Building a compliant record-keeping system that satisfies FCC, ITU, and due diligence requirements

Introduction

What records must satellite operators keep? The FCC does not publish a comprehensive data retention schedule for satellite operators — instead, retention obligations are scattered across Part 100, enforcement precedents, and general recordkeeping principles. For CubeSat and SmallSat operators, this creates uncertainty: what operational records are actually required, how long must they be retained, and in what format?

The answer matters for more than just FCC compliance. Data retention practices affect audit readiness, M&A due diligence, insurance claims, and litigation defense. Operators who build systematic record-keeping practices from day one avoid scrambling to reconstruct operational history when regulators, investors, or attorneys ask for it years later.

This post breaks down data retention requirements across regulatory, operational, and business contexts, and provides a practical framework for building compliant record-keeping systems.

FCC-Mandated Records: The Explicit Requirements

The FCC explicitly requires satellite operators to retain certain categories of records, though the retention periods are not always specified. The core requirements include:

Authorization documents and amendments

Operators must retain complete copies of their FCC authorization, all amendments, special conditions, and any waivers or exemptions granted. These documents define the legal operating parameters and must be accessible for the life of the license plus any applicable statute of limitations period (typically 5 years after expiration or termination).

Technical and operational records demonstrating compliance

Part 100 requires operators to maintain records sufficient to demonstrate compliance with authorization terms. This includes operational logs showing frequencies used, power levels, orbital parameters, ground station usage, and any deviations from authorized operations. The FCC has informally indicated that 2 years is the standard lookback period for compliance audits, making 2-year retention a practical minimum.

Reporting submissions and correspondence

Copies of all reports submitted to the FCC — post-launch notifications, ephemeris data, milestone reports, compliance certifications — must be retained along with proof of submission. Retain correspondence with the FCC regarding coordination, enforcement inquiries, or technical questions. Retention period: at least 3 years from submission date.

Debris mitigation and end-of-life documentation

Records demonstrating compliance with orbital debris mitigation commitments, including assessments, collision avoidance maneuvers, deorbit plans, and end-of-life disposal confirmation. These records should be retained for the life of the satellite plus 5 years, as debris-related liability can extend beyond mission completion.

ITU and International Coordination Records

In addition to FCC requirements, operators with ITU filings have separate international record-keeping obligations:

• ITU filings: Complete ITU filing documentation, including Advance Publications, coordination correspondence, and notification submissions.
• Coordination correspondence: Records of coordination with foreign administrations, including technical exchanges, agreements, and dispute resolution communications.
• Operational milestones: Documentation supporting “bringing into use” demonstrations, including proof that the satellite became operational within ITU deadlines.

ITU-related records should be retained for the life of the filing plus 7 years, as “bringing into use” challenges and coordination disputes can be raised years after initial operation.

The obligations around ITU coordination are covered in the Week 2 posts on The FCC–ITU Handoff: Where International Coordination Breaks Down for CubeSat Operators and Country-of-Registry Obligations: What Your ITU Filing Actually Commits You To.

Operationally Recommended Records (Not Explicitly Required, but Critical)

Beyond explicit regulatory requirements, experienced satellite operators retain additional records that prove essential during audits, due diligence, or operational investigations:

• Command logs: Logs of command and control activities, showing who accessed the satellite, when, and what commands were issued. Essential for investigating anomalies and demonstrating operational security.
• Telemetry archives: Telemetry data showing satellite health, configuration, and operational status over time. Critical for demonstrating that technical issues were not caused by compliance violations.
• Internal compliance records: Evidence of internal compliance reviews, audits, and corrective actions. Demonstrates governance maturity during FCC audits.
• Vendor agreements: Contracts with ground station providers, launch service providers, and payload operators. Essential for due diligence and for resolving disputes about responsibility.
• Insurance records: Insurance documentation, including coverage terms, claims, and correspondence. Necessary for claims and for demonstrating financial responsibility during licensing renewals.

Recommended retention: 5 years minimum, longer for high-value or high-risk missions.

Data Retention for M&A and Investment Due Diligence

CubeSat and SmallSat companies seeking investment, acquisition, or partnership face regulatory due diligence that goes beyond FCC audit standards. Investors and acquirers typically request:

• Complete FCC authorization history, including all filings, amendments, and correspondence, to assess regulatory risk.
• Evidence of compliance with all FCC reporting obligations, to confirm no outstanding violations or enforcement exposure.
• Documentation of any past enforcement actions, complaints, or coordination disputes, to evaluate liability exposure.
• Operational data demonstrating that the satellite has performed within authorized parameters, to confirm technical and regulatory alignment.
• ITU coordination status and records, particularly for missions with international operations or future constellation expansion plans.

Companies that cannot produce comprehensive regulatory records during due diligence face significant valuation discounts or deal termination. The standard expectation is that regulatory records are organized, complete, and immediately accessible — not reconstructed on demand.

The post on Export Controls – Compliance Risk Most CubeSat Companies Ignore discusses another due diligence area where incomplete records create deal risk.

Practical Record-Keeping System Design

Effective data retention is not about hoarding files — it is about building a system that organizes, preserves, and makes records accessible when needed. Key design principles:

1. Use a centralized compliance repository — a single location (cloud storage, document management system, compliance software) where all regulatory records are stored. Do not scatter records across email, file shares, and personal drives.
2. Implement a retention schedule that maps each record type to its retention period. Automate reminders for retention expirations and archival transfers.
3. Tag records with metadata — date, document type, mission, regulatory reference — to enable search and retrieval. You should be able to locate any record in under 5 minutes.
4. Maintain version control for authorization documents and filings. When amendments occur, archive previous versions but clearly mark the current version.
5. Back up regulatory records in multiple geographic locations. Regulatory records are not replaceable — if they are lost, you cannot demonstrate compliance.
6. Conduct annual record audits to verify that retention obligations are being met and that records are accessible.

The FCC Compliance as an Ongoing System: Why Manual Processes Break Down in 2026 post discusses the broader infrastructure needed to support systematic compliance.

What Happens When Records Are Missing

Operators who cannot produce required records during FCC audits, due diligence, or litigation face several consequences:

• Presumption of non-compliance: The FCC may presume non-compliance if you cannot prove compliance through records. The burden of proof is on the operator, not the regulator.
• Escalation risk: Missing records can escalate routine audits into formal enforcement proceedings, as the FCC interprets incomplete documentation as evidence of governance failure.
• Due diligence failure: M&A deals stall or collapse when buyers cannot verify regulatory compliance through documentation.
• Insurance complications: Insurance claims may be denied if you cannot demonstrate operational compliance at the time of loss.

The costs of reconstructing records retroactively — if even possible — far exceed the costs of maintaining them systematically from the beginning.

Frequently Asked Questions (FAQ)

Q: What records must satellite operators keep?

A: Satellite operators must retain: FCC authorization documents and amendments, technical and operational logs demonstrating compliance, all reporting submissions and correspondence, debris mitigation documentation, ITU filing records, coordination correspondence, command and control logs, telemetry archives, vendor contracts, and insurance records.

Q: How long do I need to retain satellite operational data?

A: FCC operational logs should be retained for at least 2 years (the typical audit lookback period). Authorization documents should be kept for the life of the license plus 5 years. ITU records should be retained for the life of the filing plus 7 years. For M&A readiness, retain all regulatory records for at least 5 years minimum.

Q: What are FCC data retention requirements for satellites?

A: The FCC requires operators to maintain records sufficient to demonstrate compliance with authorization terms, but does not publish specific retention schedules. Based on enforcement practice, 2 years is the minimum for operational logs, 3 years for reporting submissions, and 5+ years for authorization documents and debris mitigation records.

Q: Do I need to keep ITU coordination records?

A: Yes. ITU coordination records, including all correspondence with foreign administrations, technical exchanges, and agreements, must be retained for the life of the ITU filing plus at least 7 years. These records are essential for demonstrating compliance with international obligations and for resolving future coordination disputes.

Q: What format should satellite compliance records be in?

A: Records can be electronic or paper, but electronic is strongly recommended for accessibility and backup. Records should be organized in a centralized repository with metadata tagging, version control, and geographic backup. The critical requirement is that records must be retrievable within days when requested by regulators or during due diligence.

Q: What happens if I lose compliance records?

A: Missing records create a presumption of non-compliance during audits, can escalate routine inquiries into enforcement proceedings, cause M&A deals to fail due diligence, and may result in insurance claim denials. If records are truly lost (not just disorganized), operators should immediately notify the FCC and work to reconstruct what is possible from backup sources.