- AFRINIC’s liability is contractually capped at just $100 despite its control over critical internet resources across Africa.
- Ongoing litigation and governance uncertainty reveal deeper structural flaws in the global RIR model.
The Relay Runner
On March 9th 2026, a company called Skyconnect filed a plaint in the Supreme Court of Mauritius. The target was AFRINIC, Africa’s Regional Internet Registry—the body that holds authority over every IP address used across an entire continent. The grievance was a policy on transferring IPv4 addresses that AFRINIC’s board had ratified on 4th of February.
To the uninitiated, this looks like another tedious legal squabble. To those who have followed Africa’s internet governance, it looks like something else: the latest relay runner in a long proxy war.
AfroDIG, an African internet-governance forum, said as much on March 11th. “Are we looking at a genuinely new actor moved by principle,” it asked, “or at the latest relay runner in a campaign that has spent years trying to keep Africa’s Regional Internet Registry too litigated to govern?” The piece noted it had “not seen evidence proving that Skyconnect is formally instructed by Cloud Innovation”—a company at the centre of previous legal battles with AFRINIC.
Two days later, The Register—a British technology news website—carried AFRINIC’s response. The registry said it faced “a web of litigation and procedural roadblocks” showing “an intention to disrupt and/or paralyse Africa’s sole Regional Internet Registry”. Legal fees had already cost “millions of dollars”.
Lu Heng, CEO of Cloud Innovation, offered a different framing on March 16th. “This is not merely a dispute about Cloud Innovation or litigation tactics,” he wrote. “The real issue is structural: the present registry model concentrates high-consequence power over economically critical internet number resources while disconnecting that power from commensurate legal and financial liability.”
All three narratives are compelling. All circle a deeper question none fully answers.
Also Read: If AFRINIC’s new board has nothing to hide, why is it so afraid of a simple factual question?
The $100 Question
Beneath the courtroom drama lies a quieter, stranger story. It concerns a contractual clause so ordinary that most members of AFRINIC probably never noticed it, and so extraordinary that it should alarm anyone who depends on the African internet.
AFRINIC’s Registration Services Agreement limits the registry’s liability to “the greater of the previous six months’ fees or US$100”.
Let that number settle. One hundred dollars. In Port Louis, the Mauritian capital where AFRINIC is incorporated, that buys a good dinner for two at one of the city’s posh restaurants. It also amounts, according to AFRINIC’s own filings, to what the organisation pays its legal firm in an hour.
The Number Resource Society (NRS), a group of network operators, spelled it out. “A private company incorporated in Mauritius would retain administrative authority over IP address resources used by telecommunications carriers, ISPs, cloud providers, data centers, financial institutions, universities, and government networks across the AFRINIC region—while bearing at most USD 100 in liability for the consequences of its decisions.”
The letter warned of “renewed attempts to obtain immunity”, and of a “regional lock” that would reduce operators’ “practical exit options”. Put together: low liability, plus stronger immunity, plus fewer escape routes, equals a single point of high-consequence power with no meaningful downside.
Clerk to Gatekeeper
Why does this matter now, when it did not matter before?
The answer lies in what IPv4 addresses have become. When the Regional Internet Registry system was designed in the 1990s, addresses were plentiful. The registries’ job was clerical: keep records, coordinate allocations, ensure no one used the same number twice. Limitation-of-liability clauses made sense for an administrative function with limited consequences.
That world no longer exists. IPv4 exhaustion means addresses are now scarce, transferable, and monetisable. AFRINIC manages only 7.23 /8s of IPv4 space for a continent with a very low ratio of addresses per internet user. A registry decision can affect whether a network can operate, whether resources can be sold or moved, whether routing remains credible.
Yet the legal shell has not changed. The registry exercises sovereign-grade practical consequence while retaining service-provider-grade responsibility. In ordinary commerce, parties can negotiate, switch providers, insure, or walk away. Here, members do not meaningfully negotiate the institutional architecture. The registry can affect continued recognition, transferability, or status of resources—and the remedy remains symbolic.
Other RIRs have similar liability caps, though they operate in more stable environments. What distinguishes AFRINIC is the context: an institution facing millions in legal fees, with an unvalidated board, governing the scarcest IPv4 resources of any region. The $100 cap was written for a clerk. It now protects a gatekeeper.
Who Holds the Keys?
Compounding the liability question is an unresolved one: who, exactly, is running AFRINIC?
The NRS letter notes that the current board “has not yet been validated by the court”. A court-appointed receiver conducted an election in September 2025 and filed an application asking the court to validate the directors. That application has not yet been decided.
AFRINIC’s member update on March 12th acknowledged the complexity. It said the newly elected directors had resumed duty “in line with the Companies Act of Mauritius”, but noted that the receiver’s application for discharge “has been heard, and judgment is now awaited”.
The election itself has drawn scrutiny. The purported board received “over 90% of the votes” in what was described as one of the most contested AFRINIC elections. The NRS says it has “gathered evidence indicating that some members whose names appear in the voter register have stated that they did not cast a vote”.
None of this has been adjudicated. But it adds to the uncertainty surrounding an institution that already faces questions about its accountability.
Also Read: CAIGA’s rise and AFRINIC’s challenges: What comes next?
The Design Flaw
What, then, is the way forward?
Heng Lu’s March 16th analysis argued that the institutional shell was built for an earlier world and now governs a different one. “The present RIR coordination model cannot survive in its current form once number resources become economically serious,” he concluded. Only two coherent end states exist: decentralisation or radical reconstruction.
What will not work, he warned, is more of the same. “More immunity is not a cure; it widens the gap between power and consequence. More governmental control is not a cure; it converts a registry crisis into a sovereignty contest while leaving the liability structure unresolved.”
ICANN and the NRO has weighed in on governance in previous interventions, warning about “unlimited powers of attorney” and “the perception of outsized influence by one member”. These are legitimate concerns. But they leave untouched the structural question: why should any institution hold such consequence-heavy authority with such consequence-light accountability?
The Uncomfortable Questions
For governments, telecoms regulators, banks, cloud providers and IXPs, the relevant questions are not about who is suing whom. They are more practical, and more uncomfortable.
Consider a telecommunications operator in Nairobi whose entire network depends on IP resources registered through AFRINIC. If a registry decision tomorrow caused that network to lose routing credibility, the operator’s damages could exceed its annual revenue. AFRINIC’s exposure, by contract, would not exceed $100. The asymmetry is not a bug in the system. It is the system.
Or consider a government digital-services agency that has built national infrastructure on the assumption that the registry layer is stable and neutral. If the board implementing policy has not been validated by the court, on what authority does that policy rest?
Then there is the question of exit. AFRINIC’s ratified policy allows controlled transfers within the region, but AFRINIC-issued pool resources cannot be drained out. Once you are in, you cannot leave.
These are questions that chief technology officers, general counsels, and infrastructure ministers will need to answer—before the next plaint is filed.
When the Gatekeeper Fails
The Skyconnect plaint will eventually be decided. The “proxy war” narrative will be confirmed or debunked. AFRINIC may yet stabilise, or fracture further.
But these are the surface currents. Beneath them runs a deeper story about power, liability, and the institutional architecture of the internet itself.
The RIR system was built for a world that no longer exists—one where addresses were plentiful, registries were clerical, and limitation-of-liability clauses were harmless boilerplate. That world has vanished. Addresses are now scarce, transferable, and economically consequential. The registries that once kept records now keep gate. Yet the legal shell remains unchanged, a clerical costume on a quasi-sovereign body.
AFRINIC is not uniquely culpable. It is uniquely exposed. The same liability caps exist at ARIN and RIPE NCC. But AFRINIC governs the scarcest IPv4 resources of any region and faces litigation that has already cost millions.
When the gatekeeper fails, who bears the cost? The answer, for now, is everyone except the gatekeeper.
The liability question will not be answered in the Supreme Court of Mauritius. It will be answered in the boardrooms of telecoms operators and the ministries of digital infrastructure, where decision-makers must decide whether to accept a bargain written for a clerk—but enforced by a gatekeeper.
