The quiet registry with the hard institutional problem
ARIN is not usually treated as the dramatic registry in the regional Internet number system. It does not carry the same recent public record of paralysis, disputed board legitimacy or emergency administration that has surrounded AFRINIC. It is not the registry most visibly exposed to sanctions politics, war, European privacy law or the diplomacy of a newly industrialising Internet region. The American Registry for Internet Numbers serves a rich, legally sophisticated market across the United States, Canada and parts of the Caribbean and North Atlantic. It has published corporate papers, a known policy forum, elected bodies, transfer instructions, a membership model, appeal materials and a contractual stack that is far more explicit than the early Internet ever had.
That apparent normality is why ARIN is a useful test case. Institutional risk is easy to see when a registry is already in visible crisis. It is harder, and more important, to see in a registry that still works. The question is not whether ARIN is about to collapse. The question is whether the structure of a post-exhaustion registry can turn court proceedings, governance weakness, contract boundaries and administrative discretion into continuity risk for the people and networks that depend on number resources. In an IPv4 market where addresses are scarce, transferable, financed, leased, sold with companies and built into live networks, the registry no longer sits above a low-value administrative record. It sits above an asset-like input that many businesses cannot cheaply replace.
The issue is simple enough to state and difficult to solve. A registry must preserve uniqueness, contactability, transfer evidence and security-relevant records. Those functions require authority. Yet when authority expands from recordkeeping into approval of market movement, contract status, service access, resource review and use judgment, the registry becomes more than a ledger. It becomes a gatekeeper. If that gatekeeper is then drawn into court proceedings, bankruptcy disputes, corporate-control conflicts, election contests or challenges to its own discretion, continuity of the ledger can become dependent on continuity of the institution. Resource holders then face a risk that is neither ordinary technical outage nor ordinary market risk. It is institutional dependency risk.
ARIN's own materials are important factual exhibits for this analysis: its corporate documentation, Registration Services Agreement, Number Resource Policy Manual, transfer guide, legacy-resource page, IPv4 addressing options, membership page, elections page, Policy Development Process and appeal process. They show what the institution says, what it has reserved, what procedures it publishes and where authority is located. They do not, by themselves, settle the institutional question. Official materials can document the rules without proving that the rules are economically legitimate.
The analytical starting point here is operator-first. Lu Heng's public Notes page has argued for years that IPv4 scarcity changes the economic character of registry discretion. His essay on "The Registry Continuity Fallacy" makes the sharper institutional claim: continuity should protect the ledger, not preserve every discretionary power of the incumbent gatekeeper. NRS makes the same point in business-continuity and asset-rights language, including its article on IP address rights and business continuity. LARUS supplies the commercial context: address continuity is no longer only a registry service; it is part of the capital structure of network businesses. BTW Media has treated this as an infrastructure-economics problem rather than a narrow community-management topic.
ARIN should therefore be examined with care, not melodrama. It is a functioning registry with real institutional strengths. Its rules are more transparent than many private coordination systems. Its member and policy structures create checks that matter. Its transfer and legacy-resource materials show awareness of historical limits. But those strengths do not eliminate the underlying economic problem. They make it legible. A well-documented gate is still a gate. The relevant question is whether the gate exists to keep the ledger true or whether it also shapes who may use, finance, move and secure scarce network assets.
Scarcity changed the legal meaning of registration
IPv4 exhaustion changed the meaning of ARIN's role. Before exhaustion, the registry's economic story was largely one of conservation and allocation. The pool was finite, but there was still a pool. Applicants sought address space from an administrative stock. The registry reviewed need, applied policy, issued resources, kept records and tried to avoid waste. A needs test had the logic of rationing. It asked whether a claimant should receive part of a common stock that had not yet been privately embedded into a business.
That world is gone. ARIN's IPv4 addressing options page states that its free pool was depleted on September 24, 2015. ARIN's archived announcement, "ARIN IPv4 Free Pool Reaches Zero", said that approved requests would be fulfilled through the waiting list or through the transfer market. The IPv4 Waiting List is a residual queue filled when ARIN adds address space back into inventory, typically through returns or revocations. The transfer guide describes private movement under policy: merger and reorganization transfers, specified-recipient transfers within the ARIN region and inter-RIR transfers with compatible needs-based systems.
In other words, the economic centre moved from allocation to recognition. A buyer may negotiate with a seller, but ARIN's recognition determines whether the registry record changes. A company may acquire another company whose network uses addresses, but ARIN's process affects whether the registry record reflects that acquisition. A legacy holder may maintain basic records without a modern agreement, but access to some services depends on contract status. A network may run customers on a block for years, but a review, court order, payment dispute, fraud inquiry or bankruptcy can make the registry relation material.
This shift is not semantic. A registry entry in a pre-exhaustion environment recorded a permission around a resource whose replacement, while not frictionless, was still administratively imaginable. A registry entry after exhaustion records the recognised status of an irreplaceable input. That input can sit inside enterprise acquisitions, hosting businesses, access networks, content-delivery systems, data-centre footprints, mail infrastructure, security filters and financing arrangements. The holder may not call the block property in the strong legal sense; ARIN may not recognise it as ordinary property; but the market treats continuity of recognition as economically valuable.
The distinction between ownership and recognition is therefore not a way out of the problem. It is the problem. A number resource can be formally described as a registration right while still being commercially decisive. A contract can disclaim estate ownership while a bankruptcy buyer still needs the registry record to change. A policy can deny that scarcity creates private title while private parties still price the probability of recognition. Institutional economics is interested in precisely this zone: the place where formal legal description, administrative practice and market value do not line up neatly.
Court exposure follows from that mismatch. Courts do not have to route packets to influence the economics of number resources. A court can interpret a contract. A bankruptcy court can examine what is or is not part of an estate. A commercial court can restrain conduct. A claimant can seek an injunction. A creditor can test the treatment of address-related value. A public authority can issue an order. A registry can receive a legal demand affecting services. The packets may continue to move, but the economic certainty around the record can change.
ARIN's own contract papers recognise that legal process is part of the operating environment. The published RSA describes ARIN as a Virginia nonprofit corporation and defines the relationship around registration rights for Internet number resources. It sets out registry services including entries in ARIN's database, maintenance of records, reverse name service, RPKI and administration of address space. It also describes circumstances in which ARIN may cooperate with government or judicial orders, including orders that affect service or termination, subject to notice where legally allowed. Its bankruptcy language seeks to preserve ARIN's contract position and rejects simple treatment of number resources and related services as estate property of the holder.
Those clauses are not obscure fine print attached to a trivial service. They are the legal operating layer around scarce resources. They make ARIN's position predictable from ARIN's perspective: number resources are registration rights, not ordinary property held free of the registry; policies bind the holder; services depend on compliance; courts and public authorities can affect service; bankruptcy does not automatically turn numbers into estate assets. For holders, the certainty is more ambivalent. The registry's contract position is itself part of the asset environment.
The lesson is not that ARIN's clauses are uniquely harsh. Many critical infrastructure services reserve compliance rights, respond to legal orders and avoid recognising broad property claims over records. The lesson is that after IPv4 exhaustion, such clauses sit above a scarce input around which real businesses are built. The more valuable and less replaceable the input, the more every legal boundary becomes an economic boundary.
The transfer market as administered capitalism
North America has one of the world's deepest IPv4 transfer environments. It contains address-rich universities, large enterprises, hosting companies, cloud operators, carriers, data-centre businesses, corporate acquirers, brokers, lawyers and buyers willing to pay for certainty. It is also a legally sophisticated market. Transactions are documented. Diligence matters. Bankruptcy, merger, reorganisation and asset-sale structures can move address-related value. That sophistication should reduce uncertainty. It can also sharpen the significance of every registry rule, because parties are more likely to price, negotiate and litigate the rule.
ARIN's transfer system is neither a pure market nor a command allocation regime. It is an administered market. Private parties can agree on price and structure, but ARIN must recognise the result. Under the transfer guide, resources issued by ARIN or its predecessors may be transferred through merger, acquisition, reorganisation or similar corporate transaction; through a specified-recipient release within the ARIN region; or through an inter-RIR transfer to a region with compatible policy. Transfer requests must meet ARIN's transfer policies. The guide also requires signed agreements, fees where applicable, authenticated documentation, acknowledgements by authorised officers and record changes.
Some of this is simple ledger protection. ARIN should verify that the claimed source is the current registrant. It should confirm that a corporate acquisition is real. It should prevent unauthorised transfers, duplicate claims, forged authority and false contact data. It should maintain a chain of custody. A registry that cannot distinguish a valid source from an impostor is not a registry. In this respect, ARIN's gate protects the market by making the record reliable.
Other parts of the system do more than protect the ledger. Specified-recipient transfers and inter-RIR transfers retain needs-based logic. ARIN's NRPM and transfer materials require operational justification for certain transfers and impose consequences around waiting-list status, block size and recent receipts of space. These rules are not merely checks that a seller exists and a buyer is authorised. They are judgments about whether a buyer should be allowed to receive registry recognition for a market transaction.
The economic case for some restraint is not foolish. IPv4 is scarce. A market without constraints can invite paper demand, warehousing, sham structures, routing fragmentation and transactions that separate record control from operational reality. A registry need not be indifferent to fraud or to artificial demand created solely to harvest scarcity rents. It can reasonably ask whether a transaction would corrupt the accuracy or security of the record.
Yet a post-exhaustion market must also ask a harder question: when the address block is already held by a private party and a buyer is willing to pay for it, what harm justifies a registry needs test? A free-pool allocation gives away scarce stock at administrative prices; a transfer reallocates scarce stock through price, contract and risk. The case for gatekeeping is therefore different. A rule that makes sense for rationing may not make sense for recognition. If the registry asks old allocation questions in a new market context, it can suppress liquidity while saying that it is protecting conservation.
This is where ARIN becomes an institutional-economics case. It does not need to intend capital control to create capital-control effects. If it can delay recognition, require additional evidence, define eligibility, condition inter-RIR movement, require agreement status, limit waiting-list interaction or trigger review, it affects price and bargaining power. Recognition is a form of market infrastructure. Every participant prices the probability that recognition will be clean, timely and durable.
The phrase "administered capitalism" fits because ARIN sits between private price and administrative approval. It does not own the businesses built on the addresses. It does not set the transaction price. But it defines the conditions under which the record will move. If those conditions are narrow, evidence-based and predictable, the market can adapt. If they are broad, discretionary or exposed to sudden reinterpretation, holders must discount their assets for registry risk.
The institutional problem is not solved by saying that ARIN is community-based. Community process may legitimise some rules, but it does not erase the economics of recognition. A small active policy community can speak loudly while many exposed businesses remain silent because participation is costly, technical or not obviously worth the time until a transaction is at stake. Once the transaction is at stake, the rule is no longer an abstract policy topic. It is a condition on asset movement.
Legacy resources and historical certainty
Legacy resources expose the deepest boundary in ARIN's authority. These are number resources issued before ARIN's creation, often by predecessor institutions and without contemporary contract terms. ARIN's legacy-resource page states that organisations with legacy resources have access to several ARIN services even if they are not under an ARIN agreement. They can maintain unique registration in Whois and RDAP, update public data, manage reverse DNS delegations, maintain records through ARIN Online and use DNSSEC for reverse zones. But they cannot access ARIN's RPKI or IRR services unless their resources are covered by an ARIN agreement.
This distinction is a useful example of ledger versus gatekeeper. The basic record is preserved because the ledger must not forget real historical registrations. The public needs uniqueness and accurate records even when no modern contract exists. But advanced services are tied to agreement status. ARIN is not erasing the holder; it is drawing a boundary around the service bundle. That may be defensible. It may also become leverage as routing-security expectations rise.
RPKI and IRR functions are no longer decorative. For many networks, routing-security hygiene is becoming part of operational credibility. A legacy holder that cannot access those services without signing an agreement faces a choice that is no longer merely about convenience. If customers, peers, insurers, exchanges, security teams or counterparties treat routing-security posture as normal practice, agreement status becomes a path from historical record continuity into modern gatekeeping. What began as an optional service can become a practical condition of participation.
Legacy history also matters for valuation. A buyer of older address space wants confidence that the history is clean, the source is authorised, the block is not subject to a hidden dispute, the registry will recognise transfer and the services attached to the block are understood. A seller wants the ability to transact without having every old administrative fact reopened as a discretionary question. ARIN wants to prevent fraud and maintain an accurate record. These interests can align if the registry focuses on evidence, chain of custody, authority and service clarity. They clash if legacy migration is treated as an opportunity to pull older resources into a wider contemporary contract regime.
The legacy page notes that the legacy fee cap expired on December 31, 2023. It describes how organisations with an active Legacy Registration Services Agreement entered before January 1, 2024 continue to have fees limited for legacy resources covered before that date, while no additional legacy resources may be added after that date. Legacy resources covered under an ARIN agreement after January 1, 2024 are subject to annual Registration Services Plan fees. That is not merely a billing detail. It changes the economics of coming under agreement. It also tells the market that historical timing affects the cost and certainty of contract status.
The RSA adds another layer. ARIN's contract materials reserve a large role for policy and require compliance with ARIN policy. The structure tries to balance policy adaptability with contractual stability. But for a holder, the asset question remains: how much of the resource's value depends on a policy environment that can change after the resource is embedded in the business? A block with clear history, predictable service access and stable transfer treatment is worth more than a block whose registry position depends on ambiguous discretion.
Legacy certainty is not nostalgia for the early Internet. It is an asset-quality claim. The registry's task should be to reduce ambiguity, not to exploit it. Voluntary contract attractiveness is healthier than coerced uncertainty. If an agreement supplies genuine protections, service clarity, predictable review and stable treatment, holders have reasons to enter. If advanced services become essential while the only route to them is a broad standard-form agreement, the market will ask whether the registry is offering useful services or converting operational dependence into contractual leverage.
The RSA as a continuity surface
The RSA is more than a service contract. It is a continuity surface: the document through which ARIN defines what the holder receives, what the holder must do, how services may stop, how policies bind, how legal orders are handled, what happens in insolvency and what rights are acknowledged. In ordinary contract language, this is normal. In post-exhaustion registry economics, it is the private-law layer around a scarce infrastructure input.
The published RSA grants the holder the right to be the registrant of included number resources within ARIN's database, the right to use those resources within that database and the right to transfer registration under policy. It makes those rights subject to continuing compliance with service terms and fees. It requires accurate information and cooperation. It allows ARIN to consider non-cooperation when evaluating later transfer or allocation requests. It permits service stoppage or termination in certain payment-delinquency circumstances. It also contains language limiting revocation for lack of utilisation except as set out in the agreement, while allowing refusal of transfers or additional allocations where policy requirements are not met.
This mixture of protection and leverage is central. On one hand, the RSA acknowledges contractual rights to included number resources. It sets notice procedures for fee delinquency. It treats basic rights as contractual rather than purely discretionary. It makes the holder's relation with ARIN more legible to lawyers, buyers and courts. On the other hand, it embeds policies, cooperation duties, fees, service conditions, legal-order clauses and insolvency positions into the holder's continuity environment. A business that depends on addresses must therefore understand not only routing and customer demand, but also contract boundaries.
Contract boundaries matter because the registry's remedy can affect live economic activity. A fee dispute is not only a receivables issue if it can affect services attached to scarce resources. A cooperation dispute is not only a paperwork issue if it can influence future transfer review. A policy interpretation is not only a community question if it can change whether a transaction is recognised. A legal-order clause is not only compliance text if it can cause a service interruption affecting unrelated customers. The RSA is thus part of the operational risk map.
This does not mean every reserved power is illegitimate. A registry must be able to respond to forged documents, unlawful demands, unpaid obligations, inaccurate records, hijacking attempts and court orders. But the more powerful the remedy, the narrower and more auditable the trigger should be. If a registry can preserve the last verified state, record a dispute, block conflicting transfers and keep core services running, it should prefer those remedies over service disruption. A scarce-resource contract should not make destructive action the ordinary path for institutional comfort.
The bankruptcy language deserves special attention because it exposes the tension between formal legal theory and economic practice. ARIN's position is that number resources and services are not property of the holder's bankruptcy estate in the ordinary sense. That position protects the registry from a court treating the database as a warehouse of assets owned free of policy. But a debtor's estate may still contain a business whose value depends on continued address recognition. A buyer may pay for assets only if the address position can be transferred or stabilised. Creditors may care about the difference between a network that retains recognition and one that loses it. Even if ARIN's contract position is ultimately accepted, process risk can affect timing and valuation.
The continuity question is therefore not whether ARIN has arguments. It does. The question is how ARIN's position is operationalised while a dispute is unresolved. Does the ledger preserve the last verified state? Are unrelated services insulated? Are customers harmed before a court decides? Are transfer blocks narrow? Are notices clear? Is there an independent route to challenge high-consequence action? A court-ready registry must be able to answer these questions without asking observers to trust institutional virtue.
Courts are not anomalies
It is tempting for registry institutions to treat court involvement as an abnormal intrusion into technical coordination. That is no longer a serious position. Once IPv4 addresses become scarce and transferable, litigation is part of the environment. Court risk is not evidence that the Internet has been contaminated by lawyers. It is evidence that the registry record has economic consequences outside the policy mailing list.
There are at least five channels through which court and continuity risk can enter ARIN's world.
The first is holder-side insolvency. A business holding addresses may enter bankruptcy, receivership or restructuring. Creditors may view address-related continuity as valuable. ARIN's RSA seeks to prevent simple treatment of number resources and services as estate property and reserves the ability to protect ARIN's contractual rights. A court may be asked to reconcile that position with the practical value of the resources to the debtor's operating business. Even if the court ultimately accepts ARIN's view, the process can affect timing, transferability, buyer certainty and the business's ability to preserve customers.
The second is corporate control. A merger, acquisition, asset sale or reorganisation can move the network assets that use addresses. ARIN's transfer guide provides a route for such events and recognises that corporate law and network reality can move resources in ways that do not resemble fresh allocation. But contested authority, disputed asset purchases and court-approved reorganisations can become registry questions. If the wrong party is recognised, the ledger is corrupted. If recognition is delayed too broadly, the operating business may suffer. The registry needs a narrow way to isolate the dispute without destabilising everything around it.
The third is government or judicial order. The RSA allows ARIN to cooperate with lawful orders concerning services or number resources. Orders could arise from law enforcement, sanctions, fraud claims, civil litigation, receivership, injunctions or other proceedings. The risk to holders is not that ARIN can ignore law; it cannot. The risk is that registry dependency places network continuity inside legal proceedings that may be external to ordinary network operation. A narrow order can become a broad operational event if the registry lacks strong principles of scope, notice, preservation and isolation.
The fourth is disputes over ARIN's own decisions. A denied transfer, review outcome, contract termination, resource revocation, service stoppage or policy interpretation can eventually become a court matter. ARIN's appeal process may resolve many disagreements before litigation. But the higher the value of the resources, the more rational it becomes for parties to seek external remedies when internal routes fail. The registry then faces the paradox of critical infrastructure: legal accountability is necessary, but litigation can itself create continuity risk.
The fifth is institutional governance. Board elections, membership rules, bylaws, corporate documents and policy authority can be challenged in ways that affect the registry's ability to act or the perceived legitimacy of action. ARIN's corporate system appears stable, but stability is not a permanent property. A post-exhaustion registry is a prize because its rules affect scarce assets. As the value of IPv4 rises, the incentive to contest governance rises with it.
None of this implies that courts are the enemy. Courts are part of the rule of law. Holders need remedies. ARIN must be able to defend the ledger. Public authorities must be able to act within legal limits. The aim is not to remove courts. The aim is to ensure that court proceedings do not unnecessarily contaminate unrelated registry services, live networks or the last verified state of the ledger.
Member power is real but limited
ARIN is not a private company administering a secret rulebook. Its membership page describes participation and governance roles. Its elections page explains voting for board and advisory positions. Its Policy Development Process sets out how number-resource policy proposals move through discussion, review and adoption. These structures matter. They create channels for correction. They make arbitrary change harder. They give the institution a public record.
But member power has limits. A formal right to participate is not the same as actual participation by all economically exposed parties. Many address holders do not live inside registry process. Some are small operators. Some are companies for which address continuity is important but not visible until a transfer, dispute or due-diligence event. Some are legacy holders with a historical relation to the registry rather than a modern membership identity. Some are customers indirectly dependent on numbers held by another business. Some are buyers in a market rather than long-term policy participants. Their absence from discussion should not be read as consent.
There is also a timing problem. A policy forum is usually prospective and general. A court dispute, transfer denial, bankruptcy or service stoppage is concrete and immediate. A participant can spend years ignoring policy and then discover that a rule adopted through an open process now affects a high-value transaction. The registry can fairly say that the process was open. The holder can fairly say that openness did not price the rule's economic cost. Both statements can be true.
This is why mandate laundering is a real risk. A registry begins with a narrow technical mandate: keep the record unique and accurate. It then expands into policy discretion because conservation and coordination require rules. It then treats an open but specialised process as broad community consent. It then treats that consent as authority for rules that affect asset value, contract adoption and market liquidity. By the end, a power that would be controversial if stated as economic control is presented as the natural result of technical self-governance.
ARIN is less vulnerable to crude forms of this problem than a more opaque registry because its documents and process are visible. But visibility is not enough. The more a rule affects transferability, service access or legacy certainty, the more the burden should shift toward measurable justification. The registry should be able to say which harm is prevented, what evidence supports the harm, what less restrictive alternative was considered, how often the rule is used and how affected parties can challenge high-consequence applications.
Member governance can check discretion only if it is paired with transparency about economic effects. Voting totals, participation rates, petition activity, policy-list concentration and the distribution of affected resource holders are not incidental details. They show whether the community process is broad enough to carry the weight being placed on it. If participation is narrow, that does not make ARIN illegitimate. It does mean ARIN should be modest in claims of mandate.
Ledger versus gatekeeper as a practical test
The ledger-versus-gatekeeper distinction is not a slogan. It is a practical test for every registry function.
A ledger rule asks: what information is necessary to keep the registry accurate, unique, auditable and safe? A source-authorisation check passes that test. A requirement that an officer acknowledge a transfer may pass it. Evidence that assets using the addresses moved in a merger may pass it. Contact validation passes it. Preventing duplicate registration passes it. Recording disputes without corrupting the live record passes it. Fraud investigation passes it. So does a careful chain-of-custody review for legacy resources.
A gatekeeper rule asks: should the registry approve this business outcome, this future use, this market movement or this contract status? Needs-based recipient qualification in a private transfer is a gatekeeper rule. Service access tied to agreement status can become a gatekeeper rule when the service is operationally essential. Waiting-list lock-ups are gatekeeper rules, though they may be justified by rationing logic. Resource review without a concrete trigger is a gatekeeper power, even if mitigated by policy. Court-order compliance can become gatekeeper execution if the order stops services or alters recognition beyond the necessary scope.
The existence of a gatekeeper rule does not prove illegitimacy. Some gatekeeping protects the ledger. Some limits reduce fraud. Some rationing rules keep residual space from being immediately arbitraged. Some service boundaries reflect real legal and operating costs. The point is that the rule should be named honestly. If ARIN restricts transferability, it is shaping capital movement. If it conditions services on agreement status, it is shaping contract adoption. If it reviews utilisation after a block has market value, it is affecting asset certainty. These actions may be justified, but they should not hide behind the language of mere recordkeeping.
The dangerous institutional move is to treat every gate as ledger protection by default. That is how mandate laundering works in practice. The registry says uniqueness matters. It then treats broad discretion as part of uniqueness. The policy process says it is open. It then treats participation by a narrow active group as consent by all exposed parties. The contract says services are conditional. It then treats operational dependence as voluntary acceptance. The legal-order clause says law must be obeyed. It then becomes a channel through which live-network continuity can be interrupted.
Heng's continuity argument supplies a cleaner frame: protect the records, directory services, reverse zones, security chain, legitimate update ability, live networks, customer continuity and independent adjudication. Do not confuse those things with preserving every discretionary authority claimed by the registry office. Applied to ARIN, the test is not whether the institution is good or bad. It is whether each power remains tied to a narrow continuity function.
This test matters most when the registry is under stress. In normal times, ledger and gatekeeper functions blend together. Staff process transfers. Records change. Fees are paid. Members vote. Policies are discussed. The institution looks like the function. Under stress, the difference becomes visible. A court can restrain one action while the registry must keep other services running. A disputed transfer can be frozen without disabling routing-security records. A bankruptcy can pause a sale without erasing the current registrant. A governance controversy can proceed without corrupting RDAP, Whois, reverse DNS or RPKI state. A registry designed around the ledger can survive these separations. A registry designed around its own authority may treat separation as a threat.
Operational continuity is not institutional comfort
The phrase "registry continuity" can mislead. It can mean continuity of the office, the board, the staff, the legal contract, the policy machinery, the member process or the institutional narrative. It can also mean continuity of unique records, RDAP and Whois publication, reverse DNS, RPKI material, transfer evidence, dispute metadata, authenticated updates, routing-security coherence and live network reliance. The two meanings overlap, but they are not identical.
In normal times, it is convenient to treat them as one. ARIN continues, so the services continue. The board functions, so policies are adopted. Staff process requests, so records stay current. Contracts remain in force, so service expectations persist. In stress, the bundle can split. A court may restrain an action while services must continue. A holder may dispute a review while customers depend on routes. A bankruptcy may pause transfers while the network still operates. A policy controversy may challenge a rule while the ledger must not lie. A governance dispute may question authority while reverse DNS and RPKI still need coherent operation.
Continuity design should start from the live network, not the institution. The holder has customers. The customers have customers. Firewalls, access lists, mail reputation systems, anti-abuse processes, geolocation systems, payment systems, routing filters, ROAs, reverse DNS and contracts can depend on stable numbers. A registry action that protects institutional authority by destabilising those dependencies has not protected continuity; it has shifted the cost downward.
This does not mean holders should be immune from policy or law. Fraudulent transfers must be corrected. False organisations should not be rewarded. A holder that refuses to pay required fees may face consequences. A court order may have to be followed. A registry cannot preserve every operating arrangement at any cost. But the default remedy in disputes should be non-destructive where possible. Preserve the last verified state. Record the dispute. Block conflicting transfers. Require evidence. Use independent review. Keep services running unless a specific, proportionate reason requires interruption.
ARIN's own materials contain pieces of this logic. The RSA limits some revocation theories. Legacy resources not under agreement retain basic record services. Transfer instructions recognise that ROAs, IRR objects and reverse DNS may have to be handled around transfer. The waiting-list page distinguishes residual allocation from transfers. The appeal process recognises that staff decisions can be challenged. These are continuity fragments. The question is whether they add up to an explicit operator-first architecture.
The operator-first view is not anti-registry. It is pro-registry in the narrow sense that matters. A registry that is limited, auditable and replaceable is more credible than one that claims broad discretionary authority because the function is important. Critical infrastructure should have strong continuity and modest administrators. The more a registry insists that its own discretion is inseparable from Internet continuity, the more it invites court challenge, political suspicion and market discount.
Weak boundaries create hidden costs
Weak boundaries create costs long before any outage occurs. They appear in legal diligence. Buyers ask whether a block can transfer. Sellers ask what warranties they must give. Lenders ask whether number resources can support collateral value. Cloud operators ask whether future capacity can be secured. Access networks ask whether leasing or acquisition structures will be recognised. Legacy holders ask whether signing an agreement improves certainty or expands exposure. Lawyers ask what happens in insolvency. Customers ask whether services can continue if a dispute arises.
These costs are not visible in ARIN's fee schedule. They are transaction costs and risk discounts. A registry can charge modest administrative fees while imposing large hidden economic costs through uncertainty. That is why comparing registry fees with service output misses the point. The largest price of registry discretion may be the difference between what an address block is worth under clear, transferable, protected recognition and what it is worth under uncertain gatekeeping.
The risk is especially acute for smaller operators. Large firms can hire counsel, seek advance guidance, maintain compliance teams, diversify address strategy and absorb delays. Smaller networks may simply accept whatever process exists because challenge is too expensive. Their absence from mailing lists should not be read as consent. Their silence may reflect cost, not satisfaction.
Weak boundaries also create a capture incentive. If the registry's board, policy forum or staff interpretation can materially affect asset value, sophisticated actors have reason to contest governance. A process designed for technical coordination becomes a venue for economic advantage. Transfer rules, waiting-list policy, legacy terms, service eligibility and review practice become prizes. The more discretion is concentrated, the more valuable it becomes to influence the institution. Community governance then faces the very capture pressure it was meant to avoid.
ARIN is better placed than some registries to resist this because it has published processes and a mature community. But maturity is not immunity. A mature system can still be captured slowly by procedural knowledge, low participation, institutional language and asymmetric expertise. The antidote is not rhetoric about openness. It is data, narrow mandates and clear separations.
What ARIN should make measurable
The practical reform agenda is not revolutionary. It begins by making friction measurable.
For transfers, ARIN could publish more aggregate data about processing time, documentation rounds, reasons for denial or withdrawal, differences between merger and reorganisation transfers, specified-recipient transfers and inter-RIR transfers, average time from approval to record update and common causes of failed requests. It could separate ledger-protection failures from market-eligibility failures. Fraud and source-authority issues are different from recipient-qualification issues. The market should be able to see the difference.
For resource reviews, ARIN could publish aggregate review statistics: how many reviews were initiated, under what trigger, how many were without a concrete complaint, how long they took, what outcomes followed, how many led to voluntary correction, how many led to return, how many involved revocation and how many were appealed or otherwise challenged. This would not require exposing confidential data. It would show whether the most intrusive powers are rare, evidence-based and proportionate.
For legacy resources, ARIN could publish clearer economic and operational comparisons between no-agreement status, older LRSA status and current RSA status. Holders should not have to infer the risk trade-off from scattered materials. The distinction between basic ledger service and advanced service should be explicit. If RPKI and IRR access are agreement-based, the market should understand what rights, fees, term-change exposure and termination consequences attach.
For policy proposals that affect transferability or service access, ARIN could require an economic-impact note. The note need not take sides. It should state who may bear costs, what market behaviour the rule seeks to prevent, what evidence supports that harm, what less restrictive alternatives were considered and how the rule will be reviewed after adoption. A policy that restricts liquidity should carry an explicit burden.
For court and emergency continuity, ARIN could publish a high-level continuity architecture describing how core services would remain available during legal restraint, governance dispute, holder insolvency, a court order involving resources, compromise of authority, major litigation or institutional transition. It need not reveal security-sensitive details. It should explain the principles: preserve the last verified state, isolate disputes, keep unrelated services running, protect RPKI coherence, avoid destructive remedies unless required and ensure independent review for high-consequence action.
For member governance, ARIN could make voting participation, member-status shifts, petition use and policy participation metrics more visible in economic context. If only a small share of affected holders vote or comment, that should not delegitimise ARIN, but it should temper claims of community mandate. Modesty is a form of accountability.
The court-ready registry
A post-exhaustion registry should assume it will face courts. That is not a failure. It is a sign that the resources beneath its records have become valuable enough for legal systems to care. The question is whether the registry is court-ready in the right sense.
Court-ready does not mean insulated from law. It means the registry can show a judge, a holder, a buyer, a creditor and the public that its powers are narrow, documented, evidence-based and proportionate. It means the registry can distinguish the ledger from institutional preference. It means the registry can explain why a service must be stopped, why a transfer cannot be recognised, why a review is justified, why a resource is disputed or why an order must be followed without implying that every challenge to its discretion threatens the Internet.
Court-ready also means operationally prepared. If litigation affects a holder, the registry should know how to preserve the last verified state. If a court order arrives, it should have procedures for notice, scope, service continuity and protection of unrelated resources. If a holder enters insolvency proceedings, it should have a path that respects court authority while preserving network continuity. If a registry decision is challenged, there should be a non-destructive dispute posture unless immediate action is necessary to prevent fraud, duplicate claims or serious harm.
In this sense, ARIN's legal clarity is both a strength and a test. The RSA is explicit. The NRPM is public. The PDP is documented. Corporate documents are published. Legacy status is described. Transfer categories are known. These materials give ARIN a better foundation for court readiness than a registry that relies mostly on institutional myth. But clarity must be matched with restraint. A well-written clause can still produce a hold-up problem if it gives one party broad power over another party's sunk investment.
The ultimate court risk is therefore not losing a case. It is allowing litigation to reveal that registry continuity depends too much on institutional discretion and too little on separable, auditable functions. If ARIN can show that the ledger survives disputes, that live networks are not needlessly exposed, that contract power is proportionate and that market movement is restricted only for concrete reasons, it will strengthen the entire RIR model. If not, the North American registry will become evidence that even the mature version of the system cannot adapt to post-exhaustion economics without becoming a gatekeeper over capital.
Continuity begins where discretion ends
ARIN's quietness should not be mistaken for irrelevance. It is precisely because ARIN is mature, documented and embedded in a sophisticated transfer market that it shows the problem cleanly. IPv4 scarcity turned registry authority into economic power. Transfer markets turned recognition into infrastructure for capital movement. Legacy resources turned history into asset certainty. The RSA turned contract boundaries into continuity boundaries. Member governance turned participation into a partial check, but not a full mandate. Courts turned legal clauses into operational risk.
The answer is not to deny ARIN's role. The ledger matters. Uniqueness matters. Accurate records matter. Fraud prevention matters. RPKI, reverse DNS, Whois, RDAP and transfer integrity matter. A registry that cannot perform those functions would endanger the Internet. But those truths do not prove that every gatekeeping claim is necessary. They do not prove that a needs test belongs unchanged inside a private transfer market. They do not prove that service dependency should be used to draw legacy holders into broader contract exposure. They do not prove that community process equals consent by all who bear economic downside. They do not prove that institutional comfort is the same as network continuity.
The North American lesson is modest and severe: protect the ledger, make the gatekeeper accountable and keep court disputes from becoming network-continuity events. Holders need predictable recognition. Buyers and sellers need measurable transfer friction. Legacy holders need historical certainty. Members need real but modest power. Courts need a clear map of what the registry function is and what it is not. ARIN needs enough authority to keep the record true, but not so much unpriced discretion that every scarce address becomes a dependency on institutional goodwill.
That is the economics of court and continuity risk. The registry is strongest when it can survive legal challenge without turning that challenge into a threat to live networks. It is most legitimate when it can say exactly which facts it records, which harms it prevents, which powers it does not claim and which services will continue even when disputes arise. In the IPv4 world after exhaustion, continuity begins where discretion ends.

