What national laws in Germany, France and Spain specify retention periods for ISP traffic or DNS logs in 2025?
Executive summary
As of the sources provided, Germany does not have an active, EU‑style mandatory national data‑retention law — retention is currently suspended and legal debates continue, although a 2014 German Federal Supreme Court decision allowed ISPs to keep dynamic IP assignment records for seven days in a specific context (operation/maintenance) [1] [2]. The supplied reporting contains no authoritative, contemporary statutes or regulator decisions for France or Spain specifying national retention periods for ISP traffic or DNS logs as of 2025, so definitive statements about those countries’ laws cannot be made from these sources alone [3] [4].
1. Germany — suspended mandatory retention, but case law and limited operational retention exist
Germany’s national data‑retention landscape remains fractured: the federal data protection officer reports that “data retention … is currently suspended” and that reintroduction has been under repeated political and legal discussion, indicating no standing nationwide statutory scheme in force in the provided materials [1]. At the same time, German case law has left a footprint: the Federal Supreme Court previously confirmed that ISPs may retain dynamic IP address assignment records for seven days where necessary for telecoms operational purposes, a ruling framed around the Telecommunications Act and system functionality rather than a blanket criminal‑investigative retention mandate [2]. Those two citations together establish that, per the supplied sources, Germany in practice has court‑accepted narrow retention (seven days for certain dynamic IP logs in operational contexts) but lacks a currently enforceable, broad statutory data‑retention regime [1] [2].
2. France — no specific national retention-period law identified in the provided reporting
The materials supplied do not contain a French statute, regulator guidance, or court decision that specifies a national retention period for ISP traffic or DNS logs; therefore it is not possible from these sources to assert that France had a legally mandated retention period for such logs in 2025 [3] [4]. General summaries about global retention practices and VPN‑provider commentary note that jurisdictions differ and that ISPs keep logs for operational or legal reasons, but those are not substitutes for a citation to a French law or regulator order and cannot be used to claim a specific French retention period [3]. Alternative viewpoints—French authorities or courts could have national rules or case law not captured here—must be acknowledged, but those are outside the supplied reporting [3].
3. Spain — absence of a cited national retention statute in the available sources
Similar to France, none of the provided sources include an authoritative Spanish law, judicial ruling, or Spanish regulator statement that sets a retention period for ISP traffic or DNS logs as of 2025; the supplied coverage therefore does not permit declaring a Spanish statutory retention period [3] [4]. Broad background pieces included in the dataset discuss worldwide variability in retention practices and note that ISPs often retain logs “months to years” for operational or compliance reasons, but these do not establish a Spanish legal rule and should not be conflated with national law [4] [5].
4. European context and why national answers can be messy
At the European level, the history of mandatory data‑retention is complex and has shaped national practice: the EU‑level data‑retention directive was retroactively invalidated in 2014, a fact noted in the provided global overviews and encyclopedic summaries, and that decision continues to constrain blanket, EU‑wide retention mandates—explaining why national regimes are uneven and often litigated [6]. That EU jurisprudential backdrop helps explain the German “suspended” status and why member states’ approaches vary, but the supplied sources do not provide up‑to‑date, country‑by‑country statutory lists for France or Spain in 2025 [1] [6].
5. Practical reality: ISPs and DNS logs — operational retention vs. legal mandates
The reporting makes a clear distinction between ISP operational practice and legislative compulsion: industry and consumer‑facing summaries observe ISPs retain IP assignment and other logs for billing, troubleshooting, and compliance purposes and that retention windows in practice can range from weeks to years depending on company policy and local law, yet such operational retention is not the same as an explicit national law prescribing a precise retention period for traffic or DNS logs [3] [4] [5]. The supplied sources do not cite any statute in France or Spain that fixes a particular retention period for DNS queries, nor do they present regulator orders that mandate DNS logging timeframes, so no definitive legal periods for those countries can be reported from this dataset [3] [7].