Parts One and Two moved the issue beyond authorship. Part One asked whether ICANN warned, corrected, and recorded the boundary when an ICANN-supported regional process began touching AFRINIC governance. Part Two argued that non-endorsement does not erase institutional effect: a proposal can acquire legitimacy through proximity, funding, public presentation, expert presence, and association long before formal approval exists. It also warned that ICP-2 must remain a protective test for RIR independence, not a neutral marketplace for governmental structural involvement. Part Three turns from diagnosis to remedy: ICANN needs a standing RIR Boundary Protocol.

The Boundary Must Travel With ICANN: A Proposed RIR Boundary Protocol

Why regional engagement needs enforceable limits before governance drift hardens

Africa needs deeper technical capacity, stronger participation in global fora, more resilient Internet infrastructure, and better access to the policy rooms where the future of the Internet is shaped. But ICANN needs cleaner engagement.

It needs engagement with recorded limits, visible boundaries, and immediate correction when regional processes drift toward the governance of an independent Regional Internet Registry.

The ICANN—Smart Africa—AFRINIC episode should not be treated merely as a dispute over CAIGA, or as another chapter in AFRINIC’s long governance crisis. Its deeper value is diagnostic. It exposes a design weakness in the way global Internet governance institutions participate in regional processes that may later drift into authority formation.

Support must not become shadow authorship, facilitation must not become implied endorsement and funding must not become a quiet transfer of legitimacy. Neutrality must not mean arriving in the room without the institutional courage to draw the line when the room begins to cross it.

The RIR Boundary Protocol would not give ICANN authority over RIRs. It would impose discipline on ICANN’s own regional engagement. ICANN does not need to govern an RIR to affect the legitimacy environment around it. Its funding, attendance, technical language, and institutional proximity can shape how others read a process long before any formal decision is made. The duty, therefore, is not managerial control. It is boundary discipline.

Boundary discipline means that ICANN must ensure its support for regional Internet governance is not converted into implied legitimacy for external redesign of RIR governance. It is not about policing partners. It is about controlling the institutional meaning of ICANN’s own presence.

It is to ensure that ICANN’s own institutional association does not blur who may govern the RIR.

Why Boundary Duty Matters

ICANN’s strength in the global Internet governance system does not come from command power. It comes from trust, coordination, recognition, and disciplined restraint. When ICANN enters a regional process, it brings more than funding or expertise. It brings symbolic authority. Its presence can reassure; so can its silence.

That is why silence, in a fragile governance environment, is not always neutral.

The AFRINIC case shows the danger. ICANN knew AFRINIC was in extraordinary difficulty. It had written to AFRINIC’s receiver in March 2025, explaining AFRINIC’s role in the number resource system and noting that ICANN had offered “neutral and independent assistance” to the previous receiver.¹ ICANN also later confirmed that it had a Memorandum of Understanding and Project Agreement with Smart Africa, and that ICANN committed US$40,000 toward the Internet Governance Blueprint.²

Then the Blueprint came to include CAIGA.

ICANN says it did not intend that, did not request AFRINIC governance proposals, did not pre-evaluate CAIGA, and did not endorse it.³ But that is precisely why a protocol is necessary. The problem is not only deliberate overreach.

The problem is institutional drift: a process begins in one lane, then crosses into another before the affected community has been fully warned, informed, or empowered to contest it.

That is where ICANN needs a standing rule and that standing rule should be the RIR Boundary Protocol.

The RIR Boundary Protocol

The protocol should apply whenever ICANN funds, facilitates, hosts, attends, supports, or publicly associates with a regional Internet governance initiative that begins to address any of the following: RIR governance, RIR elections, RIR bylaws/bylaw reform/ drafts, RIR recognition, member rights, regional registry structure, governmental or intergovernmental proposals that may create oversight of registry functions, or political endorsement of RIR reform.

The protocol should contain five enforceable safeguards.

• First, early boundary notice. If a funded or ICANN-associated process begins touching RIR governance, ICANN must publish a short boundary notice stating that any RIR-governance proposal must be developed through the affected RIR’s community and tested under ICP-2. The notice must make clear that ICANN support for a broader project does not imply endorsement of any RIR-governance output.
• Second, role disclosure. ICANN must disclose whether its personnel, contractors, consultants, board members, or representatives attended meetings where RIR governance, elections, reform, bylaws, or recognition issues were discussed. The disclosure need not reveal private deliberations, but it must answer the basic institutional question: was ICANN present, in what capacity, and with what stated limits?
• Third, partner-language correction. Where a partner publicly describes a process as “joint work” with ICANN in a way that may imply ICANN Design or endorsement of an RIR-governance proposal, ICANN must promptly request correction or publish its own clarification. The correction must come when ambiguity first appears, not after the community has already treated the ambiguity as evidence of alignment.
• Fourth, affected-community trigger. If an ICANN-supported project produces material touching an RIR, the affected RIR community must receive direct notice and sufficient time to comment before the proposal is presented as validated, endorsed, adopted, or politically advanced. Consultation after institutional momentum has formed is not the same as community authorship.
• Fifth, ICP-2 impact statement. Any ICANN-supported regional project touching RIR governance must contain a short statement explaining how the proposal relates to ICP-2 and the RIR Governance Document process. If compatibility is unclear, that uncertainty must be disclosed immediately, not deferred until a formal proposal later arrives.

This is constitutional hygiene and not a bureaucratic ornament.

ICANN’s own later response points in this direction. It acknowledged the need for clearer documentation where regional efforts veer into issues of RIR governance, so that misunderstandings can be reduced.⁴

The unresolved question is why that documentation was not already in place when CAIGA appeared inside the Blueprint, when the Blueprint was presented, and when some in the community first learned of CAIGA during ICANN84, or widely after AIS2025.

A future protocol would not punish ICANN for engagement, it would protect ICANN’s engagement from being converted into implied authority.

The Development-Technical Overlap

The same boundary problem appears when ICANN’s role is viewed alongside the wider development-cooperation environment around Smart Africa, the Internet Governance Blueprint, and CAIGA.

The issue is not that more than one institution was present. The issue is that ICANN’s technical legitimacy, GIZ’s development legitimacy, and Smart Africa’s governmental legitimacy appear to have converged around the same reform environment, creating institutional momentum without a single actor accepting full authorship.

GIZ’s clarification is important precisely because it narrows its formal role. In response to a transparency request I sent, GIZ stated that:

“The Internet Governance Blueprint was supported by GIZ through a grant agreement provided to Smart Africa. The conceptualization, drafting, consultation, validation, and ownership of the Blueprint rests with Smart Africa, in line with its established governance structures.

GIZ does not exercise authorship, editorial control, steering authority, technical input, validation, or approval rights over the Blueprint or the recommended Continental Africa Internet Governance Architecture (CAIGA).

At this point, GIZ is not involved with CAIGA. In relation to AFRINIC, GIZ’s support was administrative and logistical, strictly meant for the restoration of AFRINIC governance which was coordinated, steered, convened, and led by Smart Africa.

This approach aims to ensure independence, autonomy, and non-interference, of Internet governance initiatives, and is designed to enable partner-led and community-driven processes.”⁵

That clarification should be taken seriously. It means GIZ should not be treated as the author of CAIGA, but it also illustrates the structural problem. ICANN says it did not author or endorse. GIZ says it did not author, steer, validate, or approve. Smart Africa presents the work as continental coordination and, at points, as “joint work” involving ICANN, GIZ, and Smart Africa Member States.⁶ The affected community is then left facing a process with institutional weight but distributed responsibility.

The data-processing notice for the 29 September 2025 Accra forum strengthens this point. It identifies the event as the “High-Level Multistakeholder Forum on AFRINIC Reforms and the Continental CAIGA Framework.” It states that the forum, organized by Smart Africa, would bring together ministers, regulators, Af* organizations, the technical community, private sector, and partners to review progress on AFRINIC reforms and the CAIGA framework. It also identifies GIZ GmbH as the data controller and says personal data was processed to support organization and coordination of the forum, including participant registration, event coordination, and internal communication within GIZ.

That proves neither authorship nor steering authority. It does, however, show operational embeddedness. However, GIZ was not merely an abstract name in a donor spreadsheet. At minimum, it was part of the forum’s operational infrastructure. Its formal data-controller role sat inside a forum explicitly framed around AFRINIC reforms and CAIGA. That is enough to raise a governance-process question: when development cooperation, technical coordination, and governmental convening converge around a weakened RIR, who records the boundary between support and authorship?

The AIS 2025 materials reinforce the same concern. The forum agenda placed GIZ remarks, Smart Africa remarks, ICANN high-level intervention, AFRINIC reform updates, and a CAIGA presentation in the same institutional setting.⁷ Separately, AIS materials record remarks attributed to Mr. Niklas Malchow of GIZ framing AFRINIC stability as “not just a technical matter but a benchmark for Africa’s digital sovereignty,” and describing GIZ as supporting Smart Africa and AFRINIC with “legal and technical expertise” to strengthen governance and accountability.⁸

Those words matter. Digital sovereignty is a powerful political concept. It can mean resilience, independence, capacity, and local agency and when attached to the governance of a Regional Internet Registry, it can also shift the grammar of the debate from technical community stewardship toward governmental or geopolitical authority.

That shift may be subtle, but it is not harmless. Once AFRINIC stability is framed primarily as a sovereignty benchmark, political structures can more easily claim a natural role in registry governance under the language of “continental independence”.

You got it right, that is precisely why boundaries matter.

This is the political economy of facilitation without responsibility. A funder may not write the text, a technical institution may not endorse the output, and a regional body may claim ownership. But together, their presence can create the appearance that a governance pathway is more mature, more supported, and more institutionally settled than the affected community has actually made it.

The lesson is not that development agencies should withdraw from Internet governance. Nor is it that ICANN should avoid regional partnerships. The lesson is that where development cooperation, technical coordination, and governmental convening converge around a weakened RIR, boundary notices must be explicit, public, and early, otherwise, every institution can say it merely supported the process, and the process itself becomes the author.

Facilitation Without Procedural Correctness

There is another danger beneath this episode: the assumption that facilitation is procedurally neutral simply because the facilitator does not claim authorship and that assumption is false.

A process can be facilitated without being procedurally correct. It can have meetings, slides, participants, funding, consultants, public sessions, and institutional language, yet still fail the deeper tests of legitimacy: proper notice, affected-community authorship, role clarity, record of boundaries, equality of participation, and meaningful opportunity to contest the architecture before it becomes politically advanced.

This is facilitation without procedural correctness, meaning that the machinery of consultation exists, but the constitutional conditions of legitimate consultation are missing.

In Internet governance, procedural correctness is not decorative. It is the difference between genuine multistakeholder participation and managed validation, and controlled/selective participation.

A process is not bottom-up just because stakeholders are later invited to comment, nor open because presentations are made at public meetings, nor legitimate merely because a regional institution says it consulted. A process touching an RIR must be traceable to the affected community’s own authority, not simply to a convened room where the affected community appears after the main architecture has already been drafted and this matters operationally as well as politically.

RIR governance is not symbolic governance. It affects number resource allocation, registry continuity, routing trust, operator confidence, law-enforcement traceability, resource-holder rights, and the predictability of global Internet coordination. If institutional redesign is advanced through procedurally weak facilitation, the result is not only a governance concern. It can become an operational risk.

Operators need stable registries. Resource holders need predictable rules, and they need confidence that those rules are formed through legitimate processes.. Peering, routing, compliance, abuse handling, and registry data integrity all depend on confidence that the RIR is governed through legitimate and technically grounded processes. When registry governance appears to be shaped by opaque political coordination, the damage is not confined to conference rooms, it enters the nervous system of Internet operations.

The political consequences are equally serious. Facilitation without procedural correctness allows actors to claim legitimacy from process form rather than process substance. It allows a proposal to say: meetings were held, consultations occurred, stakeholders were present, institutions were involved. But the harder questions remain unanswered: who authored the agenda, who selected the room, who funded the pathway, who framed the options, who warned about boundaries, and when did the affected community obtain a real chance to say no?

That is the difference between participation and choreography.

The aftermath of procedurally incorrect facilitation is usually institutional confusion. No one claims full responsibility, yet everyone’s presence helped produce momentum. The affected community is told that it was consulted. The facilitating institution says it did not endorse, the development partner says it only supported, and the political convener says it acted regionally. Meanwhile, the registry community is left to contest a process whose legitimacy has already been partially manufactured.

This is why ICANN’s future protocol must not focus only on endorsement. It must focus on procedural correctness.

The question is no longer: Did ICANN approve the proposal? But Did ICANN ensure that any process it funded, attended, or facilitated remained procedurally compatible with the RIR model before the proposal acquired institutional momentum?

If the answer is no, then the problem is not only facilitation without responsibility. It is facilitation without procedural correctness. And for the Internet governance system, that is a structural warning.

Why This Cannot Remain an African Exception

AFRINIC is the case study, not the limit of the lesson, and the same pattern could appear elsewhere. A European political or regulatory coalition could propose a supervisory framework around RIPE NCC. An ASEAN or regional digital integration initiative could propose an oversight layer around APNIC. An OAS-linked, BRICS-linked, Gulf-led, or security-driven process could frame number resource governance as digital sovereignty infrastructure and propose a new mechanism around ARIN or LACNIC.

The language would be familiar: resilience, coordination, harmonization, sovereignty, capacity building, continental voice, security, reform.

None of those words is inherently wrong, but each can become dangerous when used to move authority before the technical community has authored the process.

The multistakeholder model weakens when political or intergovernmental processes are allowed to stand close enough to technical institutions that their proposals inherit legitimacy before they earn consent. Moreso, when parallel Governance evolve.

ICANN must therefore learn from this episode without turning it into an Africa-only exception. The standard must be universal. If a government-linked proposal for structural involvement in RIR governance would be treated as sensitive in the RIPE, ARIN, APNIC, or LACNIC regions, then it must be treated with the same seriousness in Africa. Africa must not become the laboratory where governance boundaries are softened because the institution is fragile, the language is developmental, or the emergency is real. Fragility does not reduce the need for principle, it increases it.

The Boundary Must Travel With the Institution

The ICANN—Smart Africa—AFRINIC episode should not be remembered only as a dispute over CAIGA, or as another chapter in AFRINIC’s long governance crisis. Its deeper value is diagnostic. It exposes a design weakness in the way global Internet governance institutions participate in regional processes that may later drift into authority formation.

The unanswered question is therefore not whether ICANN intended CAIGA, it is whether ICANN understood, early enough, that intention is not the only source of institutional consequence.

When ICANN funds a process, attends a process, facilitates a process, or allows its name to sit beside a process, it changes the political chemistry of that process. Participants, Governments, Communities, and Consultants read signals. Also, Affected institutions read signals. Silence from ICANN does not fall into an empty room; it falls into a room already listening for legitimacy.

That is why the warning must come early. And Not after the proposal has been drafted, after the presentation has been made, after public controversy erupts, after the affected community has discovered the architecture from the outside, and not after ICANN must explain that it did not intend, request, pre-evaluate, and did not endorse.

The warning must travel with the institution.

If an ICANN-supported regional process touches an RIR, the boundary must appear immediately: the RIR belongs to its community; ICP-2 applies; governmental participation is not governmental control; political endorsement is not community consent; consultation after architecture is drafted is not the same as bottom-up authorship.

Boundary Rule: It should be embedded into ICANN partnership practice and ICP-2/RIR governance expectations, so that future regional engagement has documentary accountability from the beginning.

This is not an African standard. It is a global one. If a similar framework appeared around RIPE NCC, APNIC, ARIN, or LACNIC, under the language of regional sovereignty, resilience, security, development, or political coordination, the same question would arise. Did ICANN maintain the boundary before the process acquired momentum, or did it wait to evaluate the result after the room had already shaped the outcome?

AFRINIC is the case study.

The lesson belongs to the system.

The global Internet governance model does not survive merely because its institutions say they believe in bottom-up governance. It survives when they defend the boundary between support and control, participation and authorship, consultation and consent, regional dialogue and institutional redesign.

ICANN must ensure that its own presence is never used, even unintentionally, to help others govern them by implication. That is the correction required.

The next time ICANN enters such a room, it must bring the boundary with it.