Customers, allowlists, routing policies, security objects, firewalls, APIs, data-centre architectures and contractual obligations may depend on address continuity. The registry's recognised control layer can affect value at infrastructure scale. Its formal downside may remain service-fee scale.

Heng's public notes on registry power and liability identify this as the problem of leverage detaching from responsibility. A record system that once seemed clerical gains effective control over scarce economic reality while preserving symbolic downside. LARUS makes a commercial version of the same argument in materials presenting first-party IPv4 leasing as a way to keep registry-facing contract risk upstream rather than inside the operating company. That commercial argument is self-interested. The underlying market signal is not. When businesses build products around registry-layer risk, the risk is no longer theoretical.

The lesson is not that ARIN is about to act recklessly. ARIN's institutional record is far more stable than that. The lesson is that a mature registry can impose capital-market consequences through a contract written as if the relationship were mostly administrative. That mismatch is where capital-control risk lives.

Bankruptcy, distressed assets and the hidden balance sheet

Bankruptcy is where the fiction that IPv4 is merely an administrative identifier becomes hardest to maintain. Distressed companies do not argue in slogans. They ask what can be sold, what can be financed, what contracts can be assumed, what assets sit in the estate, what customers must be preserved and which counterparties can veto value. IPv4 blocks can matter to all of those questions.

ARIN is right to worry about bankruptcy confusion. A trustee should not be able to sell duplicate claims. A court should understand that a registry record affects third parties. A forged officer cannot transfer a block merely because a debtor wants cash. The ledger has to protect source authority, preserve public accuracy and avoid corrupting security data. But those concerns support objective safeguards, not broad institutional control over the economic destiny of a block.

If a hosting company is sold as a going concern, the addresses may be part of what makes the business viable. If a cloud platform restructures, address continuity may preserve customer value. If a telecom or data-centre network liquidates assets, clean transferability may determine creditor recovery. A needs-based or policy-heavy transfer layer can reduce recoveries by making buyers discount approval risk. A registry that says resources are not estate property may preserve legal theory, but it cannot erase the economic reliance built around recognised control.

The capital-control analogy is useful because it focuses on convertibility. In distress, the question is whether a holder can convert an embedded operational position into cash, continuity or restructured value. If conversion depends on registry approval, needs review, policy compatibility and contract assumptions, then capital is less liquid. Creditors and buyers price that. So do lenders who might otherwise finance operators against address value. The registry may not think of itself as controlling capital, but its record-recognition role determines whether capital can be realised.

The mature alternative is a narrow continuity test. Who controls the entity? What court orders exist? Is the source authorised? Is the transfer part of a genuine asset sale, reorganisation, merger or continuity transaction? Will the public record remain accurate? Can RPKI, IRR and reverse DNS transition safely? Are downstream users protected? Those are ledger questions. A registry that asks them protects the market. A registry that goes further into business-plan judgment, non-property ideology or broad institutional leverage suppresses value while claiming stewardship.

Member power and the narrowness of community

ARIN is member-based, but membership is not the same as affected-principal consent. ARIN's membership page says there are Service Members, General Members and Trustee Members. It also says membership is not required to obtain direct internet number resources, participate in policy discussions, submit suggestions or take part in public consultations. Voting power, however, sits with General Members in good standing. ARIN's elections page says representatives of General Members in good standing elect candidates to the Board of Trustees and Advisory Council, with one Voting Contact per eligible member organisation or Org ID.

This arrangement is reasonable for organisational governance. ARIN needs a board, an Advisory Council and election rules. But the economic stakes of transfer policy reach beyond those who vote. They affect legacy holders, non-member resource holders, downstream customers, brokers, creditors, buyers, lessees, hosting companies, cloud users, foreign networks using ARIN resources, security relying parties and end users who do not know ARIN exists. A General Member vote is not consent by all affected capital holders. A policy consultation is not a referendum of all economic principals.

The Policy Development Process tries to be open. ARIN says policy changes must be developed through open and transparent processes that provide a meaningful opportunity for public participation. It uses the Public Policy Mailing List, Public Policy Meetings and Public Policy Consultations. It also states a limitation that matters: support is measured within the active part of the discussion. Significant support need not be unanimous and may be demonstrated by a subset of the community if support substantially exceeds opposition among those participating.

That honesty should impose restraint. The more a policy affects capital mobility, transferability, contract exposure or balance-sheet value, the less comfortable it should be to rely on active-community consent alone. The active policy community is a real input. It is not a sovereign public. It is not the North American economy. It is not the set of all resource holders. It is a procedural constituency inside a private nonprofit's governance process.

This is the mechanism that Heng calls mandate laundering: a limited coordinating function is passed through the words community, policy, region and stewardship until institutional preference emerges looking like public authority. In ARIN's case the process is more orderly than in crisis-ridden settings, but the laundering risk remains. A small active group can speak in the language of the region. A board can speak in the language of stewardship. A registry can speak in the language of the public internet. But the legal and economic reality remains narrower: a Virginia nonprofit administers a registry service and a policy process whose decisions affect assets far larger than the institution itself.

The problem is not that participation is worthless. It is that participation is not the same as title, consent or public law. The more ARIN policy resembles asset-market regulation, the more the institution must distinguish between consultation and authority. A good process can make a rule more informed. It cannot by itself make capital controls disappear.

Mandate laundering in a well-run institution

The most dangerous mandate laundering is not theatrical. It is normal. It happens when reasonable procedures gradually expand the institution's claim. Registration becomes conservation. Conservation becomes stewardship. Stewardship becomes policy authority. Policy authority becomes control over transfers. Transfer control becomes control over capital mobility. Each step can be defended in isolation. The chain is the problem.

ARIN's NRPM begins with principles that sound modest and technical. Registration guarantees uniqueness, operational contacts, transparency for efficient utilisation and allocation studies. Conservation seeks efficient distribution to organisations with technical need. Routability concerns scalable routing while not guaranteeing that any operator will route a block. Stewardship applies these principles for the benefit of internet growth and sustainability. These concepts are not empty. They are part of the history of number-resource administration.

But after exhaustion, the same words do different work. Technical need no longer simply decides who receives new supply. It becomes a criterion for recognising purchase. Conservation no longer simply prevents one applicant from taking too much free-pool space. It can suppress market demand by treating inventory holding as suspect. Stewardship no longer simply describes care over a common registry. It becomes the moral vocabulary through which a private institution retains a gate over assets created and maintained by operators.

The distinction matters because words allocate burden. If IPv4 transfers are framed as a matter of market settlement, the burden is on the registry to justify each non-ledger restriction. If they are framed as stewardship, the burden shifts to the buyer or holder to prove worthiness. If a seller wants to move capital, it must show the movement fits the institution's conception of need, timing and policy. This is capital control by vocabulary.

ARIN does not need to be malign for this to happen. Institutions preserve relevance through inherited language. Staff administer the manual they have. Advisory Council members debate within established categories. Members vote under existing assumptions. Lawyers draft to protect the corporation. Each actor may be prudent. The result can still be a system that treats scarce capital as if it were a revocable administrative privilege.

That is why ARIN is the hard case. A failing registry invites criticism because its failures are obvious. A functioning registry invites deference because its machinery works. But mature procedures can normalise overreach more effectively than chaotic ones. They make the gate look like plumbing.

Registry-layer risk as a market signal

Markets reveal institutional stress through workarounds. Address leasing, first-party pools, broker advisory work, pre-approval services, continuity products, specialised legal structuring and advocacy around number-resource rights are all market responses to registry-layer risk. They show that participants do not experience the registry as a costless neutral background.

NRS's public messaging is direct about member rights, record control and voting power. It is an advocacy organisation with its own institutional interests, so its material should not be treated as neutral scholarship. Still, advocacy becomes relevant when it names a risk that operators recognise. The risk is that the registry record sits upstream of assets built by network owners, while the people exposed to service disruption are not always the people controlling the policy machinery.

LARUS offers a commercial signal. Its public materials argue that direct IPv4 holding can place registry-layer contract risk, policy risk, audit pathways, termination mechanics and intermediary failure risk inside the operating company. Its alternative is first-party leasing from a specialist holder that keeps some registry-facing exposure upstream. Again, this is commercial positioning. But the existence of the product matters. A business model built around moving registry-layer risk away from operating companies is evidence that the risk has market value. Heng's essay "On Why i.LEASE Exists" makes that point in the language of broker risk, record risk and continuity.

ARIN should read these signals institutionally, not defensively. The point is not that NRS or LARUS should write ARIN policy. The point is that external structures emerge where official structures impose risk or friction. If the official transfer path were purely objective, quick and predictable, fewer participants would pay for workaround capacity. If the registry contract were proportionate to operational consequences, fewer companies would focus on continuity architecture. If transfer recognition were a narrow ledger act, brokers would compete mostly on supply discovery and price execution rather than policy navigation.

The market's quiet answer to registry risk is diversification. Operators may lease instead of buy. They may buy from regions perceived as more predictable. They may maintain excess inventory. They may avoid transfer categories that trigger uncertainty. They may hire specialists. They may discount blocks whose recognition path is harder. These behaviours do not prove ARIN is failing. They prove that registry policy is priced.

Once registry policy is priced, the registry is part of the asset's capital structure. That is the point at which "we are just a registry" becomes insufficient.

Small operators and the compliance tax

Capital controls rarely burden all market participants equally. Large firms can hire advisers, absorb delays, maintain redundant supply and translate business plans into official categories. Small firms face the same controls as fixed costs. The same is true in ARIN's IPv4 market.

A large cloud operator can document 24-month use, prepare officer acknowledgements, manage ARIN Online records, coordinate RPKI and IRR changes, structure M&A transfers, use experienced brokers and carry inventory. A small regional ISP or hosting firm may need a modest block urgently because customers are waiting. It may lack a dedicated registry team. It may not know how ARIN staff will evaluate its future use. It may not have the leverage to make a seller wait through qualification uncertainty. It may not be able to pursue both waiting-list and transfer strategies without risk.

ARIN's fees may be modest relative to large transfers, but process costs are not only invoice costs. Time, uncertainty, legal review, broker margins, documentation and opportunity cost matter. A processing fee that is small for a /16 transaction is more visible for a /24 or /23. A delay that is manageable for a platform with spare inventory can be serious for a network trying to onboard a customer. A needs assessment that seems routine to an incumbent can be an entry barrier to a new operator.

The irony is that conservation rhetoric often claims to protect the community from hoarding and speculation. In practice, thick process can favour incumbents. Incumbents have the teams to navigate policy. They can also justify need by pointing to existing scale. New entrants may have higher marginal economic use but weaker procedural evidence. A market that relies more heavily on price lets smaller buyers compete by paying for what they need. A market that relies more heavily on administrative approval rewards those who understand the approval culture.

This is why a ledger-first model is not a deregulatory slogan. It is a small-operator policy. Objective rules reduce insider advantage. A registry that verifies authority, publishes resource state, transitions security objects and settles valid transfers quickly is more accessible than a registry that judges the sufficiency of business plans. The former lets capital and customer demand speak. The latter asks small firms to speak registry grammar before they can compete.

What a narrow mandate would change

A narrow ARIN mandate would not abolish the registry. It would strengthen the part of ARIN that markets actually need. The registry should protect uniqueness, maintain accurate Whois and RDAP, support reverse DNS, preserve history, validate POCs, manage RPKI and IRR coherently, record transfers, mark disputes, prevent fraud and settle valid changes predictably. Those are public-goods functions in the number-resource market.

The first reform principle would be separation: residual allocation from a waiting list or reserved pool is one problem; transfer recognition of already allocated resources is another. Needs-based criteria may remain more defensible for the former. They are much less defensible for the latter. The transfer test should be narrowed to source authority, recipient identity, dispute status, legal constraints, sanctions compliance where required, record accuracy, security-state transition and acknowledgement of service obligations. It should not require the registry to forecast the buyer's business plan except where fraud or immediate free-pool arbitrage is specifically at issue.

The second reform principle would be objective compatibility. Inter-RIR transfers should be judged on whether the registries can preserve unique records, source authority, dispute metadata, security continuity and auditable history. Needs-based policy compatibility should not become an ideological border. If another registry can settle a transfer cleanly and maintain the record, the fact that its market philosophy differs should not be a decisive barrier.

The third reform principle would be unbundling. Essential ledger services should be as broadly available as possible. Legacy resources already show that unique registration, basic record updates and reverse DNS can be separated from full service absorption. RPKI and IRR may require terms because third parties rely on them, but those terms should be tightly linked to security integrity, not broader economic control.

The fourth reform principle would be impact honesty. When policy affects transferability, waiting-list lockups, out-of-region qualification, fees, contract exposure or bankruptcy value, the PDP should say so in economic terms. Community support should be accompanied by a clear account of who is affected, who participated, who was absent, what transaction costs are expected, whether small operators are disproportionately burdened and whether a narrower ledger-protecting rule would work.

The fifth reform principle would be proportional accountability. If ARIN's formal liability remains thin, its discretion should remain thin. If the institution wants broader discretion over capital movement, it needs broader remedies, independent review and accountability proportionate to the consequences. Power and liability do not need to be identical, but they cannot be permanently divorced without creating market distrust.

The sixth reform principle would be public friction data. ARIN publishes procedures, but mature capital markets need aggregate evidence of processing time, documentation rounds, denials, abandoned requests, inter-RIR bottlenecks and reasons for failure. A market can price a known delay. It struggles with discretionary uncertainty. Publishing friction would not require disclosure of confidential deal terms. It would discipline the settlement layer by making the cost of policy visible.

Watchpoints for ARIN's next phase

The practical test for ARIN is not whether it collapses. It will not. The test is whether a mature registry can discipline itself before market workarounds discipline it.

The first watchpoint is needs assessment in transfers. If ARIN and its community continue to treat buyer qualification as an allocation-era technical question, the market will continue to price approval friction. If the rules move toward objective settlement, the ARIN region could become a cleaner capital market for IPv4 without sacrificing record integrity.

The second watchpoint is inter-RIR compatibility. AFRINIC's non-approved status matters not only because of Africa, but because it shows how policy borders shape global address mobility. The more IPv4 value rises, the more pressure there will be to distinguish record compatibility from ideological compatibility.

The third watchpoint is the legacy boundary. As RPKI, IRR and routing-security expectations deepen, legacy holders will face stronger market pressure to enter agreement-covered service relationships. The policy question is whether ARIN uses that pressure to preserve security neutrality or to consolidate broader control.

The fourth watchpoint is member participation. ARIN's governance is healthier than many alternatives, but participation remains narrower than exposure. If transfer policy becomes more economically consequential, relying on the active policy community as a proxy for all affected parties will become less persuasive.

The fifth watchpoint is contract reform. Version 14.0 of the RSA shows that the agreement is not frozen in time. The question is whether future revisions will continue to preserve registry leverage and thin remedies, or whether they will acknowledge that recognised number-resource control is now capital-like in consequence even if the legal vocabulary remains contractual.

The sixth watchpoint is the leasing and continuity market. If more operators treat direct holding as risky and choose leasing or continuity structures instead, that is not merely a commercial success for lessors. It is feedback on the registry model. The official path should be so predictable that workaround markets compete on capacity and service, not on avoidance of registry exposure.

Conclusion: orderly control is still control

ARIN has many strengths. It maintains public documents, recognises transfer pathways, supports legacy record maintenance, runs a visible policy process, publishes election and membership structures, and operates in one of the deepest digital infrastructure markets in the world. Those strengths make the North American registry valuable. They also make its capital-control features easier to miss.

The free-pool world is gone. IPv4 is now scarce, priced, transferable, financeable, litigated over and operationally embedded. In that world, transfer restrictions, needs assessment, waiting-list lockups, inter-RIR compatibility requirements, out-of-region qualification, contract dependence and security-service bundling are not merely technical administration. They shape capital mobility. They determine who can buy, who can sell, how quickly a transaction settles, what risk is priced, how small operators compete and how much of a network's value depends on an upstream private institution.

The institutional choice is therefore not market versus registry. The internet still needs a registry. It needs uniqueness, accurate records, RDAP and Whois, reverse DNS, RPKI, IRR, dispute metadata and trusted transfer history. The choice is ledger versus gatekeeper. A ledger makes capital more valuable by making control legible and settlement predictable. A gatekeeper makes capital less liquid by preserving discretionary judgment over movement.

ARIN's current architecture is orderly, but it is not fully neutral. It allows the IPv4 market while keeping allocation-era controls inside the settlement layer. It recognises private transactions while judging need. It permits inter-regional movement while requiring policy compatibility. It lets legacy records persist while tying higher-trust services to agreements. It invites public participation while relying on a subset of active participants for legitimacy. It claims stewardship while sitting above assets whose economic value was created by operators.

That is how capital controls usually survive in respectable institutions. They do not look like confiscation. They look like procedure. The remedy is not to destroy the registry. It is to narrow it. Protect the ledger. Limit the gatekeeper. Let scarcity be priced by those who bear the risk. Let policy defend uniqueness and continuity, not institutional preference. In the post-exhaustion IPv4 market, ARIN's legitimacy will depend less on how confidently it speaks the language of stewardship and more on how rigorously it accepts the discipline of being a ledger.