The current defense of the RIR (Regional Internet Registries) system rests on a flattering fiction: that once a room of regulars can say “community consensus,” it acquires legitimacy to rule over already-running networks. It does not.

This was never a quarrel over dormant records or administrative trivia. Cloud Innovation serves thousands of networks globally though LARUS. At least two million websites sit on these IP resources. The services and connectivity that depend on them reach hundreds of millions of users around the world. That is what makes the case so serious. This is not a dispute about paper entries in a registry database. It is a dispute about live infrastructure on a global scale. A system willing to throw resources with that kind of reach into uncertainty is not making a minor procedural decision. It is taking a position with potentially vast downstream consequences for networks, services, businesses, and users far beyond the immediate parties.

But that is also why this case should not be read as a personal anomaly. Systems built on asymmetric power, weak accountability, procedural insulation, and institutional self-protection do not suddenly produce one conflict by accident. They produce many. They do so quietly, one by one, over the years. The reason such a structure can survive for so long is not that it is healthy. It is that those it harms are usually too isolated, too exhausted, too poor, too procedurally buried, or too easily ignored to turn private injury into a visible pattern. That is how institutional darkness works. It survives by fragmenting its victims and localizing each injury until no one sees the structure as a whole.

That is why this is no longer merely a fight about AFRINIC, or even merely a fight about Africa. It is about the technical community itself. More precisely, it is about what happens when institutions that borrowed their legitimacy from rough consensus and running code begin using rough consensus, policy process, and regional rhetoric against running code itself.

The argument has two parts. First, rough consensus and running code never meant that a few dozen people in a policy room could claim to represent humanity, or even an entire continent, and then subordinate already-running systems to whatever institutional preference emerged from the room. Running code comes first because running code is the only reason rough consensus was ever allowed to matter in the first place. Second, in the AFRINIC case, the problem is worse than a bad consensus outcome. The registry system was not even faithfully applying a clear general policy rule. It stretched a thin policy into broad territorial control, then the NRO and the wider RIR order stood behind that stretch, and later a new transfer policy moved to lock the exit. That is not merely a policy error. It is a betrayal of the technical community by institutions speaking in its name.

The room was never the source of legitimacy

The Internet technical tradition did not derive legitimacy from sovereignty, priesthood, or representation. It derived legitimacy from making the network work. RFC 3935 says the IETF’s goal is to “make the Internet work better,” and defines rough consensus and running code as the combination of engineering judgment and real-world experience in implementing and deploying specifications. The same RFC adds a limit that now matters greatly: when the IETF is not responsible for a protocol or function, it does not attempt to exert control over it. RFC 7282 is equally clear that the credo rejects kings, presidents, and voting, and that running code is supposed to “trump theoretical designs.” RFC 2026 ties standards maturity to multiple interoperable implementations and successful operational experience. RFC 8890 then adds a further discipline: the technical community has no unique insight into what is good for end users and cannot assume that its own experience represents theirs.

Those texts do not describe room sovereignty. They describe room restraint.

That distinction is no mere matter of tone. The Internet technical community was never granted authority because it represented humanity in moral or political form. It was tolerated because it solved a narrow class of problems—interoperability, uniqueness, continuity, deployment—without pretending to become a government. The room mattered only because the room was supposed to remain subordinate to operational reality.

That is the constitutional bargain hidden inside the familiar phrase. The explicit part of the bargain was methodological: engineering judgment had to be checked by actual implementation and actual deployment. The implicit part was political: the room would never be allowed to sit above the network. Procedure could be tolerated because procedure was not supposed to become sovereign over the thing it coordinated.

This is why the representative claim now smuggled into parts of RIR discourse is so untenable. A room of policy participants is not humanity. It is not Africa. It is not “the community” in any grand political sense. It is a narrow coordinating mechanism, conditionally justified by narrow tasks. If even the broader technical community cannot plausibly claim unique insight into what is good for all end users, an RIR policy room certainly cannot. A few dozen people in such a room therefore, cannot plausibly claim a mandate to decide the fate of already-running infrastructure for all affected operators, all downstream users, all nations touched by the infrastructure, or all economic systems built upon it. They may have a role in technical coordination. They do not thereby inherit a civilizational mandate.

When rough consensus turns against running code

That is the first principle the technical community now has to recover: when rough consensus and running code diverge, running code comes first.

It comes first not because operators are morally pure, or because live systems should never be constrained, or because no governance is ever needed. It comes first because everything else was justified only in its name. Consensus mattered because it was supposed to help the network function. Procedure mattered because it was supposed to restrain institutional ambition. The room mattered because it was supposed to remain answerable to continuity, interoperability, and deployment reality.

Once that order is reversed, the legitimacy disappears.

A process justified only in the name of operational reality cannot keep its legitimacy once it is used against operational reality. A doctrine justified only in the name of running code cannot remain the source of technical legitimacy once it is invoked to endanger already-running systems. At that point, one may still have mailing lists, chairs, appeals, hums, ratification notes, public comment periods, and solemn references to “community-developed policy.” But one no longer has the thing that made those rituals worth respecting in the first place.

This is how institutions usually betray their deepest creeds. They do not renounce them openly. They invoke them while reversing their meaning. The most serious institutional betrayals occur when a principle created to restrain power becomes the language through which power excuses itself.

That is what makes the present moment so serious. The phrase rough consensus and running code was supposed to discipline institutions in the name of real networks. It was not supposed to become a ritual by which institutions discipline real networks in their own name. Once an RIR begins using administrative power—registry recognition, RSA enforcement, transfer approval, classification, or record control—against live infrastructure rather than in service of it, the technical legitimacy borrowed from that tradition is already gone. This is the key point. The loss of legitimacy does not begin only when an institution becomes corrupt, captured, or incompetent. It begins the moment the administration stops serving running code and starts governing against it.

AFRINIC did not begin from a clear general rule

This is where the AFRINIC case becomes far more important than its defenders would like.

If AFRINIC had been enforcing a clear, general, operative policy saying that all AFRINIC-issued IPv4 resources had to remain operationally inside Africa, one could still argue that the rule itself conflicted with the spirit of running code. But the public policy record is much thinner than that.

The clause most commonly cited in support of a territorial-use restriction appears inside the Soft Landing framework. It is not framed as a general master rule for all AFRINIC-issued resources. The standing transfer policy dealt with transfers within the AFRINIC region and the conditions for source and recipient eligibility; it was not a general prohibition on out-of-region operational use. Yet AFRINIC’s litigation FAQ later stated the matter in much broader terms, saying that in the absence of an express policy allowing out-of-region use or leasing, “all presently allocated IP addresses must be used within Africa.” That is the critical move. The institution was not merely enforcing a clear general rule. It was converting the absence of permission into a claim of control.

That is not a small difference. It is the difference between applying policy and manufacturing policy.

A coordination layer faithful to its own premises would have been cautious in exactly those circumstances. Thin policy plus massive operational consequences should have produced restraint. Continuity first. Live systems first. The burden should have lain on the party seeking to disturb already-running networks, not on the operator trying to keep them alive. Instead, the instinct was the opposite: broaden the claim, harden the posture, and press against running resources.

That is the first betrayal. The system did not merely place governance above running code. It did so on a policy basis that was, at best, contestable and, at worst, constructed by expansive interpretation after the fact. And that matters for a broader reason. If a system begins using administrative power against running code without even a valid policy basis, then the problem is no longer a difficult policy dispute inside an otherwise legitimate framework. The framework itself has already ceased to deserve deference.

The wider RIR system chose institution first

Had that overreach been checked by the wider registry order, the damage would have remained serious but regional. It was not checked.

The NRO described the issue as a disagreement with AFRINIC over implementation of its Registration Services Agreement and community-developed policy, and treated such disputes as “routine in nature.” The five RIRs then went further, saying their regional basis allows distinct communities with their own histories, cultures, political systems and needs to determine the policies that best govern their registries and declaring that the system is “robust, effective and worth fighting for.” The NRO later described Cloud Innovation’s litigation as “vexatious,” said it had abused legal process, and urged action to preserve AFRINIC’s independence and stability.

That language is revealing. Notice the shift. What should have remained a narrow question of policy scope and operational restraint was recast first as a routine institutional dispute, then as a defense of regional community autonomy, and finally as a broader political claim about histories, cultures, and regional self-determination. By that point, the system was no longer even pretending to remain within a thin technical frame. It had moved into politics while continuing to borrow the prestige of technical restraint.

The court’s answer matters because it exposed that rhetoric as something more than mere overstatement. The Mauritian court rejected the vexatious-litigant framing. In substance, it made clear that when AFRINIC was strongly determined to terminate membership, it could hardly be held against the applicant that it resorted to court to preserve its rights. That did not resolve every underlying issue. But it did destroy the fiction that the wider registry system was neutrally describing an abusive nuisance. What it was actually doing was supplying institutional cover for discretionary power.

That is the moment the registry order stopped even pretending to remain within a narrow technical logic.

The serious technical question should have been obvious: is live infrastructure being put at risk on the basis of a policy proposition that is not clearly general in the governing text? Instead, the wider system supplied slogans. Routine dispute. Community-developed policy. Robust, effective and worth fighting for. Threat to autonomy. Vexatious litigation. None of those is a technical answer. None explains why already-running systems should bear the downside of institutional discretion when the institutions themselves bear almost no symmetrical liability if they are wrong.

This is the second betrayal. The wider RIR system did not merely fail to restrain overreach. It legitimized it. And once the wider system does that, the problem ceases to be one registry’s misconduct. It becomes system doctrine. The issue is no longer that AFRINIC acted beyond clear policy. The issue is that the entire RIR order, taken together, showed that it would rather defend administrative discretion than defend running code.

The new policy is not really about use. It is about exit

At that point, one might have expected institutional modesty. Instead, the system moved toward constitutionalization.

The later AFRINIC transfer policy did not establish a simple universal rule that AFRINIC-issued IPv4 must be physically or operationally used inside Africa. On AFRINIC’s own account, the “Regional” label is an administrative classification used for transfer purposes. It does not alter day-to-day routing or ordinary operational use. At the same time, AFRINIC says the framework means only certain categories—such as legacy resources and inbound inter-RIR resources—may be eligible for outbound inter-RIR transfer, while AFRINIC-issued pool resources remain governed by regionally defined transfer conditions.

That matters because it reveals what the policy really is.

The issue is not principally where packets happen to flow. The issue is who controls the exit.

The new framework classifies AFRINIC-pool resources as “Regional,” special-purpose resources as “Reserved,” legacy resources as “Legacy,” and resources transferred in from other regions as “Global.” Only the latter categories can move out of the AFRINIC service region. AFRINIC-pool resources, by contrast, remain locked to in-region transfer.

That is not, in substance, an ordinary use rule. It is an exit rule.

The distinction matters for two reasons. First, it shows that the new policy does not vindicate the earlier broad territorial claim. It does not prove that AFRINIC policy always said AFRINIC-issued resources must be used only in Africa. On the contrary, it suggests the opposite: the earlier claim was weak enough that a later structural lock-in was needed. Second, it shows that the policy’s constitutional significance lies not in day-to-day routing, but in mobility. The resource is not merely being coordinated. It is being prevented from leaving.

The proposal’s own financial assessment makes the institutional instinct unusually plain. Because AFRINIC-pool resources can only be transferred in-region, AFRINIC “will not lose its current resource members to other RIRs in outgoing transfers.” That sentence strips away the piety. The policy is not only about stewardship or administrative clarity. It is also about not losing members. In plain language, it is about lock-in.

A system confident in its legitimacy does not begin by sealing the exits. A system anxious to preserve dependence often does.

From coordination to political ownership

This is where the larger constitutional shift becomes impossible to ignore.

A thin coordination layer exists to preserve uniqueness. It should say which number is valid, unique, and consistently recognized across the network. It should not decide the geographic destiny of already-issued resources by closing off mobility. Once a registry classifies resources as “Regional” and makes that classification decisive for whether they may leave, it is no longer merely solving a bookkeeping problem. It is assigning resources a kind of regional identity and using that identity to govern their future.

That is a move away from thin technical coordination and toward something much thicker: geographic control, quasi-ownership, and territorial logic without territorial accountability.

This is also where the language used by the wider RIR system becomes more revealing still. The joint RIR defense of the model spoke of distinct regional communities with their own histories, cultures, political systems and needs determining the policies that govern their registries. That is not the language of a thin uniqueness layer. It is the language of quasi-political community. It borrows from the rhetoric of self-government without admitting that it is doing so.

No treaty granted the RIRs sovereign authority. No electorate authorized them to represent humanity, or even entire regions in a political sense. Yet they increasingly speak as though regional identity itself justifies control over resource destiny. That is borrowed sovereign logic without sovereign accountability.

This is why the issue is not only against operators. It is also, in a deeper sense, against nations and against the technical community’s own creed. States at least claim territory under public law and bear corresponding burdens of accountability, however imperfectly. The RIR order claims no such burden, yet increasingly speaks as though “the region” authorizes it to constrain mobility and define destiny. It has, in effect, appropriated a territorial language from sovereignty while retaining the legal insulation of a private coordination layer.

That allows it to turn a quasi-sovereign power against operators, against the practical interests of states hosting and regulating the infrastructure, and against the technical community’s original commitment to keep the uniqueness layer narrow. It is borrowed sovereignty used against the nation, against the operator, and against the technical community’s own first principle. This is not the modest RIR idea that the technical community once tolerated. What was once justified as a thin coordinating layer has swollen into something else: a private administrative structure claiming political meaning, territorial logic, and discretionary power over live systems. The technical community should stop confusing the historical label with the present reality.

The procedural shadow matters too

The substance of the new policy is serious enough. The procedural setting makes it worse.

AFRINIC’s ratification note says the proposal had previously progressed through the Policy Development Process and remained pending because of “governance interruptions.” The same note says the Board later considered proposals that had achieved documented community consensus and ratified them after “restoration of functional governance structures.” At the same time, AFRINIC’s public case list now records an ongoing March 2026 plaint challenging the Board’s ratification of the transfer policy.

One need not settle every legal question about institutional authority to see the broader point. This constitutional lock-in did not emerge from a moment of serene and uncontested normality. It emerged after prolonged governance failure, amid unresolved authority disputes, and in a context where the ratification itself is now under challenge. AFRINIC’s own 2025 communiqué said the organization had been operating without a quorate board since 2022 and described a period in which expired directors and registered members were effectively managing the organization.

That order of priorities is telling. In a period marked by institutional breakdown and high-stakes disputes over live resources, what was one of the key things this system chose to settle? Not first a visible re-subordination of governance to continuity. Not first a rebuilding of trust. Not first a demonstration of restraint. It chose to settle the exit question. It chose to harden control over mobility.

That is not what stewardship looks like. It is what institutional self-preservation looks like.

Why the Cloud Innovation case matters to the technical community

Some will try to reduce all this to a dispute about one controversial operator. That misses the point completely. The significance of the Cloud Innovation case lies not in the personalities involved, but in the operational footprint the system proved willing to put at risk. Cloud Innovation serves thousands of networks globally. At least two million websites sit on these IPs. The services and connectivity tied to them affect hundreds of millions of users worldwide. Once a registry system is prepared to press against resources of that scale on a thin policy basis, the issue is no longer local, regional, or personal. It becomes a warning about the model itself. It shows that the registry layer has lost the discipline that should have constrained it.

It also shows why this should not be read as a story about one unusually visible party. Systems like this do not produce one victim. They produce a sequence of isolated victims whose losses remain private and therefore politically harmless. The reason this conflict now looks unusually large is not that it is uniquely unjust. It is that the scale of the operator, the persistence of the fight, and the visibility of the record have made the pattern harder to hide. This is not evidence of one special case. It is evidence that a long-running structure of abuse has finally encountered a case large enough to force recognition. And I have written a note about this in depth.

That is why the technical community should pay attention. If the system can do this here, it can do it anywhere. If it can endanger live infrastructure with this degree of reach while still claiming the protection of “community process,” then the problem is not a bad case at the margin. The problem is that the institution has started to believe that process is enough to justify consequences, even when those consequences run directly through already-running networks and through the users who depend on them.

And here the problem is worse still: it is not merely gambling with infrastructure of global consequence while calling that normal policy governance. It is doing so without even a valid policy justification. If a system is willing to endanger the access rights of hundreds of millions of users without a valid policy basis, and if not a single registry but the entire RIR system stands behind such an act, then it is no longer preserving what the RFC tradition said it existed to preserve. RFC 3935 anchored legitimacy in making the Internet work better. RFC 7282 said running code should trump theory. RFC 8890 warned that once the community ceases to prioritize end users, trust in the system is deservedly lost. That is exactly the point now reached.

The fiction now collapses

The current defense of the RIR order asks the technical community to accept three fictions at once.

The first fiction is that a policy room can somehow represent humanity, or a whole region in any political sense, merely because it can say the word “community.” It cannot.

The second fiction is that policy clearly said what, in public text, it did not clearly say. It did not clearly say that all AFRINIC-issued resources had to remain operationally inside Africa. Yet that broader claim was advanced anyway.

The third fiction is that exit control is merely technical stewardship rather than a much thicker form of regional control. It is not. A system that classifies resources by region in order to determine whether they may leave is not merely maintaining uniqueness. It is governing mobility.

Once those fictions are stripped away, the structure of the problem becomes plain.

First, rough consensus was turned against running code.

Second, the policy basis for that move was weak.

Third, the wider RIR order legitimized the move instead of restraining it.

Fourth, a later transfer policy hardened the same institutional instinct by narrowing exit.

That is why the right name for the phenomenon is running-code betrayal.

It is not merely that some institution reached a conclusion one may reject. It is a doctrine whose legitimacy rested on continuity, interoperability, implementation, operational experience, and restraint is now being used to justify disruption, lock-in, and control. The room invokes the network’s founding creed while turning against the thing that creed was supposed to protect.

The technical community should now say the obvious thing clearly.

When rough consensus and running code diverge, running code comes first.

It comes first because everything else was tolerated only in its name.

And if the RIR system cannot return to that discipline—if it insists on stretching thin policy into broad control, using regional rhetoric to claim quasi-political authority, and sealing the operator’s exit while still speaking in the language of technical stewardship—then the technical community should disown it in its present form. This is not the RIR that the technical community once justified as a thin coordinating layer. It is not the RIR imagined in the older IETF-compatible story about modest bottom-up administration. It has mutated into something else: a system willing to use administrative power against running code, then call that consensus, then call that community, and finally call that legitimacy.

A system willing to endanger the access rights of hundreds of millions of users without even a valid policy basis, and then close ranks around that act, has no technical legitimacy left whatsoever. At that point, its community-driven, consensus-based model is not merely weakened. It has become a lie.

Because this is not merely an operator problem. It is not merely a sovereignty problem. It is not merely a poverty problem.

It is a technical legitimacy problem.

And it is hard to think of a clearer betrayal of the technical community’s own first principle than this.