The quiet stress case

ARIN is the quiet stress case for the regional Internet registry system. It is not the registry most associated with open crisis. It has not carried the recent drama of AFRINIC, where litigation, receivership, board legitimacy and the control of records became operational concerns in their own right. Nor does it occupy the same public-policy theatre as RIPE NCC, where sanctions, war, energy politics and cross-border legal exposure make neutrality claims visible to governments and banks. ARIN's problem is less theatrical and more important for that reason. It is the North American test of whether a mature registry can remain legitimate after the resource it was built to distribute has become scarce, valuable and routinely traded.

That makes ARIN unusually instructive. The easy case for a registry is the pre-exhaustion world. A coordination body receives address blocks, documents need, allocates numbers, maintains records and helps keep duplicate claims out of the global routing system. Its discretion is real, but the value at stake is modest enough that administrative judgment looks like technical housekeeping. The harder case comes after exhaustion. Then the registry is no longer mainly distributing abundance. It is administering scarcity. It records assets whose market value was not supposed to sit at the centre of the original institutional design. It reviews transfers, interprets eligibility, maintains contractual relationships, decides what services attach to which legal status, and mediates between older holders, new entrants and networks whose customers experience continuity as a commercial necessity rather than as a governance abstraction.

ARIN's own public materials are useful exhibits of this transformation. Its IPv4 Waiting List page says the free pool depleted in September 2015 and presents the waiting list as only one of several ways to seek IPv4 addresses, alongside transfers and reserved pools. Its transfer guide describes merger and reorganisation transfers, specified-recipient transfers within the ARIN region, inter-RIR transfers, officer acknowledgement, needs-based recipient requirements and waiting-list restrictions. Its Number Resource Policy Manual defines Internet number resources as unique identifiers within the Internet Numbers Registry System, states principles of registration, conservation, routability and stewardship, and also makes clear that an ARIN allocation or assignment does not guarantee that any particular network operator will route the address space.

Those statements do not settle the legitimacy question. They map the terrain on which it must be argued. The economic question is what happens when a body whose narrow public value rests on uniqueness, record accuracy and orderly publication also becomes the administrative gate through which capital assets must pass. ARIN does not sell IPv4 addresses as property. It does not guarantee global routing. It does not set the market price of addresses. Yet it can affect the value of an IPv4 holding by determining whether registry records are current, whether a transfer is recognised, whether a recipient qualifies, whether a holder is under agreement, whether routing-security services are available and whether a resource review or contract change creates uncertainty. In a scarce market, that is not a clerical role.

The distinction matters because ARIN's strongest claim is not that it should govern the Internet. Its strongest claim is that someone must maintain a reliable registry of unique number resources in its region, keep the records accurate enough for operations, and support orderly movement of those resources as networks change hands, grow, shrink and consolidate. That claim is powerful, but it is limited. The more ARIN's authority extends from ledger maintenance into broad discretion over asset liquidity, contract status, service access and market timing, the more it must justify itself in economic rather than ceremonial terms.

Legitimacy in this setting is not a mood. It is not supplied by the familiar vocabulary of community, stewardship or bottom-up process, though those words may describe useful features of the institution. Legitimacy is the degree to which operators, holders, buyers, sellers, customers, investors and policy participants can rely on the registry without adding large uncertainty premiums to every business decision that touches address space. For ARIN, the test is whether it lowers registry-layer risk for the market that depends on its ledger, not whether it can tell a persuasive story about why registries are valuable in general.

From allocation to asset administration

IPv4 scarcity did not merely raise prices. It changed the institutional contract around number resources. When addresses were low-priced administrative inputs, a registry could describe its work mainly in terms of conservation, fairness and technical need. Once addresses became balance-sheet items and transfer-market instruments, the same rules acquired a different economic meaning. A needs test became a liquidity condition. A contract update became part of asset certainty. A registry review became a financing risk. A delay in transfer recognition became a cost imposed on a buyer, seller, customer base or acquisition timetable.

ARIN's policy vocabulary still carries the older logic. Registration is meant to maintain uniqueness and publish contact information. Conservation is meant to promote efficient distribution according to documented need. Routability is relevant to good address management, but ARIN does not promise that any operator will route a particular block. Stewardship is described as the responsibility to distribute unique number resources to entities that build and operate networks, with recognition that the relevant goals can conflict. This is a coherent administrative vocabulary. It is also a vocabulary designed more for allocation than for markets.

The problem is not that conservation has no place after exhaustion. It does. Fraud, duplicate claims, forged authority, sham transfers, dormant-company abuse and inaccurate contact records would all damage the registry. A market in scarce identifiers still needs a credible bookkeeper. Indeed, it needs one more than the old allocation system did, because the financial stakes make bad records more attractive to criminals and more damaging to legitimate holders. The problem is that conservation can become a language for rationing capital after the rationing function has lost much of its original economic justification.

The relevant question is no longer only whether an organisation can document immediate technical need. It is also whether the registry's rules let addresses move to the networks, services and customers where their operational value is highest, subject to clear anti-fraud controls and reliable record updates. In the allocation era, a registry was protecting a shared pool. In a transfer market, the resource being moved has already left the pool. The registry's legitimate interest remains strong where it verifies authority, prevents duplicate registration and maintains the integrity of the ledger. It is weaker where it tries to shape business demand after buyer and seller have accepted price, risk and operational responsibility.

ARIN's transfer framework shows the compromise. Section 8.2 of the NRPM covers transfers related to mergers, acquisitions and reorganisations. Section 8.3 covers specified-recipient transfers within the ARIN region. Section 8.4 covers inter-RIR transfers. Section 8.5 sets recipient requirements. The transfer guide explains that 8.2 transactions are not subject to a needs-based assessment during the transfer process, while specified-recipient and inter-RIR recipients face requirements such as a signed RSA, minimum block size, operational use and documented need. For some source-side transfers, the current registrant must provide a signed and notarised officer acknowledgement. Source organisations must not be involved in a dispute over the status of the resources, and there are restrictions on recent transfers or allocations.

This is neither a pure market nor a command allocation system. It is an administered market. Price discovery and private negotiation occur between parties, but registry recognition remains decisive. ARIN does not require a complete asset-purchase agreement and allows sensitive monetary terms to be redacted in relevant documentation. That is a useful respect for commercial confidentiality. But the same guide makes clear that transfers must comply with ARIN policy, and that completion depends on ARIN's process. In practical terms, a buyer does not merely buy a block. It buys the expectation that the registry will recognise the transaction, update the record and allow associated registry services to follow the resource.

That expectation is part of the price. If recognition is predictable, the risk discount is low. If recognition is slow, discretionary or vulnerable to changing interpretation, the discount rises. In a liquid asset market, administrative uncertainty is capitalised. It appears as wider spreads, heavier diligence costs, demand for stronger warranties, preference for sellers with clean paperwork, fear of cross-registry exposure and a premium for resources whose contractual status is unambiguous. In that sense ARIN's legitimacy is visible in the market's risk premium, even when no participant uses the word legitimacy.

What ARIN really supplies

ARIN does not supply global routing. Network operators do. It does not supply the commercial usefulness of an address in the way a telecom operator supplies transit, ports, fibre or customer access. It supplies a more basic public-good component: a registry record that the rest of the operational system can treat as authoritative enough to use. Whois and RDAP records, reverse-DNS delegation, transfer history, routing-security hooks, public contact data and record-maintenance procedures are not glamorous. They are the institutional surface through which the market distinguishes a recognised resource from a disputed or uncertain one.

The phrase "ledger versus gatekeeper" captures the tension. A ledger function records uniqueness, identity, history, status and the current registered holder. It should be conservative in the best sense: accurate, durable, resistant to manipulation and clear about what it does not decide. A gatekeeper function controls entry, exit, transfer, services and conditions of recognition. Some gatekeeping is necessary because a registry that recognised every claimed transaction would be useless. But when gatekeeping grows beyond protection of the ledger, it can become a private form of economic control.

ARIN's institutional legitimacy is highest when it behaves like a ledger with necessary verification powers. It is weaker when it behaves as though the existence of the ledger justifies broad authority over the market, the business model or the asset strategy of networks. That distinction is often blurred by the language of stewardship. Stewardship is attractive because it sounds public-spirited and apolitical. Yet it can conceal a question that is political in economic terms: who bears the cost of restraint, delay or denial?

For a small network, an address block can be a survival input. For a hosting firm, it can determine customer continuity. For an enterprise, it can be part of acquisition value or migration strategy. For an access network, it can defer the cost of carrier-grade NAT or reduce customer friction during dual-stack operation. For a lender or investor, it can be collateral-like even when the legal vocabulary avoids property language. If the registry's rules are unclear, the holder bears the discount. If the registry's liability is limited while its decisions affect large commercial values, the mismatch becomes an institutional concern.

The ledger function therefore has two dimensions. The first is technical uniqueness: the same number resource should not be registered to incompatible claimants. The second is economic certainty: the record should be stable enough that reasonable parties can rely on it when making investments, building networks, negotiating acquisitions, serving customers and satisfying auditors. A registry can meet the first standard while failing the second. It can keep duplicates out of the database while leaving too much uncertainty around transfer timing, review standards, contract status or service eligibility.

ARIN's task is demanding because North America contains many of the world's largest network and technology businesses as well as older allocations that predate ARIN itself. The region is not merely a pool of applicants. It is a dense capital market around addresses, acquisitions, hosting, cloud infrastructure, enterprise networks, public-sector networks and internet service. A registry serving that market has to treat certainty as one of its principal outputs. If certainty falls, everything else becomes more expensive.

Scarcity and the rationing residue

The IPv4 waiting list is not a solution to scarcity. It is a rationing mechanism for returned or otherwise available space. ARIN's waiting-list guide says available space, typically from revocations due to non-payment, is used to fill approved requests on a first-approved basis, subject to available block size. It excludes organisations holding more than a /20 equivalent of IPv4 space in aggregate, imposes a maximum aggregate request size of /22, allows only one request at a time and requires fee status to be current when a block becomes available. Space distributed from the waiting list cannot be transferred to another organisation for 60 months, except under the merger and reorganisation path.

This structure has a defensible public purpose. It gives small or resource-poor organisations a path to some IPv4 space without forcing every applicant immediately into the transfer market. It limits the ability of larger holders to consume the residual pool. It reduces gaming by imposing transfer restrictions on space received from the list. In political terms, it helps ARIN answer the charge that exhaustion simply hands the market to incumbents with large historical allocations.

But a waiting list can also create a comforting illusion. It can make scarcity look administratively manageable even when the quantities involved are far below market demand. A /22 may be valuable to a small network, but it does not alter the strategic reality for data centres, access networks, hosting businesses, cloud platforms or enterprises carrying large legacy workloads. For them, the real choices are transfers, leasing, address sharing, carrier-grade NAT, IPv6 deployment, acquisition of firms with address holdings, or some mix of all of these. The waiting list is a safety valve. It is not an industrial policy.

That distinction matters for legitimacy because ARIN can use rationing to protect fairness, but it cannot use rationing to deny the market reality created by exhaustion. If a registry speaks as though small residual distributions solve the economic problem, it risks losing credibility with operators who face the problem on their balance sheets. If it recognises the waiting list as a narrow equity device within a broader market, the rule looks more defensible.

Rationing also changes incentives. A firm that receives waiting-list space faces a long lock-up, affecting how it plans future transfers or corporate transactions. A firm just above the eligibility threshold may be pushed into the market while a competitor just below it receives subsidised access to returned space. A network considering whether to update its registered holdings, transfer addresses between related entities or bring legacy space under agreement will consider how those actions affect eligibility. The policy may be reasonable, but it is not neutral. Scarcity turns every administrative category into an economic boundary.

The rationing residue is visible in needs-based transfer review as well. Section 8.5 requires transfer recipients to show operational use and, for larger transfers, to document expected use or efficient utilisation of existing holdings. A recipient within the ARIN region receiving an inter-RIR transfer must demonstrate need for up to a 24-month supply. Organisations with existing allocations can use an alternative criterion based on 80 percent utilisation and may qualify for transfers up to the size of current holdings, subject to a /16-equivalent ceiling in a six-month period. These rules restrain speculative accumulation. They also import allocation-era assumptions into a market era.

Infrastructure markets often require capacity to be acquired before it is fully used. A cloud platform does not build capacity only after every customer arrives. A hosting provider cannot always wait until utilisation crosses a registry threshold before securing the address space needed for a migration or acquisition. An enterprise preparing a carve-out, merger or renumbering project may need inventory before the need is visible in the old operational statistics. The legitimacy of needs review depends on whether it distinguishes speculative warehousing from prudent planning under uncertainty. A rule that cannot make that distinction will tax growth.

The transfer market as constitutional discipline

Transfer markets are usually described as a response to scarcity. They are also a constitutional discipline on the registry. They make the cost of uncertainty visible. If a registry becomes unpredictable, addresses do not stop being valuable. Rather, value moves into legal engineering, broker intermediation, risk discounts, private warranties and avoidance strategies. The market does not disappear. It adapts around the institution.

ARIN's transfer system has real strengths. The existence of public transfer categories reduces ambiguity. The separation between merger and acquisition transfers, in-region specified transfers and inter-RIR transfers reflects the different risks in each case. The officer acknowledgement requirement helps prevent unauthorised source-side transfers. The ability to redact financial terms from relevant contracts protects confidentiality. ARIN's transfer guide says approved transfers can be completed quickly after the required RSA and fees are received, and its publication of transfer-related procedures gives participants a common map.

The same system has points of economic stress. For specified-recipient and inter-RIR transfers, the recipient requirements convert a private transaction into a policy-dependent approval process. For inter-RIR transfers, compatibility between RIR policies becomes a border condition. ARIN's guide currently identifies APNIC, LACNIC and RIPE NCC as approved for compatible transfers, while AFRINIC is not approved. It also states that ARIN may require additional documentation to validate that a request meets compatible needs-based policy and may refuse a transfer that does not meet community-developed policy. A cross-border buyer or seller therefore faces not only counterparty risk, but policy interoperability risk.

The issue is not that every transfer control is illegitimate. A registry must verify authority, prevent duplicate registration, detect fraud, respect court orders and maintain coherent records. The issue is whether controls are narrow and measurable. A capital control does not need to look like a ban. It can be a qualification test, a waiting period, a documentation demand, a discretionary review, a lock-up or a service dependency that makes exit costly. When the asset is essential to network continuity, even modest frictions have leverage.

ARIN's best defence against that criticism is procedural modesty. It should be able to explain which parts of the transfer process protect the ledger and which parts attempt to shape market behaviour. The first category enjoys strong legitimacy. The second should face heavier scrutiny, clearer metrics and stronger sunset discipline. If a market-shaping rule is needed, it should say what harm it prevents, how often the harm occurs, what cost the rule imposes, what alternatives were considered and how the community will know when the rule should be narrowed.

The market itself will provide a rough audit. Blocks with clean history, current contacts, clear corporate authority, signed agreements and straightforward transferability will trade more easily than blocks surrounded by uncertainty. Brokers and buyers will learn which documentation histories create friction. Sellers will learn whether ARIN's process rewards early housekeeping or surprises them at the moment of sale. If the registry wants to lower the risk premium, it should publish enough aggregate friction data to let participants distinguish normal due diligence from avoidable institutional drag.

Legacy resources and the hinge of legitimacy

Legacy resources are the hinge of ARIN's legitimacy because they expose the difference between a registry that records history and a registry that claims authority from contract. ARIN was formed in 1997 and inherited responsibility for records that had been administered by earlier institutions. Many early resources were issued before ARIN existed and before the current contractual framework was in place. They were not created by ARIN as a conventional service product. Their institutional history is different.

ARIN's legacy-resource guide recognises that difference in practical terms. It says legacy resource holders not under an ARIN agreement can still maintain unique registration in Whois and RDAP, update and manage public data, manage reverse-DNS delegations, maintain registry records through ARIN Online and access DNSSEC for reverse zones. But the same page says such holders do not have access to ARIN's RPKI or Internet Routing Registry services unless they are under an agreement. That is a clean example of the post-exhaustion bargain. Basic record continuity is treated as available even without an agreement. More advanced routing-security or routing-registry services are tied to the contractual system.

ARIN also changed the economics of bringing legacy space under agreement. The legacy fee cap expired on 31 December 2023. ARIN's RSA FAQ says the LRSA fee cap ended after a 2022 board vote, and that legacy resources brought under agreement from 1 January 2024 are covered by the current RSA and current Registration Services Plan fees. The same FAQ says the current RSA version includes a provision under which a customer may terminate the RSA if a change to service terms is believed to materially and adversely affect its rights or use of included resources; in that case, resources received before ARIN's formation would revert to legacy status, while ARIN-issued resources would be returned.

That is not a small drafting detail. It marks a constitutional boundary inside the registry. Pre-ARIN resources retain a different institutional history from ARIN-issued resources. A holder can accept contract terms for services, but the origin of the resource still matters. If ARIN treats that boundary carefully, it strengthens confidence. If it blurs the boundary, market participants will price in the risk that legacy certainty can be diluted by contract mechanics, fee changes or service dependency.

Legacy-resource certainty also affects the transfer market. Old blocks are not all equal. Clean history, reliable registration, absence of dispute, clear organisational authority and predictable transfer treatment can all change value. A buyer wants more than addresses; it wants registry recognition without hidden liabilities. A seller wants a process that does not turn a legitimate asset sale into an open-ended administrative proceeding. A registry wants to prevent fraud and maintain accuracy. Those goals can be compatible, but only if the rules are narrow, documented and predictable.

The North American test is therefore not whether ARIN can compel every legacy holder into the same contractual status as a new applicant. The better test is whether ARIN can preserve the ledger while offering useful services that make voluntary agreement attractive. Compulsion may produce short-term administrative tidiness. Voluntary uptake produces stronger legitimacy. In a post-exhaustion market, the difference between those two routes is not philosophical. It is priced into transactions.

The service boundary around RPKI and IRR deserves careful monitoring. As more networks, filters, security teams and customers treat RPKI as a normal part of routing hygiene, denial of RPKI access becomes more significant. A policy that once looked like a premium-service distinction can become a practical pressure point. That does not make ARIN wrong to require agreements for sensitive services; it does mean the economic consequences should be acknowledged explicitly. Service bundling is governance when the service becomes operationally expected.

Contract certainty and the weight of the RSA

The RSA is not a mere formality. It is the contract through which ARIN and a holder define services, rights, obligations, fees and remedies for included number resources. The current RSA describes included number resources as including registration rights for IP address space and ASNs issued by ARIN, and legacy resources specifically identified by the holder as subject to the agreement. It describes services as including registry entries, reverse name service, RPKI, maintenance of resource records and administration of IP address space.

That language matters because it shows the registry operating as both service provider and policy implementer. The RSA provides the holder with rights to be the registrant of the included resources in the ARIN database, to use the included resources within that database and to transfer registration pursuant to policy. It also subjects services to ARIN's policies and permits policy changes through the policy-development process. The current agreement limits ARIN's ability to modify the RSA text itself to specified circumstances, including immediate legal necessity or member-ratified board recommendation, but policies can bind holders after publication through the policy process.

This architecture has advantages. It gives holders a contract rather than a purely discretionary relationship. It states rights and obligations in a public document. It ties fee changes to an open consultation process and says fee changes are not retroactive. It gives ARIN tools to enforce payment and data accuracy. It also creates exposure. A holder signing an RSA is not merely buying access to a database. It is entering a governance environment in which policies may change, fees may change prospectively, and transfer or service outcomes can depend on compliance with evolving service terms.

The agreement also highlights the remedy gap. The RSA gives ARIN mechanisms to stop services, terminate the agreement and revoke included number resources for prolonged non-payment after notices and deadlines. It gives ARIN rights to cooperate with government or judicial orders. It allows ARIN to review utilisation when a holder requests a transfer or additional space. It says ARIN will not reduce services or revoke included resources due to lack of utilisation except as set out in the agreement, but may refuse transfers or additional allocations if resources are not utilised in accordance with policy. These are material powers over valuable infrastructure inputs.

The remedy gap is not a claim that ARIN acts in bad faith. It is a structural concern. An institution can be professional, stable and still hold powers whose consequences exceed its own downside. If a transfer is delayed, a deal fails, a customer migration is disrupted or a financing condition is missed, a later correction may not make the affected party whole. Public registries can reasonably argue that they cannot insure every commercial use of every address. But if liability is thin while discretion is broad, the institution should compensate with narrow authority, transparent metrics, predictable timelines and credible review.

Contract certainty is therefore part of institutional legitimacy. The most important question is not whether every clause is convenient to every holder. It is whether a prudent holder can understand the risk it is accepting. What events can trigger service suspension? What changes require member ratification? What policy changes bind immediately? What services require agreement? What resources revert to legacy status if an agreement is terminated after an adverse service-terms change? What happens to ARIN-issued resources? How much discretion sits with staff, board or policy process? The clearer the answers, the lower the institutional risk premium.

Member power without member mythology

ARIN has a member-governance structure, and it matters. Its membership page says there are Service Members, General Members and Trustee Members. It also says membership is not required to obtain direct number resources, participate in policy discussions, submit suggestions or take part in public consultations. Voting power, however, sits with General Members in good standing. A voting contact must be designated before the relevant deadline, and ARIN's rules require General Members to cast a ballot in elections to maintain that status over time. A blank ballot still counts as participation.

This is better than a passive membership roll that can be invoked symbolically but rarely acts. Requiring periodic voting to retain General Member status creates a mild discipline against nominal participation. It helps ensure that the voting class is at least minimally engaged. In a registry environment where board elections, advisory-council selections, fee strategy, RSA changes and policy culture can affect capital assets, that is not trivial.

Still, member governance should not be romanticised. The affected public is larger than the voting class. A downstream business can depend on a network whose address strategy depends on ARIN rules without being an ARIN member. A cloud customer, hosting customer, enterprise buyer or public-sector user may experience the effects of registry policy through price, service continuity or migration cost without appearing in the registry's governance structure. Even among resource holders, the ability to follow policy lists, understand transfer rules and engage in elections varies sharply by size and staff capacity.

That is not a scandal. It is the normal political economy of specialised institutions. The point is that the word "community" cannot be treated as a substitute for representation. ARIN has a community, but the community's procedural existence should not be used to make every institutional choice look democratically authorised. Membership is an accountability mechanism, not a source of sovereign mandate.

The better view is more restrained. Member power is a check on ARIN, not a sacrament that validates ARIN. A member election can discipline board behaviour. A public consultation can expose costs. A policy-list debate can refine rules. A petition can challenge a process failure. But none of these mechanisms eliminates the need to ask whether the registry's authority is proportionate to the harm it prevents. In a post-exhaustion market, legitimacy comes from restraint as well as participation.

The question for ARIN's members is whether they see themselves as guardians of the registry corporation or guardians of registry-risk reduction. Those are different roles. A corporation-preservation view asks whether ARIN has adequate authority, revenue and organisational stability. A risk-reduction view asks whether holders and operators face less uncertainty because ARIN exists. The second test is harsher, but it is the one the market ultimately applies.

Member discipline should be measured by outcomes. Are elections meaningfully contested? Do members challenge fee and contract drift when it matters? Does the board explain how policy and service decisions affect small holders, legacy holders and transfer-market participants? Do consultations generate changes, or merely record support for decisions already favoured by insiders? Does the voting class include enough operational and economic diversity to discipline registry assumptions? These questions are less ceremonial than asking whether membership exists. They reveal whether member power actually bites.

Policy lists and the cost of voice

ARIN's Policy Development Process is open in important ways. It says policy changes must be developed through open and transparent processes with meaningful opportunity for public participation. It says policies must be considered in open and publicly accessible forums, that the Public Policy Mailing List is archived and public, and that proceedings and minutes are published. The process defines roles for the Internet community, proposal authors, the Advisory Council, policy shepherds, ARIN staff and the Board of Trustees. It includes ordinary policy development, last call, board adoption, petitions, suspension and emergency actions.

The existence of public voice is a strength. It makes quiet capture harder. It gives dissenters a record. It allows outsiders, brokers, operators, civil-society participants and commercial users to observe how policy ideas evolve. In a world where private associations exercise quasi-public functions, archived argument is an institutional asset.

The cost of voice remains high. Policy lists reward those who can afford to read long threads, understand procedural history, write in the language of registry governance and attend recurring meetings. A small operator facing customer churn or address shortage may not have the staff time to turn operational pain into policy text. A buyer trying to close a confidential transfer may have little incentive to argue publicly about rules that affect the transaction. A legacy holder may prefer to avoid attention. A large organisation may engage through lawyers, consultants or experienced policy staff. The result can be formally open and still economically skewed.

The petition mechanism illustrates both openness and constraint. A member of the Internet community may petition a process outcome in defined circumstances, but the support requirement is tied to ARIN member organisation contacts and a threshold of separate member organisations. That threshold makes a serious organised challenge possible while preventing a lone outsider from forcing board review. In institutional terms, the process values organised concern over atomised grievance.

That may be reasonable. But it also means the policy list is not a referendum of all affected users. It is a deliberative filter. The filter's legitimacy depends on whether it incorporates the right evidence. For transfer rules, that means data on delays, denials, documentation burdens, fraud attempts, abandoned deals and downstream operational costs. For fee changes, it means effects on small holders, legacy holders, resource-holding non-profits and transfer-market behaviour. For resource reviews, it means evidence about false positives, time to resolution and business disruption. Without those metrics, process can become a performance of openness rather than an instrument of accountability.

The policy-list problem is therefore not excessive procedure. It is insufficient economics. A registry policy that changes asset liquidity should be accompanied by an economic impact account. Not a grand model, not a lobbying document and not a legal brief. A sober statement of affected parties, expected costs, expected benefits, alternatives considered and observed outcomes after implementation would do. ARIN already has the procedural machinery to host such discussion. The missing discipline is to make economic cost legible before it hardens into policy.

The same applies to emergency and suspension powers. A policy flaw that creates a substantial adverse impact or significant impediment to resource management may justify board action outside the normal cadence. But the mere existence of emergency machinery is also a reminder that this is not a town-hall mythology. It is a governance system with concentrated institutional power at key moments. The stronger the emergency authority, the more important it is that ordinary process remain empirically grounded rather than symbolic.

Resource review and the remedy gap

The resource-review provisions in the NRPM deserve special attention. Section 12 permits ARIN to review current usage of resources maintained in the database in several circumstances: when an organisation requests new resources, when ARIN believes resources were obtained fraudulently or contrary to policy, when there is suspected noncompliance with reassignment or reallocation rules, and also at any time without cause unless a full review has occurred in the preceding 24 months. If an organisation is materially out of compliance, ARIN may request or require return of resources, and for ARIN-issued resources may revoke as needed for compliance. The policy also says it does not create additional authority to revoke legacy address space.

This is a powerful instrument. It may be necessary to protect the registry from fraud or severe misuse. But a discretionary review power that can be triggered without cause is exactly the kind of tool that must be surrounded by restraint, metrics and review. In an allocation regime, review verifies that resources drawn from a common pool were justified. In a post-exhaustion market, review can affect assets acquired at market prices or embedded in businesses. ARIN's legacy carve-out reduces one category of concern, but not the broader question of proportionality for ARIN-issued or transferred resources.

The economic harm from review uncertainty is not limited to revocation. A review can delay a transfer, complicate an acquisition, increase legal costs, chill a buyer, disrupt financing or force management attention away from operations. Even if no resources are returned or revoked, uncertainty can change price. In asset markets, process is substance. A right that can be challenged unpredictably is worth less than a right subject only to narrow, evidence-based review.

ARIN can reduce this risk by distinguishing review triggers. Fraud, forged authority, duplicate claims and clear policy violation justify strong intervention. Random or routine review without cause should be used sparingly and explained in aggregate. Transfer-related review should be tied to the specific transfer requirements rather than becoming a general fishing expedition. Where a review affects a live business, timelines, documentation standards and escalation paths matter. So does business-continuity protection while facts are resolved.

The remedy gap appears again here. If a review is wrong or disproportionate, a later correction may not repair lost commercial opportunity. A seller may miss a market window. A buyer may walk away. A lender may withdraw. A customer migration may fail. A public procurement deadline may pass. If ARIN's downside is limited while the holder's downside is not, the institutional answer cannot simply be "trust the process." The process must earn trust by being narrow, observable and reviewable.

No serious registry can abolish review. A ledger without anti-fraud capacity is not a ledger. But review should protect the record rather than extend institutional reach. The question should be: what must ARIN know to keep the database accurate, prevent abuse and implement policy? The question should not become: what can ARIN demand because the holder needs the registry?

Mandate laundering in a stable institution

"Mandate laundering" is a harsh phrase, but it names a familiar institutional habit. A private or membership-based body starts with a narrow coordination function. Over time it surrounds that function with the language of region, community, stewardship and public interest. The language then does argumentative work that the underlying mandate cannot do on its own. Critics are told that they are challenging the community rather than questioning a particular exercise of power. A registry decision is presented not as one organisation's policy choice but as the expression of regional consensus.

ARIN is less vulnerable to the most dramatic forms of this problem than a registry in visible crisis. Its governance process is documented. Its mailing lists are public. Its transfer and waiting-list rules are published. Its membership structure is legible. Its RSA and FAQ are available for inspection. Its record is not one of institutional collapse. That stability is a genuine asset.

Stability, however, can make mandate laundering more efficient. In a stable system, the vocabulary becomes routine. "Community" is invoked without asking who is absent. "Stewardship" is invoked without identifying the property-like economic interests affected. "Region" is invoked although the service region is not a sovereign electorate. "Consensus" is invoked although most affected customers never participate and many resource holders participate only through silence. None of this means the process is fake. It means the process should not be asked to carry more authority than it can bear.

The North American context makes the issue particularly acute. ARIN's service region includes the United States, Canada and specific islands in the Caribbean Sea and North Atlantic Ocean. It contains firms subject to different corporate, securities, tax, bankruptcy, public-procurement and national-security regimes. IPv4 holdings can appear in acquisitions, restructurings, hosting contracts, lender diligence and customer-continuity planning. No mailing-list consensus can substitute for legal and commercial certainty across that landscape. The registry can coordinate records. It cannot turn itself into a public sovereign by using regional language.

Official narrative should therefore be treated as evidence of how ARIN understands itself, not as the authority that frames the analysis. The fact that a registry says it is a steward tells us something about institutional culture. It does not answer whether a transfer delay is proportionate, whether a contract change fairly allocates risk, whether a legacy holder's service boundary is clear or whether member voting adequately disciplines board discretion. Legitimacy must be earned in those concrete decisions.

The most legitimate version of ARIN would be comfortable with a narrow mandate. It would say: we maintain the registry; we verify transfers; we protect uniqueness; we provide publication and security services; we run a transparent policy process; we avoid turning administrative necessity into economic command. That version of ARIN would be harder to mythologise, but easier to trust.

Mandate laundering is most tempting when an institution does not want to describe the economic effects of its own authority. It is easier to say a rule protects stewardship than to say it restricts liquidity. It is easier to say a fee consultation expresses community responsibility than to say it changes carrying cost for holders. It is easier to say a service requires an agreement than to say operational security tools can create contract pressure. A mature institution should prefer the harder language. It should name the cost and justify it.

Capital-control risk

Capital-control risk is the possibility that registry rules, while not presented as financial regulation, operate like controls on the movement and use of a capital asset. IPv4 addresses are not ordinary financial assets, and legal systems vary in how they characterise them. But economically they behave in many asset-like ways. They are scarce, durable, tradeable within rules, used in production, financed indirectly through business valuations and sometimes separable from the companies that first used them. If a registry can affect whether they move, on what timetable and under what conditions, it can affect capital allocation.

ARIN does not need to set prices to influence the market. Recognition is enough. A buyer that cannot secure a recognised transfer has not received what it needs. A seller that faces uncertain approval may accept a lower price. A broker will price process risk. An acquiring company will diligence address holdings differently depending on contract status, legacy status, utilisation records, dispute exposure and transferability. A network may choose leasing over purchase if it believes ownership transfer is too slow or uncertain. These are capital-allocation effects.

Some control is justified. A registry that never asks whether a transfer is real would invite fraud. A registry that cannot identify the authorised source would undermine the ledger. A registry that ignores sanctions, court orders or competing claims may expose other networks to conflict. The issue is not verification. It is breadth. When verification shades into economic planning, the registry begins to decide more than record accuracy requires.

Needs-based transfer review is the clearest example. It asks whether the recipient can justify the amount of space requested under policy. In the allocation era, that question rationed a scarce public pool. In a transfer market, the space is not coming from the free pool; it is coming from another holder. The conservation case is therefore weaker. ARIN may still want to prevent immediate speculative flipping or sham demand, but the economic burden of proof should change. A willing seller and a willing buyer in a depleted market are themselves evidence of resource reallocation.

The same applies to lock-ups and waiting periods. A 60-month transfer restriction on waiting-list space may be defensible to prevent a subsidised allocation from becoming instant arbitrage. A broader habit of restricting resource movement would be more problematic. A source restriction after receiving a recent allocation or transfer may prevent gaming. It may also interfere with legitimate corporate restructuring. The legitimacy of each rule depends on whether the harm it prevents is concrete and whether the cost it imposes is measured.

Capital-control risk also appears in service bundling. If a holder must accept broader contractual terms to access RPKI or IRR services, the registry is not merely offering a service. It is attaching a security or routing-adjacent tool to legal status. ARIN's distinction between basic legacy registry services and agreement-based access to RPKI and IRR is therefore economically meaningful. The more the operational ecosystem comes to expect RPKI, the stronger the pressure on legacy holders to enter the contract system. That may be a sensible service policy, but it is not neutral.

The point is not that ARIN is running a disguised financial regime. It is that the institutional capacity exists. Legitimate governance requires noticing such capacity before abuse or drift makes it obvious. Capital markets are sensitive to optionality. If ARIN wants lower suspicion, it should treat liquidity, contract certainty and service access as explicit economic variables in policy review, not as side effects.

Operator dependency and the hidden balance sheet

The value of IPv4 space lies in the networks and customers built on top of it. A registry record by itself does not move packets. But a changed or uncertain record can disturb everything that depends on the address. Routing filters, RPKI authorisations, reverse DNS, geolocation databases, reputation systems, customer allowlists, firewall rules, procurement records, anti-abuse contacts, service-level agreements and internal inventories can all depend on the assumption that a block remains continuously usable by the expected operator.

This dependency is often hidden because it appears as operations rather than finance. A company may not put "renumbering risk" on its balance sheet, but the cost is real. Renumbering can require customer notices, device changes, application migration, contract renegotiation, firewall updates, DNS changes, reputation rebuilding and support load. In some sectors it can affect compliance records or security audits. In hosting and access networks it can mean customer churn. In acquisitions it can change purchase price or escrow terms. These are not theoretical governance concerns. They are operating costs.

ARIN's policy manual rightly says that registry allocation does not guarantee routability. That is a factual limit on registry power. It also underscores the fragility of the asset. A holder needs the registry record, but it also needs the rest of the routing system to accept announcements. RPKI can improve route-origin assurance, but it also increases the importance of clean registry-linked authorisation. Reverse DNS can be essential for mail and reputation. RDAP and Whois contacts remain part of abuse handling and due diligence. The registry is not the whole system, but it is a critical reference point.

Operator dependency is why continuity should be the centre of ARIN's legitimacy. Not continuity of every internal practice, and not preservation of the registry corporation for its own sake. Continuity of the ledger. Continuity of accurate publication. Continuity of reverse-DNS and routing-security hooks where applicable. Continuity of transfer recognition when no fraud or clear policy violation exists. Continuity of operator expectations when networks and customers have already been built around the resource. That is what networks buy indirectly from a functioning registry.

This is also why official statements that number resources are not property do not end the economic debate. They may matter legally. They may protect the registry from claims it never intended to assume. But markets ask a different question: can the holder rely on the resource to support operations, customers and transactions? If the answer is yes, the resource has asset value. If the answer is uncertain, the value is discounted. Legal form can affect value, but it cannot erase the economic function.

ARIN as a North American legitimacy test

ARIN's region makes its legitimacy problem more, not less, demanding. North America is rich in legal process, capital markets, cloud concentration, enterprise infrastructure and address-heavy legacy systems. It is also politically fragmented across jurisdictions and sectors. A registry that functions well in this environment can show that the RIR model adapts to assetisation without collapsing into either bureaucratic control or private capture. A registry that functions poorly will not fail only as an association. It will raise doubts about the idea that regional registries can administer post-exhaustion scarcity with sufficient restraint.

That is why ARIN should be assessed less by its absence of scandal than by the quality of its boundaries. Does it distinguish clearly between legacy record maintenance and contract-based services? Does it keep transfer verification separate from market planning? Does it publish enough process data to let outsiders see friction, delay and denial patterns? Does it treat policy-list participation as evidence, not as a substitute for economic analysis? Does member voting discipline institutional drift? Do fee schedules and service terms encourage trust rather than dependence? Does resource review remain targeted, evidence-based and proportionate?

The best case for ARIN is that its documentation recognises many of these boundaries already. The policy manual distinguishes legacy authority in the resource-review context. The transfer guide separates categories and allows confidentiality for price terms. The legacy guide preserves basic services for non-contracted legacy holders. The membership page makes the voting class legible. The PDP documents board powers, petitions and emergency processes. The RSA FAQ recognises the different consequences of termination for pre-ARIN resources and ARIN-issued resources. These are real institutional assets. The issue is whether they are treated as living restraints or merely as process evidence.

The North American market will not judge ARIN by rhetoric alone. It will judge by how often registry process becomes a surprise. It will judge by whether legacy holders understand the cost and benefit of agreement. It will judge by whether transfer participants can forecast timing and documentation. It will judge by whether small networks experience the waiting list as fair access or as symbolic rationing. It will judge by whether large holders see policy as a predictable rule set or a moving compliance frontier. The verdict will be expressed in behaviour before it is expressed in public argument.

If ARIN wants to strengthen legitimacy, it should not be afraid of the market vocabulary. It can say openly that IPv4 has market value, that transfers are part of the post-exhaustion allocation mechanism, and that registry policy affects capital allocation. It can still reject property language where its legal position requires that. Economic candour does not require legal surrender. It requires admitting that registry choices have costs beyond the registry.

The practical standard for legitimacy

Institutional legitimacy after exhaustion should be practical. It should ask what a prudent operator, investor, customer, broker, policy participant or legacy holder can rely on. For ARIN, that means several tests.

First, ledger accuracy must remain the core. ARIN should be judged primarily by whether the registered record is unique, current, accessible, historically coherent and protected against fraud. Any policy that does not serve those ends should face heavier justification.

Second, legacy certainty must be explicit. Pre-ARIN resources have a distinct history. Basic registry services for those resources should not be made ambiguous by service bundling, fee pressure or contract migration. If advanced services require agreement, the operational consequences should be stated plainly so holders can make informed decisions.

Third, transfer predictability should be measurable. ARIN publishes transfer categories and procedures, but the market needs more insight into time to recognition, reasons for delay, denial patterns, abandonment, documentation requests and appeal outcomes. Some confidentiality is necessary. Aggregate friction data is not.

Fourth, resource review should be narrow, evidence-driven and proportionate. Fraud and clear policy violation justify intervention. Routine uncertainty fishing does not. Reviews without cause may be permitted under policy, but broad permission is not the same as legitimacy. The more economically valuable the resource, the more important it is to define process, timeline, remedy and business-continuity protection.

Fifth, member governance should be evaluated by discipline, not ceremony. Turnout, contested elections, policy engagement, board responsiveness and the ability of members to challenge fee or contract drift matter more than the mere existence of membership classes. A member structure that never says no is not a check.

Sixth, policy changes affecting liquidity should include economic impact. Transfer restrictions, waiting-list locks, service eligibility, fee changes and RSA changes all affect behaviour. They should be debated with evidence about cost and alternatives, not only with appeals to stewardship.

Seventh, the registry should avoid mandate inflation. ARIN's strongest authority comes from maintaining a reliable North American registry, not from presenting itself as a broad public-policy sovereign. The narrower claim is enough. It is also safer.

These standards are not anti-registry. They are pro-registry in the only sense that matters after exhaustion. A registry that refuses to recognise the market will be worked around. A registry that treats every market criticism as an attack on stewardship will lose the confidence of serious holders. A registry that narrows its mandate, publishes friction and lowers uncertainty will become harder to replace because it will be doing the thing the market actually needs.

What to watch next

ARIN's legitimacy will not be decided by one election, one transfer dispute or one fee schedule. It will be decided by accumulation. The relevant signals are often prosaic: whether transfer review becomes faster or more opaque; whether waiting-list distributions remain a small equity mechanism or are invoked as evidence that scarcity is administratively contained; whether legacy holders see clear service boundaries after the end of the fee cap; whether RSA changes are perceived as service modernisation or leverage; whether RPKI and IRR expectations increase pressure on non-contracted holders; whether member elections attract meaningful competition; whether policy-list debates include economic impact rather than procedural ritual.

The wider RIR environment will also matter. Global discussion of RIR governance, recognition, continuity and derecognition shows that the regional-registry model is under structural examination. ARIN may appear secure compared with a registry in crisis, but that is not the same as being exempt from scrutiny. A stable registry can still reveal the model's deeper problem: the conversion of a narrow coordination function into an economically powerful administrative layer with limited downside exposure.

For North American operators, the question is not whether ARIN is useful. It is useful. The question is whether its usefulness remains tied to the ledger or expands into market governance by habit. For legacy holders, the question is whether old certainty can coexist with new services without coercion. For new entrants, the question is whether the transfer market is open enough to support growth. For members, the question is whether they are willing to discipline the institution they help legitimate. For ARIN itself, the question is whether it can accept that legitimacy in a scarce market is not inherited from the allocation era.

IPv4 exhaustion made addresses valuable. It also made registry authority more valuable and more dangerous. ARIN's opportunity is to prove that a regional registry can administer that authority with precision: verify the record, protect uniqueness, publish useful data, respect legacy boundaries, reduce transfer uncertainty, avoid inflated mandate claims and treat operator continuity as the measure of success. If it does that, ARIN will not need a grand theory of stewardship. The market will know what the institution is for.