Cover
National Internet security alert
They take your money, lock you in, and can destroy your network — for as little as USD 100 in liability.
AFRINIC is not just a technical registry dispute. It is an attempted concentration of registry control, legal insulation, and regional lock-in over the infrastructure layer used by governments, telecom operators, banks, cloud providers, and critical national systems across Africa.
National Internet security alert
They take your money, lock you in, and can destroy your network — for as little as USD 100 in liability.
AFRINIC is not just a technical registry dispute. It is an attempted concentration of registry control, legal insulation, and regional lock-in over the infrastructure layer used by governments, telecom operators, banks, cloud providers, and critical national systems across Africa.
National Internet security alert
They take your money, lock you in, and can destroy your network — for as little as USD 100 in liability.
AFRINIC is not just a technical registry dispute. It is an attempted concentration of registry control, legal insulation, and regional lock-in over the infrastructure layer used by governments, telecom operators, banks, cloud providers, and critical national systems across Africa.
Critical threat

$100 Liability

Regional lock can trap operators inside a single registry jurisdiction. Once imposed, practical exit paths disappear.
Critical threat

Immunity

The AFRINIC RSA can limit liability to as little as USD 100 even where registry decisions could destroy the operational value of a network.
Critical threat

Regional Lock

A regional attribute binding AFRINIC resources to the AFRINIC region would reduce or eliminate practical exit options for operators.
What decision-makers should fear

This is not a policy disagreement. It is a structure that can leave governments and operators exposed, trapped, and unable to defend themselves after the damage is done.

For Governments

Regional lock can trap operators inside a single registry jurisdiction. Once imposed, practical exit paths disappear.

For Telecom Operators

The AFRINIC RSA can limit liability to as little as USD 100 even where registry decisions could destroy the operational value of a network.

For Cloud, Banking, IXPs

If the registry layer is weaponized, address legitimacy, transfers, routing trust, and service continuity all become pressure points.
Questions governments and telecom operators must ask

Are telecom operators comfortable with a private company in Mauritius holding administrative authority capable of affecting the operational legitimacy of their networks while its liability is limited to USD 100?

Do governments in Africa have geopolitical adversaries who would benefit from the disruption of their national Internet infrastructure?
If hostile actors gained influence over AFRINIC governance, what would prevent that leverage from being used against national telecom systems, cloud infrastructure, banks, or government networks?
Are countries with diplomatic or strategic tensions with Rwanda comfortable with a purported board in which seven of eight individuals are associated with a Rwanda-origin governance bloc?
Legal reality

Why AFRINIC is operating under a governance vacuum

The purported AFRINIC board has not yet been validated by the court.

The receiver filed an application asking the court to validate that board. Judgment has not yet been issued.

The receiver’s own position is that his core role was to run the election and present the result to the court.

If the receiver’s role is complete and the board is still unvalidated, AFRINIC is operating in a governance vacuum.

Election integrity warning

Over 90% support in a highly contested election should trigger scrutiny, not blind acceptance.

The purported board claims to have received over 90% of the vote in what was described as one of the most highly contested AFRINIC elections.

 

NRS has gathered evidence indicating that some members whose names appear in the voter register have stated that they did not vote at all.

 

If individuals appear in the official voting record while denying participation, the integrity of the election process must be examined carefully.

A board that is not yet court-validated and whose election record is under integrity challenge should not be treated as having unquestionable legitimacy over the Internet numbering resources of an entire continent.

Bottom line

Whoever controls AFRINIC controls the registry layer of African Internet number resources.

Maximum liability: as little as USD 100.

Potential immunity: reduced legal accountability.

Regional lock: no practical exit after capture.

Telecom Operators

IP Number Resources

Registry Authority (AFRINIC)

Full warning letter

Urgent Warning to AFRINIC Members: $100 Liability + Immunity + Regional Lock = Structural Risk to African Internet Infrastructure

AFRINIC recently circulated a letter claiming that legal actions brought by Cloud Innovation, Larus, and others are attempts to “paralyse Africa’s sole Regional Internet Registry.”

 

Before accepting that narrative, every network operator, telecommunications regulator, and government must examine the structural implications of the governance model AFRINIC leadership is currently attempting to establish.

Three elements are now converging simultaneously:

A liability cap of USD 100 in the AFRINIC Registration Services Agreement (RSA) between members and AFRINIC. Under this agreement, the maximum contractual liability AFRINIC accepts for actions affecting your resources can be as low as USD 100, even in cases where registry decisions could impact the operational viability of your network.  

Renewed attempts to obtain legal immunity similar to that granted to international organizations, which would further shield registry actions from legal accountability.

The introduction of a regional attribute binding AFRINIC resources to the AFRINIC region, potentially preventing operators from transferring or relocating resources outside the registry’s jurisdiction.

Individually these developments raise serious concerns. Combined, they create a governance structure unprecedented in the history of Internet numbering.

A private company incorporated in Mauritius would retain administrative authority over IP address resources used by telecommunications carriers, ISPs, cloud providers, data centers, financial institutions, universities, and government networks across the AFRINIC region — while bearing at most USD 100 in liability for the consequences of its decisions.

Every network using AFRINIC resources ultimately depends on AFRINIC’s registry authority for allocation recognition, transfer validation, certification systems such as RPKI, and the registry data relied upon across the global routing ecosystem.

In practical terms, whoever controls AFRINIC controls the registry layer of Internet number resources across the region.

This leads to a question every operator and government should consider carefully:

Are you comfortable with a situation where whoever controls a single private company in Mauritius holds administrative authority capable of affecting the operational legitimacy of your network — while their contractual liability is limited to USD 100?


For governments, the implications are even more significant.

National Internet infrastructure — including telecommunications networks, financial systems, and government digital services — depends on the stability and neutrality of the registry layer.

If AFRINIC governance were captured or influenced by hostile actors, those actors would obtain leverage over the address resources used by networks throughout the region.

Under the current RSA liability structure, the legal exposure for catastrophic damage could be limited to one hundred US dollars.
This is not a theoretical concern. It is a structural risk arising from the combination of registry authority, minimal liability, potential immunity, and regional locking of resources.

Governments should also examine the geopolitical implications.

Seven of the eight individuals currently presented as AFRINIC directors are associated with a governance bloc originating from Rwanda. Countries that currently have diplomatic disagreements or strategic tensions with Rwanda should evaluate the implications of allowing registry authority over their national Internet resources to be aligned with actors outside their sovereign control.

Equally important is the current legal status of the AFRINIC board itself.

The so-called AFRINIC “Board” has not yet been validated by the court.

The court-appointed receiver conducted the election and subsequently filed an application requesting that the court validate the directors. That application has not yet been decided.

This means:

• The board has not been validated by the court.


• The receiver has indicated that his mandate was limited to conducting the election and presenting the results to the court.

If the receiver’s task is complete and awaiting discharge, and the board has not yet been validated, then AFRINIC is currently operating under a governance vacuum.


Under such circumstances, announcements regarding bylaws review committees, CEO recruitment, interim management arrangements, and governance reforms cannot represent final or binding decisions of a legally validated governing body. These matters remain contingent on the outcome of ongoing court proceedings in Mauritius.

The election results themselves also warrant scrutiny.

The purported board claims to have received over 90% of the votes in what was described as one of the most highly contested AFRINIC elections.

Such results are extremely unusual in competitive elections.

The Number Resource Society (NRS) has already gathered evidence indicating that some members whose names appear in the voter register have stated that they did not cast a vote.

If individuals appear in the official voter record despite denying participation, the integrity of the election process must be examined carefully.

Under these circumstances, operators and governments should treat recent AFRINIC communications with caution.
This issue is not merely an internal corporate dispute.

It concerns the governance of the registry layer that underpins Internet infrastructure across an entire continent.

The Number Resource Society (NRS) was established to coordinate operators, infrastructure providers, and stakeholders who believe that Internet number resources must remain accountable, neutral, and resistant to structural abuse of power.

If you operate a telecommunications network, manage infrastructure, or represent a government responsible for national Internet stability, the risks described above deserve careful consideration.

Ask yourself a simple question:

Are you willing to allow a private company with USD 100 liability protection to hold administrative authority over the address resources that your network — and potentially your nation’s Internet infrastructure — depends upon?

If the answer is no, collective action is required.

NRS-New-Logo-04
Collective defense

Join NRS. We are the only organized mechanism with the legal power and collective action capability to fight back.

If operators stay isolated, they can be charged, locked in, overruled, and damaged one by one. Collective defense changes that equation.

 

NRS exists to coordinate legal action, shared intelligence, industry representation, and mutual protection so that governments and operators are not left alone against an unaccountable registry structure.

Join the NRS Class Action

Become an NRS Member
Number Resource Society (NRS)
info@NRS.help

Sincerely,  

Number Resource Society (NRS)