ARIN is not normally treated as a sanctions institution. It is a regional Internet registry. It records holders of Internet number resources, maintains registry data, supports reverse DNS and routing security services, processes transfer requests, collects fees and runs a policy forum for the region it serves. Its own public description is administrative rather than geopolitical. Yet that description is no longer enough to explain the economic position ARIN occupies in the post-exhaustion IPv4 market.

The point is not that ARIN has unlawfully sanctioned a particular network. This article makes no such allegation. The point is structural. ARIN is a useful North American case study in how geopolitical compliance pressure can convert registry discretion into business-continuity risk. That pressure comes from a specific legal environment: ARIN is a United States corporation, incorporated in Virginia, operating in a sanctions-heavy jurisdiction while administering scarce resources whose economic value is now material to cloud platforms, access networks, hosting firms, universities, enterprises, banks, brokers, legacy holders and small operators. The registry may not think of itself as a gatekeeper. A market that depends on registry recognition may reach a different conclusion.

The factual machinery is visible in ARIN's own pages. Its IPv4 Addressing Options page says the ARIN free pool of IPv4 address space was depleted on 24 September 2015 and directs networks toward the waiting list, special-use pools, transfers and IPv6. Its transfer guide describes merger and acquisition transfers, specified-recipient transfers, inter-RIR transfers, documentation, fees, officer acknowledgements, reciprocal needs-based policy and RSA requirements. Its legacy-resource page distinguishes services available to legacy holders without an ARIN agreement from services that require an agreement, including RPKI and IRR access. Its current public Registration Services Agreement defines services, contract rights, policy changes, fees, review rights, termination consequences, disclaimers and government-order language. Its membership page and Policy Development Process explain participation and governance. These are useful exhibits. They explain what the machine does. They do not decide what the machine means.

The stronger institutional frame comes from Lu Heng's public notes, NRS's decentralisation thesis, LARUS's commercial continuity argument and the broader BTW view that official registry language should be read as evidence, not as conclusion. Lu Heng's notes page treats IPv4 as scarce economic infrastructure constrained by centralised chokepoints, weak accountability and poor portability. His essay on why NRS exists argues that voluntary systems decay when exit is constrained and discretion is centralised. His note on registry continuity sets out the decisive distinction: protect the ledger, not the gatekeeper. NRS presents the same line in advocacy terms on its home page: scarcity and centralised registry control have become structural risks. LARUS, through its public business framing at larus.net, treats IPv4 continuity as an operating and market problem, not simply as a policy debate. These are not neutral institutional sources. Their value is that they ask the question official language tends to avoid: which registry functions are indispensable, and which authority claims have been attached to those functions because scarcity made attachment profitable?

That question is particularly sharp for ARIN. The ARIN region contains deep pools of legacy IPv4 space, high-value transfer demand, sophisticated buyers, financial intermediaries, security-sensitive customers and small networks that cannot easily absorb procedural uncertainty. It is also inside the sanctions jurisdiction of the United States. The result is a registry that can be competent, transparent in many respects and operationally mature while still becoming a source of unpriced risk. Stability does not eliminate the problem. In some ways it hides it, because the risk appears only when law, scarcity, contract leverage and market dependence meet.

A United States registry in a sanctions-heavy world

The first fact is jurisdictional. ARIN's RSA identifies the American Registry for Internet Numbers, Ltd. as a Virginia non-profit corporation. That status is not a decorative corporate detail. A United States corporation sits within a legal environment that includes federal court orders, statutory obligations, sanctions restrictions, subpoena practice, banking compliance and a culture of risk-based screening that reaches far beyond any one transaction. The Office of Foreign Assets Control says in FAQ 11 that all U.S. persons must comply with OFAC sanctions, including U.S. incorporated entities and their foreign branches, and that non-U.S. persons may be subject to certain prohibitions in specified circumstances. OFAC's compliance framework encourages risk-based sanctions programs built around senior commitment, risk assessment, internal controls, testing and training.

Those facts do not mean every ARIN interaction with a foreign network is restricted. They do not mean every party in a high-risk jurisdiction is blocked. They do not turn ARIN into a sanctions ministry. Nor do they let ARIN invent foreign policy. But they do place ARIN inside a legal and compliance culture in which identity, control, location, payment route, counterparty status and government orders can matter. A bank financing an IPv4 purchase may ask sanctions questions. A buyer may screen beneficial ownership. A broker may worry about counterparties. A lawyer may build closing conditions around registry approval. An escrow service may refuse a payment flow that looks too difficult. A cloud platform may be more worried about reputational exposure than about the technical uniqueness of the address block. In that environment, the registry's recognition function becomes economically sensitive even before a legal prohibition is reached.

The RSA makes the legal edge visible. It gives ARIN a right, in defined circumstances, to cooperate with and comply with applicable laws, regulations, government inquiries and judicial orders related to the holder's use of services. It also contemplates orders concerning number resources or use of a service, including orders to stop a service or terminate the agreement, with notice only when legally permitted and to the extent allowed. A clause of this kind is not extraordinary for a United States infrastructure organisation. It is still important. It reminds resource holders that number-resource continuity depends not only on routing tables and customer contracts, but also on the legal position of the institution that recognises their registration state.

ARIN's law-enforcement page adds another part of the picture. It says public Whois data is available, that non-public information generally requires a duly issued subpoena or court order, and that ARIN may hold information useful to investigations, including registration, reassignment and contact data. This is not a claim that ARIN polices content or controls traffic. It is a narrower and more consequential point: the registry is a legal information node. State power, private registration records, corporate authority and operational identifiers can meet there.

The business-continuity risk arises from that meeting point. A formal sanction can block a transaction, property interest, payment or service. A registry-layer restraint may be subtler. It may delay a transfer, require more documentation, reject a counterparty, suspend a service under order, make a legacy holder decide whether to sign an agreement, or leave a buyer uncertain about whether the official record will move. The registry may be acting prudently. It may be following law. It may have no choice. The economic consequence can still resemble a sanction from the perspective of a network whose expansion, financing or customer commitment depends on timely registry recognition.

This is why a registry in a sanctions-heavy jurisdiction should not expand discretionary judgment merely because compliance pressure exists. The opposite principle is needed. The more politicised the external environment becomes, the more exact the registry's role should be. If a court order compels action, the action should be narrow. If a sanctions rule prohibits a transaction, the reason should be legal rather than moral or reputational. If screening is necessary, it should be objective, documented where legally possible and separated from unrelated judgments about business model, nationality, customer mix or market strategy. Compliance should be a boundary condition around the ledger, not a licence to widen the gate.

Scarcity changed the meaning of discretion

Before IPv4 exhaustion, registry discretion was usually explained as rationing. A registry had a pool of unallocated numbers. Applicants sought allocations. Policies asked whether the applicant had sufficient need, whether existing resources were efficiently used and whether the request matched conservation objectives. The system was never free of power. Yet its central story was still one of administrative distribution: a finite pool, a queue of applicants and a policy attempt to prevent waste.

After exhaustion, the same forms of discretion carry a different economic meaning. ARIN's free pool has been depleted since September 2015. Meaningful IPv4 capacity now comes from transfers, merger and acquisition records, legacy blocks, private contracting, leasing-like arrangements, returns, reclamations and very limited reserved space. The registry is no longer primarily a distributor of abundance. It is the recognised settlement layer for scarce capital already embedded in networks, balance sheets, customer contracts, security systems and acquisition plans.

That change matters because a registry decision now affects sunk investment. A block is not just an entry in a database. It may be bound into customer allowlists, mail reputation, procurement rules, geolocation assumptions, API policies, firewall settings, incident-response plans, financing documents and infrastructure expansion. The holder may have paid market price. A buyer may have lined up customers. A seller may be using proceeds to restructure a network. A lender may treat transferability as part of collateral value. A delay or refusal at the registry layer therefore affects capital, not merely paperwork.

Institutional economics has a name for this: a hold-up problem. One party invests in an asset-specific relationship that is hard to replace. Another party controls a bottleneck after the investment is sunk. The bottleneck holder need not be malicious. It may be careful, under-resourced or worried about legal risk. The structure itself creates a discount. Participants price the possibility that approval will be delayed, documentation will be reinterpreted, a policy will change, a contract term will shift, a service will be suspended, or an external order will alter the recognised state.

The RSA shows why the discount is rational. It states that services and included number resources are supplied on an as-is basis and that ARIN does not promise uninterrupted service. It limits liability and gives ARIN defined rights around fees, policy changes, reviews, transfers, service stopping and termination. These provisions may be understandable for a registry that wants to avoid unlimited exposure. They are more troubling when the registry's process can affect assets worth far more than the fee relationship. A low-liability, high-discretion institution is bearable when the economic stakes are small. It becomes harder to justify when registry recognition is part of the capital structure of the Internet.

Scarcity also changes the distribution of burden. Large firms can manage process risk. They hire counsel. They use brokers. They structure purchase agreements around closing conditions. They maintain inventory. They can wait. They often have policy staff who know the vocabulary. Small operators face a different reality. They may need one block to support a customer segment, a data-centre expansion or a financing round. They may not have staff who can translate registry requests into board-ready risk language. They may have no practical ability to contest a delay. To them, an ordinary compliance request can feel like a survival tax.

The visible fee schedule is only the first cost. ARIN's fee schedule lists annual registration-service categories, transfer-processing charges and legacy fee treatment. Those are explicit. The larger tax is often implicit: officer time, legal review, old corporate records, notarised acknowledgements, counterparty screening, sanctions checks, payment diligence, RPKI transition, IRR cleanup, reverse DNS planning, customer communication and the cost of explaining registry dependence to investors. These are largely fixed costs. Fixed costs punish small firms.

Scarcity therefore turns discretion into economic power. The power may be exercised through rules, tickets, service conditions and standard forms rather than through dramatic orders. It is still power. A registry that can condition recognition can affect price, liquidity, timing and continuity. When geopolitical compliance pressure is added, that power becomes a risk multiplier. A scarce asset must pass through a legal and policy chokepoint controlled by a United States institution whose incentives are shaped by liability avoidance, contract control and community process.

The transfer market is a settlement layer

ARIN's transfer system is often described as a policy process. It should also be understood as market infrastructure. The transfer guide identifies several main paths. Section 8.2 covers transfers tied to mergers, acquisitions and reorganisations. Section 8.3 covers specified-recipient transfers within the ARIN region. Section 8.4 covers inter-RIR transfers. Transfer requests require ARIN Online authority, points of contact, documentation, fees and, in many cases, an RSA. Source organisations may need to be current registered holders, free of disputes over the resources, capable of supplying officer acknowledgement and able to satisfy restrictions on recent transfers and reserved-pool addresses. Recipients must meet current transfer-recipient requirements.

Some of this is pure ledger protection. The registry must know that the source is the current recognised holder. It must reject forged instructions. It must identify corporate succession. It must avoid recording a transfer when the resource is under dispute. It must preserve chain of custody. It must manage RPKI, IRR and reverse-DNS transition. It must keep the record unique and auditable. These are not optional functions. Without them, the market would become unsafe.

Other requirements move from ledger protection into market control. For incoming inter-RIR transfers to the ARIN region, recipients must demonstrate need for up to a 24-month supply of IPv4 addresses. For larger initial transfers, the transfer page points to documentation showing planned use and efficient use of previous allocations. Inter-RIR transfers may occur only where reciprocal, compatible, needs-based policy exists; ARIN currently lists APNIC, LACNIC and RIPE NCC as approved with ARIN while AFRINIC is not approved. ARIN may request certification from another RIR and may refuse a transfer that does not meet reciprocal needs-based justification.

The policy history is clear enough. Need assessment came from the allocation era. If a registry is distributing scarce addresses from a common pool, it has a conservation rationale for asking whether an applicant can use them. But a private transfer is different. The seller is surrendering recognised resources. The buyer is paying market price and assuming deployment risk. A capital commitment is itself evidence of need. The registry's strongest interests are identity, authority, uniqueness, fraud prevention, legal compliance, dispute isolation, record accuracy and secure transition. When it goes further and judges whether a buyer's future plan fits an allocation-era utilisation test, it becomes a capital-allocation board.

Defenders of need tests fear speculation, hoarding and sham transactions. Those concerns are not imaginary. But the post-exhaustion market has a countervailing risk: suppressing formal liquidity can reduce accuracy. If valid buyers expect delay or denial, if sellers find the process uncertain, if small operators cannot carry the administrative burden, address space may remain trapped with incumbents or move through opaque leasing, nominee or control structures outside clean registry settlement. A strict gate may protect the language of conservation while weakening the ledger it claims to serve.

The compliance angle makes this problem more acute. Consider a transaction with a complex ownership chain, operations in multiple countries, customers in sensitive markets or payment flows that banks dislike. There may be no blocked party and no legal prohibition. Yet the transaction can still trigger risk questions. If the registry's role is narrow and mechanical, the parties can isolate legal compliance from market qualification. If the registry's role includes broad judgment over need, compatibility, documentation sufficiency and regional connection, compliance caution can merge with policy discretion. The result is not legal certainty. It is conditional liquidity.

Conditional liquidity has a price. A seller may own a valuable block but cannot know whether the value can be realised on schedule. A buyer may have customers and funding but cannot know whether the registry will accept the plan. A broker may match parties but cannot guarantee settlement. A lender may discount collateral because transferability is uncertain. A small network may believe it has bought continuity and then discover that continuity depends on an approval architecture that sits outside its control.

The correct distinction is between settlement and permission. A good settlement layer verifies authority, prevents fraud, records valid change, manages security transitions and lets lawful transactions close. A permission layer asks whether the market should be allowed to move. ARIN's challenge is to make its transfer system look less like permission and more like settlement. That does not require deregulated chaos. It requires a narrower idea of what the registry must decide.

Legacy resources and the price of agreement

The legacy boundary is another place where compliance, scarcity and contract power meet. Legacy resources predate ARIN or were issued by predecessor registries before the current contract structure existed. ARIN's legacy-resource page recognises that legacy holders not under an ARIN agreement can still maintain unique registration in Whois/RDAP, update and manage public data, manage reverse DNS, maintain registry records through ARIN Online and use DNSSEC. The same page says RPKI and IRR access require an ARIN agreement. It also notes that the legacy fee cap expired on 31 December 2023, while organisations with active LRSAs entered into before 1 January 2024 continue to have capped fees for covered legacy resources; ARIN's fee schedule says the cap is $250 annually for 2026 and rises by $25 per year, while legacy resources brought under agreement after 1 January 2024 fall under regular registration-service plan fees.

This is more than a pricing detail. It shows how a registry can preserve a historical recognition boundary while using operationally valuable services to encourage contract entry. Legacy holders retain some record functions without agreement. But as routing security becomes more important, RPKI and IRR access are no longer optional conveniences. Customers, peers, transit networks and risk teams increasingly expect coherent routing-security metadata. A legacy holder that wants modern security services faces a choice: remain outside the agreement and accept a weaker service position, or enter the contract structure and accept current terms.

ARIN can plausibly say that advanced services require clear terms. RPKI is security-sensitive. IRR data can affect routing practice. The registry needs authority, authentication and operational discipline. Those arguments are serious. Yet the institutional economics remain uncomfortable. When a legacy holder's block is economically embedded and security expectations have changed, contract entry can become less a voluntary upgrade than a practical necessity. The registry does not have to confiscate anything to acquire leverage. It only has to tie essential modern functions to agreement.

The RSA then matters as a price of entry. It grants contractual rights, but it also binds the holder to policies that can change, fee obligations, review rights, disclaimers, liability limits and termination paths. It says ARIN may review utilisation when a transfer or additional space is requested and may refuse transfers or additional allocations if resources are not utilised according to policy, while it also states limits on revocation for lack of utilisation under the agreement. The line between protection and leverage is thin. A legacy holder may gain services and clearer recognition, but also accepts a contemporary policy and compliance environment that did not exist when the historical allocation was made.

This is why the legacy/RSA boundary is central to sanctions and compliance pressure. A legacy holder outside agreement may be less exposed to some contractual mechanisms, but may have weaker access to services that counterparties increasingly expect. A holder inside agreement may enjoy modern services, but also sits more fully within ARIN's contract, fee and legal response structure. In either case, the registry's discretion shapes the economic value of the resource. The asset's technical use is tied to the institutional terms under which recognition and service continue.

The right policy response is not to pretend legacy history gives holders unlimited immunity. Nor is it to treat legacy status as a problem to be solved through service leverage. A proportionate model would distinguish record integrity from contract expansion. Unique registration, accurate contacts, lawful transfer and dispute notation are core ledger matters. Advanced security services may require operational terms, but those terms should be narrow, transparent and oriented toward service integrity rather than broader institutional control. Legacy history should not be erased merely because scarcity made old resources valuable.

Member power is real, but it is not public sovereignty

ARIN has member structures and policy procedures that are more open than many private infrastructure arrangements. Its membership page says there are Service Members, General Members and Trustee Members. It says membership is not required to receive direct Internet number resources and does not confer an advantage in doing so. It also says membership is not required for participation in policy discussions, suggestions or public consultations. General Members have voting rights in ARIN elections, and the policy process includes roles for the Internet community, the Advisory Council, the Board, staff, petitions, public meetings and mailing-list participation.

This is meaningful. It is better than opaque administration. It gives active resource-linked organisations a route into oversight. It creates a public record of policy debate. It makes the Board and Advisory Council subject to community pressure. It lets an interested engineer, counsel or executive follow the machinery. In a mature registry, such participation is a real institutional asset.

But member power is not sovereignty. A service region is not a people. A membership list is not a public electorate. A voting contact is not a citizen. The active participants in a policy process are not identical with all affected customers, creditors, leased-address users, acquisition targets, downstream enterprises, national networks, hosting clients or small operators whose businesses depend on continuity. A rule can be procedurally legitimate inside the ARIN system and still impose large costs on firms that had little practical ability to participate.

This is the mechanism Lu Heng describes as mandate laundering. A narrow technical function begins with record coordination. It develops a policy process. Active participants become "the community." The community's output becomes the regional will. The regional will then justifies transfer limits, contract terms, fee structures, service conditions, compliance burdens and discretionary review affecting firms far beyond the active policy circle. The problem is not that consultation is fake. The problem is that consultation can be asked to carry more authority than it actually possesses.

Compliance pressure makes the danger sharper. If a transfer restriction, need test, legacy-service boundary or sanctions-sensitive rule is framed simply as community policy, enforcement can be presented as democratic stewardship rather than discretionary gatekeeping. That framing may be comforting to the registry. It does not answer the economic question. Does the rule protect uniqueness, chain of custody, lawful operation, security-state transition or dispute isolation? Or does it allocate opportunity, preserve incumbent advantage, discipline commercial models, express moral preference or export legal anxiety to resource holders?

The most legitimate use of member power is to constrain the registry. Members should demand auditability, clear reasons, appeal rights, narrow compliance criteria, portable records, transparent fee logic, predictable transfer settlement and non-destructive dispute handling. The least legitimate use is to provide vocabulary for expanding the gate. A policy process that narrows authority protects the ledger. A policy process that converts participation into broad permission power strengthens the gatekeeper.

ARIN's region makes this distinction especially important because many affected firms are not policy specialists. They are businesses. They sell connectivity, hosting, cloud capacity, managed services, security, enterprise networks, research infrastructure or public-sector connectivity. They may not have the time or vocabulary to argue on a mailing list. The economics-style question is therefore not whether ARIN has a community. It plainly does. The question is whether that community is enough of a mandate for decisions that now affect scarce capital under geopolitical pressure. The answer should be modest: enough to coordinate the ledger, not enough to own the future of the assets recorded in it.

The small-operator compliance tax

The small-operator problem deserves separate treatment because it is where institutional risk becomes visible fastest. A large cloud platform can treat ARIN as one compliance relationship among many. It can employ registry specialists, sanctions counsel, procurement staff, network-security teams and transaction lawyers. It can structure around delay. A small operator may have one founder, one network engineer, one accountant and a customer deadline. The same registry request has different weight.

The tax begins with information. A small firm must understand whether its resources are ARIN-issued or legacy, whether they are under RSA or LRSA, whether points of contact are current, whether fee status is clean, whether corporate names match old records, whether reverse DNS is correct, whether RPKI and IRR services are available, whether a transfer path is 8.2, 8.3 or 8.4, whether the counterparty qualifies and whether wait-list restrictions matter. None of this is impossible. Much of it is reasonable. But the fixed cost is high relative to the firm's size.

The tax deepens with compliance. Counterparties may ask for sanctions representations. Banks may query payment flows. Counsel may ask whether any customer or beneficial owner creates risk. A buyer may require warranties that the seller cannot easily give. A seller may need old corporate documents that predate current staff. An address block may have passed through merger history that is hard to reconstruct. If the registry asks for more evidence, the small firm must spend management attention rather than merely clicking a form.

There is also a tax of uncertainty. A network can price a fee. It struggles to price staff discretion. It can plan around a stated processing interval. It struggles to plan around open-ended documentation dialogue. It can accept a clear legal prohibition. It struggles when compliance caution, transfer policy and contract entry blur together. Uncertainty is costly because it must be held in inventory, discounts, contingencies and lost customer confidence.

This is why registry-layer risk should be understood as a business-continuity issue. A transfer delay can postpone data-centre expansion. A legacy holder without RPKI access can face routing-security pressure from customers. A small network unable to assemble documents can miss a transaction window. A buyer uncertain about needs-based approval can reduce price. A lender can decline to treat an IPv4 block as bankable. A customer can demand continuity warranties that the operator cannot confidently support. None of these outcomes requires a dramatic revocation. Confidence can fail quietly.

The ordinary policy answer is to say operators should keep records up to date and know the rules. They should. But that answer is incomplete. When a registry administers scarce infrastructure through low-liability standard forms, the design must account for the smallest serious participant, not only the largest. A compliance system that is navigable only by counsel and brokers may preserve formal fairness while producing economic exclusion. If small operators are priced out of clean settlement, the market does not disappear. It becomes more opaque.

Ledger versus gatekeeper under geopolitical pressure

The ledger-versus-gatekeeper distinction is the essential test for ARIN's sanctions and compliance problem. A ledger records the recognised holder, the resources, the points of contact, authorised changes, disputes, transfer state, reverse-DNS delegation, RPKI status, IRR status and evidence supporting record changes. A gatekeeper decides whether the holder's business model, growth plan, customer mix, nationality, commercial structure or political geography deserves approval.

Every registry must do some gatekeeping to protect the ledger. It must reject forged transfers. It must prevent duplicate registration. It must require authority. It must respond to court orders. It must isolate disputes. It must support secure transition of routing-security objects. It must keep contact records sufficiently accurate for operational reliance. The danger begins when gatekeeping is no longer tied to those limited objectives. At that point, the registry is shaping markets rather than recording them.

Geopolitical compliance pressure makes the distinction more urgent, not less. If a sanctions prohibition applies, ARIN must stay within law. If a court order requires action, ARIN must respond. If a payment cannot lawfully be processed, the registry cannot pretend otherwise. But legal constraint should narrow discretion. It should lead to clearer criteria, better reason-giving where permitted, minimal collateral damage, objective time frames, documented escalation, preservation of the last verified operational state where possible and an appeal or independent review path for contested non-emergency decisions. It should not lead to broad defensive delay or generalised suspicion of disfavoured geographies.

The registry-continuity argument is useful precisely because it separates functions from institutional authority. The functions that must continue are uniqueness, accurate records, publication services, security metadata, legitimate updates, running-network expectations and independent dispute handling. The authority claims that do not automatically need to continue are every board preference, contract expansion, fee theory, policy inheritance or institutional self-description. "Protect the ledger, not the gatekeeper" is not anti-registry. It is pro-registry in the narrow sense that matters: preserve the function by constraining the institution.

Applied to ARIN, the ledger model would support verified identity, chain-of-custody evidence, dispute flags, fraud prevention, legally required screening, court-order response, payment legality and security-state transition. It would not use those needs to justify broad review of business plans or future market activity. It would preserve legacy distinctions instead of flattening them into modern contract control. It would let private transfers clear when objective record and legal criteria are met. It would publish aggregate process data sufficient for holders to price delay risk. It would treat small-operator cost as a design problem.

The gatekeeper model would look different. It would treat every policy inherited from the allocation era as equally justified in the transfer era. It would use service access to pull legacy holders into broader contracts. It would treat compliance caution as an acceptable reason for delay without clear limits. It would defend member process as if it were public authority. It would treat portability as a threat. It would speak of stewardship while making resource holders bear the economic downside.

ARIN is not reducible to either model. It contains both. The ledger is real and valuable. The gate is real as well. The policy task is to make the ledger more reliable and the gate narrower.

Registry-layer risk in due diligence

Business-continuity planning usually focuses on power, transit, cloud concentration, hardware, cyberattack, staffing, disaster recovery and payment systems. IP-address continuity often sits in the background. That is a mistake. An IPv4 block becomes part of customer memory and institutional memory. It appears in firewalls, allowlists, mail reputation, geolocation tables, API rules, monitoring systems, anti-abuse records, security attestations, procurement documents and service contracts. Replacing it may be harder than replacing equipment.

Registry-layer risk is the risk that the recognised record, contract state, transferability or security metadata attached to the resource becomes unstable. It can arise from fee disputes, stale contacts, documentation gaps, corporate changes, legacy ambiguity, transfer delays, sanctions screening, subpoenas, court orders, resource review, policy change, member identity problems or institutional stress. The network may still route packets. The risk is that counterparties no longer know whether the address identity is durable, transferable, bankable or secure.

For boards, buyers and lenders, ARIN-region IPv4 diligence should therefore include the registry layer. The questions are practical rather than theoretical. Are the resources ARIN-issued or legacy? Are they under RSA, LRSA or no agreement? Are fees current? Are points of contact valid and controlled by current staff? Is corporate history documented? Are reverse-DNS, RPKI and IRR states understood? Are there pending disputes, reviews or transfer restrictions? Is the planned transaction 8.2, 8.3 or 8.4? Does the recipient need to satisfy a 24-month need demonstration? Are there counterparties, customers or owners likely to raise sanctions questions? Has the payment path been screened? What happens if ARIN processing takes longer than the commercial closing period? What warranties are being given to customers and financiers about registry recognition?

These questions do not turn IPv4 into ordinary property. They recognise that number resources are governed infrastructure. That is the sober middle position. The registry is not irrelevant. The registry is not sovereign. The block is not a simple chattel. The holder's continuity depends on a chain of records, contracts, policies, legal obligations, security services and operational reliance. The chain must be managed.

The greatest mistake is to treat registry risk as a rare disaster scenario. It is also a daily pricing factor. A buyer discounts uncertain transferability. A seller discounts slow settlement. A lender discounts weak control. A customer discounts continuity risk. A small operator discounts its own growth plan if it cannot be sure the registry state will follow the business. Risk does not have to materialise as revocation to affect value. It is enough that rational parties expect delay, discretion or legal contagion.

This is where the commercial framing of IPv4 continuity matters. LARUS's market position is not neutral, but it points to a real demand: operators want access, renewal assurance, predictable control and reduced exposure to registry uncertainty. NRS's advocacy is likewise interested, but it identifies the same structural point: the registry layer has become a single point of failure in a system that otherwise prizes resilience. Official registry accounts often discuss stability as if stability means preserving the present institution. Operators experience stability more concretely. It means the live network, the customers, the security state and the recognised record survive stress.

What a proportionate ARIN model would require

A proportionate model begins with a narrow definition of registry necessity. ARIN must preserve uniqueness. It must maintain accurate records. It must support legitimate updates. It must prevent forged transfers. It must keep reverse DNS, RPKI and IRR services coherent. It must comply with law. It must isolate disputes without destroying unrelated operations. It must maintain predictable settlement for lawful transfers. That is a serious mandate. It is also a limited one.

Rules should be separated into three categories. The first category is ledger integrity: identity, authority, current holder status, chain of custody, fraud prevention, dispute notation, accurate contact data, security-object transition and record publication. These rules should be strict because they protect the truth of the registry. The second category is legal compliance: sanctions prohibitions, court orders, subpoenas, payment legality and statutory obligations. These rules should be narrow, documented where possible and tied to law rather than institutional preference. The third category is market shaping: need forecasts, transfer lock-ups, reciprocal policy filters, service bundling, contract migration and allocation-era conservation logic applied to private transfers. These rules should face the strongest scrutiny because they allocate opportunity rather than merely protect the record.

The waiting list illustrates the point. For residual returned space, anti-gaming rules may be justified because ARIN is redistributing a very limited pool. But a rule designed for residual rationing should not become moral authority for private transfer control. A waiting-list restriction is not the same kind of rule as a chain-of-custody requirement. A reserved-pool rule is not the same kind of rule as a settlement criterion for a seller's already-held block. If all scarcity rules are treated as one class, allocation-era rationing contaminates market settlement.

Inter-RIR transfers need similar discipline. Record compatibility and legal clarity matter. So does the ability to avoid duplicate registration across regions. But reciprocal needs-based policy can become a cartel of old thinking. If one region moves toward more market recognition while another retains heavier need tests, compatibility rules can preserve the more restrictive model by default. That may be presented as coordination. It can function as coordinated capital control. ARIN should be careful not to let inter-RIR compatibility turn into a device for exporting gatekeeping.

Contract design also needs the post-exhaustion lens. A standard RSA may be administratively efficient, but standard form should not mean unlimited leverage. The agreement should distinguish legacy resources from ARIN-issued resources with care. Service changes should be predictable. Government-order response should be narrow. Termination consequences should minimise collateral harm. Liability limits may remain, but if they remain low relative to foreseeable business harm, ARIN should compensate through stronger process protections, not broader discretion.

Transparency should be operational, not merely formal. Operators do not need vague assurances that the process is fair. They need to know median and outlier transfer times, common reasons for delay, the difference between legal holds and policy review, how sanctions questions are escalated, when notice may be given, how disputes are flagged, what happens to RPKI and IRR objects during a contested transfer, and how small firms can cure documentation defects without losing a commercial window. Aggregate data can protect confidentiality while still reducing uncertainty.

Appeal and review are equally important. A registry that acts as recordkeeper, policy interpreter, contract counterparty and first-instance decision-maker should not be the only meaningful forum for contested decisions. Independent review does not need to paralyse the registry. Emergency legal orders can be followed. Fraud can be stopped. But non-emergency market-shaping decisions should have a credible path outside staff discretion. A disputed resource should carry conflict metadata. Conflicting transfers may be paused. Live operations and valid security objects should not be destroyed unless an independent decision specifically requires it.

Most of all, portability should be treated as a continuity principle rather than an institutional threat. Portability does not mean duplicate registries issuing conflicting claims. It means the registry function should be capable of surviving institutional, legal or geopolitical stress. The authoritative state should be auditable. Service states should be reproducible. Disputes should have independent forums. A resource holder should not be told that network continuity requires preserving every present authority claim of the incumbent registry. A registry that knows it can be replaced is more likely to remain disciplined.

The North American test

ARIN matters because it is not an obvious failure case. It has published processes, functioning membership structures, mature documentation, a large and sophisticated community, visible transfer rules, agreements, statistics and operational competence. That makes the structural problem harder to dismiss. If registry-layer risk is visible in the ARIN region, it is not merely the symptom of a distressed institution. It is a feature of the post-exhaustion model.

Three facts define that model. IPv4 is scarce and economically valuable. Registries remain the recognised settlement layer for number-resource control. Geopolitical compliance pressure is increasing rather than decreasing. Put those facts together and registry discretion becomes a business-continuity variable. The market will ask a harsher question than official stewardship language can answer: can the holder keep using, securing, transferring and financing the resource when compliance pressure rises?

The answer depends on whether ARIN remains primarily a ledger. The ledger role is indispensable. Without accurate records, uniqueness fails. Without evidence of authorised change, transfers become unsafe. Without coherent reverse DNS, RPKI and IRR services, operators inherit avoidable risk. Without legal compliance, the institution cannot operate. But the ledger role does not justify every gate. It does not justify using needs-based rationing as a general market principle. It does not justify turning legacy service dependence into broad contractual leverage. It does not justify treating member process as sovereign mandate. It does not justify making small operators carry disproportionate compliance cost for institutional comfort.

The economics of sanctions and compliance pressure therefore point to a simple test. A rule that preserves chain of custody reduces registry-layer risk. A rule that turns lawful market movement into discretionary approval amplifies it. A rule that records disputes reduces risk. A rule that threatens live continuity before independent determination amplifies it. A rule that complies with a specific legal order reduces institutional risk. A culture of broad defensive delay transfers that risk to operators. A policy process that narrows authority protects the ledger. A policy process that launders mandate expands the gatekeeper.

This is not an argument for chaos. It is an argument for a more exact registry. The Internet does not need ARIN to become a court, bank, sanctions ministry, development agency or capital-allocation board. It needs ARIN to maintain a reliable ledger of scarce number resources, support safe service continuity, obey law narrowly, settle valid transfers predictably and keep its own discretion from becoming an unpriced liability for the networks it serves.

That is the North American test. If ARIN can separate legal compliance from market control, contract services from historical coercion, member participation from public mandate and ledger continuity from gatekeeper power, it can show how a mature RIR adapts to scarcity. If it cannot, then stability itself becomes misleading. The registry will look orderly while exporting uncertainty into every address block whose value depends on its recognition.

The future of number-resource governance will not be decided only in policy meetings. It will be decided in diligence rooms, bank questionnaires, court orders, sanctions screenings, transfer tickets, RSA renewals, legacy-service choices, member elections and the quiet calculations of small operators deciding whether the official ledger is a source of confidence or a source of risk. ARIN's task is to make the answer obvious: protect the ledger, constrain the gatekeeper and keep geopolitical compliance pressure from becoming a hidden tax on Internet continuity.