Summary

  • Measure each audit by evidence-and-delay cost per retained or contested address record: what proof is needed, how long uncertainty lasts and which transaction value is exposed.

  • Narrow record hygiene should verify identity, authority, succession and contact accuracy; discretionary utilisation judgement should be separately identified, bounded and reviewable.

  • In an acquisition, restructuring or insolvency, cure periods, timely appeal and auditor liability determine whether review preserves capital-event value or shifts loss to customers, creditors and buyers.

The audit begins as a capital-event file, not a lecture on waste

The file on the table is a capital file before it is an administrative file. A buyer wants to know whether the addresses serving a regional ISP can follow the acquired network. A lender wants to decide whether a restructured carrier can borrow against customer revenue that depends on public identity. An insolvency practitioner wants to sell a going concern rather than break apart equipment, contracts and address records that only work together. In each case, routers may still announce space, customers may still pay bills and engineers may still solve faults, while the documents explaining why the registry record names this holder may be older than the current staff.

That is why the unit of account must be evidence-and-delay cost per retained or contested address record. A retained record is one that survives review without material restriction. A contested record is one that must wait, cure, appeal or carry a hold before the business can rely on it. The unit is not the number of forms requested, the number of addresses in a block or the tone of the policy debate. It is the cost imposed on each record whose legal, operational or commercial continuity matters to a transaction.

The word "record" matters. A registry record is not the whole asset, but it is a public coordination point that can make or break the asset's usability. The Registry Continuity Fallacy is useful because it separates the continuity of the ledger from the permanence of any particular gatekeeper. The Bill of Rights of Uniqueness Coordination gives the same distinction a practical shape: accuracy, portability, reviewability and remedy are not favours granted after a holder pleases an institution; they are protections that keep uniqueness coordination from becoming discretion over other people's capital.

A narrow audit can therefore be valuable. It can ask whether the recognised holder still exists, whether a claimed successor can show a legal chain, whether contact records identify people who can act, whether customer assignment evidence is real enough to support the public ledger and whether there are conflicting claims. Those questions lower diligence risk. They help buyers, lenders and reviewers distinguish a live network from a seller's unsupported assertion.

The character of the audit changes when the question slides from record accuracy to utilisation judgement. "Can this company prove continuity?" is a hygiene question. "Do we approve of the intensity or timing of its deployment?" is a capital-allocation question. The first can improve the ledger. The second can give the record-keeper an option over a scarce input used by customers, creditors and employees. A serious review starts by pricing that option rather than moralising about it.

That pricing should be kept inside the transaction file. For each record, the reviewer should know the record identifier, the last undisputed holder, the current claimant, the requested action, the evidence gap, the records retained without restriction, the records held back, the number of days each record was uncertain and the capital event exposed during that uncertainty. A gap that does not affect closing, lending, customer continuity or route/delegation service has one incidence profile. A gap that blocks an insolvency sale or makes a lender reserve against the whole estate has another. The same audit question can be cheap or expensive depending on where it lands in the transaction calendar.

Old networks create evidence decay before they create suspicion

Old allocations create an evidence problem before they create a utilisation problem. A holding may have been requested when dial-up, early broadband, cable systems, hosting platforms or university networks produced records unlike those produced by modern inventory tools. The request file may sit in a retired employee's mailbox, a paper archive, a replaced database or a vendor backup. Customer-level records may have been kept for a lawful period and then deleted. Product names may have changed while the underlying network continued to serve the same customers.

None of this proves that a claim is valid. It explains why proof becomes expensive. Evidence decays unevenly. Corporate filings may survive while engineering tickets disappear. Routing visibility may show current operation without proving legal succession. Invoices may establish customer relationships without mapping every address. A network diagram may show deployment without matching the language of an old request. A board minute may prove authority to buy a business without listing every number resource by line item.

The audit has to work with partial indicators. If it demands a perfect historical file that ordinary business practice never created, the cost will fall heaviest on the oldest functioning networks. A fair review tests the proposition in dispute. If the doubt is legal identity, the file should begin with incorporation, merger, name-change, insolvency or asset-transfer evidence. If the doubt is operational continuity, current routing, reverse delegation, customer classes, support records and engineering responsibility become relevant. If the doubt is downstream assignment, aggregated customer schedules and sampled contracts may be enough. The question should be no broader than the uncertainty.

This is where Internet number resources are not political property becomes a practical principle rather than a slogan. A historical holder should not have to prove present virtue to a political community before a record can be recognised. It must be able to prove a credible claim, and the registry must be able to define what evidence would prove or disprove that claim. A missing old spreadsheet is not innocence, but it is not guilt either.

Running operation also belongs in the file. Running-code primacy does not mean that a current announcer owns whatever it announces. It means that live operation is evidence that cannot be ignored merely because a central archive is incomplete. Stable customer sessions, configured access systems, reachable abuse contacts, support histories, network monitoring and reverse delegations can show continuity that a vanished employee's original request cannot. Conversely, an immaculate old file cannot prove current control if the network has disappeared and no successor can be identified.

The cost per record becomes manageable when the audit asks the least costly question capable of resolving the doubt. A dead contact should trigger authority-to-update evidence, not a full business review. A succession gap should trigger the transaction chain, not customer-by-customer utilisation. A disputed assignment class should trigger sampling in that class, not a cloud over the entire estate. Evidence decay is real; it should focus the inquiry, not licence open-ended suspicion.

Corporate succession needs a chain, not a second allocation hearing

The easiest record belongs to a company whose legal name, ownership, network and customer base never changed. That is not the normal data-room case. A Latin American or Caribbean operator may have changed name, merged into another group, bought a competitor, sold a division, entered administration, transferred customers between affiliates or moved billing from one entity to another while keeping service live. Registry fields often flatten those events into one holder line and a few contact fields. A transaction file has to unflatten them.

A share acquisition usually leaves the legal holder in place, even if control changes. An asset acquisition may move customer contracts, network equipment and operating obligations while the seller remains a separate person. A merger may extinguish one company by law. A restructuring may move contracts in stages. An insolvency sale may prioritise keeping customers online, with documentary cleanup following after closing. The audit should first identify which proposition is being tested: same entity under a new name, universal successor, asset buyer of a network undertaking, court-appointed controller, group affiliate or mere operator without resource authority.

Each proposition needs different evidence. A name change may need a registry extract and board authority. A universal succession may need merger instruments and public filings. An asset sale may need schedules, closing evidence and proof that the network undertaking, not just equipment, was transferred. An insolvency sale may need the office holder's appointment, sale order and confirmation that operating responsibility passed. A group-company claim may need proof that the recognised holder authorised the relevant affiliate. Treating all of these as "prove utilisation" hides the legal question and raises cost.

The chain should run from the last undisputed holder to the current claimant. Between them sit corporate acts, sale documents, court papers where relevant, board approvals, customer migration records, network handover evidence and authority for the person dealing with LACNIC. Not every link needs the same weight. The auditor should spend more attention where the chain breaks or where the requested consequence is value-moving. A routine contact correction is different from a transfer that lets sale proceeds leave escrow.

An independent reviewer would not accept a pile of papers as a chain. The usable file would show, in order, the old registry name, the legal person behind that name, the act that changed the person or moved the network, the asset or undertaking covered by that act, the customer or operating estate that came with it, the current company that bears obligations and the officer or adviser authorised to request the registry act. If one link is missing, the remedy is to cure that link. If the sale agreement lists "network assets" but not address records, the question is whether local law and the contract moved the undertaking that depends on those records. If a court order appoints a liquidator, the question is whether that office holder can maintain service, transfer assets or merely preserve value pending a later order. The file should make those distinctions visible instead of hiding them under a generic utilisation demand.

The LACNIC customer-continuity analysis shows why this chain is not a private nicety. Customers may have built security rules, remote connections, hosted services, public portals and payment systems around stable addresses. A buyer that assumes those obligations needs the record to follow operational responsibility. If review freezes the record while demanding proof that only a failed seller could have generated, the loss falls on customers and rescue capital, not on the people who allowed the archive to decay.

Still, continuity cannot be inferred solely from usefulness. A buyer does not acquire every asset it would find convenient. A lender cannot convert collateral desire into registry recognition. The economic case for due process depends on this discipline. Holder protection is not automatic validation. It is the right to know the evidence gap, answer it with relevant proof, receive reasons and preserve the last safe state while a real dispute is resolved.

Portability of number resources matters at this point because a lawful chain should not be trapped by one record-keeper's later preference. If a successor can prove the chain but must satisfy a newly expanded business-judgement test before recognition, the registry is no longer recording a corporate event. It is repricing that event after the fact. A board can budget for missing documents. It cannot sensibly budget for a test that changes from identity to deployment philosophy and then to institutional comfort.

Customer assignments and leases prove accountability without becoming title

Once legal continuity is plausible, the audit reaches the network beneath the record. Here the strongest temptation is a one-to-one inventory. The holder may operate broadband pools, enterprise assignments, hosting ranges, infrastructure addresses, security reserves, transition capacity and blocks delegated to acquired businesses. Some uses are visible on a chosen date. Others are episodic, contractually reserved, quiet for security reasons or held for resilience. A snapshot can help, but it cannot transform every downstream assignment into a separate registry title.

Customer assignments are evidence of deployment under the holder's responsibility. They usually do not mean that each customer becomes the recognised holder of the parent record. This distinction lets an operator change customers, products and topology without reopening the existence of the holding. It also keeps the registry from becoming the master database of retail relationships. The public ledger needs enough truth to preserve accountability, not every confidential customer detail.

Acquisitions complicate the evidence. A buyer may inherit pools labelled under a seller's old products. Customer identifiers may change during migration. Legacy and target billing systems may overlap. An acquired network may run separately for months while traffic and support are integrated. During that period, a single assignment can appear twice, or not appear in the new system at all. A mechanical total can overstate use; an insistence on one modern format can understate it.

Leases, managed services and suballocations require the same precision. The relevant issue is who remains responsible for uniqueness, contact, abuse handling, technical control and return or reassignment at the end of the arrangement. Some contracts give a customer stable use while the provider maintains routing and administrative responsibility. Others move more operational control downstream. Evidence should identify the boundary. It should not convert a utilisation audit into regulation of contract design unless the arrangement makes the registry record materially false.

The capital point is developed most directly in the note on why IPv4 became a real asset and the broader account of IP as capital. A capital input can be deployed through many contracts without ceasing to be part of the holder's operating estate. Equipment may be leased, capacity may be reserved, services may be managed for customers and addresses may support financing assumptions. The audit question is whether control and obligations can be accounted for, not whether the auditor prefers one commercial model.

A useful evidence map has layers. At the top sits the recognised record and legal holder. Below it sit operating networks and acquired estates. Below those sit assignment classes: customers, infrastructure, shared pools, reserves tied to credible orders, managed-service ranges and addresses in migration. The audit can sample supporting material according to risk. It should not require the holder to expose every downstream customer where aggregated evidence, third-party attestation or class-level sampling proves the relevant accountability fact.

The dividing line is falsity. If the holder cannot identify any operating system, responsible team, contract class or plausible history for a substantial part of a record, closer review is justified. If purported customers do not exist or documents contradict one another, the narrow audit has found a real ledger risk. But if the holder can explain the chain and provide representative evidence, expanding the inquiry until every downstream address is individually vouched creates cost without a corresponding gain in uniqueness.

Utilisation ratios are models, not verdicts

A utilisation ratio looks decisive because it produces a number. Count addresses observed as used, divide by addresses treated as available, and the percentage appears to answer whether the holding is efficient. In a transaction file, both numerator and denominator are choices. Which date is observed? What counts as use? Are infrastructure, failover capacity, maintenance ranges, reserved enterprise orders and migration space included? Is the measure taken across the whole estate, each record, each acquired network or each product pool?

These questions are not excuses for refusing evidence. They show that the ratio is a model. It can guide sampling if its assumptions are disclosed. It becomes dangerous when a threshold is treated as objective while its inputs remain discretionary. A holder is then invited to contest the decimal while the categories that generated it sit outside argument.

The numerator is fragile. Traffic observation can miss customers that connect episodically. A covering route can show reachability without identifying assignments inside the block. Configuration files can show planned deployment without proving current customers. Billing records can show customers without proving every address was active during the observation window. Reverse DNS can be incomplete or stale. No single indicator works across all network types, especially in acquired or restructured estates.

The denominator is equally contested. A nominal block contains addresses that perform different roles. Some are unavailable because of technical design. Some are tied to signed orders, disaster recovery, security segregation or planned cutovers. Some are temporarily unavailable because an acquired network is being cleaned. Some support resilience rather than daily sessions. A one-day denominator answers a different question from a twelve-month deployment plan, and both answer different questions from lawful succession.

False precision enters when these choices disappear behind a percentage. The ratio then performs institutional work: it turns classification into arithmetic and arithmetic into authority. If the consequence is a request for explanation, the error may be manageable. If the consequence is a hold, transfer delay or threat to recognition, small classification choices become an option over the asset.

The warning against registry enforcement creep applies here. A ledger function may verify that a record corresponds to a real holder and accountable network. It does not follow that the record-keeper should prescribe the commercially acceptable intensity of deployment. That would make it an investment committee for private networks, without the information, mandate or downside exposure that role would require.

Any ratio used in a contested file should therefore disclose the record measured, the observation period, the definition of use, the treatment of transitional and reserved capacity, the data sources and the consequence attached to uncertainty. The holder should be able to reproduce the result. If two reasonable methods produce materially different outcomes, the decision should preserve that range rather than select the figure most adverse to the holder. Arithmetic is cheap. Unwarranted certainty is expensive.

Sampling must say who owns the inference error

No serious review of a large or old estate can inspect every assignment with equal depth. Sampling is not a concession; it is necessary design. Used well, it lowers the evidence cost per retained record while keeping a credible chance of finding abandoned, unsupported or false claims. Used badly, it lets a small and unrepresentative anomaly cloud an entire holding.

The sampling method should match the question. A random sample can estimate the prevalence of a clearly defined condition if the population is stable. A risk-based sample can investigate areas where contradictions, age, unusual delegation, missing contacts or rapid restructuring make error more likely. These methods answer different questions. Mixing them without explanation gives the auditor room to treat adverse findings as representative and clean findings as inconclusive.

The better approach begins with stratification. Records or sub-ranges can be grouped by evidential condition: stable infrastructure, current customer pools, acquired legacy networks, transitional capacity, downstream assignments, reserves tied to signed or probable demand and unexplained space. A small sample from a low-risk class may be enough. A contradiction in a high-risk class can justify deeper review there without reopening unrelated records. Cost follows uncertainty instead of institutional suspicion.

The crucial rule is escalation. If one contract cannot be found, does that contest one assignment, the surrounding customer class, the component record or every record held by the company? The answer should depend on causal connection. A missing file in one acquired billing system does not automatically undermine a separately documented core network. Fabricated documents supplied by senior management may justify a broader inquiry because they damage trust across the submission. The expansion rule should be known before the exception is found.

Sampling error has an owner. The auditor chooses the sample design, so the holder should not bear irreversible consequences from uncertainty created by that design. If the result is close or sensitive to classification, the proper response is more evidence, another sample or independent review. It is not an immediate adverse action justified by the inconvenience of checking further. Decision power is cheapest when its mistakes are paid by someone else.

This is the bridge between record hygiene and discretionary judgement. A narrow audit uses sampling to decide which ledger facts need more support. A broad audit uses sampling to keep the whole estate contestable until the holder satisfies a moving standard. The first reduces information cost. The second converts the auditor's uncertainty into the holder's capital discount.

The review file should preserve the sample frame, selection logic, class definitions, failed items, clean items, escalation rule and closure rule. If a sampled class passes, the remaining records in that class should not require repetitive proof. If a correctable mismatch appears, the cure should attach first to the affected class. If deliberate falsification appears, broader investigation may be proportionate. Each move is evidence-driven rather than mood-driven.

Cure time is where capital-event incidence becomes visible

Once an audit identifies a gap, time becomes the central price. A cure period is often described as procedural generosity: the holder gets days or weeks to answer. In the data room, cure time allocates cost among seller, buyer, lender, customers and the registry. The same calendar period can be harmless in ordinary maintenance and fatal during a sale, refinancing or insolvency rescue.

A fixed period may be adequate for a dead contact or routine name change. It is less adequate when evidence depends on an insolvency court, a former director, a legacy archive vendor, a buyer's counsel, a customer contract search or translations across several jurisdictions. Delay may reflect evasion, but it may also reflect third-party dependencies. Treating every delay as non-compliance gives the auditor leverage over events the holder cannot fully control.

A useful cure notice should identify the exact deficiency, the evidence that would ordinarily cure it, acceptable alternatives, the initial response date, the review date after evidence is supplied and the consequence of no response. The first deadline can secure engagement. Later time should follow demonstrated dependencies. A holder that answers, preserves evidence and shows a credible path should be treated differently from one that stays silent, destroys records or changes its story.

Concrete timing makes the burden reviewable. The first stage can ask for acknowledgement, preservation of relevant records and identification of the responsible person. The next stage can request the core proof for the stated defect: the name-change certificate, the sale schedule, the appointment order, the customer-class summary, the authority letter or the operational handover evidence. Extensions should be tied to visible third-party dependencies such as a court copy, an archive export, a notarisation appointment, a bank condition or a translated corporate extract. The clock should pause or move differently when the holder is waiting on a third party despite acting diligently. It should accelerate when the holder refuses to name the person responsible for the file.

The incidence is clearest at capital events. A buyer may condition closing on confirmation that records will follow the operating business. A lender may haircut a contested range or hold back a tranche. An insolvency sale may have only a short window before customer contracts and staff leave. A public customer may require stable address authority before renewing service. If a contested record remains unresolved through those dates, a later favourable decision may not restore the lost transaction.

Associated registry-controlled surfaces can magnify the delay. The analysis of routing security as property infrastructure shows how record state can influence whether other actors accept routing assertions. The companion work on DNS delegation power shows why control of related delegation records can affect services beyond the address line being checked. A delay that touches those surfaces is not a neutral wait; it changes bargaining power while review is pending.

This does not mean that every claimed urgency should bind LACNIC. A seller can manufacture closing pressure. A buyer can use a deadline to avoid scrutiny. The holder should show the dependency. The reviewer should test it. Genuine urgency should change procedure, not merits: prioritised review, temporary confirmation of the last undisputed state, staged release of uncontested records or an independent escrow of evidence can preserve value without prejudging the case.

The cure period also needs a stopping rule. If the holder supplies the specified evidence, the auditor should close the issue or explain the remaining contradiction. It should not answer a cured gap with a broader demand unless new evidence justifies expansion. Without a stopping rule, cure is not cure. It is a renewable option to keep the record uncertain.

Capital-event incidence should be recorded at the same time. If a lender has excluded one contested block from collateral, that is different from a lender freezing the whole facility because the audit has no closure date. If an insolvency buyer can close on uncontested records while one class remains under review, going-concern value may be preserved. If the file cannot separate them, delay will price the entire estate as contaminated by the weakest record. The cure design therefore determines whether uncertainty is contained or pooled.

A hold is reversible only if the business can be put back

Institutions often respond to uncertainty with a hold. The word sounds moderate because nothing has been finally decided. In some cases a hold is prudent. A disputed holder-name change should not be executed before authority is established. A contested transfer should not close while two parties claim power to act. A reversible hold can preserve the last trusted state and stop either side from creating facts on the ground.

But not all holds preserve the status quo. A freeze on transfer can stop an acquisition. A restriction on updating contacts can leave the record pointing to departed staff. A pause affecting route-authorisation or delegation changes can impede urgent network repair. A visible review flag can make counterparties withdraw even if technical service continues. What is formally reversible may have immediate and irreversible commercial effects.

Granularity is the first design rule. The hold should attach to the contested action, field or record. If authority to change legal holder is disputed, existing operational contacts need not automatically be frozen. If one component record lacks evidence, unrelated records should remain usable. If the issue concerns a customer assignment class, the parent holding should not automatically become unavailable. Narrow holds prevent one contested item from taxing every retained record.

Granularity also has to match the registry surface affected. A transfer hold is not the same as a contact hold, a reverse-delegation hold, a route-authorisation hold, an account-credential hold or a public dispute marker. Each surface has a different business effect. Blocking sale recognition may preserve value while authority is tested. Blocking contact repair may increase security risk if the old contact is dead. Blocking delegation changes may impair customer service. Publishing a dispute marker may move a lender before any finding has been made. The notice should identify which surface is restrained and why a narrower restraint would not protect the same risk.

Preservation is the second rule. The last undisputed operational state should continue unless it creates a specific, evidenced risk. Existing routing and delegation should not be disrupted merely to increase pressure on the holder. In a transaction, temporary recognition of operational responsibility may be safer than freezing every update until legal identity is fully resolved. Imperfect preservation is often better than forcing customers to bear the dispute.

Confidentiality is the third rule. A hold should not become a public reputation label before the merits are tested. Parties that need to act should receive enough information to act, and the wording should separate unresolved review from adverse finding. Public ambiguity can itself move price. A lender or customer may treat a review marker as a warning even if the underlying issue is a correctable paper gap.

Automatic review is the fourth rule. A hold should expire unless renewed through reasons that identify what remains unresolved, what work occurred and why the restraint remains necessary. This disciplines administrative inertia. It also creates a record for later review: days under hold, records affected, transaction dependencies, evidence requested, evidence supplied and reasons for continuation.

Operational systems provide a reality check. LARUS One is relevant not because a product decides rights, but because practical resource management depends on identity, authorisation and continuity across business systems. The wider LARUS operating context shows why address records do not sit in isolation from customer contracts, support queues, financial planning and live networks. If a hold cannot be lifted in a way that restores those systems, it should be treated as a substantive intervention, not a harmless pause.

The test is concrete. Can the hold be lifted quickly? Can the record return to the state it would probably have occupied absent the hold? Can third parties be corrected? Can lost time be mitigated? If not, the hold is not meaningfully reversible. It is an interim exercise of capital control, and it should require stronger reasons than a routine request for clarification.

The hold log should therefore be treated as evidence, not as internal housekeeping. It should show the start date, the risk category, the records affected, the business event disclosed by the holder, the least restrictive alternative considered, the evidence requested, the evidence received, the renewal reasons and the release condition. This log is what lets a later board or reviewer decide whether the hold preserved the file or created the loss. Without it, the holder is left arguing about tone while the institution controls the clock.

Appeal must arrive before the sale, loan or customer fails

An appeal right can exist and still be economically worthless. If review begins after a sale collapses, a loan defaults, a customer leaves or a network has been forced into migration, a later declaration of error does not restore the original position. Due process is partly a matter of sequence. The holder needs review before the adverse measure causes the harm that review is meant to prevent.

The minimum structure is familiar. The holder receives the case against it, including the evidence category and the rule or contractual condition being applied. It has a fair chance to answer. The initial decision gives reasons that connect findings to consequences. A reviewer independent of the first decision can examine fact, method and remedy. The last safe state is preserved where possible until review is complete. Urgent cases can move quickly, but urgency does not remove the need for reasons.

Independence is not achieved merely by assigning a different employee. The reviewer must be able to reverse the decision, narrow the remedy, criticise the sample design, question the utilisation model and separate uncontested records without institutional penalty. Where the dispute turns on corporate succession, insolvency authority, customer-assignment evidence or network architecture, external expertise may be necessary. The first auditor's confidence is not a substitute for method review.

Why registries must never become enforcers states the structural issue plainly. A uniqueness ledger has a strong reason to correct false entries. It does not acquire general enforcement competence merely because other actors depend on its records. The more the institution moves from recording to sanctioning, the stronger review and liability must become. Otherwise dependence on the ledger becomes immunity for the ledger-keeper.

Appeal timing should follow harm. A routine contact correction may use ordinary review. A threatened hold affecting a live acquisition may need a rapid interim decision and then fuller examination. An insolvency sale may require immediate separation of uncontested records from genuinely disputed ones. A customer-critical change may justify preserving operational authority while legal identity is tested. These are not exemptions from audit. They prevent audit from deciding the dispute through delay.

Reasons should be portable. A holder that prevails should receive a clear record of what was accepted so the same issue is not reopened by a new reviewer without new evidence. A successor, lender or alternative coordination provider should be able to understand the decision. Reviewability and portability attach the result to evidence rather than to personal memory inside an institution.

The cost per contested record should include appeal. If the first stage routinely pushes complex cases into expensive review, the headline audit cost is misleading. Conversely, a precise initial notice and a quick independent appeal may reduce total cost even if the appeal mechanism itself requires resources. Good process prevents the most expensive category of error: a correct decision delivered after it can no longer protect the network.

Liability is the missing price of discretion

Every utilisation audit creates two broad risks. A false negative leaves an abandoned, fictional or materially false record uncorrected. A false positive burdens a legitimate holder, delays a transaction or triggers an unjustified restriction. Institutions tend to emphasise the first because it fits the duty to keep accurate records. The second is easier to externalise: the holder pays advisers, customers absorb disruption and investors discount the business.

The asymmetry is the practical danger described in registry power detaching from liability. If broad requests and aggressive interim measures impose no cost on the decision-maker when mistaken, caution points in only one direction. The auditor can always ask for more, wait longer or widen the sample. Restraint carries reputational risk if a false record later emerges. Overreach carries little institutional risk unless review and remedy make the error visible.

Liability does not mean every mistaken judgement produces damages. That would make ordinary record correction unworkable. It means discretion is paired with defined responsibilities: ask for relevant evidence, act within time, preserve uncontested records, explain decisions, protect confidentiality, review before irreversible harm and repair foreseeable harm caused by clear error. Different failures call for different remedies.

A clerical mistake may need correction and notice. An unjustified public flag may need an equally visible correction. Delay caused by ignoring evidence already supplied may justify fee relief or cost shifting under an agreed framework. Reckless or bad-faith interference may need stronger remedy. The legal route will vary by contract and jurisdiction. The economic principle is stable: the party controlling the error-producing method cannot be wholly insulated from the downside of that method.

Liability also improves audit design. If the institution may have to explain why a document was requested, it is more likely to define the proposition under review. If delay has a consequence, cases are triaged by harm as well as administrative convenience. If a reviewer can award practical redress, interim measures become narrower. These changes reduce total audit cost without weakening the ability to correct demonstrably false records.

The multi-stakeholder mirage is relevant because participation is not accountability. A holder may have been able to comment on general rules and still lack an effective remedy when a particular decision causes loss. Consultation can improve policy, but it does not make the decision-maker bear the cost of a mistaken application.

Liability also runs toward the holder. Deliberate falsification, destruction of relevant current records or knowing misrepresentation should expose the holder to consequences. Symmetry does not mean equal outcomes regardless of conduct. It means each side bears the risks it controls. The holder controls truthfulness and reasonable preservation of current evidence. The auditor controls relevance of demands, interpretation of uncertainty, speed of decision and scope of interim action.

The data-room version of liability is a risk register. For holder-controlled risk, the register should show whether evidence is missing because it never existed, was lawfully expired, was lost through poor preservation or was intentionally withheld. For auditor-controlled risk, it should show whether the question was relevant, whether a narrower request was available, whether evidence was reviewed when supplied, whether uncontested records were released and whether review was available before harm. The same word "uncertainty" covers very different failures. A risk register prevents them from being charged automatically to the holder.

This symmetry separates the legitimate audit from discretionary capital control. A narrow audit is powerful against records that no real entity can support or that rest on fabricated material. It becomes dangerous when honest uncertainty is treated the same way while the institution remains immune from its own inference. Liability is the price signal that distinguishes deception, decay and discretion.

NRS can lower proof cost without becoming another regulator

The constructive institutional answer is not to create a second body with the same discretionary powers. The Number Resource Society is useful only if it occupies a different layer. LACNIC remains a narrow uniqueness ledger for its service region. NRS can operate as a membership, governance and strategy institution through which holders preserve evidence, share case knowledge and support review when continuity is contested.

Its first useful role is evidential preparedness. Members can maintain a portable continuity pack before a transaction or insolvency exposes gaps: corporate identity, succession history, authorised contacts, operating responsibility, major assignment classes, relevant contracts, legacy-system explanations, review history and locations of supporting evidence. The pack should not become a central copy of every customer record. Its value lies in documenting the chain and the map to evidence so new management can reconstruct the file when original staff are gone.

The second role is pattern recognition. A single holder sees one audit. A membership institution can identify recurring demands, inconsistent ratio methods, expanding sample perimeters, slow cure decisions and ineffective remedies. A carefully handled case archive can turn isolated disputes into institutional memory without exposing confidential customer data. That helps members and independent reviewers distinguish a genuine anomaly from a repeated form of discretion.

The third role is dispute support. NRS Shield is best understood as support for continuity, review and remedy, not a promise that every holder's claim is correct. The practical functions are concrete: define the contested proposition, preserve operating evidence, coordinate legal and technical analysis, seek a narrow hold, press for appeal before avoidable harm and ensure that reasons are portable. Good support improves proof on both sides. It does not replace proof with solidarity.

NRS must remain proportionate. It should not decide how much utilisation is virtuous or become the positive mirror image of registry control. Its legitimacy comes from membership and holder-side strategy. It can support independent review without claiming that membership proves title. It can insist that running networks matter without treating current routing as sufficient ownership. It can demand liability symmetry while recognising consequences for holder deception.

The practical boundary is certification. NRS can help a member prepare an evidence pack, explain why a demand is overbroad, identify a missing succession link, recommend independent review and preserve confidential case learning. It should not sell a badge that says a holder's use is good, or a conclusion that binds the public ledger. If it did, it would invite the same category error: one institution's comfort would be mistaken for proof. Its value lies in lowering proof cost and improving review quality, not in replacing the decision-maker.

This separation creates a healthier market in governance services. If continuity packs, independent attestations and review standards become portable, the record-keeper has to explain why it rejects reliable evidence rather than relying on holder dependence. Holders gain a practical way to lower evidence-and-delay cost per record. The ledger remains technically narrow. The positive future-facing organisation is not another ministry; it is an evidence and accountability layer that helps the data room close with less avoidable uncertainty.

The closing question is whether uncertainty was reduced or shifted

At the end of the file, the board, lender or independent reviewer should not ask how forcefully utilisation was asserted. It should ask whether the exercise made the ledger and the business more knowable at a proportionate evidence-and-delay cost per retained or contested address record.

The first question is scope. What doubt justified review? If the concern was a dead contact, did the inquiry remain focused on authority and current details? If it was corporate succession, did the auditor identify the break in the chain? If it was deployment, did the decision explain which evidence contradicted the claim? A notice that begins vaguely and expands whenever the holder answers is evidence of transferred uncertainty, not successful verification.

The second question is burden. For each retained or contested record, what did the holder have to reconstruct, from whom and at what delay? Were old allocations tested with evidence that could reasonably survive their age? Were acquired networks assessed as transitional estates rather than forced into one artificial snapshot? Were customer assignments and leases used to prove accountability without turning the registry into manager of downstream contracts? The reviewer need not accept a weak archive. It must ask whether the requested proof could actually prove the proposition.

The third question is measurement. Can another competent reviewer reproduce the utilisation model? Are numerator, denominator, date, treatment of reserves and consequence of uncertainty explicit? Was the ratio used to direct sampling or allowed to determine entitlement? If reasonable classifications produce different results, did the decision preserve that uncertainty or hide it behind a precise figure? A model that cannot be reproduced cannot safely support an irreversible consequence.

The fourth question is time. How many days was each record uncertain? Which sale, loan, restructuring or customer dependency was exposed during that period? Did the cure notice specify a route to closure? Were third-party delays distinguished from evasion? Did the auditor decide once the requested evidence arrived? No invented monetary figure is needed. The sequence can show whether delay was a necessary cost of accuracy or an unpriced instrument of leverage.

The fifth question is interim action. Did a hold preserve the last safe state, or did it freeze the changes needed to keep the network functioning? Was it limited to the contested field or spread across unrelated records? Could it expire without a new reason? Was review available before harm? If lifting the hold could not restore the transaction, customer or operating position, the measure was substantive whatever label appeared on the notice.

The sixth question is remedy. Who could reverse the initial judgment? What assumptions were open to challenge? What happened if the auditor was wrong? Were holders responsible for false submissions while the institution remained responsible for irrelevant demands, avoidable delay and disproportionate restrictions? A process that prices only holder error will predictably find too much holder error.

The board can then distinguish three outcomes. In the first, the audit corrected a stale contact, confirmed succession, documented operating classes and closed the record. Evidence cost was finite; delay narrowed as questions were answered; the ledger became more useful. In the second, a real contradiction remained after proportionate review. The affected record stayed contested, but unrelated records and operations were preserved and timely independent review remained available. Uncertainty was contained. In the third, the auditor demanded increasingly detailed proof, changed its measure, widened the sample, imposed a commercially harmful hold and offered review only after the consequence. The file may be thicker, but risk has merely moved from the record-keeper to the holder.

That final distinction is the economic verdict. A useful LACNIC utilisation audit makes uncertainty smaller, more specific and cheaper to resolve. It can expose abandonment or falsification without treating every old network as suspect. It respects corporate succession, acquired operations and customer arrangements as evidence of continuity. It uses ratios and samples as fallible tools. It gives cure a real endpoint, keeps holds reversible, permits appeal before loss and assigns liability to the party controlling each error.

The board, lender or independent reviewer should approve the exercise only on that basis. The question is whether the ledger now corresponds more closely to lawful, running reality at a proportionate evidence-and-delay cost per retained or contested address record. If the holder carries more uncertainty than before while the auditor carries none, the exercise did not clean the record. It capitalised discretion.