Comment by bux93

In practice when I discuss retention requirements in my country (EU), the issue is the _maximum_ retention limit - after which data must be deleted. A minimum retention limit (e.g. business records for tax purposes) is almost never an issue. Systems that need soft-delete, bi-temporal state, etc. typically already have it, whereas actually deleting stuff is an afterthought.

I guess I'm saying the former is usually a functional requirement in the first place, and the latter is a non-functional (compliance) requirement.