ISO-STANDARD.appISO-STANDARD.app

Decommissioning AI tools: the discipline almost nobody has

Adoption gets attention; retirement does not. That is why decommissioning is where most of the residual AI risk in mature organisations actually lives.

Michael McCarroll 14 min read Updated June 2026

Why decommissioning gets neglected

The economics of organisational attention reward launches and punish endings. A new AI tool generates announcements, dashboards and momentum. A retiring one generates forms, conversations and a quiet ticket nobody wants. The predictable outcome is that tools are left running long after their value has gone, or are switched off carelessly, or are replaced without anyone confirming that the data has actually left.

ISO/IEC 42001 explicitly includes the disposal of AI systems in the lifecycle controls for the same reason ISO/IEC 27001 has always included asset disposal: this is where confidentiality fails after the project is forgotten (ISO/IEC 2023).

What a serious decommissioning looks like

A defensible AI retirement covers six categories. Skipping any one of them produces a predictable class of incident.

1. Data return and deletion. Every dataset you provided — prompts, documents, fine-tuning corpora, evaluation sets — needs to be returned to you in a usable form, and then deleted by the supplier under contractual certification. Without a destruction certificate naming the systems and dates, you cannot evidence that the data is gone.

2. Model artefacts. Fine-tuned weights, embeddings, vector indexes and any custom retrieval stores derived from your data must be destroyed alongside the raw inputs. Embeddings have repeatedly been shown to allow partial reconstruction of source content (Song and Raghunathan 2020); they are not anonymous.

3. Downstream dependencies. Inventory every system, dashboard, automation and human workflow that consumed the retiring tool's output. Some will break loudly; some will degrade silently. The silent ones are dangerous.

4. Identity and access. API keys, service accounts, OAuth grants and on-behalf-of tokens issued to the retiring tool must all be revoked. A surprising number of historic breaches trace back to forgotten credentials of decommissioned systems (Verizon 2024).

5. People and process. The humans whose work depended on the tool need an alternative path before, not after, the switch off. Training, communication and fallback procedures matter more than any technical step.

6. Records. The retirement itself is an event. The risk register, the asset register, the supplier register and the change record all need a closing entry. For regulated industries, the model card, the evaluation history and the incident log should be archived in a form readable years later.

The hardest case: an embedded feature you didn't buy

The cleanest decommissioning is a tool you procured. The hardest is an AI feature that arrived inside a SaaS product, was used by a few people and now needs to be turned off — but the SaaS contract makes no distinction between the AI feature and the rest of the product. Three steps usually work:

  1. Identify every instance through usage telemetry, not the supplier's marketing description.
  2. Configure the feature off at the tenant level if the vendor offers it; if not, raise a contractual request that names the data categories you do not want processed.
  3. Treat the feature's output as a downstream dependency and migrate the workflow away before the configuration change lands.

A short checklist worth keeping

  • Named retirement owner with authority across business, legal and technology.
  • Confirmed inventory of all data, derived artefacts and consumers.
  • Written deletion request to the supplier referencing every data category and derivative.
  • Destruction certificates received and filed against the original contract.
  • All credentials revoked and verified through access logs.
  • Risk register, asset register, supplier register and change log all closed.
  • Retrospective scheduled 90 days later to confirm nothing was missed.

References

  • ISO/IEC (2022) ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements. Geneva: ISO/IEC.
  • ISO/IEC (2023) ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system. Geneva: ISO/IEC.
  • Song, C. and Raghunathan, A. (2020) 'Information leakage in embedding models', Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 377–390.
  • Verizon (2024) Data Breach Investigations Report. New York: Verizon Business.

Make retirement as deliberate as adoption

ISO-STANDARD.app carries each AI system through its full lifecycle — inventory, classification, controls, monitoring and retirement — with the evidence trail a regulator would expect.

ISO-STANDARD.app ships a ready-to-adopt ISO 42001 workspace with the risk register, controls catalogue, policies and audit-ready exports already wired together — no spreadsheet sprawl, no consultant lock-in.

Start free See pricingTalk to us

Prefer a conversation? Email hello@iso-standard.app — a real human responds within one business day.

Trust & security
ISO 27001 aligned
Controls mapped to Annex A
Encryption in transit & at rest
TLS 1.3 · AES-256
MFA enforced
TOTP required for all admins
GDPR & UK GDPR
DPA on request · EU/UK data
SOC 2 ready posture
Audit-grade logging
RLS-isolated tenants
Row-level data separation
← All guidesHome →