I'm torn on this. reCAPTCHA v2 (mostly useless[0]) and v3 function largely on browser fingerprinting plus a few other heuristics (e.g., whether or not you have a Google cookie). Any meaningful privacy measures to resist fingerprinting end up with a low reCAPTCHA score. I personally run into a wall on most sites using it.
That said, it's one of the most effective means of combatting automated spam and credential stuffing attacks. In a recent implementation I did, having 2FA active for your account bypasses the captcha requirement, but the vast majority of users are still too non-technical to use 2FA and are subject to the frustrations of reCAPTCHA.
A responsible spam protection system should allow every spam (and consequentially responsible user) from an ISP.
If a ISP shows sign of abuse, then show Captcha or other system that will block some spam while also blocking some valid users. This is a evil-for-the-greater-good solution. Do not fool yourself into thinking this is a solution (i.e. without caveats)
Impacted users can complain to both the service provider (you) and their ISP. And that failing, switching their ISP (i.e. voting with their wallet --how that happens in a monopoly is another discussion)
Bottom line, if you show captcha for all users (even for ISPs that are now showing signs of spam) you are intentionally blocking some users for no good reason. And you are part of the problem. Sadly, this includes the US government as they blanket censor all their forms (from visa request to DMV visits) behind Google(R) captcha(tm) at all times.
It seems that your suggestion is that ISP is a good signal for detecting spam, but it's not obvious to me that this is true. For example a site targeted by a botnet could be hit with traffic from a wide range of otherwise legitimate looking ISPs, in which case you're going to be getting a lot of spam on your website.
In our experience, country of origin is a better heuristic for possible abuse than an individual ISP is. Most malicious traffic comes from a fairly small number of countries, many of which are the obvious culprits. That kind of data is never guaranteed accurate, though.
That said, it's one of the most effective means of combatting automated spam and credential stuffing attacks. In a recent implementation I did, having 2FA active for your account bypasses the captcha requirement, but the vast majority of users are still too non-technical to use 2FA and are subject to the frustrations of reCAPTCHA.
[0]: https://github.com/dessant/buster