Summary

  • M&A address risk begins when the buyer must prove that ARIN-recognized resources will follow the business, the legal entity, or the operating assets that justify the price.
  • Asset sales, equity deals, carve-outs and divestitures create different address-transfer problems because corporate control, service continuity and registry recognition do not move in the same way.
  • The strongest transaction files test holder authority, legacy history, customer dependence, lease or assignment encumbrances, inter-RIR compatibility, closing conditions, holdbacks and post-closing integration before signature.
  • ARIN should verify authority and recognize valid transfers under policy, not bless private deal economics; its narrow ledger role is exactly why its timing can make or break a transaction.

M&A turns address records into closing risk

M&A is where the quiet value of IPv4 becomes less quiet. A company may use ARIN-region addresses for years without treating them as a board-level subject. The ranges route, customers connect, reverse DNS works, abuse notices are handled by a network team, and the corporate record looks good enough because nothing has forced a public test. Then a buyer appears. The same ranges become part of the diligence request list, the disclosure schedule, the closing conditions, the transition-services plan and the price negotiation. What once looked like technical background becomes a condition of whether the buyer is receiving the business it thinks it is buying.

The issue is not that ARIN sells the business or decides whether the acquisition is commercially wise. It does neither. The issue is that ARIN's registry recognition supplies a practical public reference for who is recorded as the holder of Internet number resources and whether a requested transfer can be processed under policy. That reference is not the transaction itself. It is still powerful enough to affect the transaction. A buyer that cannot connect the target's operations to a clean ARIN holder record will discount the deal, demand a covenant, require a holdback, delay closing, or walk away if the addresses are central to the business.

The North American and Caribbean setting makes this unusually important. ARIN's region includes the United States, Canada and many Caribbean and North Atlantic islands. It also includes old enterprise allocations, cable and telecom networks, hosting companies, data-centre platforms, public institutions, security vendors, universities, cloud-adjacent businesses, managed-service providers and acquisition vehicles that have accumulated network assets over decades. Some hold clean modern resources under current agreements. Some rely on legacy resources whose corporate history predates ARIN's formation in December 1997. Some have acquired blocks through earlier deals. Some use resources registered to parents, subsidiaries, predecessors or customers.

ARIN's public policy setting gives the buyer a factual framework but not a commercial guarantee. The ARIN IPv4 free pool was depleted on 24 September 2015. Since exhaustion, growth through ordinary new allocation has been constrained, while specified-recipient transfers, merger and acquisition transfers, inter-RIR transfers where compatible policy exists, waiting-list mechanisms, reserved pools, leasing, sharing and IPv6 deployment have become part of the practical address economy. Current ARIN policy includes a specific path for mergers, acquisitions and reorganizations. That path is a registry-recognition mechanism, not a magic clause that cures a weak corporate file.

This is why M&A address risk differs from a credit default problem. A lender worries about recoverability after the borrower stops cooperating. An acquirer worries earlier: whether the seller can deliver what was priced, whether the registry will recognize the post-closing holder, whether customers can keep service, whether unused capacity is actually separable, and whether a supposedly clean address estate is trapped in the wrong entity. The discipline begins before signing. If the file is weak, registry risk becomes closing risk. If the file is strong, registry recognition can make value portable without turning ARIN into a party to the acquisition.

Buyers diligence control, not just address count

The first buyer error is to count addresses as if a spreadsheet were control. A target may tell a buyer that it has a /16, several /20s and many smaller blocks. The buyer may multiply address counts by market comparables and conclude that the estate supports part of the purchase price. That arithmetic is only a beginning. In a transaction, the more important question is whether the buyer will control the recognized resource position needed to run, integrate or monetize the business after closing.

Control is a layered fact. The buyer should identify the ARIN organization identifier, the current registered holder, the legal entity that owns or operates the target business, the administrative and technical points of contact, account authority, agreement status, fee standing, reverse DNS delegations, routing-security posture, transfer history, reassignment records, customer assignments, leases, abuse history and any record of disputes or pending support issues. It should then map those facts onto the acquisition structure. A clean address estate in a seller data room is less useful if the resources are held by a parent that is not selling, a dormant subsidiary outside the transaction perimeter, a predecessor whose merger documents are missing, or a customer whose space the target merely announces.

The buyer also needs to separate use from entitlement. Routing a prefix is evidence of operational dependence, not proof that the target can transfer it. A hosting company may route provider-assigned space. A managed-services provider may announce customer-owned blocks under a service arrangement. A security business may use ranges leased from a broker. A telecom subsidiary may use resources registered to a group holding company. A cloud migration service may rely on bring-your-own-IP arrangements in which the customer retains the recognized position. All of those patterns can be legitimate. They should not be priced as if the target owns a separable address estate.

The diligence file should therefore answer a harder question: what address control is necessary for the deal thesis? If the buyer wants the target's customer base, it must know which ranges keep those customers online. If the buyer wants surplus IPv4 value, it must know which ranges are actually surplus. If the buyer wants a platform for future hosting growth, it must know whether address capacity can be consolidated. If the buyer wants to combine two networks, it must know whether routing, reverse DNS, RPKI, IRR, abuse contacts and customer records can be integrated without service shock. The same block can have high value under one thesis and little separable value under another.

Good diligence is uncomfortable because it crosses departments. Corporate lawyers examine authority and chain of title-like evidence. Network engineers examine live use, routing, DNS and reassignment. Finance teams examine valuation and purchase-price implications. Tax advisers examine allocation and character. Deal teams examine closing mechanics. Operations teams examine integration and customer continuity. A buyer that leaves addresses to one specialist group will miss risk. A buyer that treats registry recognition as a legal, technical and operational fact at the same time will price the deal more accurately.

Seller authority is the first transfer condition

The seller's authority is the first practical condition because registry recognition cannot safely move on a story. ARIN's merger, acquisition and reorganization policy requires the current registrant not to be involved in a dispute over the resources to be transferred. It requires the new entity to sign a Registration Services Agreement covering the resources. It makes the transferred resources subject to ARIN policies. It also requires evidence that the recipient acquired the assets using the resources, or evidence that it acquired the entire entity that is the current registrant. These are not decorative requirements. They define the documentary bridge between the private deal and the public registry record.

In a straightforward equity acquisition, authority may look easy. The buyer acquires all shares of the entity that is already the ARIN-recognized registrant. The Org ID, points of contact and resources remain with the same legal person. The post-closing work may involve updating contacts, officer acknowledgments, billing arrangements, account access, agreement files and governance controls. If the target's records were current, ARIN recognition may not require a dramatic transfer. The risk is that deal teams assume every equity deal is this clean.

In practice, the target that signs the purchase agreement is often not the holder of every important range. A holding company may own the shares. A legacy operating company may hold the resources. A subsidiary may provide services. A predecessor may remain in the ARIN record after a name change. An acquired business may have been integrated operationally but never regularized in the registry. A regional affiliate may hold Caribbean or North American resources for a global group. A buyer that discovers these facts after signing has not found a mere paperwork defect. It has found a possible failure of deliverability.

Asset deals put the authority question under brighter light. ARIN's public transfer guidance for mergers, acquisitions and reorganizations says the new organization may request a transfer where it has acquired assets, such as customers and equipment, that use IP addresses or ASNs directly registered through ARIN. The guidance identifies evidence such as an asset purchase agreement and bill of sale, finalized merger or amalgamation agreement, finalized court order, public filings documenting asset transfer, or authenticated name-change documentation. A seller that cannot produce those instruments with enough clarity will struggle to show that the registry record should move.

The authority problem should be solved before signature where possible. Sellers should build an address schedule that links each range to the registered holder, corporate authority, operating use, agreement status, transfer path and proposed disposition. Buyers should require officer certificates, board approvals, authority evidence, account-access assurances and covenants to cooperate with ARIN requests. If records are stale, the parties should decide whether cleanup is a signing condition, a closing condition, a post-closing covenant or a price adjustment. Pretending that ARIN will simply fix ambiguity later is poor transaction practice. The registry should not be asked to bless weak authority because private parties failed to diligence it.

Asset sales expose separation problems

Asset sales make address risk explicit because the buyer is not automatically buying the legal entity that ARIN recognizes. It is buying selected assets, contracts, employees, equipment, customer relationships, goodwill, intellectual property, licenses, facilities, or network components. If the IPv4 resources are necessary to operate what is being sold, the parties must prove that the resources belong with the transferred assets rather than with the seller's remaining business. That proof is often where deal value becomes fragile.

The first separation problem is physical and logical network separation. A seller may use one address block across several businesses: hosting, broadband, corporate IT, managed security and internal platforms. The buyer may acquire only one division. The customer contracts being sold may depend on part of a larger prefix, while the seller needs the rest. The parties can write a purchase agreement saying that specified ranges will transfer, but operations may show that the ranges are entangled with shared routers, DNS zones, reputation systems, NAT pools, firewalls, mail services, monitoring systems and customer-assignment databases. Registry transfer cannot solve an architecture that has not been separated.

The second problem is commercial separation. A buyer may need enough address continuity to keep customers, but the seller may want to retain surplus capacity. The seller may argue that only the addresses currently assigned to sold customers should move. The buyer may argue that the business was priced on growth capacity and reputation, not merely on assigned endpoints. If the purchase agreement is silent or vague, the dispute becomes a value fight dressed as a technical schedule. The address schedule should therefore distinguish production use, customer-dedicated use, shared infrastructure, reserves required for growth, leased space, disputed space and seller-retained space.

The third problem is ARIN evidence. The policy path for an acquisition transfer asks whether the recipient acquired assets that use the resources. If the deal transfers only a customer book but not the equipment, network operations, contracts or technical systems associated with the addresses, the evidence may be weaker. If the deal transfers a complete operating network, the evidence is stronger. If the deal transfers only surplus addresses with no operating assets, the parties may need a different transfer path. The distinction matters because merger and acquisition transfer mechanics should not be used to disguise a bare address sale unless the policy conditions fit.

The fourth problem is timing. Asset sales often close in pieces. Employees transfer on one date, circuits on another, customer notices over weeks, billing accounts later, and infrastructure migrations over months. Address records may need to follow the operational cutover rather than the legal closing date. If registry recognition moves too early, the seller may lose necessary control before separation is complete. If it moves too late, the buyer may be running a business without the public record it needs. The transaction should specify who controls records during the interim, who handles abuse notices, who maintains reverse DNS, who pays fees, who can approve changes, and what happens if ARIN requests additional evidence.

The economic point is simple. In asset sales, address value survives only when legal separation, operational separation and registry recognition are coordinated. A purchase agreement cannot make a shared block separable by declaring it so. ARIN cannot convert a vague asset transfer into a clean resource transfer by ignoring evidence. The buyer and seller must do the hard work before closing, not after customers are waiting.

Equity deals hide address risk inside the target

Equity deals can make address risk look smaller because the recognized holder may remain the same legal entity. If the buyer buys the target's shares, the target continues to exist, its ARIN Org ID may remain in place, and the resources may not need to move to a different registrant immediately. That continuity is helpful. It can also hide risk. The buyer has acquired the company, but it has also acquired every weakness in the company's address file.

The first hidden risk is historical acquisition baggage. The target may have grown by buying smaller ISPs, hosting firms, security platforms or enterprise networks. Some acquired addresses may have been integrated into service but never transferred or regularized. Some may still appear under old names. Some may be legacy resources whose original allocation file is thin. Some may depend on side letters or service arrangements with founders, affiliates or former owners. Because the target continued operating, nobody may have forced a complete reconciliation. The buyer of shares inherits the unresolved record.

The second hidden risk is internal misallocation. A target may operate multiple subsidiaries but centralize address management informally. One subsidiary may use resources held by another. A Canadian business may use addresses registered to a US affiliate. A Caribbean operation may depend on resources controlled by a group company that is not inside the acquisition. A parent may have promised the seller that certain ranges would be extracted before closing, but the target's network team may not have built a clean migration plan. An equity buyer should not assume that resources inside the target's router configurations are resources inside the target's legal perimeter.

The third hidden risk is post-closing governance. In many companies, ARIN account authority sits with a small number of engineers, consultants or acquired founders. The buyer may own the company after closing but not have immediate practical control over credentials, points of contact, reverse DNS delegation, RPKI or IRR processes, abuse channels and renewal notices. The purchase agreement may have elaborate provisions for bank accounts and domain names while leaving registry authority to an operations handover checklist. For an address-heavy target, that is an inversion of risk.

The fourth hidden risk is representation quality. Sellers often represent that they have the right to use all assets necessary for the business. That may be true in a loose operational sense and inadequate in a registry-recognition sense. The buyer needs representations specific enough to cover registered holder status, authority, absence of disputes, agreement standing, fees, legacy-resource evidence, leases, customer assignments, transfer restrictions, abuse and reputation problems, and any third-party claims. Generic asset reps are not enough for a scarce, policy-bound resource.

Equity deals also create a strategic question after closing: whether to leave resources where they are or consolidate them. Consolidation can improve control, billing, security services and governance. It can also trigger transfer review, agreement changes, internal tax questions, customer notices and operational migrations. A buyer that delays the decision may preserve continuity but leave future divestitures messy. A buyer that rushes the decision may create avoidable registry and service friction. The equity deal is easier at closing because the entity remains. The hard work moves into integration.

Carve-outs can strand the resource from the business

Carve-outs are the hardest M&A form for address continuity because the business being sold was not historically built to stand alone. A corporate group may sell a hosting unit, a regional broadband operation, a managed-security platform, a public-sector network service, a data-centre site or a cloud-adjacent product line. The unit may have used group address space because that was efficient. It may share firewalls, mail systems, abuse desks, customer portals, route objects, DNS tools, procurement, billing and network engineering. Once the unit is carved out, the question becomes whether the address resource follows the business, stays with the parent, or is split.

Stranding occurs when the economic business and the recognized resource position no longer align. A buyer may acquire customers who have long used specific public IPv4 addresses, but the addresses remain registered to the seller. The seller may retain the block and offer temporary use under a transition-services agreement. The buyer may operate the customer service but lack registry control. If the transition is short, the buyer must renumber customers quickly. If the transition is long, the buyer depends on a former parent for address continuity, abuse handling, reverse DNS and routing changes. Either way, value has been separated from control.

The reverse problem also occurs. The seller may transfer more address space than the carved-out business needs because the block cannot be easily split or because the buyer demanded growth capacity. The parent may then find its remaining business short of public IPv4. It may need to buy or lease replacement capacity at market rates. A seller that focuses only on sale proceeds may underprice its own residual address risk. A buyer that receives more capacity than it can justify operationally may face internal governance, tax, accounting and future-transfer questions. Carve-outs force both sides to price scarcity inside and outside the perimeter.

The transaction documents should make the address perimeter precise. Which ranges transfer? Which stay? Which are shared during transition? Which customers must be renumbered? Which reverse-DNS zones, RPKI objects, IRR entries, abuse contacts and reassignment records change? Which party bears the cost if ARIN requests more evidence or refuses the proposed transfer path? What happens if customer migration runs late? Can the buyer assign transition rights to a future acquirer? Are there restrictions on leasing, sale or further transfer during the transition period? These questions sound operational. They affect purchase price.

Carve-outs are also where ARIN's role should remain disciplined. The registry can verify whether the requested transfer fits policy and whether the recipient acquired assets using the resources. It should not decide whether the seller should have charged more for the block, whether the buyer's growth plan is attractive, or whether a parent should subsidize a spun-out business. The market should price those choices. ARIN's duty is to keep the recognition event tied to evidence, not to become a fairness tribunal for carve-out economics.

Integration plans decide whether value survives closing

Closing is not the end of M&A address risk. It is often the point at which the buyer begins to find out whether the resource estate can be made useful inside the combined company. A transaction can have a valid transfer path, signed agreements, clear corporate authority and a clean closing certificate, yet still lose value during integration if addresses are mismanaged. IPv4 value is practical. It survives when customers, routing, records, security services, abuse handling and internal controls survive.

The first integration task is inventory reconciliation. The buyer should compare the deal schedule with ARIN records, internal IP management tools, router configurations, DNS zones, cloud bring-your-own-IP settings, customer assignment tables, lease records and abuse systems. Discrepancies are normal. They should not be ignored. A block listed as unused in diligence may support a forgotten VPN service. A range believed to be customer-dedicated may be shared with internal infrastructure. A prefix included in the purchase agreement may not appear under the expected Org ID. The combined company needs a single record that finance, legal and engineering can trust.

The second task is authority migration. Points of contact, ARIN Online account access, billing contacts, officer acknowledgment, reverse DNS administrators, RPKI and IRR managers, abuse mailboxes and internal approval workflows must move to the buyer's governance model. A buyer that owns the company but leaves authority with a departed founder or seller engineer has not integrated the asset. It has created a latent control problem. For a scarce address estate, authority migration should be treated with the same seriousness as bank-signing authority or domain-registry control.

The third task is technical normalization. The buyer may want consistent route-origin authorization, IRR route objects, reverse DNS conventions, abuse-response procedures, geolocation records, customer reassignment practices, reputation monitoring, logging and IPAM discipline. Normalization can improve value by making the address estate easier to defend and transfer in the future. It can also create customer risk if done too quickly. Mail deliverability, security filters, route propagation, enterprise allowlists and public-sector systems may depend on historical patterns. Integration should be staged around service risk, not merely around administrative tidiness.

The fourth task is strategic allocation. The buyer must decide what the acquired addresses are for. Some ranges are essential to inherited customers. Some support revenue growth. Some can be released from low-value use. Some may be saleable surplus. Some may be better preserved for future acquisitions. Some may be leased with controls. Some may be too reputation-damaged to use without remediation. If the buyer does not assign a strategy, the acquired estate will be consumed by whoever asks first. That is how valuable address capacity becomes invisible again after the deal closes.

The economics of integration are therefore harsher than the language of "closing deliverables" suggests. Registry recognition can deliver the public record, but only management can deliver operational value. A buyer that treats addresses as a price line and not as an integration workstream may pay for scarcity and then waste it.

Customer continuity limits clean separation

Customer continuity is the reason many address transfers cannot be treated as tidy asset movements. A public IPv4 address may sit inside a customer's firewall rules, DNS records, application allowlists, mail reputation, certificate dependencies, VPN configuration, payment systems, regulatory filings, monitoring scripts, remote-access tools and support documentation. Renumbering can be possible in theory and expensive in practice. In an acquisition, those costs shape what can be separated, when it can be separated and who bears the risk.

The buyer of an address-dependent business is often buying continuity as much as capacity. Hosting customers want servers to remain reachable. Enterprise customers want static addresses to remain stable. Managed-security customers want tunnels and probes to keep working. Broadband customers expect no service break. Public-sector customers may have change-control windows measured in months. A buyer that receives customer contracts but not the addresses used to serve them may inherit a churn problem. A seller that transfers addresses without planning customer cutover may impair its remaining service.

Transition-services agreements are the usual bridge. The seller may agree to provide routing, DNS, abuse handling, IP management support, customer notices or address-use rights for a defined period after closing. A TSA can protect customers while the buyer renumbers or obtains transfer recognition. It can also create risk. If the TSA is too short, customer migration becomes a crisis. If it is too vague, neither party knows who may change route objects or respond to abuse reports. If it is too long, the buyer remains dependent on the seller and the seller's registry standing. If it allows broad use but not control, the buyer may lack the evidence needed for future financing or resale.

Customer assignments and leases need special treatment. Some addresses may be reassigned to downstream customers in ways that appear in public records. Some may be contractually dedicated but not separately registered. Some may be leased to third parties unrelated to the core business. Some may be subject to commitments that survive closing. The buyer should not learn after closing that a range priced as surplus is actually tied to prepaid customer rights, long-term service contracts, or high-risk downstream users whose abuse history will follow the block. The schedule should identify encumbrances, not merely prefixes.

Continuity also limits buyer remedies. If registry transfer is delayed, the buyer may not want immediate termination rights because customers still need service. If reputation problems emerge, the buyer may need seller cooperation rather than litigation. If a carve-out leaves addresses with the seller for a period, the buyer may need operational service credits rather than a simple price claim. M&A address risk is therefore not only a closing-risk problem. It is a continuity contract problem.

ARIN's narrow role helps here. It should maintain records and process valid requests; it should not decide how customers are allocated between buyer and seller. But because customers experience registry timing as service continuity, parties must build realistic cushions around ARIN recognition. The cleanest legal separation can still be commercially dirty if customers cannot be moved without breaking the service they bought.

Cross-border deals add inter-RIR compatibility risk

Cross-border M&A creates a second registry boundary. The buyer may be outside the ARIN region, the seller may hold ARIN-issued or ARIN-administered resources, the combined group may shift headquarters, or the acquired network may serve customers in several RIR regions. The technical resource may route globally, but registry recognition remains regional. That difference turns inter-RIR compatibility into a deal issue.

ARIN policy permits inter-regional transfers of IPv4 addresses or ASNs only through RIRs that agree to the transfer and share reciprocal, compatible needs-based policies. The source must be recognized by the responsible RIR and not involved in a dispute. Source entities outside the ARIN region must satisfy the requirements of the RIR where they hold registration. Recipients inside the ARIN region must meet ARIN recipient requirements, including agreement and operational-use expectations. Recipients outside the region face the receiving RIR's conditions. In a global acquisition, one registry's acceptance is not enough.

This matters for deal structure. A buyer may assume that acquiring a US or Canadian target gives it freedom to move address resources to an affiliate in another region. That may be wrong if the receiving RIR does not have a compatible path, if recipient qualification is not satisfied, if the resources came from a reserved pool, if a prior transfer created timing restrictions, or if the receiving entity lacks the required operational network case. The buyer may still be able to own the target and use the resources in the target's operating context. It may not be able to reorganize the address estate exactly as the tax or integration plan prefers.

Cross-border deals also raise real-and-substantial-connection questions. ARIN's merger and acquisition policy permits a surviving entity that ceases to have a real and substantial connection with the ARIN region as a result of the transaction to continue holding numbering resources issued directly or indirectly by ARIN before the transaction. But such an entity does not qualify for additional resources from ARIN unless it again has the required connection. For a buyer, that distinction is important. Holding existing resources for continuity is not the same as preserving future ARIN supply options.

The practical diligence question is whether the buyer needs movement or only continuity. If the acquired business will remain an ARIN-region operating network, the buyer may be comfortable leaving resources in the target or a regional subsidiary. If the buyer wants to centralize address management in Europe, Asia-Pacific or Latin America, it must test inter-RIR policy compatibility and operational-use evidence before signing. If the buyer wants to allocate addresses globally among affiliates, it must distinguish internal corporate control from registry-recognized transferability. The corporate chart can move faster than the registry record.

Inter-RIR risk also affects purchase-price certainty. A buyer that expects global mobility may value the address estate more highly than a buyer that sees region-bound continuity. If mobility later proves constrained, the overpayment will be hard to recover unless the purchase agreement made the assumption explicit. Cross-border address diligence is therefore not a specialist appendix. It is part of the economics of multinational network acquisitions.

Legacy resources turn old corporate history into live diligence

Legacy resources make M&A address risk feel historical and immediate at the same time. ARIN's legacy materials describe resources that originated before ARIN's modern agreement framework. ARIN was formed in December 1997 and inherited administration of a large body of earlier IPv4 and ASN records not administered by the existing European and Asia-Pacific registries. Some legacy holders have agreements. Some do not. Some files are clean. Some depend on old names, old letters, public records, institutional memory and corporate succession documents that were never prepared for a modern transfer market.

For an acquirer, legacy status is neither a poison pill nor a free option. It is a diligence signal. A legacy block with clear historical allocation evidence, current contacts, documented corporate succession, good registry maintenance, current reverse DNS, understood agreement posture and coherent operating use may be highly valuable. A similar block with stale contacts, a dissolved predecessor, missing merger documents, uncertain authority, contested control or weak service access may carry a large discount. The difference is not the age of the block. It is the quality of the chain.

The service boundary also matters. ARIN's public legacy page states that legacy holders not under an ARIN agreement can maintain unique registration in Whois/RDAP, update public data, manage reverse DNS, maintain registry records in ARIN Online and access DNSSEC. It also states that such holders must be under an ARIN agreement to access ARIN's RPKI and IRR services. In an M&A setting, that distinction becomes commercial. A buyer may require route-origin assurances or IRR discipline for enterprise customers, cloud integration, security posture or future resale. If the target's legacy resources are outside agreement coverage, the buyer must decide whether bringing them under agreement is a closing condition, an integration task, or a valuation adjustment.

Legacy records also complicate representations. A seller may be reluctant to represent absolute ownership in property language. The buyer may be unwilling to accept a weak statement that the seller merely uses addresses. The better drafting recognizes the resource-specific facts: the seller is the current ARIN-recognized holder or has valid authority through the holder; there is no known dispute; corporate succession evidence is complete; required contacts are current; use and transfer restrictions are disclosed; service eligibility is described; no third party has undisclosed rights; and the seller will cooperate with ARIN evidence requests. Precision is better than slogans.

The most dangerous legacy problem is compressed time. A file that could be repaired calmly over six months becomes a closing crisis when discovered two weeks before completion. Counsel searches archives. Retired employees are called. State filings are ordered. ARIN support questions become transaction-critical. Buyers demand holdbacks. Sellers complain that the business has used the block for decades. Both sides may be right, and both may still be late. Legacy due diligence should begin early because history moves slowly even when deal deadlines do not.

Reps, warranties and indemnities price uncertainty

Representations and warranties are how M&A documents convert uncertainty into risk allocation. For ARIN-region address resources, generic asset language is rarely enough. The buyer needs to know not only that the target can use the addresses today, but that the target's use, recognition, authority and transferability match the deal thesis. The seller needs language it can truthfully stand behind without pretending IPv4 is simple property. The resulting provisions should be precise, not theatrical.

A strong representation package will identify material Internet number resources by range, holder, Org ID, resource type, agreement posture and operating use. It will state that disclosed entities are the recognized holders or have the authority necessary to use and transfer the resources as contemplated. It will address absence of disputes, claims, liens or conflicting contractual rights. It will disclose legacy status, leases, customer assignments, reassignments, upstream-provided resources, provider-assigned space, reputation issues, abuse investigations, transfer restrictions, reserved-pool limitations, pending ARIN requests, fee standing, POC validity and any use outside the ARIN region. It will distinguish owned business resources from customer or third-party resources.

The buyer should resist two shortcuts. The first is a broad "all assets necessary" representation. That may help, but it will not surface which resources are registered to which entity, whether customers have use rights, or whether a block can transfer. The second is a simple "valid title" representation. That may import property assumptions that neither party has analyzed. Better drafting uses the language of recognized control, authority, right to use, right to request transfer, absence of known disputes and compliance with applicable registry policies and agreements.

Indemnities then price the remaining uncertainty. If a specific block is essential but the seller cannot produce complete legacy succession evidence before closing, the buyer may require a special indemnity for failure of recognition or loss of use. If a customer assignment schedule is incomplete, the buyer may require indemnity for undisclosed third-party rights. If reputation concerns exist, the buyer may require indemnity for pre-closing abuse or remediation costs. If ARIN rejects or delays a transfer because of seller-side evidence defects, the buyer may require reimbursement, price adjustment or a right to extend the TSA.

Sellers will push back, and often reasonably. They do not want open-ended indemnities for policy changes, buyer integration mistakes, customer misuse after closing, or market-value declines unrelated to pre-closing facts. That boundary matters. M&A address risk should be allocated according to who controls the fact. Seller authority, historical record gaps and undisclosed encumbrances belong with the seller. Buyer integration, post-closing abuse control and strategic redeployment belong with the buyer. Registry timing may sit between them and require specific mechanics.

The economic function of these provisions is not litigation. It is price discovery. The more the seller can prove, the less the buyer needs special protection. The less the seller can prove, the more the buyer will demand holdbacks, indemnities, covenants and discounts. IPv4 scarcity gives the resource value. Contract drafting decides who pays for uncertainty.

Escrow holdbacks are a response to registry timing

Escrow and holdback arrangements are common where a closing condition depends on a third-party or institutional action that cannot be made perfectly simultaneous with signing and funding. ARIN recognition fits that pattern. The buyer wants assurance that the registry record will reflect the transaction and that the resources will be usable after closing. The seller wants the purchase price paid when it transfers the business. ARIN must review evidence, authority, agreements and policy requirements on its own process, not according to the parties' desired funding clock. Escrow bridges the gap.

The simplest holdback covers transfer completion. A portion of the purchase price is withheld until ARIN recognizes the transfer of specified resources, required agreements are signed, fees are paid, contacts are updated, and any required reverse-DNS or routing-adjacent handover steps are completed. The amount should be linked to the economic importance of the resources, not chosen as a symbolic number. If a block is essential to revenue, the holdback may be large. If it is surplus capacity, the holdback may track expected market value or remediation cost. If the risk is limited to contact cleanup, the holdback should be smaller.

More sophisticated escrows separate registry recognition from operational migration. ARIN may complete a transfer while customers still require transitional routing support from the seller. Or customers may be migrated while ARIN review remains pending. The parties can create multiple release conditions: evidence submission, ARIN approval, signed RSA, updated Org ID or POC records, technical cutover, customer migration, reputation remediation and expiration of a claim period. This avoids the crude assumption that one event proves all risk is gone.

Timing language needs realism. ARIN's transfer guidance says transfer requests require an ARIN Online account linked to an Admin or Tech POC with authority for a valid Org ID, and that after approval, signed RSA and applicable fees, resources will be transferred within two business days. That is useful for settlement planning after approval. It does not mean the entire diligence and approval path will always fit a buyer's preferred date. If authority evidence is incomplete, if the resource is disputed, if the parties chose the wrong transfer path, or if the recipient has not prepared the required agreement posture, the clock stretches.

Escrow can also discipline sellers before closing. A seller that wants full price has reason to clean records, update contacts, reconstruct legacy files and prepare evidence. A buyer that wants a smaller holdback has reason to submit complete recipient documents and avoid changing the structure late. Escrow therefore becomes more than a protection device. It becomes a project-management tool around registry timing.

The danger is using escrow as a substitute for diligence. A large holdback cannot preserve customers if the address estate is structurally inseparable. It cannot make an ineligible transfer eligible. It cannot cure a false authority claim. It can compensate money loss after the fact, but the buyer may still suffer service disruption and integration delay. Escrow works best when the remaining risk is process timing, not when the underlying resource story is defective.

Purchase-price allocation follows operational proof

Purchase-price allocation belongs near the end of the M&A address-risk chain, not at the beginning. Scarce IPv4 may influence what the buyer pays, but the accounting and tax allocation should follow evidence about what was acquired, how it is controlled, how it will be used and whether it can be separated from customer relationships, goodwill, equipment and service obligations. If allocation leads the analysis, the deal team may mistake a finance model for an operating fact.

In some transactions, address value is plainly identifiable. A hosting provider, data-centre operator, broadband company or managed-services business may hold ARIN-recognized IPv4 resources that are material to customer service and future growth. The buyer may have obtained market comparables, reviewed transfer history, tested authority, examined reputation, and concluded that part of the purchase price reflects scarce address capacity. If the resources are transferable or separately controlled, an allocation to an identifiable intangible-like asset may be considered by advisers under the relevant accounting and tax rules.

In other transactions, the value is embedded. The addresses support customer continuity, but selling them separately would damage the acquired business. Their value may appear through customer relationships, avoided renumbering cost, margin stability or goodwill rather than through a neat address line item. A buyer that mechanically assigns a market price to every address may overstate separable value. A buyer that ignores address dependence may understate what it actually bought. Operational proof is the arbiter.

ARIN recognition is evidence, not valuation. It can show the recognized holder, transfer path, agreement posture and timing of record change. It cannot decide tax basis, useful life, impairment, amortization, or the relative value of customer contracts versus address resources. Nor should an ARIN-recognized transfer be used to imply that the registry blessed a purchase-price allocation. The registry identifies and recognizes resource movements under policy. Advisers price and account for the transaction.

This sequence matters for disputes. If a buyer later claims that it overpaid because an address transfer failed, the purchase agreement and allocation files will be examined together. Did the buyer allocate value to the addresses? Did the seller warrant transferability? Did the buyer know the resources were shared, legacy-bound or customer-encumbered? Did the holdback reflect the risk? Did the buyer rely on surplus value or merely continuity? A disciplined file makes the economic story coherent.

Allocation also affects post-closing behavior. If acquired addresses are assigned a visible value, management is more likely to maintain records, monitor reputation, review impairment and allocate capacity carefully. If the value disappears into goodwill, the address estate may again become operational background. That may be acceptable where the addresses are inseparable from the business. It is dangerous where scarce capacity was a real reason for the acquisition. The right conclusion is not that every deal needs a large IPv4 allocation. It is that allocation should follow proof, not convenience.

ARIN should verify recognition, not bless the deal

ARIN's proper role in M&A is narrow and important. It should verify authority, apply policy, protect registry integrity, process valid transfer requests, require appropriate agreements, keep public records accurate, prevent fraudulent changes, maintain service continuity where its procedures allow, and communicate requirements clearly. It should not decide whether the buyer paid a fair price, whether the seller negotiated well, whether the carve-out economics are optimal, whether an indemnity is sufficient, or whether the combined company has a superior business plan. Registry recognition is not a fairness opinion.

That boundary protects the market. If ARIN tried to bless private deal economics, every acquisition involving valuable addresses would invite lobbying, strategic delay and pressure from buyers, sellers, brokers, lenders and dissatisfied customers. The registry would be pushed into arguments about price, contractual interpretation, tax allocation, creditor priority and industrial policy. That would weaken the ledger. The value of ARIN's recognition comes from its disciplined focus on the record, not from an expanded role as transaction supervisor.

The boundary also protects ARIN. Post-exhaustion IPv4 scarcity has made registry decisions capital-relevant. That fact is unavoidable. A delay can affect closing. A rejected transfer can change price. A requirement for better evidence can shift bargaining power. Because these effects are real, ARIN needs more procedural modesty, not less. It should be able to explain what evidence is missing, what policy condition applies, what agreement is required, what fees are due, what status the request has, and what outcomes are available. It should not need to defend a theory of who deserves economic value.

Member governance does not erase this problem. ARIN has community policy processes and a member structure, and those mechanisms help constrain a private registry that performs a public coordination function. But buyers, sellers, customers, lessees, lenders, employees and downstream users in a transaction may not all be voting members. Even members may sit on different sides of the same deal. A member-based institution can produce legitimacy for registry rules; it cannot automatically settle private transaction risk. The best answer is a clear, evidence-based procedure that applies evenly.

The market should also avoid pulling ARIN beyond its mandate. Purchase agreements should not condition closing on ARIN doing something policy does not permit. Brokers should not imply that ARIN approval is a guarantee of commercial quality. Buyers should not use registry questions to renegotiate unrelated price points. Sellers should not pressure the registry to ignore weak authority because a deal is late. Lenders and auditors should not treat ARIN records as property deeds. Everyone benefits when the line is clear.

ARIN can still improve the M&A environment without becoming a deal arbiter. It can keep merger and acquisition guidance legible, specify evidence expectations, publish aggregate timing metrics where appropriate, distinguish private disputes from registry defects, maintain clear channels for court orders and authorized agents, and keep legacy-service boundaries understandable. Predictability lowers the risk premium. Discretionary transaction blessing would raise it.

What to watch over the next 12 to 24 months

The first watchpoint is whether buyers start treating address diligence as a core workstream rather than a technical appendix. In sophisticated ARIN-region deals, diligence lists should ask for Org IDs, ranges, holder entities, agreement posture, fee standing, POC authority, transfer history, legacy evidence, customer assignments, leases, reputation reports, routing-security status, reverse-DNS controls, pending ARIN tickets and proposed post-closing disposition. If those requests become standard, address risk will have moved into mainstream M&A discipline.

The second watchpoint is how asset-sale agreements describe address separation. Good documents will distinguish transferred ranges, retained ranges, shared transition ranges, customer-dedicated ranges, leased ranges and surplus ranges. They will specify ARIN transfer path, evidence obligations, TSA support, routing and DNS responsibilities, abuse handling, customer migration and consequences of delay. Weak documents will attach a prefix schedule without explaining how the business actually uses the addresses. The market should learn quickly which form prevents disputes.

The third watchpoint is carve-out quality. More corporate groups will discover that public IPv4 was managed as group infrastructure even when the sold business was priced as standalone. Watch whether sellers prepare address separation before marketing a division, and whether buyers demand growth capacity rather than mere current assignments. The most revealing disputes will be about stranded value: customers sold without addresses, or addresses transferred without enough operating context.

The fourth watchpoint is equity-deal cleanup. Buyers that acquire address-heavy targets should not leave registry authority in inherited operational habits. Post-closing integration should update contacts, billing, account authority, reverse DNS, RPKI or IRR posture, abuse processes, IPAM records and board-level controls. If buyers postpone this work, the next refinancing, divestiture or security incident will expose the weakness.

The fifth watchpoint is inter-RIR structuring. Cross-border buyers will test whether ARIN-region resources can remain with regional operating subsidiaries, move to foreign affiliates, or support global networks without violating compatible-policy requirements. Deals that assume unrestricted global portability will suffer. Deals that distinguish ownership of a corporate group from registry-recognized movement will price resources more accurately.

The sixth watchpoint is legacy-resource preparation. Sellers with valuable old allocations should reconstruct succession files before they launch a sale. Buyers should not accept "we have always used it" as a substitute for evidence. Legacy resources with clean documentation and understood service posture will command stronger confidence. Legacy resources whose proof must be recreated during exclusivity will invite holdbacks, indemnities and discounts.

The seventh watchpoint is escrow practice. Holdbacks tied to ARIN recognition, technical cutover and customer continuity should become more nuanced. A single release condition may not capture the difference between registry approval, signed agreements, updated contacts, route-security readiness, customer migration and reputation remediation. Better escrow design will reveal which deal teams understand that registry timing and operational continuity are related but not identical.

The eighth watchpoint is representation language. Market practice should move away from broad property slogans and toward resource-specific recognized-control language. The strongest reps will cover current holder status, authority, absence of disputes, disclosed encumbrances, legacy evidence, agreement posture, transfer eligibility, fees, customer rights and abuse history. Indemnities should then attach to the facts the seller can control, not to every future market or policy development.

The ninth watchpoint is purchase-price allocation discipline. Address value should not be ignored merely because it is awkward, and it should not be inflated merely because scarcity exists. Allocation should follow operating use, recognized control, transferability, customer dependence, market evidence and separability. The accounting treatment is downstream of the transaction proof. It should not be used to rescue a weak diligence story.

The final watchpoint is ARIN's procedural posture. The healthiest M&A market does not require ARIN to endorse deals. It requires ARIN to keep authority verification, transfer recognition, legacy boundaries, agreement requirements and communication predictable enough that private parties can price risk without asking the registry to become a judge of commercial value. If ARIN stays a reliable ledger, merger and acquisition address risk becomes analyzable. If recognition becomes slow, opaque or too discretionary, the same scarce resource will carry a larger transaction discount.

The broader lesson is not that IPv4 should dominate every acquisition involving a network business. Many deals will turn on revenue, customers, product fit, spectrum, fibre, data centres, software, people or regulation. But where ARIN-region IPv4 is material, it is no longer safe to leave it at the back of the diligence binder. It is a scarce, registry-recognized, customer-sensitive resource whose value depends on the fit between corporate law, network operation and institutional recordkeeping. M&A exposes that fit more sharply than ordinary operations do. The buyer that understands it will pay for real control. The seller that prepares it will receive more certain value. The registry that keeps its role narrow will make both outcomes easier without becoming the transaction itself.