diff --git a/README.md b/README.md
index 1d4cab01..d9231289 100644
--- a/README.md
+++ b/README.md
@@ -137,7 +137,7 @@ determining that location is as follows:
 | create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
 | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
 | default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
-| deletion\_policy | The deletion policy for the project. | `string` | `null` | no |
+| deletion\_policy | The deletion policy for the project. | `string` | `"PREVENT"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
 | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
 | domain | The domain name (optional). | `string` | `""` | no |
diff --git a/docs/upgrading_to_project_factory_v17.0.md b/docs/upgrading_to_project_factory_v17.0.md
new file mode 100644
index 00000000..8731ec47
--- /dev/null
+++ b/docs/upgrading_to_project_factory_v17.0.md
@@ -0,0 +1,20 @@
+# Upgrading to Project Factory v17.0
+
+The v17.0 release of Project Factory is a backwards incompatible release.
+
+### Google Cloud Provider Project deletion_policy
+
+The `deletion_policy` for projects now defaults to `"PREVENT"` rather than `"DELETE"`.  This aligns with the behavior in Google Cloud Platform Provider v6+.  To maintain the old behavior you can set `deletion_policy = "DELETE"`.
+
+```diff
+  module "project" {
+-   version          = "~> 16.0"
++   version          = "~> 17.0"
+
++   deletion_policy = "DELETE"
+}
+```
+
+### Google Cloud Platform Provider upgrade
+
+The Project Factory module now requires version `5.41` or higher of the Google Cloud Platform Provider and `5.41` or higher of the Google Cloud Platform Beta Provider.
diff --git a/examples/app_engine/main.tf b/examples/app_engine/main.tf
index d058135c..06067a23 100644
--- a/examples/app_engine/main.tf
+++ b/examples/app_engine/main.tf
@@ -32,6 +32,8 @@ module "app-engine-project" {
   activate_apis = [
     "appengine.googleapis.com",
   ]
+
+  deletion_policy = "DELETE"
 }
 
 module "app-engine" {
diff --git a/examples/budget_project/main.tf b/examples/budget_project/main.tf
index fbd12e63..b482403a 100644
--- a/examples/budget_project/main.tf
+++ b/examples/budget_project/main.tf
@@ -38,6 +38,7 @@ module "budget_project" {
     "billingbudgets.googleapis.com"
   ]
 
+  deletion_policy = "DELETE"
 }
 
 
diff --git a/examples/essential_contacts/main.tf b/examples/essential_contacts/main.tf
index 00720b2d..7c7179d9 100644
--- a/examples/essential_contacts/main.tf
+++ b/examples/essential_contacts/main.tf
@@ -41,4 +41,6 @@ module "project-factory" {
 
   default_service_account     = "DISABLE"
   disable_services_on_destroy = false
+
+  deletion_policy = "DELETE"
 }
diff --git a/examples/fabric_project/main.tf b/examples/fabric_project/main.tf
index 6d4ec37c..635ef5ad 100644
--- a/examples/fabric_project/main.tf
+++ b/examples/fabric_project/main.tf
@@ -35,4 +35,6 @@ module "fabric-project" {
   owners          = var.owners
   parent          = var.parent
   prefix          = local.prefix
+
+  deletion_policy = "DELETE"
 }
diff --git a/examples/gke_shared_vpc/main.tf b/examples/gke_shared_vpc/main.tf
index 456c2625..ff895e40 100644
--- a/examples/gke_shared_vpc/main.tf
+++ b/examples/gke_shared_vpc/main.tf
@@ -26,4 +26,6 @@ module "project-factory" {
   activate_apis        = ["compute.googleapis.com", "container.googleapis.com", "cloudbilling.googleapis.com"]
   shared_vpc_subnets   = var.shared_vpc_subnets
   default_network_tier = var.default_network_tier
+
+  deletion_policy = "DELETE"
 }
diff --git a/examples/quota_project/main.tf b/examples/quota_project/main.tf
index 1bedd0b9..de5e785d 100644
--- a/examples/quota_project/main.tf
+++ b/examples/quota_project/main.tf
@@ -58,4 +58,6 @@ module "quota-project" {
       value      = "95"
     }
   ]
+
+  deletion_policy = "DELETE"
 }
diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf
index 67facada..b41c7e55 100644
--- a/examples/shared_vpc/main.tf
+++ b/examples/shared_vpc/main.tf
@@ -39,6 +39,7 @@ module "host-project" {
     "cloudresourcemanager.googleapis.com"
   ]
 
+  deletion_policy = "DELETE"
 }
 
 /******************************************
@@ -113,6 +114,7 @@ module "service-project" {
   ]
 
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 }
 
 /******************************************
@@ -146,6 +148,7 @@ module "service-project-b" {
   }]
 
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 }
 
 /******************************************
@@ -184,6 +187,7 @@ module "service-project-c" {
 
   disable_services_on_destroy = false
   grant_network_role          = false
+  deletion_policy             = "DELETE"
 }
 
 /******************************************
diff --git a/examples/simple_project/main.tf b/examples/simple_project/main.tf
index ece4c0ae..856f310b 100644
--- a/examples/simple_project/main.tf
+++ b/examples/simple_project/main.tf
@@ -31,4 +31,6 @@ module "project-factory" {
       "roles/bigquery.jobUser",
     ]
   }]
+
+  deletion_policy = "DELETE"
 }
diff --git a/examples/tags_project/main.tf b/examples/tags_project/main.tf
index d63b4a48..b12b0f01 100644
--- a/examples/tags_project/main.tf
+++ b/examples/tags_project/main.tf
@@ -25,4 +25,6 @@ module "project-factory" {
   billing_account         = var.billing_account
   default_service_account = "deprivilege"
   tag_binding_values      = [var.tag_value]
+
+  deletion_policy = "DELETE"
 }
diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
index a110f57f..40e0b184 100644
--- a/modules/core_project_factory/variables.tf
+++ b/modules/core_project_factory/variables.tf
@@ -280,5 +280,5 @@ variable "cloud_armor_tier" {
 variable "deletion_policy" {
   description = "The deletion policy for the project."
   type        = string
-  default     = null
+  default     = "PREVENT"
 }
diff --git a/modules/fabric-project/README.md b/modules/fabric-project/README.md
index dbe10494..85777b96 100644
--- a/modules/fabric-project/README.md
+++ b/modules/fabric-project/README.md
@@ -38,7 +38,7 @@ module "project_myproject" {
 | auto\_create\_network | Whether to create the default network for the project | `bool` | `false` | no |
 | billing\_account | Billing account id. | `string` | `""` | no |
 | custom\_roles | Map of role name => comma-delimited list of permissions to create in this project. | `map(string)` | `{}` | no |
-| deletion\_policy | The deletion policy for the project. | `string` | `null` | no |
+| deletion\_policy | The deletion policy for the project. | `string` | `"PREVENT"` | no |
 | editors | Optional list of IAM-format members to set as project editor. | `list(string)` | `[]` | no |
 | extra\_bindings\_members | List of comma-delimited IAM-format members for additional IAM bindings, one item per role. | `list(string)` | `[]` | no |
 | extra\_bindings\_roles | List of roles for additional IAM bindings, pair with members list below. | `list(string)` | `[]` | no |
diff --git a/modules/fabric-project/variables.tf b/modules/fabric-project/variables.tf
index 8f486f6a..ac0a5201 100644
--- a/modules/fabric-project/variables.tf
+++ b/modules/fabric-project/variables.tf
@@ -125,5 +125,5 @@ variable "labels" {
 variable "deletion_policy" {
   description = "The deletion policy for the project."
   type        = string
-  default     = null
+  default     = "PREVENT"
 }
diff --git a/modules/svpc_service_project/README.md b/modules/svpc_service_project/README.md
index d4e9ba46..b70be3f8 100644
--- a/modules/svpc_service_project/README.md
+++ b/modules/svpc_service_project/README.md
@@ -46,6 +46,7 @@ module "service-project" {
 | create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
 | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
 | default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
+| deletion\_policy | The deletion policy for the project. | `string` | `"PREVENT"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
 | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
 | domain | The domain name (optional). | `string` | `""` | no |
diff --git a/modules/svpc_service_project/main.tf b/modules/svpc_service_project/main.tf
index be66ddc8..5181971e 100755
--- a/modules/svpc_service_project/main.tf
+++ b/modules/svpc_service_project/main.tf
@@ -59,6 +59,7 @@ module "project-factory" {
   default_service_account           = var.default_service_account
   disable_dependent_services        = var.disable_dependent_services
   default_network_tier              = var.default_network_tier
+  deletion_policy                   = var.deletion_policy
 }
 
 /******************************************
diff --git a/modules/svpc_service_project/variables.tf b/modules/svpc_service_project/variables.tf
index 9cf67138..79850ebb 100755
--- a/modules/svpc_service_project/variables.tf
+++ b/modules/svpc_service_project/variables.tf
@@ -228,3 +228,9 @@ variable "default_network_tier" {
   type        = string
   default     = ""
 }
+
+variable "deletion_policy" {
+  description = "The deletion policy for the project."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/test/fixtures/minimal/main.tf b/test/fixtures/minimal/main.tf
index 44eb0daf..aefa30f0 100644
--- a/test/fixtures/minimal/main.tf
+++ b/test/fixtures/minimal/main.tf
@@ -49,6 +49,8 @@ module "project-factory" {
 
   default_service_account     = "DISABLE"
   disable_services_on_destroy = false
+
+  deletion_policy = "DELETE"
 }
 
 // Add a binding to the container service robot account to test that the
diff --git a/test/fixtures/vpc_sc_project/main.tf b/test/fixtures/vpc_sc_project/main.tf
index 8e73343d..9957d7e8 100644
--- a/test/fixtures/vpc_sc_project/main.tf
+++ b/test/fixtures/vpc_sc_project/main.tf
@@ -50,6 +50,8 @@ module "project-factory" {
 
   vpc_service_control_attach_enabled = true
   vpc_service_control_perimeter_name = "accessPolicies/${var.policy_id}/servicePerimeters/${local.perimeter_name}"
+
+  deletion_policy = "DELETE"
 }
 
 resource "google_project_iam_member" "iam-binding" {
diff --git a/variables.tf b/variables.tf
index 30879775..ec889418 100644
--- a/variables.tf
+++ b/variables.tf
@@ -369,5 +369,5 @@ variable "cloud_armor_tier" {
 variable "deletion_policy" {
   description = "The deletion policy for the project."
   type        = string
-  default     = null
+  default     = "PREVENT"
 }