Keep Factually independent
Whether you agree or disagree with our analysis, these conversations matter for democracy. We don't take money from political groups - even a $5 donation helps us keep it that way.
Which ISPs publish transparency reports or retention schedules for IP connection logs and metadata?
Executive summary
Public reporting on which ISPs publish transparency reports or explicit retention schedules for IP-connection logs is uneven: some ISPs (notably certain European and Latin American operators cited in EFF/Eticas research) publish periodic transparency reports including government data-request statistics, while many large U.S. ISPs do not publicly disclose clear IP-log retention schedules and are often opaque on retention lengths [1] [2] [3]. The FCC maintains an ISP transparency disclosures portal tied to its Internet Freedom rule that requires ISPs to disclose network management and commercial terms, but the portal’s completeness may be affected by federal funding lapses [4].
1. Transparency reporting exists — but it’s not universal
Advocacy groups and some providers publish transparency reports that disclose government requests and policy commitments: Eticas/EFF-style audits show companies like Movistar publish annual transparency reports disclosing the number and types of government requests and their handling, and the EFF highlights Movistar as an example of an ISP that made those disclosures [2] [1]. By contrast, reporting shows many ISPs—especially in the U.S.—either publish limited information or remain intentionally vague about retention timelines [3] [1].
2. European regulatory pressure increases published transparency, but scope varies
The EU’s Digital Services Act expands transparency obligations for many intermediaries and requires annual transparency reporting about content moderation and related activities for ISPs above micro/small thresholds; Lexology notes the DSA’s broader reach from February 2024 and the requirement that most ISPs publish annual transparency reports [5]. That regulatory pressure has pushed some EU-region providers to publish more consistent reports, but the DSA’s stated requirements focus on content moderation transparency rather than explicit IP log retention schedules [5].
3. U.S. landscape: opaque retention policies and investigative reporting
There is no single U.S. federal retention mandate for IP-assignment logs reported in these sources; TorrentFreak’s reporting and follow-ups found many U.S. ISPs secretive about retention windows, with some court filings or company communications hinting at six-month (180-day) or similar windows for certain records but without universal, public retention schedules from major carriers [3] [6]. FTC and consumer guidance highlight the breadth of ISP data collection but do not standardize public retention disclosures [7] [8].
4. What transparency reports typically include — and what they rarely do
Transparency reports regularly published by large tech platforms (Microsoft, Meta) cover government requests, content actions and jurisdictional compliance; those companies have built “transparency centers” to publish periodic reports [9] [10]. ISPs that do publish transparency reports often focus on volume of government requests and notification practices (as Movistar did), but available reporting shows many ISP transparency publications stop short of publishing explicit, machine-readable retention schedules for IP assignment or DHCP logs [2] [1].
5. Operational retention practices — estimates from reporting and industry sources
Independent reporting and community Q&As collect hints and examples: some providers have been cited in reporting or legal documents as keeping IP-assignment logs for about 180 days (six months) or up to 6–12 months in particular contexts, and community answers and security practitioners often cite rolling retention windows like 90 days to 12 months depending on the organization’s needs [3] [6] [11] [12]. These are examples, not exhaustive or definitive policies for all ISPs: the sources describe variability and frequent lack of public detail [3] [12].
6. Where to look and how to verify for a given ISP
Start with the ISP’s privacy policy and any “transparency report” or “legal process” pages; advocacy audits (e.g., EFF/Eticas) can flag regional leaders and laggards [1] [2]. For U.S. providers, investigative pieces such as TorrentFreak’s inquiries and FTC staff reports are useful for tracing past statements or court filings that sometimes reveal retention windows [3] [8]. The FCC’s ISP Disclosures portal implements disclosure rules under 47 CFR § 8.1 and is a federal entrypoint, though the portal’s currency may be affected by agency operational changes [4].
7. Limits of available reporting and next steps for readers
Available sources do not provide a single, up-to-date list of every ISP that publishes explicit IP-log retention schedules; instead they provide case studies (Movistar, some mentions of Comcast/Time Warner in older reporting) and regulatory context that explain why disclosure varies by jurisdiction [2] [3] [5]. If you want a provider-specific answer, check that ISP’s legal/privacy/transparency pages and cross-reference EFF/Eticas audits and investigative reports like TorrentFreak or the FTC staff report for historical disclosures [1] [3] [8].
Summary action: consult the ISP’s own transparency or privacy pages first, then cross-check with regional audits (EFF/Eticas) or investigative pieces cited above to confirm whether the ISP publishes the specific IP-log or DHCP retention schedule you need [2] [1] [3].