Introduction
The Internet is a global infrastructure that depends on a governance framework that coordinates access to a shared technological resource without centralized control. Internet Protocol (IP) standards are central to this governance framework. These protocols are not merely technical specifications but also encode rules about how addresses are structured, assigned, and routed. Governance, in this context, refers to the rule systems that shape and constrain action, whether human-administered, such as policy development processes (PDPs) and contractual arrangements, or machine-executed, as in protocol rules and automated enforcement. IP addresses exist within a broader institutional ecosystem of international, largely nonprofit organizations that coordinate allocation, establish policy, and resolve disputes over these shared resources.
The Internet also exemplifies polycentric governance, which refers to systems in which multiple, formally independent decision-making centres operate with overlapping authority and some degree of coordination. This concept has been developed across several traditions, including work on global governance emphasizing dispersed authority, regime complexity, and coexistence of public and private rule-making bodies (Aguerre et al., Reference Aguerre, Campbell-Verduyn and Scholte2024; Gadinger and Scholte, Reference Gadinger and Scholte2023). The concept of polycentricity highlights not only the multiplicity of governing centres but also the importance of rules, monitoring, and collective-choice arrangements in sustaining cooperation under conditions of interdependence.
While polycentric governance can be analysed through multiple theoretical lenses, we draw especially on Elinor Ostrom’s analysis of polycentric systems. Ostrom’s version of polycentricity focuses on how locally grounded rule-making units interact within broader coordination frameworks to manage shared resources. In this way, it complements perspectives that emphasize authority structures or regime complexity. An Ostromian lens directs attention to the rules, monitoring practices, and collective-choice arrangements that sustain cooperation in the absence of centralized control. Ostrom’s design principles provide a structured way to evaluate how communities manage scarcity, resolve disputes, and adapt to changing conditions. Although Ostromian analysis has been widely applied to natural resource governance and, more recently, to digital commons, its application to Internet number resource governance has been more limited. This paper joins previous influential research that uses the design principles as an analytical framework to assess the strengths, vulnerabilities, and reform trajectories of Internet governance.
Our focus is on Regional Internet Registries (RIRs), which are nonprofit organizations responsible for allocating Internet addresses. These regional registries register IP addresses within specific geographic regions and assign Autonomous System Numbers (ASNs), which identify independently operated networks for Internet routing. The ASNs are allocated to the registries from the Internet Assigned Numbers Authority (IANA). These number resources are central to Internet governance because they enable the coordination, interoperability, and global routability of networks across the Internet, making reliable allocation and registration essential to the stability and functioning of the global Internet infrastructure.
This paper considers how RIRs function as self-governing institutions for managing IP address resources and what episodes of stress reveal about the resilience and vulnerabilities of this polycentric system, understood as a set of interacting, decentralized rule-making centres. In this regard, our study joins previous analysis of the Internet from an institutional perspective. Mueller (Reference Mueller2025) observes that Internet governance has evolved from a system of informal coordination to one grounded in community-based institutional arrangements, raising enduring questions about legitimacy, understood as stakeholder perceptions of institutional appropriateness, and independence. Earlier research by Nye (Reference Nye2014) characterizes this institutional landscape as a “regime complex,” where authority is dispersed across overlapping and loosely coupled centres rather than concentrated in a single hierarchy. Scholte (Reference Scholte and Middel2018) likewise emphasizes the polycentric nature of Internet governance, while Haggart et al. (Reference Haggart, Tusikov and Scholte2021) show how states re-enter this environment through diverse advisory and regulatory roles. Within this broader context, the RIRs represent a particularly clear example of self-governing institutions that both sustain and test the resilience of a global polycentric order in the Ostromian sense of interacting, decentralized rule-making centres.
Mueller’s earlier work (Reference Mueller1999, Reference Mueller2002, Reference Mueller2010a, Reference Mueller2010b) reconceptualized the Internet as an institutional system where governance of resources like domain names and IP addresses evolved from informal norms to formalized arrangements shaped by public and private actors. This perspective initiated an Ostromian research agenda on commons-based rule formation and polycentric governance in digital systems. Much of this scholarship has focused on digital commons such as blockchain networks as experiments in decentralized rulemaking, including the potential that smart contracts enable a novel organizational form alongside firms and governments (Alston et al., Reference Alston, Law, Murtazashvili and Weiss2022; Allen et al., Reference Allen, Davidson, Potts, Dekker and Kuchar2021; Bodon et al., Reference Bodon, Bustamante, Gomez, Krishnamurthy, Madison, Murtazashvili, Murtazashvili, Mylovanov and Weiss2022; Davidson et al., Reference Davidson, De Filippi and Potts2018; Davidson, Reference Davidson2024; Frolov, Reference Frolov2021; Murtazashvili et al., Reference Murtazashvili, Murtazashvili, Weiss and Madison2022; Rozas et al., Reference Rozas, Tenorio-Fornés, Díaz-Molina and Hassan2021).
We extend this tradition by providing an up-to-date institutional analysis of the RIRs using an Ostromian framework applied systematically across design principles. We argue that their durability reflects the operation of Ostromian design principles within a layered regime complex, but pressures from scarcity, marketization, and legal contestation contribute to an ongoing process of adaptive reform. More fundamentally, our analysis shows that even with recent stresses to the system, a polycentric, decentralized system is quite capable of providing a global infrastructure for managing a shared resource. It thereby adds to perspectives which see Ostrom’s design principles as offering significant insight into shared resources on a global scale (Hazlett et al., Reference Hazlett, Palida and Weiss2023b; Paniagua and Rayamajhee, Reference Paniagua and Rayamajhee2024; Shackelford, Reference Shackelford2014; Tepper, Reference Tepper2021).
Our choice to focus on the design principles reflects our view that such analysis is complementary to the Governing Knowledge Commons (GKC) framework, which has illuminated many aspects of Internet governance (Frischmann et al., Reference Frischmann, Madison and Strandburg2014; Madison et al., Reference Madison, Frischmann and Strandburg2010). As Hess (Reference Hess2008) observed, the Internet represents a “new commons,” a shared resource without pre-existing rules, requiring governance built from the ground up. The GKC perspective has proven especially useful for non-depletable resources like open-source software (Benkler, Reference Benkler2006; Schweik and English, Reference Schweik and English2012).
Although Ostrom’s design principles were originally developed in the context of common-pool resource governance, we apply them here more broadly as tools for analysing how institutional arrangements sustain coordination, legitimacy, monitoring, and rule adaptation in shared infrastructural systems. Some dimensions of Internet governance involve managing inherently scarce resources, while others involve sustaining coordination, interoperability, and institutional trust in environments where scarcity is less central, but collective governance challenges remain. Others, including the current IPv6 protocol for IP addresses (which has an essentially unlimited number of addresses, in contrast with the initial IPv4 protocol, which had a finite address space), are less meaningfully understood through simple depletion dynamics because address abundance reduces direct scarcity pressures. Yet even in the context of IPv6 address abundance, governance challenges persist regarding allocation, routing coordination, interoperability, verification, policy harmonization, and institutional legitimacy. We therefore use the design principles not solely as measures of resource depletion management, but as a framework for evaluating the resilience and adaptability of decentralized governance arrangements under changing technological and institutional conditions.
Our analysis complements a significant research agenda on legitimacy in Internet governance by Hortense Jongen, Jan Aart Scholte, and collaborators (Jongen and Scholte, Reference Jongen and Scholte2021, Reference Jongen and Scholte2022, Reference Jongen and Scholte2023; Jongen et al., Reference Jongen, Scholte, Christine, Barra de Oliveira and Nzeka2026). Legitimacy is a central concern in Internet governance, yet the concept encompasses multiple dimensions that are often conflated. In this paper, we understand legitimacy as the perceived appropriateness and acceptability of governance arrangements among relevant stakeholders, including members, affected communities, and external observers. This includes both procedural elements, such as participation, transparency, and accountability, and output-oriented dimensions, such as effectiveness and fairness in outcomes. Recent empirical work has developed systematic approaches to measuring legitimacy in Internet governance, particularly through survey-based studies of Internet governance organizations that show how institutional features such as purpose, procedures, and performance shape legitimacy beliefs (Jongen and Scholte, Reference Jongen and Scholte2021, Reference Jongen and Scholte2023). This research also highlights that legitimacy is uneven and contingent: perceptions vary across stakeholders and are shaped by broader structural conditions, including inequalities in participation and influence (Jongen and Scholte, Reference Jongen and Scholte2022). More recent work extends this analysis to RIRs, particularly in contexts of institutional stress (Jongen et al., Reference Jongen, Scholte, Christine, Barra de Oliveira and Nzeka2026). Our analysis does not attempt to replicate previous fieldwork; rather, we use an Ostromian institutional lens to examine how rule structures and governance practices may support or undermine legitimacy under conditions of stress.
Section 2 traces the early governance dilemmas that shaped Internet development and the co-evolution of protocols and institutions. Section 3 analyzes how RIRs govern addresses using Ostrom’s design principles, identifying strengths and pressure points tied to scarcity, transition, equity, and enforcement. Section 4 situates the RIRs within the broader polycentric order and related debates about its performance. Section 5 examines an unusual but revealing stress event within the RIR system, using the case to explore how exceptional institutional breakdowns illuminate both the resilience and vulnerabilities of polycentric governance. Section 6 compares alternative reform pathways, including market liberalization, governance consolidation, and decentralized autonomous registry (DAR) models, using the design principles as evaluative benchmarks. Section 7 concludes with implications for Internet governance and institutional resilience.
Initial emergence and resolution dilemmas of Internet governance
From its earliest years, the Internet confronted governance dilemmas that arose directly from the nature of address resources and their distribution. Early advances included Advanced Research Projects Agency Network, a packet-switching network launched by the U.S. Department of Defense in 1969, and the 1974 specification of the Transmission Control Protocol and Internet Protocol (TCP/IP) by Vint Cerf and Bob Kahn, which became the Internet’s core architecture.Footnote 1 By 1981, the initial protocol, IP version 4 (IPv4), was standardized in RFC 791, establishing a 32-bit addressing scheme that enabled roughly 4.3 billion unique addresses and made communication across distributed networks possible.Footnote 2 On January 1, 1983, the transition from the older Network Control Protocol to TCP/IP marked the birth of the modern Internet. In this formative period, address allocation and domain name management were handled informally by Jon Postel, whose ad hoc coordination reflected the experimental and collaborative ethos of the early Internet community.Footnote 3 In 1988, the IANA was formalized to oversee IP address allocation, protocol parameters, and the Domain Name System root, the top-level directory that anchors all domain names on the Internet.Footnote 4 The U.S. government created the Internet Corporation for Assigned Names and Numbers (ICANN) in 1998 to coordinate these functions globally, embedding a multistakeholder model of governance that remains central today.Footnote 5
The initial IP protocol, IPv4, enabled the Internet’s initial growth but has a finite address space. IP version 6 (IPv6), introduced in the 1990s, offered an effectively unlimited 128-bit address space and improved efficiency and security, yet required costly coordination to achieve interoperability and adoption. IPv6 streamlines network management, enhances security, and better supports mobile and Internet-of-Things applications. Although IPv6 dramatically expands available address space, abundance does not eliminate governance problems because routing coordination, allocation policies, migration incentives, registry accuracy, and interconnection standards still require institutional management. Yet IPv6 is not backward compatible with IPv4, so transition strategies – dual-stack deployments, tunnelling, and protocol translation – add complexity, latency (the time it takes for packets to go from one place to another), and cost in terms of new hardware, software upgrades, and staff retraining.Footnote 6 IPv6 adoption has been slowed by these transition costs and complexity, leading some to argue that only significant public support could overcome barriers and unlock its long-term benefits (Levin and Schmidt, Reference Levin and Schmidt2015).
The regional system of Internet registries, operating under the coordination of IANA and ICANN, was created to allocate Internet addresses as usage rights rather than property, consistent with the Internet’s early design philosophy of stewardship and shared governance.Footnote 7 The five nonprofit RIRs – RIPE NCC, APNIC, ARIN, LACNIC, and AFRINIC – emerged between 1992 and 2005 to coordinate globally through the Number Resource Organization (NRO) and are represented within ICANN as the Address Supporting Organization (ASO). The NRO is the coordinating body for the five RIRs, providing a unified framework for global policy coordination, technical cooperation, and representation of shared interests in Internet number resource management. The ASO consolidates number resource policy proposals from the RIRs and advises the ICANN Board, ensuring that global address policies reflect regional consensus while preserving registry autonomy. IANA functions, now carried out by Public Technical Identifiers, allocate address blocks to the RIRs, while the Internet Engineering Task Force (IETF) defines the technical standards that underpin these allocations. This layered system of global coordination and regional implementation reflects the outcome of the 2016 IANA transition, which shifted oversight from the U.S. government to the global multistakeholder community (Mueller, Reference Mueller2025), positioning the RIRs as central institutions in Internet address governance.
When IANA’s IPv4 pool was exhausted in 2011, the RIRs rationed remaining blocks and oversaw the rise of transfer markets. These markets improved allocative efficiency, especially for legacy resources, but also introduced risks of hoarding, price distortions, and grey-market activity (Livadariu et al., Reference Livadariu, Elmokashfi and Dhamdhere2017; Mueller et al., Reference Mueller2013a, Reference Mueller, Kuerbis and Asghari2013b; Richter et al., Reference Richter, Allman, Bush and Paxson2015). IPv6 offers abundance yet presents coordination challenges: adoption requires costly dual-stack deployment, and the persistence of IPv4 markets weakens migration incentives (Levin and Schmidt, Reference Levin and Schmidt2015). As a result, the Internet remains in a prolonged, market-driven transition, with global IPv6 traffic typically below 50% (CircleID, 2025a).
These dilemmas of scarcity, transition, efficiency, and authority define the core challenges of Internet governance. Some studies emphasize the resilience of the Internet’s polycentric order, in which the RIRs, ICANN, and the IETF collectively manage scarcity and coordination through multistakeholder governance (Mueller, Reference Mueller2002). Others contend that intergovernmental institutions like the ITU could better address global equity or accountability concerns (Esayas, Reference Esayas2014). While the Internet community has generally resisted ITU involvement (which operates under a state-centric, multilateral model), some states continue to invoke digital sovereignty and distributive fairness in calls for reform (Carr, Reference Carr2015). Recent empirical research has also begun to examine legitimacy in Internet governance institutions, including ICANN and the RIRs, highlighting variation in stakeholder perceptions and the role of institutional design, inequality, and regional context in shaping legitimacy beliefs (Jongen and Scholte, Reference Jongen and Scholte2021, Reference Jongen and Scholte2022, Reference Jongen and Scholte2023; Jongen et al., Reference Jongen, Scholte, Christine, Barra de Oliveira and Nzeka2026). In the following sections, we argue that the Ostromian design principles both capture the motivating dilemmas of previous research and offer insight into various reform possibilities for the system of Internet governance.
The RIRs as Ostromian Institutions
Design principles for self-governance of shared resources
The RIRs invite a closer look at how institutions manage shared resources under conditions of both scarcity and interdependence. Ostrom (Reference Ostrom1990, Reference Ostrom2005) showed that decentralized systems of rulemaking, adapted to local conditions but connected through broader coordination frameworks, are often more effective than centralized command-and-control approaches. Ostrom’s well-known design principles include clearly defined boundaries (P1), congruence between rules and local conditions (P2), collective-choice arrangements (P3), monitoring (P4), graduated sanctions (P5), conflict-resolution mechanisms (P6), minimal recognition of rights to organize (P7), and nested enterprises that link local, regional, and global governance (P8). Each is useful for understanding continuity and change in the RIR system, as well as how RIRs fit within the broader ecosystem of Internet governance.
Analysing RIRs in terms of the design principles
The first of Ostrom’s design principles, clearly defined boundaries (P1), is central to how RIRs govern IP address resources. Each RIR establishes membership eligibility and operates on a not-for-profit, cost-recovery basis, linking access to identifiable actors. AFRINIC, for example, restricts membership to entities legally operating within Africa, while RIPE NCC permits global membership but requires that resources be deployed in Europe. ARIN, APNIC, and LACNIC fall between these approaches, balancing regional presence with operational justifications. By tying resource access to defined communities, these boundaries create accountability within regional governance processes.
Boundaries are not only formal criteria but also operationalized through working rules. As Bustamante et al. (Reference Bustamante, Gomez, Lehr, Murtazashvili, Palida and Weiss2023) note in their analysis of rules governing use of and access to electromagnetic spectrum, even highly institutionalized systems depend on the management of scarce resources through practical rules. RIRs employ due-diligence and “Know Your Customer” checks to verify applicants, requiring documentation such as proof of incorporation, evidence of an operational footprint, and assignment logs.Footnote 8 These procedures ensure that only legitimate, regionally qualified entities can hold resources, making boundary rules credible in practice.
The allocation of Internet Protocol (IP) addresses and ASNs further reflects P1, as exclusive rights to use these resources are tied to specific organizations.Footnote 9 While such boundaries promote stewardship and accountability, disputes within the regional organizations (which we discuss subsequently) illustrate that enforcement can be fragile when rules are contested, underscoring the importance of both formal criteria and operational practices in sustaining the integrity of the system.
Congruence between rules and local conditions (P2) is visible in how RIRs tailor allocation policies to different circumstances of scarcity and growth. Because IPv4 addresses are limited, registries ration them carefully, while IPv6 is distributed more generously to encourage adoption. Applicants may need to show business records, technical plans, or past utilization before receiving additional allocations, although the policies are not applied mechanically: they are adjusted to reflect regional realities such as network maturity, demand, and capacity. For example, some regions restrict transfers of addresses to organizations operating locally, while others allow cross-regional transfers if rules align and the buyer can demonstrate a clear plan for use.Footnote 10
These practices ensure that scarce resources like IPv4 are not wasted or stockpiled, while more abundant resources like IPv6 can be distributed in ways that support experimentation and long-term growth. By linking eligibility to demonstrated need and actual usage, the registries strike a balance between global rules and local conditions.
Through collective-choice arrangements (P3), the RIRs engage communities in shaping policy via open PDPs. PDPs engage members through public forums to shape policies that balance regional growth and global interoperability.Footnote 11 Participation through mailing lists, regional meetings, and working groups institutionalizes decentralized, member-driven governance institutions, though working rules, such as ticketing systems, documentation standards, and procedural clarity, influence whether smaller operators or underrepresented actors can effectively engage in debates and compliance. These processes help balance regional growth with global interoperability while reinforcing perceptions that policy is local.
Monitoring (P4) in the RIR system combines technical infrastructure with staff-led practices to ensure that address resources are used as intended. Publicly available registry data, through services such as ICANN Lookup, provide an important layer of transparency, enabling both staff and external actors to verify address use. Core technical systems, including the Internet Routing Registry (IRR), the Registration Data Access Protocol (RDAP), and the Resource Public Key Infrastructure (RPKI, which issues cryptographic certificates to validate routing announcements), provide the backbone for monitoring. These tools allow both registries and third parties to observe compliance, turning accountability into a shared rather than purely internal function.
Technical artefacts alone, however, are not sufficient. Monitoring becomes credible when combined with organizational routines: case officers conduct audits, launch data-quality campaigns, and carry out compliance checks to reconcile records with operational use. Utilization spot checks ensure that subsequent allocations depend on demonstrated need, while “hold” statuses in ticketing systems flag suspected policy breaches. More targeted audits may be triggered by anomalies such as inconsistent route announcements, unusual resource origin records, or mismatched geographic claims.
Recovery of unused or misused resources is a further dimension of monitoring. Here, approaches vary across registries. AFRINIC, APNIC, and LACNIC adopt active reclamation policies, revoking resources when organizations close or fail to meet maintenance requirements, while ARIN and RIPE NCC take a more passive stance, intervening mainly at account closure or upon clear violations.Footnote 12 These differences reflect broader philosophies of stewardship versus member autonomy, but in all cases the underlying principle is the same: effective monitoring and accountability are essential to sustaining commons governance, as Ostrom emphasized.
Graduated sanctions (P5) operate through a sanctions ladder that typically starts with informal guidance and escalates through ticket holds, suspension, and finally revocation. They use a lightweight, self-regulatory model for enforcement and compliance, based on service agreements, reputational incentives, and community scrutiny instead of legal enforcement (Lehr et al., Reference Lehr, Vest and Lear2008). The working rules here are crucial: staff judgments, escalation procedures, and documented timelines create proportionality and allow most issues to be resolved without escalation to the courts. The sequencing provides flexibility while preserving stewardship of the address pool.
Conflict-resolution mechanisms (P6) exist in both formal and informal registers. While formal appeals and arbitration procedures are written into agreements, most disputes are managed through ticket escalation and internal mediation before reaching courts, which remain costly and legitimacy-threatening backstops.
RIRs also embody minimal recognition of rights to organize (P7) through their decentralized policymaking structures, generally respected by states. But working rules again matter: the openness of PDPs, the transparency of ticketing and appeals, and the procedural autonomy of case officers help reinforce the perception that RIRs are genuinely self-governing institutions. Interventions in AFRINIC show that without robust working rules protecting autonomy, external political pressures can destabilize this principle.
Nested enterprises (P8) link the RIRs to the broader architecture of Internet governance. At the formal level, this nestedness is anchored by IANA, which operates under ICANN to allocate blocks to the RIRs and manages global naming, numbering, and protocol parameters in line with IETF standards (IANA, 2022; Mailchimp, 2023). The RIRs coordinate collectively through the NRO and are represented within ICANN as the ASO. This structure ensures the global uniqueness of IP address assignments while allowing regional registries to retain autonomy over allocation and management of IP and Autonomous System (AS) numbers. Operational artefacts such as standardized RDAP and IRR entries tie local registry practices into a globally interoperable system. Through these linkages, regional decision-making and global standardization reinforce one another.
Yet the system’s nestedness remains more procedural than operational. While formal coordination mechanisms exist, crises such as AFRINIC’s receivership reveal the absence of robust “mutual aid” arrangements across RIRs. Other registries continued to function, but no mechanism existed for cross-regional support or continuity planning during institutional breakdowns (CircleID, 2025a). These day-to-day routines connect local registry practices with global coordination, embodying the “nested” quality of the governance system.
Evaluating the polycentric system
Evaluated against Ostrom’s design principles, the RIR system functions reasonably well across each dimension of self-governance, yet each principle also reveals ongoing tensions and vulnerabilities. Table 2 summarizes this Ostromian analysis that follows.
Regional Internet Registries

Source: RIPE NCC: https://www.ripe.net/about-us/. APNIC: https://www.apnic.net/about-apnic/organization/. ARIN: https://www.arin.net/. LACNIC: https://www.lacnic.net/1004/2/lacnic/about-lacnic. AFRINIC: https://AFRINIC.net/about. Number Resource Organisation: https://www.nro.net/. Address Supporting Organisation, ICANN: https://aso.icann.org/.
Ostromian design principles applied to Regional Internet Registries

With respect to clearly defined boundaries (P1), cross-regional leasing, transfers, and evolving market practices increasingly complicate enforcement of regional eligibility and resource-use requirements. Regarding congruence between rules and local conditions (P2), the coexistence of IPv4 scarcity alongside IPv6 abundance sustains incentives that delay migration and complicates efforts to align allocation rules with differing regional conditions and technological capacities (Levin and Schmidt, Reference Levin and Schmidt2015). Regional policy variation further illustrates these tensions. Grinius (Reference Grinius2025) shows that RIPE NCC has become a net “gainer” of IPv4 space, while LACNIC has become a net “leaker,” losing over three million addresses in 2025 alone. These outcomes stem less from technical scarcity than from institutional design: RIPE’s flat-fee, non-needs-based model and permissive transfer rules attract holders seeking regulatory flexibility, whereas LACNIC’s size-based fees and strict anti-leasing policies encourage outflows. Such asymmetric incentives demonstrate how rules adapted to local conditions can nonetheless generate broader system-level imbalances and opportunities for regulatory arbitrage.
Collective-choice arrangements (P3) remain central to the perceived legitimacy of the system, but uneven participation across regions and organizations raises concerns about unequal influence and the potential marginalization of smaller operators. Monitoring (P4) depends on continual maintenance of registry accuracy, routing data, audits, and verification systems, with errors or inconsistencies capable of undermining confidence in allocation records. Graduated sanctions (P5) must remain credible while avoiding escalation into protracted legal disputes, while conflict-resolution mechanisms (P6) face similar pressures when disagreements shift from internal mediation toward costly court proceedings that risk fragmenting governance. The principle of minimal recognition of rights to organize (P7) is generally sustained through regional autonomy and decentralized processes for policy development, yet tensions persist over unequal market influence, legacy advantages, and the possibility of external political intervention.
Finally, nested enterprises (P8) continue to support coordination across regions and global institutions, although resilience remains more procedural and deliberative than operational, with limited formal mechanisms for coordinated intervention or temporary substitution when one registry faces institutional crisis. Nestedness remained stronger at the level of coordination and deliberation than at the level of operational continuity. Other RIRs, the NRO, the ASO, and ICANN all engaged in ongoing discussion, support efforts, and community coordination during the AFRINIC crisis, including through ICANN meetings, the Africa Internet Summit, and direct engagement by ICANN leadership in Mauritius. These interactions reflected substantial cross-community attention and support for AFRINIC’s recovery.
The AFRINIC-Cloud Innovation dispute through Ostromian Principles
Scholars of Internet governance and institutional economics emphasize that moments of stress and breakdown are especially revealing for evaluating governance arrangements (Mueller, Reference Mueller2010b; Cole, Reference Cole2017; Hess and Ostrom, Reference Hess and Ostrom2007). We focus on one of these, which is the dispute within AFRINIC and Cloud Innovation, an organization that was seeking more addresses. Precisely because institutional breakdowns within the system have been relatively rare, the case offers a useful opportunity to examine how polycentric governance arrangements respond under conditions of acute stress, legal fragmentation, and contested authority. To maintain continuity, we introduce Cloud Innovation within an analysis of AFRINIC in terms of the design principles.
On P1 (clearly defined boundaries), AFRINIC maintains an “Africa-only” membership rule, requiring that addresses be deployed and used within the region under cost-recovery service agreements. Transfers must show “clean title” and proper documentation. Despite managing only about 2% of global IPv4 space, AFRINIC became the centre of a governance crisis after allocating over seven million IPv4 addresses to Cloud Innovation, a Seychelles-registered firm led by Lu Heng. This arguably exploited scarcity in ways consistent with patterns identified in IPv4 transfer markets (Livadariu et al., Reference Livadariu, Elmokashfi and Dhamdhere2017; Mueller et al., Reference Mueller, Kuerbis and Asghari2013b). This kind of arbitrage illustrates the enforcement gaps that institutional analysts such as Sowell (Reference Sowell2015) and Kuerbis and Mueller (Reference Kuerbis and Mueller2011) have long emphasized as endemic to Internet resource governance.
The dispute exposed the limits of AFRINIC’s boundary rules. When AFRINIC accused Cloud Innovation of violating regional-use requirements and sought to reclaim the addresses, the case escalated into prolonged litigation in Mauritius, compounded by internal mismanagement and a rigid legal system.Footnote 13 AFRINIC’s 2020 audit later revealed corruption and improper assignments, underscoring weaknesses in its oversight. Courts sided with Cloud Innovation’s argument that geographic restrictions were unenforceable on a global Internet, further undermining AFRINIC’s perceived legitimacy among key stakeholders (Mueller et al., Reference Mueller, Srivastava and Kuerbis2021). From a working-rule perspective, basic membership vetting was achievable at entry, but mechanisms to verify sustained in-region use were brittle. Boundaries were thus clear in principle but weak in practice: they determined who could join, but not reliably where or how the resources were used.
On P2 (congruence between rules and local conditions), large allocations paired with cross-regional leasing suggested rules and enforcement were not fully tuned to AFRINIC’s scarcity profile and brokerage incentives. “Clean title” and re-request bans existed, but did not address offshore leasing at scale. In working-rule terms, case officers relied on assignment logs and utilization attestations during evidence exchange, yet evidentiary standards lagged a leasing-driven business model that decoupled registration from routing geography. The result is that formal rules did not fully internalize the regional realities of an active global lease market drawing value out of AFRINIC’s limited IPv4 pool.
On P3 (collective-choice arrangements), open policy development processes, mailing lists, and community meetings are designed to allow stakeholders to update rules in response to new practices such as address transfers, leasing, and audit requirements. Despite these mechanisms, the AFRINIC dispute escalated into a broader test of the RIR governance model. In late 2021, the Number Resource Society, an organization closely associated with actors involved in the AFRINIC dispute, called for substantial deregulation of the address market and reduced oversight of transfers.Footnote 14 While these proposals highlighted frustrations with existing governance arrangements, they did not reflect a broad consensus across the RIR community and were often viewed sceptically by participants concerned about transparency, accountability, and concentration of influence within address markets. In practice, community participation continued, but decision-making was slowed by litigation, receivership, and leadership disputes.
On P4 (monitoring), oversight combined staff routines with technical tools such as routing registries, public data services, and cryptographic certificates that verify whether address blocks are being advertised as authorized. These tools made allocations transparent on paper but did not reveal where or how resources were actually being used. Internal audits later uncovered improper assignments and data inconsistencies, suggesting that gaps existed well before the dispute peaked. Leasing across regional boundaries is especially difficult to detect when registry entries appear valid but mask off-region operations. In practice, monitoring focused on the legal holder and routing claims rather than the geography of use or underlying business models. The result was that essential checks were present but not sufficient, allowing misalignment to persist until the conflict erupted.
On P5 (graduated sanctions), AFRINIC’s enforcement ladder was clear in principle but proved challenging to implement. Once Cloud Innovation challenged sanctions in Mauritian courts, injunctions blocked revocation and recovery, leaving AFRINIC unable to carry sanctions to completion. The case shows that sanctions worked internally but lost credibility once disputes shifted into national legal venues.
On P6 (conflict resolution), internal mechanisms such as escalation within ticketing and appeals were designed to resolve disputes at low cost. In practice, the conflict moved quickly to national courts, producing injunctions, asset freezes, and paralysis. Although AFRINIC received significant attention and support from the broader RIR and ICANN communities, including coordination through the NRO, ASO, and related forums, these arrangements did not provide a formalized operational backstop capable of resolving institutional paralysis once disputes became entrenched in national courts.
On P7 (recognition of rights to organize), the principle of community self-governance through policy processes, elections, and board continuity was severely undermined. By 2022, AFRINIC’s board was suspended, bank accounts frozen, and over two dozen lawsuits filed. While Cloud Innovation continued to operate, AFRINIC’s institutional challenges underscored how judicial interventions can hollow out the capacity for collective self-organization.
On P8 (nested enterprises), the global–regional architecture connected AFRINIC to IANA, ICANN, the NRO, and ASO, with shared artefacts such as RPKI and RDAP maintaining technical continuity. Interoperability remained, but the dispute put pressure on the organization.
Synthesizing across principles, the most acute failures lay in monitoring (P4), conflict resolution (P6), and nestedness (P8). Boundaries (P1) and collective choice (P3) remained formally intact, sanctions (P5) were well-specified but externally overridden, and recognition (P7) faltered once legal battles escalated. The lesson is that strengthening observability, building credible pre-court resolution venues, and creating cross-RIR mutual aid would address these vulnerabilities while preserving the RIR system’s Ostromian strengths.
Whereas Cavalli and Scholte (Reference Cavalli, Scholte, Haggart, Tusikov and Scholte2021) show that states influence ICANN largely through structured advisory channels, AFRINIC demonstrates a different pathway: state power re-entered through national courts, effectively overriding multistakeholder processes. AFRINIC remained under receivership through mid-2025, and efforts to restore governance through board elections were themselves contested and ultimately annulled over irregularities (AFRINIC, 2025; BTW Media, 2025; CircleID, 2025b; Mueller et al., Reference Mueller and Kuerbis2025).Footnote 15 These events underscore that the crisis is not merely historical but ongoing, and that institutional recovery remains fragile.Footnote 16 If successful, this reform process could mark the start of AFRINIC’s recovery from one of the most disruptive episodes in Internet number resource management.
Future Internet address governance
Iterative feedback and the RIR system
The AFRINIC–Cloud Innovation dispute illustrates how stress events test the limits of legitimacy and adaptability within the RIR system. Such conflicts reveal gaps in enforcement, dispute resolution, and cross-regional coordination, but they also serve as feedback loops through which institutions learn and adjust. Following Ostrom’s framework, stress does not signal systemic failure but an opportunity for incremental reform and institutional renewal. This variation is consistent with recent empirical findings that legitimacy perceptions across RIRs are generally high but uneven, with more contested assessments emerging in cases such as AFRINIC during periods of institutional disruption (Jongen et al., Reference Jongen, Scholte, Christine, Barra de Oliveira and Nzeka2026).
Although the AFRINIC crisis generated renewed discussion of institutional reform, most proposals involve incremental adaptation of the existing multistakeholder framework rather than wholesale replacement of the RIR system. The AFRINIC crisis has also prompted broader reflection within the RIR community regarding institutional resilience, contingency planning, and the adequacy of existing coordination mechanisms across registries. Rather than proposing radical alternatives, our analysis treats these stress points as catalysts for strengthening the existing polycentric order. Adaptation is likely to occur through pragmatic adjustments to rules, monitoring, and coordination mechanisms rather than abandonment of the RIR model. To explore these possibilities, we examine four reform pathways discussed in policy and scholarly debates: market liberalization, governance reform, layered commons, and decentralized autonomous registries.
Here, we use the design principles as evaluative criteria for possible reforms. The same eight principles can be used to assess how each reform pathway might maintain legitimacy, resilience, and polycentric balance under changing technical and political pressures.
Full market liberalization
The full market liberalization approach treats IP addresses as tradable property governed by price signals, allowing unused IPv4 blocks to flow to those who value them most. Lehr et al. (Reference Lehr, Vest and Lear2008) proposed formalizing IPv4 markets with safeguards to address hoarding and black-market practices, aiming to manage scarcity before widespread IPv6 adoption. While IPv6 deployment has since reduced IPv4’s long-term relevance, secondary transfers are now normalized, with most RIRs enabling regulated intra- and inter-regional transfers, thus realizing much of what Lehr et al. envisioned. Even though IPv6 offers ‘abundance’, a market framework could still improve transparency and efficiency across both protocols. In a liberal market model, scarcity is managed by market forces; allocation is decentralized (addresses are bought and sold like commodities); and dispute resolution occurs through contractual remedies enforced in civil courts. The role of RIRs would shrink to maintaining the registry database and ensuring the transfer rules are followed. While this approach harnesses economic incentives, it assumes that a legal infrastructure can enforce contracts globally and that markets will function fairly without central oversight. This would represent a more radical deregulation: from RIR-managed self-governance to a commodity market with minimal institutional coordination, especially across protocols, which we consider in the case of decentralized registries.
Under P1, boundaries are defined by purchasing power and contract rather than regional membership and needs tests, potentially weakening clarity and equity. P2 is mixed: prices adjust to scarcity, but market signals may not reflect local development goals or capacity constraints. P3 is thin, since rulemaking occurs through private contracts and platforms rather than open PDPs. P4 depends on market intermediaries and voluntary disclosures; transparency may be uneven without common monitoring artefacts. P5 shifts from graduated, community sanctions to legal remedies that can be slow, costly, and biased toward large actors. P6 relies on civil courts and arbitration forums that may be inaccessible to smaller operators, especially outside major jurisdictions. P7 offers little protection for regional self-organization beyond what private marketplaces permit. P8 is limited because nested coordination with IANA/ICANN and RIRs is reduced to title recording rather than multi-level governance. As a result, while markets may reduce address scarcity in the short term, the absence of cooperative rulemaking and shared oversight risks eroding the legitimacy and trust that have historically sustained global Internet coordination.
Governance reform and multistakeholder oversight
A second model advocates reforming multistakeholder institutions like the RIRs as stewards of address space. RIRs would continue allocating IPv4 and IPv6 based on regionally ratified policies shaped by technical experts, civil society, and governments. Key to this approach is strengthening policy and appeals processes to ensure decisions reflect diverse needs, with public-interest goals moderating market dynamics. Scarcity is managed through regional quotas, allocations follow RIR rules, and disputes are handled via arbitration, appeals, or legal channels, backed by contractual enforcement. For example, Mueller et al. (Reference Mueller, Srivastava and Kuerbis2021) addressed the Cloud Innovation–AFRINIC legal battle under this paradigm. They suggested pragmatic reform of the RIR system by encouraging legal restraint, proportionate enforcement, deference to judicial resolution in disputes, recognition of global IPv4 transfer markets, and a shift in focus towards IPv6 as the long-term solution. AFRINIC, they argued, must adapt to reality by recognizing a global IPv4 transfer market (abandoning strict new-needs tests) and accepting that remaining IPv4 space in Africa is marginal compared to inevitable migration to IPv6 (Mueller et al., Reference Mueller, Srivastava and Kuerbis2021). This governance-reform model emphasizes accountability and community oversight. Its allocation mechanism and enforcement are similar to today’s RIRs (region-based policy, RIR arbitration, appeals). It offers stability and broad stakeholder input, but it may be slower to adapt and still susceptible to regional deadlocks (like AFRINIC’s crises) and legal fragmentation if national governments step in. The latter is a concern sometimes referred to as the “splinternet” challenge that arises when national governments attempt to establish their own standards to govern Internet resources (Hoffmann et al., Reference Hoffmann, Lazanski and Taylor2020).
Evaluated prospectively, P1 remains strong: boundaries are specified via regional membership and documented need, potentially updated to reflect inter-regional transfer realities. P2 can be improved by tuning issuance, utilization thresholds, and recovery to local conditions, including late-phase IPv4 scarcity and incentives that recognize global lease markets. P3 is central: open PDPs, appeals, and clearer agenda-setting help the community iterate rules before crises escalate. P4 benefits from enhanced reporting obligations, cross-RIR audit triggers, and better use of machine-readable artefacts (IRR/RDAP, RPKI) for continuous oversight. P5 preserves proportionality through a sanctions ladder while clarifying reinstatement paths and mediation/arbitration channels. P6 can be bolstered by credible internal dispute-resolution mechanisms that reduce reliance on national courts. P7 is strengthened by protecting institutional autonomy against political interference while meeting procedural integrity requirements. P8 could be deepened by formal “mutual aid” arrangements, such as cooperative mechanisms that allow registries to back one another during crises. This might include, for example, temporary cross-assignment of case officers or shared mediation facilities when one registry faces operational or legal disruption.
Some of these adaptive dynamics are already visible within the RIR system itself. Prompted in part by the AFRINIC crisis, the ASO and broader RIR community have undertaken review processes concerning the recognition, accountability, and continuity requirements for Regional Internet Registries, including revisions to the Internet Coordination Policy framework known as ICP-2.Footnote 17 These reforms seek to clarify expectations regarding operational continuity, governance legitimacy, and institutional resilience while preserving the decentralized and multistakeholder character of the system. Rather than indicating systemic breakdown, the ICP-2 review illustrates how polycentric governance arrangements often evolve through iterative institutional adjustment in response to exceptional stress events.
There remain ongoing concerns about the need for greater harmonization across RIRs. Differences in funding models, such as flat-fee versus size-based structures, and in policies governing address leasing and transfers have contributed to visible disparities in address distribution among regions. If left unaddressed, these dynamics risk eroding fee revenue and prompting further fee adjustments, potentially destabilizing membership and participation. Governance reform efforts should therefore consider mechanisms for inter-RIR alignment on transfer transparency, fee design, and leasing practices to sustain the cooperative equilibrium that underpins the polycentric order.
Layered “commons” access
A layered commons approach combines regulated scarcity for IPv4 with an open-access model for IPv6, drawing on open spectrum governance frameworks (Bustamante et al., Reference Bustamante, Gomez, Murtazashvili and Weiss2020; Noam, Reference Noam and Gibbons2023; Werbach, Reference Werbach2004). This model formalizes the distinction between the two protocols: IPv4 remains a quota-based, tightly managed resource governed by the RIRs to ensure continuity and prevent hoarding, while IPv6 is treated as an open commons, allocated with minimal constraints to encourage innovation and experimentation. Unlike the current system, which leaves IPv6 governance informal, the layered approach embeds it within a coherent governance framework alongside structured IPv4 management. Allocation would continue through RIRs, with formal quotas and strict enforcement for IPv4, and streamlined, flexible processes for IPv6. Dispute resolution mechanisms would also differ, applying rigorous policies for IPv4 and lighter, informal oversight for IPv6. This hybrid system balances equity by protecting legacy IPv4 users while promoting IPv6 adoption as the foundation for future Internet growth, though it introduces some administrative complexity. Operators have safe access to a guaranteed stock of IPv4 addresses (subject to quota) and a flexible IPv6 space. RIR infrastructure remains critical: it allocates resources and adjudicates disputes, especially for IPv4. This framework attempts to balance equity (protecting users who rely on older systems) with openness (letting new networks and applications thrive on IPv6). Its downside is complexity (two parallel regimes) and continued centralization for IPv4, though it delays IPv4 scarcity issues by favouring IPv6 expansion.
Viewed through P1, boundaries become protocol-sensitive: stricter eligibility and quotas for IPv4, permissive access for IPv6. P2 is a core strength: governance intensity matches resource characteristics (scarcity vs. abundance), reducing incentives for regulatory arbitrage like the AFRINIC leasing dispute. P3 remains intact, with PDPs able to adjust thresholds in the IPv4 layer and keep IPv6 rules adaptable for experimentation. P4 could be satisfied through a tiered approach, with robust monitoring for IPv4 (utilization attestations, RPKI/IRR checks, audits) and lighter, innovation-friendly monitoring for IPv6, with safeguards to prevent abuse. P5 aligns sanctions with each layer: more formal and graduated for IPv4; softer, corrective mechanisms for IPv6. P6 is dual: IPv4 conflicts use structured resolution; IPv6 conflicts favor informal coordination or lightweight mediation. P7 supports legacy stability while enabling new entrants and experimental actors to self-organize around IPv6. P8 fits naturally: both layers rely on RIR infrastructure and global artefacts, preserving nestedness while differentiating operational regimes.
In this way, the layered commons model explicitly learns from AFRINIC by adapting rules to resource characteristics and reducing the potential for conflict between rigid regional rules colliding with global market realities. Regional actors also became increasingly involved in recovery efforts. In particular, Smart Africa, a pan-African digital governance initiative supported by multiple African governments and institutions participated in broader discussions regarding AFRINIC reform and institutional stabilization.Footnote 18 Smart Africa initiated the African Internet Governance Blueprint, a multistakeholder effort to improve continental coordination and shared priorities, to promote African participation in global processes and technical community work, and strengthen institutional capacity and compliance with internationally recognized norms and operational best practices. The Council of African Internet Governance Agencies, which is envisioned as a practical coordination mechanism designed to help Africa engage more effectively and coherently in existing global and regional Internet governance processes, emerged from the Blueprint.
This involvement illustrates that responses to the crisis extended beyond the RIR community itself. These developments also reflected interaction between multistakeholder governance and regional state-linked coordination initiatives rather than straightforward displacement of one model by another.
Decentralized autonomous registry
A DAR is a conceptual proposal for using blockchain networks to manage Internet address allocations. Although no DAR currently exists, exploring the concept highlights how blockchain’s core features, such as cryptographic trust, smart contracts, and transparent ledgers, might support alternative forms of address governance (De Filippi and Wright, Reference De Filippi and Wright2018; Werbach, Reference Werbach2018). Internet service providers (ISPs), for example, enforce security and resource-sharing norms through voluntary “handshake” agreements and sanctions like depeering, which refers to the withdrawal of direct traffic exchange between networks (Dourado, Reference Dourado2012). Likewise, community wireless networks rely on cooperative rules and software-based reciprocity mechanisms to manage shared connectivity, illustrating how property-like regimes can arise from social and technical norms (Harris, Reference Harris2018; Sandvig, Reference Sandvig2004, Reference Sandvig2010).
In a DAR framework, addresses would be issued, allocated, and transferred through blockchain protocols rather than registry approval. Smart contracts could tokenize address blocks (e.g., /24 or /48), manage issuance through auctions or proof-of-need mechanisms, and verify transfers on-chain. Disputes might be resolved via decentralized autonomous organizations (DAOs) or on-chain arbitration. Such a system would make all allocations visible in real time, limiting hidden stockpiling or opaque transfers. By encoding rules directly into code, DARs would transform property rights from legal entitlements into programmable constraints, enforcing scarcity, transparency, and penalties through protocol logic. Governance updates could occur via token-holder votes or community consensus, reflecting the adaptive, polycentric character of open-source ecosystems (De Filippi and Wright, Reference De Filippi and Wright2018; Werbach, Reference Werbach2018).
Evaluated through Ostrom’s design principles, DARs exhibit both promise and peril. P1 (clearly defined boundaries) is strong but rigid, offering technical precision at the expense of flexibility. P2 (congruence) and P3 (collective choice) depend on how well token or DAO governance can represent diverse user interests – an unresolved challenge given low participation and potential capture. P4 (monitoring) and P5 (graduated sanctions) are automated through transparent ledgers and “slashing” mechanisms, yet such automation may ignore context or proportionality. P6 (conflict resolution) remains weak, as code-based arbitration often lacks legitimacy across communities, and P7–P8 (rights to organize and nesting) are minimal since DARs could fragment the current IANA/ICANN hierarchy. The AFRINIC–Cloud Innovation dispute underscores why such redundancy appeals: when enforcement bottlenecks through a single registry, protocol-level coordination might enhance resilience. Yet blockchain-based systems also risk reproducing inequities, favouring well-capitalized actors and embedding dynamics that marginalize weaker participants.
Although decentralized autonomous registries remain far removed from current practice, the AFRINIC–Cloud Innovation crisis highlights why such alternatives merit consideration. A central vulnerability of AFRINIC was that enforcement and dispute resolution were bottlenecked through a single institution embedded in one legal jurisdiction; when that institution became paralyzed by litigation and receivership, there was no fallback mechanism to sustain operations. A blockchain-based DAR would not eliminate governance challenges, but it could distribute enforcement across protocol-level mechanisms, such as through transparent ledgers, smart contracts, and automated sanctions, in ways that reduce dependence on any single registry or court system. Yet such a shift also raises serious distributional and political economy concerns: code-based enforcement carries risks of bugs, governance capture, and rigid discretion, while market dynamics could allow well-capitalized actors to dominate auctions, accumulate address blocks, or shape protocol governance to their advantage. Just as current IPv4 markets are often influenced by brokers and large cloud providers, DARs could accelerate concentration of resources in the hands of global North firms with greater financial leverage and infrastructure. In this sense, “code is law” approaches risk embedding the priorities of a technical elite into immutable protocols, sidelining weaker communities and deepening inequities rather than embodying the inclusive, polycentric governance they promise.
Incremental reform in a polycentric system
Table 3 summarizes how the four prospective reform models align with Ostrom’s design principles, highlighting trade-offs between efficiency, accountability, and resilience across different institutional pathways. The proposed reform models vary in institutional design and oversight, and the Ostromian lens offers a useful framework to compare across each. Yet each highlights trade-offs within a system that has functioned remarkably well for decades by enabling global connectivity and managing address resources with relatively few breakdowns. Registry-centric approaches preserve the legitimacy of RIRs but can suffer from inertia and regional inconsistencies, while decentralized registries reduce institutional gatekeeping yet risk consensus capture, weak enforcement, and governance attacks. Market or cryptographic alternatives may appeal theoretically yet experience from spectrum policy shows that institutional change is path dependent and politically constrained (Hazlett, Reference Hazlett2017; Hazlett et al., Reference Hazlett, Palida and Weiss2023a).
Reform models for Internet governance and Ostrom’s design principles

Hybrid reform, to the extent such reform is desirable, may be most promising. Smart contracts could enhance transparency, layered models could balance IPv4 stewardship with open IPv6 governance, and markets could operate within multistakeholder safeguards. None of these alternatives should be viewed as wholesale replacements or radical experiments; rather, they represent heuristic explorations of how governance might adapt at the margins in response to emerging stresses. By situating these possibilities within Ostrom’s principles, we underscore that the real task is not to discard the RIR system but to identify incremental adjustments and policy innovations that strengthen its resilience while preserving its core strengths.
Conclusion
The RIRs are a significant governance institution with a critical role in providing a global public good – namely, the Internet. One can imagine how conventional economic theory might explain why regionalized nonprofit registries emerged as efficient governance mechanisms for Internet address resources. As the network scaled, externalities such as address collisions and routing inefficiencies increased, creating coordination problems that neither markets nor a single global authority could easily solve. Following Demsetz’s (Reference Demsetz1967) theory of property rights, these externalities prompted the creation of institutional arrangements that internalized costs and benefits through regionalized rulemaking. In Williamson’s (Reference Williamson1996) transaction-cost framework, one could argue that decentralized nonprofit registries minimized opportunism and adaptive inefficiency by embedding technical coordination within community-based governance rather than hierarchical control. Likewise, Allen (Reference Allen1991) emphasized that property systems evolve to reduce measurement and enforcement costs. The RIR system does that through reliance on shared norms, transparent records, and localized enforcement to manage complex interdependent resources.
These conventional perspectives arguably miss something captured by an Ostromian lens that emphasizes how collective-choice mechanisms and locally adapted rules enable communities to govern shared resources effectively. The RIRs operate as autonomous yet interconnected rule-making bodies that tailor policies to regional needs while maintaining global interoperability. While the RIR system has often been regarded as legitimate within the multistakeholder community, this legitimacy remains contingent and uneven, varying across actors and contexts and subject to pressures revealed during episodes of institutional stress. The design principles offer a precise framework to analyse how these organizations operate and their relationship to other governance organizations for managing the Internet, thus complementing conventional analysis based on transaction costs.
Despite the immense value of IP address resources, governance has remained with private nonprofits. And this private governance confronts at least some risk. While democracies leverage networked openness to enhance accountability (Enikolopov et al., Reference Enikolopov, Petrova and Sonin2018; Jha and Kodila-Tedika, Reference Jha and Kodila-Tedika2020), authoritarian models such as China’s “sovereign Internet” (Murtazashvili and Zhou, Reference Murtazashvili and Zhou2025) and Russia’s digital manipulation (Gehlbach and Sonin, Reference Gehlbach and Sonin2014) underscore the stakes. The IANA transition (from U.S. to multistakeholder management) institutionalized Internet self-governance, but debates regarding digital sovereignty and the appropriate balance between multistakeholder and state-centred governance continue to persist (Mueller, Reference Mueller2025).
Further research might continue more fieldwork on Internet governance, as well as to consider how alternative Ostromian-inspired frameworks, including the GKC perspective, might illuminate Internet governance. We have added to the research stream that sees value in Ostromian analysis to both explain and guide the evolution of polycentric institutions in the digital age. Although debates regarding digital sovereignty and multilateral coordination continue, the Internet is a significant example of the resilience of a polycentric system to manage a global public good. In this regard, Internet registries exemplify the value of an Ostromian perspective on governance of technology, one which offers insight into why they work and how they might be improved.
Acknowledgements
The authors thank the anonymous referees for exceptionally thoughtful and constructive comments that substantially improved the manuscript. We are also grateful to participants at the “Ostrom and Technology” workshop held at the University of Pittsburgh in June 2024, for valuable feedback and discussion. The authors further acknowledge support for the workshop from the Institute for Regulatory Law & Economics at Northwestern University and the Center for Governance and Markets at the University of Pittsburgh. This material is based in part upon work supported by the U.S. National Science Foundation through SpectrumX, an NSF Spectrum Innovation Center funded via Award 2132700.


