Summary

  • AFRINIC's receiver can possess, preserve, manage, and delegate work concerning the company, but those legal powers do not by themselves supply the expertise needed to approve registry changes, protect cryptographic trust, or distinguish routine service from policy-making.
  • A defensible operating model separates authority, technical execution, and accountability for every material action, with stronger controls for resource transfers, revocations, RPKI changes, reverse DNS, credentials, and constitutional decisions.
  • The receiver's exit cannot be measured only by the election of directors. It requires a documented handback of credentials, queues, contracts, delegated powers, incidents, disputes, and unresolved technical risk to a board and executive team capable of accepting them.

A corporate office holding an Internet institution

The appointment of an official receiver to AFRINIC produced a category problem that legal documents alone cannot solve. A receiver is a corporate office-holder. AFRINIC is a company, but it is also the Regional Internet Registry responsible for administering Internet number resources across Africa and the Indian Ocean region. The same legal order that places company property, contracts, staff, and litigation under temporary control therefore reaches services whose mistakes can affect routing security, resource-holder rights, reverse DNS, registry data, and the ability of networks to prove that route announcements are authorised.

That does not turn the receiver into a network engineer. Nor does it make registry operations judicial functions. It creates a bridge: the court supplies lawful control at a moment when ordinary corporate organs cannot act, while technical professionals continue to operate systems that cannot wait for a governance dispute to end. The bridge is necessary precisely because the two forms of authority are different. If they are treated as interchangeable, a legally valid appointment can become an operationally opaque command structure.

If they are kept too far apart, staff may continue essential services without a clear chain of approval for exceptional decisions.

The public record establishes the bridge's legal origin. A September 2023 court order, summarised by the Number Resource Organization, appointed the Official Receiver to preserve AFRINIC's assets and business value, maintain the status quo, oversee an election under the organisation's constitution, facilitate a properly constituted board, and appoint a chief executive. The Court of Civil Appeal later restored that order after finding that an attempted appeal had not been authorised by the company.

In February 2025, a further court order appointed Gowtamsingh Dabee as receiver in place of the Official Receiver and directed him to expedite the board election.

Those steps explain who may act for the disabled company. They do not fully explain what acting for a live registry should mean. That missing translation is the core governance question.

The mandate is preservation, not unlimited substitution

The recurring phrase in the receivership record is to "hold the ring": preserve the status quo, protect assets, and maintain business value while a board is reconstituted. The phrase is useful because it rejects two misleading extremes. The receiver is not a passive custodian who can lock the doors and wait. Registry services, staff instructions, cyber security, vendor payments, contractual renewals, and member requests demand continuing decisions. But the receiver is also not a replacement membership, permanent board, technical standards body, or regional policy community.

Mauritius's Insolvency Act gives a receiver substantial powers. Section 190 ties those powers to the appointing instrument or court order and, subject to that order, to the Eighth Schedule. The schedule permits possession and control of company property, continuation of the business, inspection of books, execution of documents, engagement or discharge of employees, appointment of professional advisers, and use of agents for work the receiver cannot reasonably perform personally. The powers are broad enough to keep a company operating.

Their legal breadth, however, is not evidence that every possible registry decision advances the purpose for which the receivership exists.

Purpose matters. A payment that keeps a repository online is readily connected to preservation. Replacing an expired certificate or repairing a failed service can be similarly necessary. A routine allocation that satisfies settled policy may preserve the registry's ordinary service. By contrast, changing the substantive conditions under which number resources are allocated, deciding a contested revocation with regional consequences, rewriting membership rights, or binding a future board to a strategic reorganisation could alter the institution rather than preserve it.

The correct boundary cannot be a slogan such as "business as usual." It has to be a decision rule. The receiver should be able to show that an action was necessary to protect service continuity, comply with an existing legal or policy obligation, avoid irreversible harm, or carry out an express judicial mandate. Where the action instead creates new policy, redistributes constitutional authority, or forecloses choices for the restored organs, the presumption should run toward deferral or a specific court direction.

Internet administration is a chain of controlled changes

AFRINIC's work is often described through nouns: addresses, autonomous system numbers, Whois records, RPKI certificates, reverse DNS, members, and policies. The operational reality is a chain of changes. A request is received. Identity and authority are checked. Policy criteria are applied. A decision is reviewed. Registry records are changed. Related services are updated. Cryptographic or DNS effects may be published. The result is logged, communicated, and made available for later audit or dispute.

Each link carries a different risk. A public information page can usually be restored without changing a resource-holder's rights. Correcting a contact detail may be reversible, although identity fraud makes even that task sensitive. Approving a transfer can alter who controls scarce resources. Revoking resources can affect a network's business and the routes it originates. Publishing or withdrawing a Route Origin Authorisation can change how networks using Route Origin Validation classify an announcement. Changing reverse DNS delegation can redirect an operational dependency.

Rotating repository or administrative credentials can protect the system, but mishandling the rotation can also lock out legitimate operators.

RFC 7020 describes the Internet Numbers Registry System as a hierarchy that maintains accurate registration data and distributes number resources. That architecture is administrative rather than a command over global routing: AFRINIC does not instruct every network which route to carry. Yet administrative changes can influence routing relationships and the evidence on which other operators rely. This makes the receiver's position unusually consequential.

The office-holder may not touch a router, but an instruction to staff can authorise a registry action that travels outward through RPKI, IRR, Whois, RDAP, DNS, member systems, and contractual expectations.

The relevant unit of governance is therefore not the receiver's job title. It is each controlled change and the authority attached to it. A trustworthy receivership should make that chain legible without exposing credentials, private member data, or security-sensitive procedures.

Authority, capability, and accountability must remain separate

Three questions should accompany every material registry action. Who has the legal authority to approve it? Who has the technical capability to assess and execute it safely? Who is accountable for the evidence, review, and consequences? During normal governance these questions may be distributed among the board, chief executive, policy community, hostmaster teams, security officers, and members. Receivership compresses the top of the hierarchy, making explicit separation more important rather than less.

The receiver supplies corporate authority within the court order and legislation. Specialist staff supply operational knowledge. External professionals may supply security, legal, audit, or election expertise. None should silently borrow the others' legitimacy. An engineer should not decide that a disputed action is legally authorised merely because it is technically possible. The receiver should not decide that a high-risk registry change is safe merely because the office can instruct staff. A consultant should not become the unrecorded decision-maker simply because the receiver is permitted to appoint an agent.

This separation can be expressed in a decision record. For a consequential request, the record should identify the applicable policy or legal basis, the requester's verified authority, the technical assessment, the operational reviewer, the corporate approver, conflicts considered, expected external effects, reversibility, and post-change checks. The public does not need the member's confidential documents. It does need assurance that the action passed a defined control path rather than the discretion of an unidentified temporary authority.

Accountability also requires negative evidence: requests rejected, paused, or escalated because authority was uncertain. A receivership that reports only successful service delivery conceals the boundary work that matters most. Deferred actions reveal whether preservation is functioning as a real constraint. Without that record, later directors inherit outcomes but cannot tell which decisions were routine, which were exceptional, and which were made only because the ordinary organs were absent.

Delegation is a power, not a capability certificate

The Insolvency Act anticipates that a receiver will need help. The Eighth Schedule permits appointment of solicitors, accountants, other professionally qualified persons, and agents for tasks the receiver cannot reasonably do. For a registry, that authority is indispensable. No single office-holder can personally assess registry policy, infrastructure security, certificate publication, abuse reports, employment obligations, procurement, litigation, and electoral administration.

Yet the ability to delegate creates its own governance problem. "The technical team handled it" is not an adequate allocation of responsibility. Delegation should name a function, its limits, its duration, and the decisions reserved to the receiver or court. It should also address conflicts. A long-serving employee may possess essential knowledge while also being a witness to disputed events. A vendor may be uniquely capable of maintaining a platform while having commercial incentives concerning renewal or replacement.

A legal adviser may explain litigation risk without being qualified to determine the operational effect of a resource change.

A capability map would make these distinctions concrete. It should cover registry request validation, resource certification, repository operations, registry data services, DNS, identity and access management, infrastructure security, incident response, member support, finance, procurement, legal compliance, and election systems. For each function, the receiver should know the primary operator, independent reviewer, emergency substitute, credential dependencies, vendor dependencies, and the point at which receiver approval is required.

This is not a demand that sensitive staff rosters or architecture diagrams be published. It is a demand that the temporary controller possess and test the map. Public reporting can describe the control design at a safe level: dual approval for high-risk changes, separation between request validation and execution, periodic access review, tested recovery, and an escalation route for contested authority. Delegation becomes defensible when it is bounded and reviewable, not when it merely moves a decision out of sight.

A five-tier boundary for registry decisions

The receivership would be easier to assess if registry actions were grouped by their effect. A practical model has five tiers.

The first tier is preservation of existing service state. It includes keeping systems powered and patched, paying critical vendors, renewing necessary certificates and domains, maintaining backups, responding to attacks, and restoring a failed service. These actions are usually time-sensitive and closely tied to the preservation mandate. They still require controls, but delay may itself cause harm.

The second tier is routine, reversible administration under settled policy. Examples include ordinary contact maintenance, standard responses to support requests, or resource actions that meet established criteria and do not involve a dispute. These should continue if the validation and review chain remains intact. Their aggregate volume and ageing should be reported so continuity can be assessed.

The third tier comprises high-impact or difficult-to-reverse changes: transfers, revocations, major allocations, contested membership status, changes to RPKI authority, reverse DNS delegations, key rotations, privileged access, and material vendor substitutions. These need enhanced review, explicit legal basis, conflict checks, and a preserved evidence trail. If authority or effect is disputed, the receiver should consider court directions rather than treating urgency as self-proving.

The fourth tier is institutional policy and constitutional choice. Changing allocation policy, membership voting rights, fee architecture, regional representation, or the basic distribution of powers ordinarily belongs to the policy community, members, and duly constituted board. A receiver should not make such choices unless an express order or unavoidable legal duty requires it.

The fifth tier is the restoration mandate itself: election arrangements, board constitution, executive appointment, and eventual handback. These actions are temporary but transformative. They require procedural fairness, published reasons, and safeguards against a temporary office selecting the terms of its own succession. The tiers do not eliminate judgment. They force judgment to occur in the right category.

Routine service is not the same as harmless service

Calling an action routine can disguise cumulative risk. A steady stream of individually ordinary updates may change the registry's practical state over months or years. Backlogs can privilege those able to escalate. Conservative interpretations can deny legitimate requests without creating a dramatic event. Emergency access granted temporarily can become permanent through neglect. Vendor extensions can harden into long-term dependency. A freeze intended to prevent disputed changes can impose costs on members whose networks continue to grow.

Receivership therefore needs more than a list of exceptional approvals. It needs service-level observation of routine decisions. The receiver and future board should be able to see request arrivals, completions, age distribution, escalations, rework, rejected requests by reason, security incidents, changes to privileged access, and unresolved disputes. These measures should be segmented by service sufficiently to reveal where apparent continuity rests on delay.

The aim is not to convert staff into producers of statistics for their own sake. It is to distinguish preserved capability from a facade of availability. A registry website can respond while difficult member requests accumulate. An RPKI repository can remain reachable while authorisation changes cannot be processed. Whois or RDAP can serve records while the underlying data becomes stale. A finance system can pay salaries while the organisation lacks a lawful process for longer-term commitments.

Routine actions also need a rule for precedent. A temporary decision made under unusual conditions should not automatically bind the restored organisation as if it were settled interpretation. Decision records can mark whether an action follows established practice, resolves an ambiguity for the case only, or creates a proposed interpretation for later ratification. That distinction protects both staff, who need to act, and members, who should not lose policy authority through the accumulation of emergency decisions.

High-risk resource actions demand dual control

Number-resource administration combines legal entitlement, policy compliance, identity proof, and technical publication. A high-risk action should not be completed by one person moving seamlessly from request review to final execution. The receiver's operating model should require dual control across organisational and technical authority.

Consider a disputed transfer. The corporate question is whether AFRINIC may recognise the transaction under applicable policy, contract, and court constraints. The identity question is whether the parties and their representatives are genuine and authorised. The technical question is which records, certificates, route objects, DNS delegations, and service permissions will change. The operational question is how the change can be verified and, if necessary, reversed. The accountability question is what evidence can later be shown to the parties, a court, or a restored board.

No single signature answers all five. A sound record would require independent validation of the request, a documented interpretation of the controlling rule, technical impact analysis, approval by the designated authority, execution by a separate privileged operator, and post-change verification. Particularly sensitive actions should carry a delay window unless immediate action is needed to prevent demonstrable harm. Emergency use should be reviewed after the fact by someone who did not authorise or execute it.

RPKI adds cryptographic urgency. A certificate or ROA change may be small in a user interface while materially affecting route-validity signals consumed by networks. Repository credentials and signing systems are therefore not simply company assets to be held. They are operational trust instruments. Access should be narrowly assigned, logged, periodically recertified, and included in handback testing. The receiver need not publish key-management details. The office should be able to attest that control does not rest on an informal personal arrangement or an unreviewed legacy account.

Cyber security turns temporary control into a threat model

A governance rupture is also a security condition. Attackers know that authority is changing, directors are absent, staff may be uncertain, and vendors may receive unusual instructions. A receiver's appointment can trigger legitimate resets of signatories and privileges, but the same transition creates opportunities for impersonation, social engineering, insider abuse, and mistakes made under pressure.

The threat model should begin with identity. Who can instruct banks, cloud providers, domain registrars, certificate authorities, repository operators, election vendors, and employees? How do those parties verify an instruction from the receiver or a delegate? Which former authorities have been removed? Which emergency accounts exist, and who reviews their use? A court order establishes authority in law; operational counterparties still need a secure way to recognise it.

Privileged access should be inventoried by function, not merely by employee. Accounts shared by teams should be eliminated where feasible. Credentials controlled by departed directors or vendors should be rotated through a planned sequence that avoids service interruption. Multi-person approval should cover changes to root administrative roles, signing systems, DNS, public repository configuration, backups, and critical payment instructions. Logs should be stored so that the person whose activity is recorded cannot unilaterally alter the record.

Incident response also needs a temporary-authority protocol. A security team may have to isolate systems or suspend a service before the receiver can examine the details. The protocol should define emergency technical authority, notification deadlines, legal escalation, restoration approval, and later review. Otherwise, either the receiver becomes a bottleneck during an attack or staff act without a recognised corporate mandate.

The public-interest point is straightforward: preservation includes preserving the integrity of authority. Uptime achieved through uncontrolled credentials is not continuity. It is deferred failure.

The receiver cannot inherit the policy community

AFRINIC's bylaws and the wider Regional Internet Registry model distribute authority among corporate organs, members, and a bottom-up policy process. Receivership can fill a corporate vacuum temporarily, but it cannot absorb the legitimacy of all those constituencies. This distinction is especially important when an operational request exposes a policy ambiguity.

Staff routinely interpret policy to decide individual requests. Under a functioning governance structure, difficult interpretations can be reviewed, appealed, clarified, or changed through recognised channels. During receivership, those channels may be weakened. The temptation is to elevate the receiver's decision into a substitute policy. That solves the immediate case but creates a new problem: an office appointed for preservation would become the author of regional resource rules.

A better approach is to minimise irreversible interpretation. Where settled policy clearly applies, staff can act. Where facts are contested but the rule is clear, enhanced evidence and review may resolve the case. Where the rule itself is ambiguous and the decision would set a material precedent, the receiver should preserve options: defer if harm is manageable, seek a narrow judicial direction if legal authority is the issue, or issue a case-specific interim decision explicitly reserved for later review.

This restraint should extend to strategic commitments. Major restructuring, relocation, merger, or transfer of control was expressly restrained in the September 2023 order as summarised by the NRO. The same preservation logic should inform less dramatic choices that could nevertheless bind the future board, such as long exclusive vendor terms, irreversible platform replacements, or permanent changes to member-facing rights.

Restraint is not administrative paralysis. It is the recognition that technical necessity and constitutional legitimacy travel on different clocks. The receiver's task is to keep the former functioning without confiscating the latter.

Elections are part of the operating boundary

The court did not appoint a receiver only to maintain servers. It attached a restoration objective: conduct an election, facilitate a properly constituted board, and enable executive leadership. That objective makes electoral administration part of the receiver's operational role, but not an ordinary extension of registry control.

The receiver may possess member records and company systems needed to identify voters, communicate notices, contract an election provider, and certify procedural steps. That access is powerful. The same office may also be making decisions about membership status, good standing, authorised representatives, or disputed records that affect the electorate. A restoration election therefore requires separation between those who manage registry or membership data and those who decide voter eligibility or electoral challenges.

The receiver's legal control cannot be treated as proof that every electoral input is correct. A court can authorise the process and set deadlines. It does not automatically validate the membership register, cure conflicting representation documents, or reconcile disputed proxies. Those functions require published criteria, evidence standards, appeal paths, and independent oversight. The receiver must be able to show that access to company records did not become discretion to shape the electorate.

This matters to the exit plan. A board is not merely a set of names produced by a vote. It is the corporate body to which powers, credentials, liabilities, and unfinished decisions will be returned. If the election's evidentiary foundation is weak, the handback begins under challenge. Conversely, an election that is procedurally defensible gives the receiver a legitimate counterparty capable of accepting control.

The restoration mandate and the technical mandate therefore meet at one point: the quality of the institution that receives the registry back.

Reporting should prove controls without exposing the registry

Receivership reporting often falls into two unsatisfactory forms. One is celebratory reassurance: services continue, staff are committed, progress is being made. The other is legal chronology: orders, hearings, appointments, and filings. Both are relevant, but neither demonstrates how a temporary controller is governing a critical technical institution.

A useful public report would organise information by control objective. For service preservation, it could state whether critical services met defined availability and recovery targets, identify material incidents, and disclose the age distribution of unresolved requests. For resource administration, it could report volumes of routine and enhanced-review actions, disputed or deferred cases, and whether any emergency powers were used. For security, it could confirm periodic privilege reviews, tested recovery, material credential transitions, and independent assurance without revealing exploitable details.

For governance restoration, it could report milestones, decisions, challenges, extensions, and outstanding dependencies.

The report should also distinguish assertion from verification. "Operations remained normal" is an institutional conclusion. Evidence would include service-specific observations, change records, queue measures, incident records, and external tests, each with stated limitations. "No unauthorised change was found" is more meaningful if the review population, period, and reviewer are identified. "The election is on schedule" should be accompanied by completed dependencies and known risks.

Legal confidentiality, member privacy, and security do impose limits. They do not require silence about control design. The receiver can publish ranges, aggregate measures, reasons for withholding detail, and independent attestations. Transparency is most valuable here not as a flood of documents, but as an explanation of how power is constrained.

Court directions should be used for boundary disputes, not operations by default

A receiver who faces a serious ambiguity may return to court for directions. That safeguard is important because the office derives authority from the order and legislation. It is particularly appropriate where an action could exceed preservation, prejudice litigants, reshape member rights, or expose the receiver to conflicting legal duties.

But judicial directions cannot become the routine operations desk. Courts are not designed to approve ordinary registry tickets, assess network security changes, or continuously supervise infrastructure. Excessive referral would slow services and invite legal argument over technical matters better handled under established policy and professional controls. Too little referral, however, risks allowing necessity to expand the mandate without external scrutiny.

The dividing test should combine impact, reversibility, precedent, and dispute. A high-impact irreversible action that sets a new institutional interpretation and is actively contested is a strong candidate for directions. A reversible, low-impact action clearly required by settled policy is not. Between those poles, an independent technical or legal review may be sufficient if the receiver records why.

Directions should also be framed narrowly. The court may need to decide whether the receiver has authority to act or whether a protected interest permits a proposed step. The technical method should remain with accountable specialists unless the method itself is legally disputed. This keeps the court in its constitutional role and prevents a judicial order from being misread as a guarantee of engineering safety.

The benefit of a published boundary policy is consistency. Members should not need influence or litigation resources to discover which matters receive enhanced review. Staff should not have to infer the receiver's appetite case by case. A known escalation test reduces both arbitrary caution and arbitrary intervention.

The 2025 change of receiver required a control transfer of its own

The February 2025 order replacing the Official Receiver with Gowtamsingh Dabee illustrates a neglected feature of temporary administration: the temporary controller can itself change. ICANN's March 2025 update and the receiver's April communique describe the new appointment and the renewed deadline to reconstitute the board. Legally, the order identifies the successor. Operationally, succession requires more than a name on a document.

The outgoing and incoming office-holders should reconcile every delegated authority, pending approval, privileged credential, vendor instruction, bank mandate, election commitment, legal deadline, incident, and disputed member request. Staff need authenticated notice of the new instruction chain. Counterparties need to know which signatures remain valid. Emergency contacts must be updated. Decisions awaiting approval must not disappear between offices or be unknowingly approved twice.

This control transfer should be treated as a rehearsal for final handback. It tests whether the receivership has an inventory of the powers it actually exercises. If authority exists only through personal correspondence and informal relationships, transition will expose gaps. If it is recorded by function, risk tier, delegate, and duration, the incoming receiver can accept responsibility deliberately.

The public record does not need to reveal the contents of that transfer. It would benefit from a safe attestation: that material operational authorities and unresolved decisions were identified, transferred, and accepted; that access was reviewed; and that no critical function depended on an unverified instruction from the predecessor. Such an attestation would answer a practical question the appointment order cannot: whether legal succession became operational succession without leaving an authority vacuum.

The lesson is specific to the registry context. A delayed file can inconvenience a conventional company. An unowned registry credential or unresolved high-impact request can affect trust relationships far beyond the company's offices.

Board election is a milestone, not the exit event

AFRINIC announced in October 2025 that a board was in place and that the receiver had filed an application for termination of the receivership. The wording matters. An application is not a discharge, and the existence of elected directors is not the same as a completed return of control. In March 2026, a bylaws review notice still described the board as acting with the receiver's consent, indicating that restored organs and temporary authority could coexist while proceedings continued.

This interim state may be legally necessary, but it creates ambiguity if responsibilities are not explicit. Can the board approve contracts? Can it direct staff? Who authorises resource decisions? Which actions require receiver consent? Who speaks for the company in litigation? Who controls emergency credentials? If the answer varies by issue, the division should be written and communicated to affected staff and counterparties.

Premature language about normal governance can be dangerous. It encourages outsiders to assume that directors possess powers they may not yet hold. It can also obscure the receiver's continuing accountability. The opposite error is to treat the board as ceremonial until a final order, depriving elected directors of the preparation and oversight needed for a safe transition.

A staged model is more credible. Directors can receive briefings, observe controls, review risk registers, approve transition plans where law permits, and prepare to accept delegated functions. The receiver can retain formal powers required by the court while reducing discretionary intervention as the board demonstrates capability. Each stage should identify the legal basis, functions transferred, conditions, and residual authority.

Exit is therefore a sequence of accepted transfers culminating in judicial discharge, not a press release attached to an election result.

A handback must inventory more than assets

Corporate receivership language naturally emphasises property. For AFRINIC, the most consequential items include intangible and operational forms of control. A proper handback inventory should cover at least seven domains.

First are legal and corporate authorities: the court orders, current division of powers, board status, executive appointment, signatory mandates, litigation, undertakings, and deadlines. Second are technical privileges: identity systems, cloud administration, DNS, certificate and repository roles, source control, monitoring, backups, incident tools, and emergency accounts. The inventory should prove control without reproducing secret values.

Third are registry decisions: completed high-risk actions, pending requests, deferred cases, disputed interpretations, appeals, and changes requiring post-implementation review. Fourth are service conditions: open incidents, capacity limits, recovery tests, vendor dependencies, technical debt, and measured backlogs. Fifth are commercial commitments: contracts, renewal dates, termination rights, unpaid obligations, licences, and unusual terms agreed during the temporary period.

Sixth are people and delegation: staff roles essential to continuity, vacancies, temporary assignments, external agents, conflicts, and authorities that expire on discharge. Seventh are governance commitments: election records, member-register issues, policy matters deferred for the community, public promises, and reporting obligations.

The receiving board should not merely be sent these materials. It should attest that it understands and accepts the functions, identify exceptions, and approve remediation dates. An independent reviewer can test high-risk samples: whether credentials are under current control, whether a transfer record corresponds to actual system permissions, whether pending cases are complete, and whether emergency access has been retired.

This acceptance protects both sides. Directors cannot later claim they were unaware of disclosed risks. The receiver can show that control was not abandoned into another vacuum. Members gain a basis for distinguishing inherited problems from decisions made after restoration.

Unfinished decisions need explicit disposition

At the end of a long receivership, some matters will not fit neatly into completed or pending. A request may have been paused because policy was ambiguous. A contract may have been extended for continuity but require strategic review. A security exception may remain open. Litigation may constrain an operational action. A member dispute may be technically ready but legally contested. These cases are where handback can fail quietly.

Every unfinished matter should receive a disposition class. Some can transfer to ordinary staff authority on a specified date. Some require board approval. Some belong to the policy community. Some remain subject to court order or litigation. Some should be closed because the temporary basis for action has expired. Some require an independent investigation before any decision.

The class should identify what has already happened, what authority was relied upon, what evidence exists, which deadlines or risks remain, and whether any irreversible effect occurred. It should also state what the receiver deliberately did not decide. That last category is important. Restraint is part of the record of administration, not an absence of work.

Unfinished matters should not be transferred through a broad waiver. The board needs enough detail to exercise its own judgment, while confidential member or security information remains protected. Material cases can be aggregated publicly by category and age, with a statement of the body responsible after handback.

This discipline limits a common post-crisis distortion. New directors often inherit a backlog and are judged immediately for delay, while temporary decisions disappear into the history of "continued operations." A disposition record assigns time, authority, and responsibility accurately. It also prevents the receiver's temporary interpretations from acquiring permanent force simply because nobody identified them for reconsideration.

Capability has to be demonstrated before control is returned

A lawful board may still be operationally unready. Directors elected after years of dispute need access, information, committee structures, conflict declarations, security briefings, financial understanding, and a working relationship with management. Returning every power at once on the date of legal recognition could reproduce the same governance fragility that made external administration necessary.

Readiness should be tested without allowing the receiver to choose the political character of the board. The test should concern capabilities tied to fiduciary and operational responsibility: can the board meet and make valid decisions; manage conflicts; receive confidential risk information; oversee finance and security; appoint and supervise an executive; understand the boundary between board, management, and community policy; and respond to an incident? The test should not evaluate whether directors agree with the receiver or incumbent staff.

Training and staged access can support readiness. Directors can review incident simulations, sign confidentiality and acceptable-use commitments, receive independent explanations of registry services, and examine the decision and risk registers. Committees can be constituted before they assume final delegated functions where permitted. High-risk technical powers can remain with named professionals while the board assumes oversight rather than direct execution.

The receiver also needs an exit from personal dependency. If staff believe that only the temporary office-holder can resolve disputes, the formal handback will not restore organisational judgment. Decisions should progressively move into documented roles, with escalation to the board and executive structures that will survive discharge.

The goal is not to make receivership permanent until perfection is achieved. It is to identify a minimum safe state, disclose residual risks, and transfer them to an organ capable of governing. Temporary administration becomes self-defeating if its standard for exit is either a bare election result or an impossible promise that no risk remains.

Independent assurance should follow the highest-risk powers

The receiver is accountable to the court, but judicial accountability does not replace technical assurance. A court can review whether the receiver acted within authority and complied with orders. It will not normally verify repository controls, privileged access records, backup recovery, or the completeness of a registry-change sample.

Independent assurance should therefore be risk-based. The reviewer should not attempt to certify every ticket or reveal member data. It can test whether defined controls operated: a sample of high-impact resource changes had independent validation and approval; privileged roles matched the authority register; emergency access was reviewed; repository and DNS changes were logged; backups were restored in a controlled test; deferred cases were transferred; and outgoing delegates lost authority when required.

The reviewer must be independent of both the staff who executed the actions and the advisers who designed the controls. Scope and limitations should be published. A conclusion limited to financial statements should not be presented as operational assurance. A security assessment limited to external scanning should not be treated as proof of lawful resource administration. Each assurance product should say what population and period it covers.

There is also a role for community-visible verification. Members can confirm whether request channels function, whether decisions include reasons, and whether appeals or escalations are available. Network operators can observe public service behaviour. These observations are not a substitute for internal evidence, but they can expose discrepancies between reported controls and lived service.

Assurance is most valuable before handback and again after it. The first review establishes what is being transferred. The second tests whether access, authority, and controls remained intact after the receiver stepped back. A clean transition is not proved by the absence of an immediate outage.

The exit plan should have been part of the entry plan

Temporary authority is safer when its end conditions are specified at the beginning. The September 2023 order included an electoral deadline, and later orders altered the timetable. Deadlines create urgency, but a date alone is not an exit architecture. It does not say what happens to delegated powers, unfinished decisions, credentials, contracts, or technical accountability when directors return.

An effective entry plan would have established a baseline inventory of company and operational control; recorded the authorities the receiver assumed; identified critical functions and delegates; classified actions by risk; defined reporting; and stated the conditions for handback. Each extension or replacement of the receiver could then update that baseline rather than reconstructing it.

The public record suggests that restoration has been treated primarily through elections and court applications. Those are essential legal milestones. The technical institution, however, needs a parallel transition plan. It should include board readiness, executive authority, credential transfer, service and incident state, unresolved registry actions, contractual commitments, independent assurance, and the legal effect of the final discharge.

The October 2025 termination application offers a moment for that standard. Before ending the receivership, the court and stakeholders should be able to distinguish four propositions: directors have been elected; the board has lawful authority; operational control has been accepted; and the receiver has been discharged. They may occur close together, but they are not the same fact.

An exit plan makes this distinction manageable. It prevents the office-holder from remaining because transition details were never prepared, and prevents pressure for closure from forcing an unsafe transfer. Most importantly, it treats the registry's continued integrity as an outcome to be demonstrated rather than assumed from corporate form.

A narrower, stronger definition of success

The receiver should not be judged as if appointed to redesign African Internet governance. The office's success is narrower and more demanding: preserve the institution without quietly appropriating its policy authority, maintain lawful and secure registry services, restore functioning corporate organs, and return control with an intelligible record.

That definition resists institutional self-description. Continued operation is evidence only when tied to specific services and controls. A court mandate is authority only within its purpose and terms. Technical staff competence is capability only when roles and review are known. An elected board is a successor only when it can lawfully and practically accept the institution. A termination application is progress, not proof that handback has occurred.

For AFRINIC's members and the networks that depend on its registry, the central protection is a visible boundary around temporary power. The receiver can preserve assets and carry on business. Specialists can execute technical work. Courts can settle authority and direct restoration. Members and the policy community retain their own constitutional functions. The restored board can accept control. Every actor is strongest when it does not claim the others' legitimacy.

The phrase "Internet administrator" should therefore be used with care. The receiver administers the company that operates a part of the Internet's numbering system. That position can authorise actions with real technical effects, but it does not erase the distinction between possession and expertise, command and policy, continuity and assurance, or election and exit.

AFRINIC's case will ultimately be measured not only by whether its services survived the governance vacuum. It will be measured by whether temporary legal control left behind a registry whose authority, evidence, security, and institutional choices could be safely returned to accountable hands.

Sources and method

The legal mandate is drawn from the Number Resource Organization's September 2023 statement on the appointment order, the 2024 Court of Civil Appeal judgment, the Mauritius Insolvency Act 2009, and the receiver's April 2025 election communique. These materials establish appointments, powers, purposes, and deadlines; they do not establish that any particular technical control operated effectively.

The analysis of registry function uses RFC 7020 and AFRINIC's 2020 bylaws to distinguish Internet number administration from corporate, member, and policy authority. The later transition is assessed against AFRINIC's October 2025 joint communique, which reports a termination application, and the March 2026 bylaws review notice, which records continuing receiver consent. Neither document is treated as proof that judicial discharge or operational handback has occurred.