AfriNIC Policy Compliance Dashboard
| Name of Proposal |
AfriNIC Policy Compliance Dashboard |
Status: Under Discussion | |
|
ID: |
AFPUB-2026-GEN-002-DRAFT01 |
Date Submitted: |
30/04/2026 |
|
Author(s): |
Jordi Palet Martinez jordi.palet[at]theipv6company.com The IPv6 Company
Frank Habicht geier[at]geier.ne.tz Tanzania ISP Association
Mark Elkins mje[at]posix.co.za POSIX |
Version: |
3.0 |
|
Obsoletes: |
Amends: |
CPM (new section) |
|
1. Summary of the problem being addressed by this proposal
The AFRINIC RSA* mandates members to comply with the AFRINIC policies developed via the PDP.
Section 4.c of the RSA states the irrevocable commitment of the member for using the services for the purpose for which it was requested and in full unreserved compliance with AFRINIC policies.
This is of key importance, because a member not following the policies may be impacted in the evaluation of future requests by AFRINIC, the revocation of the services or even the closure of the member (section 4.b.iii).
Just to be clear, “services” are defined in the RSA, under section 1.c, and those include number resources, among others. So, the impact for a member that is not following the PDP process and CPM changes, may be of catastrophic business consequences.
The PDP is continuously updating the CPM, and it is obvious that some members may not be following, up to date, all the details and possible impact in their services/resources, while the RSA states that AFRINIC, at its own discretion, can investigate the use of the services.
Every Policy in the CPM indicates what and how things should be done. Lack of conformity with any part of the CPM, even if not clearly stated, it is considered a lack of compliance, following a coherent interpretation of both the RSA and the CPM.
Consequently, members should be protected against this situation, in a simple manner that allows them to know their up-to-date policy compliance, get alerts about the lack of compliance and consequently react to address those.
There should be always equal opportunities for any member to correct mistakes before reaching a fatal point.
2. Summary of how this proposal addresses the problem
This proposal provides the framework for a “Policy Compliance Dashboard”, to be developed by AFRINIC, and incorporated to MyAFRINIC (and future members communications platforms).
This proposal will allow periodically review of the policy compliance status of each member, as much automated as possible, so they can receive automated notifications of any issue. Warnings will be also sent to the staff, and only in cases of a continued and repeated lack of compliance, or severe violation of certain aspects of the CPM, AFRINIC will be able to take further actions according to the RSA.
AFRINIC will implement this policy in phases, according to Board and internal staff decisions, depending on the availability of resources, in order to avoid impact in day-to-day operations. For example, a first phase may be integrating in the MyAFRINIC the overall dashboard framework (GUI, notifications, non-compliance tracking), followed by the already existing automated tools (as indicated by analysis impact 4.3 on v1 of this proposal). Then, each part of the RSA and CPM can be addressed, one by one, or even several of them in parallel. This way, there is not a specific timeframe, and it can be accommodated to the available resources, results for each part of the RSA/CPM being integrated and tickets being generated and resolved, etc.
It is clear that there is a one-time investment in implementation, as with the majority of the policies, however, the advantages for the staff, community and membership are obvious, including a huge saving of resources in manual tracking and allowing the membership to be up-to-date with the compliance even with policy changes. Those advantages may also be considered by the board in terms of recruiting staff for the implementation, if needed, depending on the progress of the implementation project.
Adding a new section in the CPM, numbered as best fits according to the staff criteria, as follows:
| Proposed |
|---|
|
1. Policy Compliance AFRINIC services are provided to members under the umbrella of the RSA mandate, which in turn ask for compliance with policies.
Those policies are documented in the CPM, which is continuously updated by the PDP. |
|
2 Policy Compliance Dashboard AFRINIC “Policy Compliance Dashboard” shows to each member its status of compliance with the applicable resource policies, collected by means of a periodical review, automated as much as possible.
The dashboard automation will need to be accommodated along the evolution of the CPM evolves through the PDP, in order to display new details.
|
|
3. Notifications The dashboard:
The Staff should define and publish a specific procedure, which could be updated from time to time, in order to ensure a fair treatment of all the members. |
|
4. Lack of Compliance In any case and following the RSA prerogatives, AFRINIC is able to initiate a more exhaustive investigation and take further actions, when there is evidence suggesting that there is lack of compliance. |
|
5. Service Withholding, Revocation or Member Closure As part of the procedure above indicated, to be defined by the Staff, specific rules should be defined. |
|
6. Exceptionalities When the revocation of resources involves essential strategic infrastructure that is necessary for the operation of the Internet in the region, or in exceptional situations such as natural disasters or political instability, the AFRINIC Board may take special measures, with prior assessment by the Staff, once such an exceptional situation is detected. |
4. References
AFRINIC RSA:
https://afrinic.net/membership/agreements
https://afrinic.net/ast/pdf/services/afrinic-rsa-en-201801.pdf
Similar policies or procedures, for the same/similar purposes, also exist in the other regions.
APNIC:
https://www.apnic.net/community/policy/resources#4.2.-Closure-and-recovery
ARIN:
https://www.arin.net/participate/policy/nrpm/#12-resource-review
LACNIC:
An equivalent proposal reached consensus and has been ratified (being implemented in phases):
https://politicas.lacnic.net/politicas/detail/id/LAC-2019-9?language=en
RIPE NCC:
https://www.ripe.net/publications/docs/ripe-694
https://www.ripe.net/publications/docs/ripe-716
Revision History
|
Date |
Details |
| 30/04/2026 |
Version 1: AFPUB-2026-GEN-002-DRAFT01 Initial Draft Posted to RPD on 26 May 2026 |
1. DPP Details
|
Field |
Details |
|---|---|
|
Policy ID |
AFPUB-2026-GEN-002-DRAFT01 |
|
Policy Name |
AFRINIC Policy Compliance Dashboard |
|
URL of Policy Proposal |
|
|
Date of Assessment |
23 Jun 2026 |
|
Affected CPM Section |
Introduces a new CPM section for Policy Compliance and Compliance Dashboard framework |
|
Version of IA |
v1.0 (Initial staff draft) |
2. Previous Versions — Impact Assessments
|
Version |
URL |
|---|---|
|
None published |
— |
3. AFRINIC Staff Assessment
3.1 Staff Interpretation & Understanding of the Proposal
The proposal introduces a new CPM section establishing a Policy Compliance Dashboard. It requires AFRINIC to monitor member compliance with CPM resource policies on a periodic and automated basis, notify members when non-compliance is detected, escalate persistent non-compliance to staff, and define procedures for service withholding, revocation, or member closure. It also introduces a Board-level exception mechanism for cases involving critical internet infrastructure.
This would allow AFRINIC to exercise authority to act on non-compliance under the RSA and the Bylaws. This proposal fills that gap at the policy level.
3.2 Clarity of Policy Text
None
3.3 Areas of Impact
3.3.1 Interaction with Existing CPM
None
3.3.2 Interaction with Other DPPs Under Discussion
None
3.3.3 Impact on IP Numbers Registry Systems
|
System |
Impact |
|---|---|
|
MyAFRINIC (Hostmaster, Member Portal, Transfer Tool) |
|
3.3.4 Member Services Operations
-
Procedures: New procedure for monitoring and actioning on non-conformance
-
Website & Communications: Web publication of the notification and service withholding procedure
3.3.5 IT
-
Implementation on existing systems
3.4.6 HR
-
Recruitment of new staff will be required due to the workload introduced that will require Hostmasters work with members to overcome the non-compliances and ensuring revocation of resources are minimal.
3.4.7 Legal
At the outset, I find it apposite to state that the most significant concern of the aforementioned draft proposal is that it appears to blur the distinction between resource policies (which are developed by the community through the PDP) and contractual compliance and enforcement mechanisms (which are typically matters of AFRINIC's operational and contractual authority under the Registration Services Agreement (RSA)).
Legal Issues of the Draft Policy Proposal
That said, the main and substantive legal issues of this present draft policy proposal are as follows:Delegation of Powers to Staff
Several clauses leave substantive matters to be determined later by staff. Examples include:
-
"Persistent non-compliance ... need to be defined by the Staff"
-
"The Staff should define and publish a specific procedure"
-
"Specific rules should be defined"
Such an approach creates a legal uncertainty problem because while the draft policy itself establishes obligations and potential sanctions, it leaves essential elements undefined, such as what, e.g., constitutes persistent non-compliance.
Lack of Provision Concerning Due Process
Having regard to the principles of legal certainty and predictability, the draft proposal does not provide sufficient or adequate procedural safeguards. Consequently, as presently drafted, it may expose AFRINIC to allegations of procedural unfairness, arbitrary decision-making, and unequal treatment of members.
Conflict with Existing RSA Provisions
The proposal repeatedly refers to the RSA. However, the legal relationship is governed primarily by contract. Therefore, I take it that the intent of the authors is to merely operationalise existing RSA rights and not to create new contractual remedies. The latter could create enforceability issues. Hence clarity is required.Board Powers in Clause 6
The proposed paragraph is drafted in overly broad and vague terms, making it difficult to discern the specific issue or problem that it seeks to address.
In particular, the proposed exception reads - "the AFRINIC Board may take special measures".
Furthermore, there are essential terms that have been left undefined such as:
-
"special measures"
-
"essential strategic infrastructure"
-
"political instability"
-
"exceptional situations"
From a governance perspective, such wording may be criticised for granting discretionary powers that are insufficiently constrained. Privacy and Data Protection
The proposal contemplates automated compliance reviews and compliance dashboards. Yet it is silent on the following:
-
What member data will be collected and processed;
-
How compliance determinations will be made;
-
Whether third-party data sources are used;
-
Retention periods;
-
Accuracy verification; and
-
Members' rights to challenge data.
Risk of Conflating Objective Metrics with Policy Compliance
The proposal stands to be grounded on the premise that compliance can be objectively measured. It is apposite to recall that many AFRINIC policies involve qualitative assessments, such as:
-
Justification of needs;
-
Proper resource utilisation; and
-
Documentation requirements.
Accordingly, an automated dashboard may incorrectly suggest that all policy compliance can be reduced to objective metrics. Therefore, the proposal should distinguish between objective compliance indicators and matters requiring human assessment.
Overall Concerns and Recommendations
Overall, I need to clarify that the strongest legal concern is not the dashboard itself. AFRINIC can generally establish compliance monitoring tools as part of its operational functions. Instead, the main issue is that the proposal appears to use the PDP to create compliance enforcement procedures already provided in the RSA.
Accordingly, unless carefully redrafted, the proposal could face objections on grounds of scope, unfettered discretionary powers to staff and Board, procedural fairness, contractual inconsistency, and governance overreach.
In the circumstances, the recommended course of action would be to limit the policy to establishing the principle of compliance monitoring, while leaving investigations, sanctions, appeals, and revocations for separately adopted, transparent operational procedures and contractual instruments that expressly incorporate due-process safeguards.
3.4.8 Finance
-
Subject to myafrinicv2 project as well as recruitment costs.
4. Recommendations on Policy Wording
-
Limit the policy wording to compliance monitoring and transparency. Redraft the proposal so that the CPM establishes the principle, scope, and member-facing purpose of the Policy Compliance Dashboard, while avoiding language that creates new enforcement powers beyond the RSA and AFRINIC’s existing contractual framework.
-
Replace open-ended delegation to staff with defined operational procedures. Where the draft says that staff “should define” persistent non-compliance, special rules, or procedures, use wording that requires AFRINIC to publish transparent operational procedures approved through the appropriate governance process before enforcement actions are applied.
-
Clarify the relationship with the RSA and Bylaws. State that the dashboard and related notices operationalise existing rights and obligations under the RSA, Bylaws, and applicable policies, and do not create new contractual remedies unless those remedies are expressly incorporated through the appropriate contractual process.
-
Phase implementation to reduce operational and user impact. Recommend a staged rollout beginning with visibility-only reporting, followed by member notifications, staff review workflows, and only later enforcement-related steps once systems, procedures, staffing, and communications are ready.
5. Staff Clarification Requests
-
None
6. Implementation Plan
Staff will come with implementation procedures and it may require some time