diff --git a/data/deprecations/17-9-vuln-object-retention-limits.yml b/data/deprecations/17-9-vuln-object-retention-limits.yml
new file mode 100644
index 0000000000000000000000000000000000000000..96109eaf8d6eee54d926c2a30aa6b0c8ca838458
--- /dev/null
+++ b/data/deprecations/17-9-vuln-object-retention-limits.yml
@@ -0,0 +1,17 @@
+- title: "New data retention limits for vulnerabilities on GitLab.com"
+  announcement_milestone: "17.9"
+  removal_milestone: "18.0"
+  breaking_change: true
+  reporter: smeadzinger
+  stage: security_risk_management
+  issue_url: https://gitlab.com/groups/gitlab-org/-/epics/16629 # Replace with actual issue
+  impact: medium
+  scope: instance
+  resolution_role: Developer
+  manual_task: true
+  body: |
+    In GitLab 18.0, we are introducing a new data retention limit for GitLab.com Ultimate customers to improve system performance and reliability. The data retention limit affects how long your vulnerability data is stored for. Vulnerabilities older than 12 months that have not been updated are automatically moved to cold storage archives. These archives:
+
+    - Remain accessible and downloadable through the GitLab UI.
+    - Are retained for 3 years.
+    - Are permanently deleted after 3 years.
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 08172ee7f57ca65e0f3537d8c0db545dbe845f7c..f2bfb1c9305e028d1e8723267f7d697050a6ae2c 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -1210,6 +1210,26 @@ for more information.
 
 <div class="deprecation breaking-change" data-milestone="18.0">
 
+### New data retention limits for vulnerabilities on GitLab.com
+
+<div class="deprecation-notes">
+
+- Announced in GitLab <span class="milestone">17.9</span>
+- Removal in GitLab <span class="milestone">18.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/groups/gitlab-org/-/epics/16629).
+
+</div>
+
+In GitLab 18.0, we are introducing a new data retention limit for GitLab.com Ultimate customers to improve system performance and reliability. The data retention limit affects how long your vulnerability data is stored for. Vulnerabilities older than 12 months that have not been updated are automatically moved to cold storage archives. These archives:
+
+- Remain accessible and downloadable through the GitLab UI.
+- Are retained for 3 years.
+- Are permanently deleted after 3 years.
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="18.0">
+
 ### OpenTofu CI/CD template
 
 <div class="deprecation-notes">