ARIN is not the most theatrical of the regional internet registries. It has not become the public byword for institutional collapse. It does not usually supply the internet-governance world with emergency court drama or open political rupture. Its importance is quieter. That is precisely why it is analytically useful. ARIN is the mature North American case in which the vocabulary of "community", "stewardship", "technical need" and "policy" converts a narrow registry function into a broader claim over scarce digital capital while still presenting the institution as a neutral administrator.
That conversion is mandate laundering. A limited coordination role is passed through language, procedure, meetings, consensus rituals and membership structures until an institutional preference emerges looking like a neutral technical mandate. The preference may be conservative. It may be sincere. It may be defended as protection of a common resource. But once IPv4 scarcity has turned address blocks into transferable, financeable and operationally embedded assets, that vocabulary no longer sits above a low-stakes allocation queue. It sits above balance sheets, lease markets, customer continuity, merger value, bankruptcy estates, cloud deployment, network identity and capital allocation.
ARIN is a useful test because the institutional facts are public and orderly. Its history page says ARIN was established in December 1997 as an independent nonprofit corporation to provide IP registration services in its defined region after the older IANA, InterNIC and Network Solutions arrangements became unsuitable for a growing commercial internet. Its Number Resource Policy Manual sets out the principles of registration, conservation, routability and stewardship. Its IPv4 options page records that ARIN's free pool of IPv4 address space was depleted on 24 September 2015 and that applicants now look to reserved-policy exceptions, the waiting list or specified-recipient transfers. Its transfer page explains that IP addresses and ASNs issued by ARIN or its predecessors may be transferred only under ARIN policies.
Those official materials matter as factual exhibits. They do not settle the institutional question. A registry can accurately describe what it does while still understating what its power has become. The question is not whether ARIN performs a real registry function. It does. North American networks need unique number-resource records, coherent reverse DNS, reliable Whois/RDAP, routing-security services, transfer recognition and a policy forum. The question is whether the language and procedures around those functions now launder discretionary control into a claim of neutral mandate.
The small function and the large vocabulary
The indispensable part of a number registry is narrow. Internet number resources must be unique. A public record must identify the recognised holder, technical contacts, abuse contacts, reverse DNS delegations, routing-security status and relevant transfer history. Two unrelated networks cannot be recognised for the same globally unique block. A transfer must not corrupt the record. A dispute should be marked without destabilising the running network. These functions justify a registry. They do not, by themselves, justify an institution treating itself as the moral owner of the address economy.
ARIN's documents reveal the tension. The NRPM says registration guarantees uniqueness, provides operational and security contacts, supports transparency over utilisation and assists allocation studies. Conservation is framed as efficient distribution of unique number resources to organisations with a technical need in support of operational networks. Stewardship then applies those principles when managing resources for entities building and operating networks. That is a sensible vocabulary for a world in which registries are allocating fresh supply from a common pool. It becomes less innocent once the resource has been allocated, exhausted, transferred, financed and embedded into operating businesses.
The move from registration to stewardship is the first laundering step. Registration is a technical function. Stewardship is a moral claim. Technical need can be an allocation criterion. It can also become an administrative veto over capital movement. Community can mean affected operators. It can also mean the subset of people active on a mailing list, in a meeting room or inside a membership class. The words are elastic. Their elasticity is what makes them institutionally useful.
When resources were abundant, the cost of this elasticity was lower. A registry choosing between applicants for unallocated address space had to ask questions about use, conservation and efficient distribution. Rationing a free pool requires some rule. The rule may be imperfect, but the economic stakes are bounded by the fact that the registry is distributing new supply at administrative cost. Once the free pool is exhausted, the same vocabulary changes character. Need assessment no longer merely decides who receives unallocated supply. It conditions whether an already allocated, operationally embedded and privately negotiated resource can move to a new recognised holder.
That is the core of the ARIN problem. The old allocation vocabulary survived the disappearance of the allocation world. It now operates inside a market.
Scarcity made policy economic
IPv4 depletion did not abolish registry work. It changed the price of registry work. Before exhaustion, the central economic question was distribution from a diminishing common inventory. After exhaustion, the central economic question became recognition of movement, continuity and status around resources already in use.
ARIN's own IPv4 guidance describes the post-depletion choices. The ordinary free pool is gone. Reserved pools remain for special cases such as IPv6 transition and critical infrastructure micro-allocations. Other applicants may join a waiting list that can be filled only when addresses are returned, revoked, distributed to ARIN by IANA or otherwise made available. The practical alternative is a specified-recipient transfer under NRPM 8.3 or an inter-RIR transfer under NRPM 8.4. Pre-approval can help a buyer search for available space.
This is market architecture. ARIN does not set the bilateral price, and its transfer FAQ leaves negotiations and financial terms to the parties. But ARIN controls the settlement layer. A transaction that makes commercial sense to buyer and seller still needs recognition under policy. The registry may not be the broker, but it remains the official ledger whose entry gives the transaction operational standing.
That is where scarcity exposes mandate laundering. In an ordinary market, the institution that records title or registration should be constrained by objective criteria: identity, authority, fraud prevention, duplicate claims, court orders, record accuracy and technical integrity. It should not use the recording function to preserve allocation-era preferences about whether the buyer deserves the resource. The more the registry asks questions that go beyond record integrity, the more it becomes a market gatekeeper. The gatekeeping may be calm, orderly and rule-bound. It is still gatekeeping.
ARIN's transfer rules are not a prohibition on trade. They are more sophisticated than that. They recognise specified transfers within the ARIN region and inter-RIR transfers with compatible RIRs. They exclude reserved-pool resources from transfer, impose waiting-list consequences on sources and recipients, require recipient qualification and apply current ARIN policies to transferred resources. For mergers, acquisitions and reorganisations, ARIN permits transfer without a needs-based assessment during the transfer process, but still requires the new entity to sign an RSA and subjects the resources to ARIN policies. For specified transfers, source entities must be current registered holders and not involved in disputes; recipients must meet section 8.5 requirements.
The design is internally coherent. It is also economically loaded. A twelve-month lookback on a source, a thirty-six-month waiting-list penalty, a policy-compatibility condition, a reserved-pool exclusion, an RSA requirement, a /24 minimum and a needs-documentation rule all change bargaining power. They do not merely "administer" the market. They shape it.
The interesting question is not whether those rules have explanations. Most controls have explanations. The question is whether the registry can still describe them as neutral stewardship once they affect the mobility of scarce capital.
Technical need as central planning
The strongest example is needs assessment. ARIN's specified-transfer recipient rules require operational use and make the minimum IPv4 transfer size a /24. Organisations without an ARIN IPv4 allocation qualify for transfer of an initial minimum-size block. Organisations seeking a larger initial block or an additional block must provide documentation showing use of at least 50% of the requested block size within 24 months. Organisations with ARIN IPv4 allocations must have efficiently used at least 50% of cumulative IPv4 blocks in order to receive more. An alternative path allows additional blocks through an 80% utilisation showing, with a /16-equivalent cap in a six-month period.
This is the language of allocation carried into purchase. It assumes that the registry remains competent to judge whether a buyer has enough planned need to justify recognition of a transfer. That assumption deserves scrutiny.
A market buyer reveals need in several ways that a registry cannot easily improve upon. It pays the price. It bears the opportunity cost. It accepts the engineering burden. It assumes the customer risk if the block is not used effectively. It may have confidential commercial plans, timing constraints, acquisition opportunities, financing needs, enterprise customer obligations or regional deployment strategies that cannot be reduced to a simple utilisation forecast. The buyer, not the registry, bears the capital risk of being wrong.
Needs assessment after exhaustion therefore has a different economic meaning from needs assessment before exhaustion. In the free-pool era, a registry rationed supply that had not yet entered private operational use. In the transfer era, a registry reviews a private movement of already allocated supply between parties who have priced the transaction. Review may still be justified for fraud, authority, dispute, sanctions, court order, duplicate registration, security metadata and record accuracy. It is harder to justify as a forecast of business need.
The defence is familiar: without need assessment, addresses may be hoarded, speculated upon or diverted from operational networks. Yet that defence assumes that administrative forecasting is a better allocator than price. It also assumes that speculation is always socially worse than rationing. In a scarce market, some inventory holding is not pathology. It is how supply is discovered, risk is warehoused and future deployment is financed. A cloud platform, hosting company, telecom operator or managed-services business may value optionality because customer demand is uncertain. The registry sees "unused" capacity; the operator sees resilience.
There are cases where hoarding, fraud or market manipulation should be policed. The issue is the choice of instrument. Fraud control asks whether the asserted holder has authority, whether records are accurate, whether a transfer is forged and whether the same need is being double-counted across registries. Central planning asks whether the buyer's future business plan is worthy. The two questions are often blurred by the phrase technical need.
This is the institutional-economics point. Technical-need language turns administrative preference into neutral-sounding mandate. It lets the registry say it is protecting efficient use while preserving a discretionary approval function above a market. It allows control of capital movement without admitting that capital movement is being controlled.
Legacy resources and the contract boundary
ARIN's region carries an additional complication: legacy resources. Many IPv4 blocks were issued before ARIN's formation. ARIN's legacy resources page says legacy holders can maintain unique registration information in Whois/RDAP, update publicly available data, manage reverse DNS delegations, maintain registry records in ARIN Online and access DNSSEC even if they are not under an ARIN agreement. It also says they must be under an ARIN agreement to access RPKI and IRR services. The legacy fee cap expired on 31 December 2023, with prior LRSA holders retaining limited fee treatment for resources covered before 1 January 2024 and no additional legacy resources added after that date.
This boundary is institutionally important. It shows that the registry function is divisible. ARIN can maintain uniqueness and public registration for some resources without folding every holder into the full contract stack. That is a quiet concession to the ledger-first view. The essential record can continue without every service or every institutional claim being attached to the same agreement.
The Registration Services Agreement then shows the other side of the bargain. Version 14.0, dated 15 August 2025, describes ARIN as a Virginia nonprofit corporation and a regional internet registry serving the United States, Canada and designated islands in the Caribbean Sea and North Atlantic Ocean. It defines included number resources as registration rights for IP address space and ASNs issued by ARIN, plus identified legacy number resources. It grants the holder the exclusive right to be the registrant in the ARIN database, the right to use the included resources within that database and the right to transfer registration pursuant to policies.
The same agreement preserves substantial registry leverage. Policies may be amended, supplemented or revoked; changes become binding upon notice or publication. The holder must comply with service terms, provide information and cooperation, and pay fees. ARIN may follow government or judicial orders without liability or notice where applicable. Non-payment can lead, after notices and time periods, to service stoppage and eventual termination and revocation. When a transfer or additional space is requested, ARIN may review utilisation and may refuse transfers or additional allocations if resources are not utilised in accordance with policy. The agreement acknowledges contractual rights, but it also disclaims broad warranties and caps aggregate liability at the greater of the prior six months of fees or US$100.
This is the asymmetry at the heart of modern registry power. The operator may hold a capital position whose economic value is far beyond the fee. The operator may have customers, routing dependencies, firewall rules, allowlists, compliance systems, data-centre contracts and cloud workloads tied to stable addresses. Yet the registry contract sits at a much thinner liability scale. That does not mean ARIN is likely to act recklessly. It means the institution's formal downside is not proportionate to the downside that its recognition layer can impose.
Mandate laundering helps this asymmetry survive. If ARIN is understood as a neutral steward acting on behalf of a community, its leverage appears legitimate and its liability limits appear like ordinary administrative risk management. If ARIN is understood as a private institution whose policies condition capital mobility, the same contract looks different. It looks like high-consequence gatekeeping with low-consequence accountability.
Bankruptcy, corporate control and the hidden asset question
The RSA's bankruptcy language is especially revealing because bankruptcy is where polite institutional vocabulary meets creditor reality. A company in distress no longer argues about abstractions. It argues about what sits in the estate, what creditors can reach, what contracts can be assumed or rejected, what assets can be sold, and which counterparties can use contractual leverage to shape the outcome. IPv4 scarcity makes this unavoidable. A block of addresses may be the difference between a viable restructuring and a failed liquidation. It may support customer contracts, data-centre revenue, hosting capacity, network identity and sale value.
ARIN's agreement does not treat number resources as ordinary property of the holder. It states that the holder acquires express contractual rights, while also saying that none of the number resources, none of the services and nothing else provided in connection with them is or will be property of the holder's bankruptcy estate within the meaning of the US Bankruptcy Code. It allows ARIN to take appropriate or lawful action, including intervention, to preserve its rights under the agreement. This is not a minor drafting detail. It is a declaration about where the institution wants the asset boundary to sit when a holder's creditors, buyers and courts begin treating IPv4 as economically real.
The policy vocabulary matters here because the contract alone would be too stark. If number resources are scarce operational capital, then excluding them from ordinary estate logic appears economically aggressive. If, however, they are framed as community-administered identifiers, issued for technical need and subject to stewardship, the same position can sound like protection of the registry system. Mandate laundering softens the capital claim by translating it into continuity language.
There is a legitimate registry concern. A bankruptcy estate should not corrupt the uniqueness ledger. A receiver or trustee should not sell what the debtor does not control. A forged corporate transition should not be recorded merely because a distressed company needs cash. Courts should understand that a registry record has operational and third-party reliance effects. But those concerns support objective registry safeguards. They do not require the registry's institutional preferences to outrank all reliance interests created by years of operational use.
The hard case is a business whose addresses are deeply embedded in customer service. If the business is sold, reorganised or financed, the address block may be essential to preserving value. A registry-first model asks whether the policy box has been ticked. A ledger-first model asks a narrower but more useful set of questions: who controls the company, what court orders exist, what transfer is proposed, who will operate the network, how will records remain accurate, and how can customers avoid avoidable disruption? In that setting, technical need is an inadequate guide. The need is not merely address utilisation. It is continuity of an enterprise whose number resources are part of its productive system.
This is why the language of non-property becomes unstable. ARIN does not need to call IPv4 ordinary property for the economic issue to exist. Markets already treat recognised control as valuable. Lenders, buyers, lessors and customers already price the ability to keep using a block. The registry can deny property vocabulary, but it cannot make the capital function disappear. The denial merely shifts value into a more uncertain category, and uncertainty is itself a cost.
The North American legal environment makes this especially important. The United States and Canada have sophisticated restructuring markets. Buyers of distressed network assets will ask whether address continuity is reliable. If the answer depends too heavily on registry discretion, the price falls. If the answer depends on clear, objective transfer and continuity rules, the price rises. The difference is not philosophical. It is money transferred from operators and creditors into institutional uncertainty.
ARIN's mature legal drafting is therefore a window into the whole RIR system. It shows the registry trying to preserve the fiction that it administers non-property while the market increasingly treats recognised number-resource control as a capital position. Mandate laundering is the language that keeps that contradiction from being stated directly.
The economics of the mailing list
ARIN's Policy Development Process is formally open. It creates and updates the policies ARIN uses to administer internet number resources. Policy proposals may be submitted by members of the Internet Community. The Advisory Council shepherds proposals. Support is evaluated through Public Policy Consultations, the Public Policy Mailing List and feedback to the Advisory Council. The PDP says policies should be fair and impartial, technically sound and supported by the Internet Community. It also provides petitions, but supporting a petition requires being a registered point of contact for an ARIN member organisation, and success requires at least 15 valid support forms from 15 different member organisations.
This is a sophisticated procedure. It is also a classic participation economy. The cost of influence is attention. Those who have the time, expertise, language fluency, institutional memory and motivation to follow proposals can shape rules. Those who are busy operating networks may rationally ignore process until a rule touches their balance sheet. Downstream customers, lenders, enterprise users, cloud buyers and smaller operators may be exposed without being meaningfully present. Formal openness does not erase this selection effect.
The phrase "Internet Community" does much work here. It can mean anyone interested in the management, promotion and operation of the internet. It can mean those active on PPML. It can mean ARIN members. It can mean network operators in the region. It can mean the subset of people who attend a consultation and respond to polls. These are not the same constituency. A subset can legitimately advise a technical body. It cannot automatically convert its preference into a mandate over everyone whose operational assets are affected.
This is not a criticism of ARIN alone. It is a general institutional problem in technical governance. Low transaction-cost participation by specialists tends to dominate high-stakes but low-attention constituencies. In ordinary settings the error may be small. In a scarce-resource setting it becomes material. A needs-assessment rule, transfer restriction or eligibility definition may look procedural to a policy participant and like capital impairment to a holder.
The PDP tries to manage this through Advisory Council review, Board adoption, open archives, staff and legal review, public consultations, last call and petitions. But the deeper problem remains: the same small vocabulary that sustains the process also legitimises it beyond its representational capacity. "Community support" is treated as if it carries an authority that may not exist. "Bottom-up" becomes a substitute for affected-principal consent. "Technical need" becomes a substitute for market evidence. "Stewardship" becomes a substitute for liability.
This is mandate laundering in procedural form. The laundromat is not corrupt in the crude sense. The problem is subtler. A well-ordered procedure can still transform the preferences of a motivated process class into rules presented as the will of a community.
Member power and the voting paradox
Membership does not fully solve the problem. ARIN's membership page says membership is not required to receive direct internet number resources, nor is it required for participation in policy discussions, suggestions or public consultations. It also says only General Members in Good Standing are eligible to vote in ARIN elections through a designated Voting Contact. General Members that do not cast a ballot in any of the previous three annual elections revert to Service Member status and may reapply.
This design has an internal logic. Voting power should require active engagement. Member governance should not be hollow. Yet it also reveals the difference between formal membership and economic exposure. A resource holder may be affected by policy without being a General Member. A downstream customer may be affected without being a member at all. A cloud buyer, lender or enterprise user may depend on address continuity without having any role in elections. A General Member may vote, but one organisation's vote is not weighted by the value of the network, the number of customers exposed or the amount of capital at risk.
ARIN elections matter. Each fall, General Members in Good Standing elect candidates to the Board of Trustees and Advisory Council for staggered three-year terms, and in two out of every three years elect an NRO Number Council representative. In 2026, ARIN's elections page says the Board will appoint the NRO NC representative for the open seat beginning 1 January 2027. The Board maintains authority over scope, mission, strategic direction and fiscal oversight. The Advisory Council forwards consensus-based policy proposals. This is real governance power.
But it is not a public mandate. It is corporate and community governance around a specific institution. It can discipline ARIN as an organisation. It cannot transform ARIN's service region into a polity or its active membership into the full set of affected principals. The distinction matters because registry language often invites a broader reading. A member-based registry serving North America can sound, if repeated often enough, like the region's legitimate policy voice over number resources. It is not. It is a private nonprofit coordinating a registry function in a defined region.
The voting paradox is that member governance is both necessary and insufficient. Without member participation, ARIN would be too staff-driven or board-driven. With member participation, ARIN still cannot claim that member activity equals consent by all resource holders, all customers, all operators and all financiers exposed to registry decisions. The institution therefore needs humility in its policy reach. The more economically consequential the rule, the less it should rely on community vocabulary alone.
Ledger versus gatekeeper
The clean analytical distinction is ledger versus gatekeeper. A ledger records recognised control and relevant metadata. A gatekeeper decides whether the holder's business model, timing, region, customers, intended use or capital strategy is acceptable. A ledger prevents duplicate recognition. A gatekeeper manages scarcity according to institutional preference. A ledger marks disputes and preserves last verified operational state where possible. A gatekeeper can use uncertainty to block movement.
ARIN contains both instincts. Its strengths are ledger-like. It publishes a public policy manual. It distinguishes transfer categories. It maintains Whois/RDAP, reverse DNS and routing-security services. It recognises that legacy holders outside an agreement still need basic record maintenance. It has structured transfer procedures and officer acknowledgement requirements. It publishes transfer statistics categories and identifies policy bases for processed transfers. These features build record confidence.
Its gatekeeper features are also visible. Transfers are nontransferable unless ARIN expressly approves them in writing. Number resources are described as assigned for exclusive use for the purpose stated in the request, provided service terms continue to be met and the stated purpose remains the same. Recipients must satisfy operational-use and block-size needs rules. Inter-RIR transfers require reciprocal, compatible, needs-based policies. Out-of-region use can justify additional resources only where there is a real and substantial connection with the ARIN region, and the weight of factors is determined by ARIN.
Some of these controls may prevent abuse. But the policy architecture is not purely technical. It asks questions about purpose, need, region, utilisation and eligibility that go beyond simple record accuracy. It therefore cannot be described as a neutral ledger alone.
The institutional risk is not that ARIN will suddenly become arbitrary. The greater risk is that a mature, respectable registry normalises gatekeeping so successfully that market actors stop seeing it as a governance choice. They simply price it as friction. Large cloud companies and telecom operators can absorb that friction. Smaller networks cannot. Brokers and specialised legal advisers can navigate it. Ordinary operators may not. The result is not visible censorship of a market, but a permanent transaction-cost tax.
That tax is not evenly distributed. It falls hardest on those who need the market most: new entrants, growing regional ISPs, hosting companies, smaller cloud platforms, firms buying capacity after customer demand has already appeared, and legacy holders trying to monetise dormant assets without building an in-house policy department. A gatekeeper can claim to protect fairness while making the market more expensive for the least procedurally sophisticated participants.
Region as risk control and capital control
Regional service areas are administratively useful. They tell applicants where to go and help divide registry work. They do not create sovereignty. ARIN's service region is not a demos; it is a service footprint. Canada, the United States and Caribbean and North Atlantic economies share registry administration, not a constitutional identity.
This distinction becomes important in out-of-region use and inter-RIR transfers. ARIN is more permissive than some registry critics might expect: ARIN-registered resources may be used outside the ARIN service region, subject to conditions. But the policy still requires a real and substantial connection with the ARIN region for such use to justify additional resources. It lists possible factors: physical presence, staff, assets, services and sales to residents, meetings, investment capital and incorporation, while stating that incorporation alone is not enough and that the weight of factors is determined solely by ARIN.
Again, there is a legitimate concern underneath. Without region rules, parties might arbitrage registries, double-count need across regions or use a shell presence to obtain resources under one policy regime while operating entirely elsewhere. A registry may need safeguards against fraud and policy gaming. But there is also a capital-control risk. When geography becomes a condition of recognition, movement and qualification, the registry is not only preserving regional administration. It is influencing where digital capital may be held, justified and expanded.
The term "capital control" should be used carefully. ARIN is not a state imposing currency restrictions. It is a private nonprofit administering registry records under community policy. But the economic analogy is useful because IPv4 is now capital-like. A rule that conditions address movement, transfer recognition or additional qualification on regional connection affects where capital can be deployed and how easily it can cross institutional borders. That is not merely technical.
In North America the risk is partly masked by market depth. ARIN's region contains many of the world's largest cloud, telecom, platform and enterprise buyers. Capital is already present. The region's institutional preferences can therefore look like neutral market hygiene. But a rule that works comfortably for incumbents in a rich region can still set a precedent for registry-layer control elsewhere. If "region" is allowed to become an elastic justification for retaining institutional veto, every RIR can turn service geography into economic leverage.
The disciplined rule should be narrower. A registry may verify source authority, recipient identity, reciprocal compatibility, court constraints, sanctions compliance, duplicate claims and technical continuity. It should not treat geography as a moral claim over the resource's economic destiny.
Security services and the soft power of dependency
Registry power is not only about transfers. It also comes from adjacent services. Whois/RDAP, reverse DNS, RPKI, IRR and DNSSEC are not decorative. They affect operations, routing credibility, troubleshooting, security posture and counterparties' willingness to treat a block as clean.
ARIN's RSA defines services broadly, including registry entries, reverse name service, RPKI, maintenance of records and administration of IP address space. Legacy holders not under agreement can access core registration and reverse DNS functions but not RPKI or IRR. The policy and contract structure therefore creates a layered dependency. Basic uniqueness remains one thing; higher-trust routing and security services may require deeper contractual alignment.
This layering has a practical rationale. RPKI and IRR services create reliance by third parties. ARIN must operate them under rules and legal terms. Yet the same structure can make security services a lever. If the safest, most marketable and most operationally accepted version of a resource requires the holder to accept the current agreement and policy stack, the registry has a soft path to contract consolidation. It need not threaten anyone. The market will pressure holders to enter the framework because counterparties prefer stronger security status.
That may be efficient. It may also be a form of institutional migration from ledger to gatekeeper. The test is whether the security layer remains neutral. RPKI should express authorised routing assertions, not policy approval of a business model. IRR should support routing information, not become a reward for ideological compliance. Reverse DNS and Whois/RDAP should preserve accuracy, not operate as bargaining chips in economic disputes. Security metadata should not become enforcement theatre.
The registry-layer risk is that all these services are bundled into one institutional chokepoint. If the institution's mandate remains narrow, bundling is administratively convenient. If the institution's mandate expands, bundling gives expansion operational bite. A holder does not fear only formal revocation. It fears loss of routing credibility, broken automation, uncertain ROAs, stale records, delayed updates and counterparties who treat registry friction as transaction risk.
This is why registry continuity must mean service continuity, not institutional immunity. The records, security assertions and publication systems must remain stable. That does not require every discretionary claim made by the incumbent registry to be treated as sacred.
The market's answer to registry risk
Markets reveal institutional stress before institutions admit it. When participants build around a risk, they are voting with structure. The rise of address leasing, continuity products, specialist registry advisory work and advocacy around number-resource rights should be read in that way. These are not merely commercial add-ons to an otherwise settled system. They are signals that operators do not fully trust direct registry exposure to remain low-cost, predictable and proportionate.
The public language of the Number Resource Society is blunt: "your money, your record, your vote"; registry chokepoint power; member funds; number-resource ownership; decentralised governance. NRS is not a neutral academic body. It is an advocacy organisation associated with a strong critique of the RIR model and with actors who have direct interests in number-resource governance disputes. That interest must be understood. But interest does not make the signal irrelevant. Advocacy becomes effective when it gives language to a fear already present among members and holders. The fear is that the registry record can become leverage over assets and networks whose value was built by operators, not by the registry.
The LARUS continuity framing is a commercial version of the same signal. Its public materials argue that direct IPv4 holding can move registry-layer contract risk, policy risk, audit pathways, termination mechanics and intermediary failure risk into the operating company, while first-party leasing can keep part of that exposure upstream. One need not accept every claim in that marketing frame to see the structural fact. A business model has emerged around absorbing or reorganising registry-layer risk. That is not what one expects in a world where the registry is experienced as a purely neutral clerk.
This matters for ARIN because North America is a region where financial sophistication can make risk visible earlier. A large operator may not loudly complain about policy friction; it may hire counsel, obtain pre-approval, structure a transaction, lease capacity, diversify holdings or shift risk through contract. The market response is therefore not always protest. Often it is a workaround. Workarounds are evidence. They show which part of the official process market actors are trying to avoid, insure or outsource.
The growth of continuity structures also changes the meaning of "ownership". An operator may think buying addresses gives maximum control because its name appears in the registry. But if direct holding also brings payment obligations, audit exposure, policy-change exposure, transfer restrictions, possible service suspension and thin contractual remedies, the symbol of control may come with concentrated risk. Leasing from a first-party holder may be less symbolically satisfying but operationally rational if it moves the most fragile layer to a party better positioned to absorb it. That is a market judgment on registry risk, not simply a pricing tactic.
ARIN should take that signal seriously. A healthy registry should want fewer workarounds, not more. It should want the official path to be so predictable, objective and low-friction that operators do not need elaborate structures to manage registry-layer uncertainty. If the official path requires specialised navigation, the registry may still process transfers, but the market will understand the institution as a gatekeeper. If the official path is narrow, objective and ledger-like, the market will treat the registry as infrastructure.
The same point applies to member mobilisation. If members believe the registry is merely a recordkeeper, campaigns about votes, records and chokepoints sound exaggerated. If members believe the registry can affect asset value, those campaigns become plausible. ARIN is not AFRINIC, and North American governance is not in the same state of crisis. But the underlying economics are shared. Scarce IPv4 turns record control into economic power. Once that happens, external movements that demand rights, portability or decentralisation become part of the institutional feedback loop.
The lesson is not that ARIN should adopt the programme of every critic. The lesson is that criticism is a price signal. It reveals the cost imposed by uncertain mandate. The more the registry insists that its own language is neutral, the less it will understand why the market keeps building alternatives around it.
Why ARIN is the hard case
It is easy to criticise a registry in visible crisis. It is harder, and more useful, to criticise a functioning one. ARIN is the hard case because many of its procedures look reasonable. It has public documentation. It has an established policy development process. It has member elections. It recognises transfers. It acknowledges legacy-resource complexity. It has maintained institutional continuity across decades.
That is exactly why ARIN reveals the deeper problem. Mandate laundering does not require spectacular dysfunction. It works best through normalcy. A phrase becomes standard. A process becomes familiar. A committee becomes a proxy for community. A needs rule becomes common sense. A contract becomes routine. A liability cap becomes an ordinary clause. A transfer condition becomes just how the market works. Over time, the institution's preferences are no longer debated as preferences. They become infrastructure.
The post-exhaustion world should have forced a sharper institutional separation. Free-pool allocation policy should have remained one category. Transfer recording of already allocated resources should have become another. Security services should have been firewalled from economic judgment. Member governance should have been treated as organisational governance, not regional mandate. "Community" should have been used modestly, with explicit acknowledgement that active participants are a subset of affected parties. "Stewardship" should have been replaced with registry-function language wherever policy touches asset mobility.
Instead, the old terms survived. They now sit on top of a transfer market. That is not unique to ARIN, but ARIN makes it visible because the market is real, the documents are clear and the institution is mature enough that no one can dismiss the issue as local chaos.
ARIN's defenders might argue that the system has worked. Transfers occur. The internet has not fragmented. Holders can use out-of-region resources under conditions. Members can participate. Courts and bankruptcy processes can be handled. This defence has force. But "has worked" is not the same as "is structurally optimal". A market can function under drag. A registry can be trusted while still imposing excess discretion. A mature institution can produce stability while preserving an outdated mandate.
The risk is not immediate collapse. It is deadweight loss, unequal access and precedent. Every unnecessary approval condition suppresses some liquidity. Every vague community claim weakens affected-principal clarity. Every disproportionate liability structure teaches holders to price registry risk. Every region-based control invites another RIR to go further. Every transfer delay makes workaround structures more attractive. A system can lose efficiency long before it loses legitimacy.
What a narrow mandate would look like
A disciplined ARIN mandate would start by separating functions. Allocation from any remaining reserved or returned pool may still require criteria. That is a distribution problem. Transfer of already allocated IPv4 should be treated mainly as a record-recognition problem. The registry's question should be whether the source is the recognised holder, whether the source has authority to transfer, whether the resource is under dispute or court restriction, whether the recipient can be accurately identified, whether the transfer corrupts uniqueness, whether security metadata can move coherently and whether public records will remain accurate.
Need assessment should be sharply narrowed or removed from market transfers. A buyer paying market price for a block is not receiving a gift from a common pool. It is acquiring a recognised control position from another holder. The registry may record the transfer and ensure operational integrity. It should not forecast the buyer's business plan unless there is a clearly defined fraud or abuse concern tied to the registry record itself.
Inter-RIR transfers should be judged by record compatibility, not ideological compatibility. Reciprocal needs-based policies sound neutral, but they reproduce the same allocation-era logic across regions. A better compatibility test would ask whether the other registry can verify source authority, preserve uniqueness, provide dispute metadata, protect security publication and respect objective transfer records. The fact that another region is more or less needs-based should not be the central issue once the resource is already allocated.
Legacy resources should be used as a design clue. If core registry services can exist without full contract absorption, the system already knows the ledger can be separated from the broader institutional stack. That separation should be strengthened, not eroded. Holders should have predictable access to essential record accuracy and dispute protection even where they decline optional services. Optional security and routing services may require terms, but those terms should not become an indirect path to economic control unrelated to security function.
Member governance should be made more honest. ARIN should preserve elections, advisory processes, PPML and public consultations. But policy texts and adoption materials should explicitly state the affected constituencies, expected economic impact, participation profile and known dissent. When a rule affects transferability, scarcity value or contractual exposure, the process should not rely on generic "community support". It should show who supported, who opposed, who is affected but absent, and why the rule remains proportionate.
Most of all, liability should follow power. That does not necessarily mean ARIN must insure every market loss or guarantee every transfer outcome. It means the registry should not retain discretionary power beyond the liability it is willing and able to bear. If liability is thin, discretion should be thin. If the registry wants broader discretion, accountability, remedy and independent review must become thicker.
Watchpoints for the next phase
The first watchpoint is whether ARIN's transfer requirements continue to treat needs assessment as a central legitimacy device. If the market keeps deepening while the policy language remains rooted in justified need, the gap between economic reality and institutional vocabulary will widen.
The second watchpoint is the treatment of legacy holders. A gradual migration from essential ledger access toward full-contract dependence may be efficient from ARIN's perspective, but it will also test whether the registry respects the distinction between recordkeeping and institutional control.
The third watchpoint is out-of-region interpretation. ARIN's present policy allows out-of-region use but gives ARIN discretion to weigh real and substantial connection factors. If that discretion is applied narrowly and predictably, it may remain a fraud-control tool. If it becomes a broader business-presence judgment, it will look more like capital geography.
The fourth watchpoint is RPKI and IRR access. Security services are valuable precisely because third parties rely on them. Any policy or contract shift that turns access to those services into leverage over unrelated commercial or governance disputes would be a sign that the security layer is becoming an enforcement layer.
The fifth watchpoint is member participation. ARIN's 2026 election calendar and membership rules show a serious governance structure. The question is whether the economically affected population treats that structure as worth sustained attention. If participation remains narrow while policy consequences grow, the claim of community mandate will become less persuasive.
The sixth watchpoint is language. Institutions reveal themselves in the words they refuse to abandon. If "stewardship", "technical need" and "community" continue to carry policy weight in contexts where the real issue is market transfer, contract risk and capital mobility, then mandate laundering remains active.
The North American lesson
ARIN's case should not be read as an indictment of every staff member, board member, Advisory Council participant or policy volunteer. Many of them are trying to preserve a complex coordination system that still matters. The registry function is real. The North American internet needs accurate number records, reliable reverse DNS, coherent RPKI, functional transfer records, trustworthy Whois/RDAP and a forum for policy changes. A serious critique should not pretend otherwise.
The critique is institutional, not personal. ARIN is a private nonprofit performing a public-facing coordination function over scarce resources whose economic character has changed. Its legitimacy depends on staying close to the function that justifies it. The further it moves from record accuracy, uniqueness, security publication and dispute isolation into judgments about need, purpose, region and acceptable market movement, the more it must admit that it is doing economic governance rather than clerical coordination.
Mandate laundering matters because it prevents that admission. It lets a registry say "community" when it means a process class. It lets it say "stewardship" when it means institutional discretion. It lets it say "technical need" when it means approval of a buyer's capital plan. It lets it say "policy" when it means a rule that changes liquidity. It lets it say "region" when it means a boundary around economic mobility. The words are not lies. They are worse than lies: they are partially true in ways that make the larger power harder to see.
The North American lesson is therefore not that ARIN is failing. It is that functioning institutions can preserve obsolete mandates more effectively than failing ones. A crisis exposes excess. Normalcy domesticates it. ARIN's calm procedures, public documentation and mature transfer market make the issue less theatrical, but more consequential. If mandate laundering can survive there, it can survive anywhere.
The correct settlement is not anti-registry. It is pro-ledger. Preserve uniqueness. Preserve records. Preserve security publication. Preserve operational continuity. Preserve transparent transfer history. Preserve independent dispute handling. But remove moralised scarcity control from market transfers. Stop treating active policy participants as a proxy for all affected principals. Stop using stewardship language where liability, capital and transferability are the real subjects. Stop allowing a service region to sound like a political mandate.
ARIN does not need to become a villain for this critique to hold. It only needs to remain an institution whose vocabulary is larger than its rightful mandate. In a post-exhaustion world, that is enough. The scarce resource has changed. The market has changed. The risk has changed. The registry's language must change with it, or the language will continue to launder power.

