This essay follows seven prior notes: Note 52 on registry power and liability, Note 53 on number resources not being political property, Note 56 on double extraction, Note 58 on sovereignty inversion, Note 59 on the poverty penalty, Note 61 on running-code betrayal, and Note 62 on mandate laundering. Together with my CircleID author sequence, they argue that the Regional Internet Registry system has moved beyond technical coordination into thick governance without the legal mandate, representation, liability, or operational discipline such power requires.

The immediate trigger is John Curran’s recent defence of the RIR system, which roots RIR legitimacy in a historical chain from the U.S. Government White Paper through ICANN, the ASO, ICP-2, the IANA stewardship transition, and the multistakeholder model. That argument makes the dispute clear: if historical delegation, institutional recognition and community procedure can renew themselves indefinitely, then running code has become decorative. The original Internet tradition says otherwise. RFC 3935 grounds the IETF in technical competence, real-world implementation, and rough consensus and running code; RFC 7282 repeats the rejection of kings, presidents and voting; RFC 9592 states that the IETF does not run, control, or patrol the Internet.

The proposed repair is Running-Code Primacy: the number-resource layer should be interpreted only by reference to the minimum technical function running networks require—uniqueness, interoperability, proof of control, routing-adjacent security, and locally verifiable state. It should not manufacture political authority, police commercial morality, convert geography into title, or let a registry erase already-running assets through internal policy theory. The correct order is initial specification, distributed ledger state, local validation, running implementation, voluntary adoption, compatibility set, then documentation. The wrong order is policy room, declaration, compliance label, and forced operational compliance.

This is not a better-RIR doctrine. It is post-RIR architecture. NRS states the problem directly: Internet number registries were designed as technical coordination bodies, but IPv4 scarcity turned addresses into valuable assets and registry discretion into economic power. Once coordination systems control capital, centralization becomes structural risk. Note 64 supplies the constructive grammar: Minimum Initial Specification, Localized Future Decision, and Voluntary Adoption. In this revised form, those principles mean deterministic validation, no post-founding permission layer, voluntary counterparty acceptance, explicit compatibility sets, fork visibility, and no registry as source of validity.

The failures are concrete. APNIC shows the legal-structure risk. A LARUS legal review, supported by the ASIC company extract and Dr Peter Felter’s legal opinion, argued that APNIC’s public-facing structure rested on a proprietary company, a single share, a special committee, and legal arrangements too fragile for a region-scale Internet coordination function. ARIN shows that law and markets can outrun registry theory: the Nortel/Microsoft sale proved that once courts and markets treat IPv4 as an asset, registry policy cannot remain the only source of reality. BTW Media describes how regional rulebooks now create asset friction in a valuable IPv4 market.

AFRINIC shows the most direct danger: a private registry tried to convert leasing, customer geography, commercial use and internal policy interpretation into claimed power over already-running number resources. BTW Media’s AFRINIC coverage shows how a commercial dispute became an Internet governance crisis. NRS Protect Your Vote illustrates the representation problem: real legal authority requires actual authorization, not community rhetoric. A room is not a mandate. A mailing list is not a people.

RIPE NCC and LACNIC expose the club and choke-point layers. Refused sponsorships show that the RIR social layer can act as private blacklisting. RIPE NCC sanctions transparency proves the legal choke point: a Dutch entity must obey Dutch and EU law, but that does not justify one jurisdiction becoming a central recognition point for global number-resource mobility. Sanctions can bind banks, entities and counterparties. They should not become universal technical validity.

The NRO’s letter to Mauritius shows the system’s reflex: when ordinary courts challenged AFRINIC, the response was not to narrow the mandate but to seek higher status. The current ICP-2 revision may improve recognition and derecognition mechanics, but it preserves the category error if it still assumes RIRs are the natural sovereign form of number-resource coordination.

The alternative is distributed state, local validation, voluntary counterparty acceptance, explicit forks, and no standing registry as source of truth. Serious researchers or institutions interested in developing this into an Internet-Draft or RFC/BCP discussion can contact me on LinkedIn; LARUS Foundation is willing to support serious research in this direction.

Full article: Note 65—Running-Code Primacy: The Patch Needed to Preserve the Internet’s Original Design.