Decommissioning is the neglected end of the AI lifecycle. A feature that is "turned off" but not decommissioned leaves behind exactly the residue auditors find: credentials that still work, uploaded files nobody remembers, a registry entry frozen at "production," and no record of why the thing went away. The fix is a checklist run by the use case's Owner (see defining AI roles) and closed out in the AI registry. What follows is recommended practice, in the order that avoids the common traps.
Step 1: decide, record, announce
Retirement is a governance decision like launch was. Record who decided, when, and why — cost, low usage, replacement, risk, or a failed sunset review. Notify users with a date and a migration path if one exists. If the feature ever made or influenced decisions about people, involve legal before deleting anything: records of past behavior may need to outlive the feature, and retention obligations trump tidiness.
Step 2: cut traffic, then watch for stragglers
Disable the feature at the application layer first, then verify traffic actually stopped before revoking anything — usage reports grouped by workspace or API key will show stragglers you forgot: a scheduled job, an internal script, a second frontend. On the Claude API, usage data typically appears within minutes, so a quiet week is real evidence. Chasing down each unexpected caller now prevents mysteriously broken workflows after Step 3.
Step 3: revoke access
This is the step most often skipped, because the feature "already doesn't work." Close it anyway:
- Claude API: deactivate the feature's API keys — via Console or the Admin API, which can set a key's status to
inactive. If the use case had its own workspace (the pattern this guide recommends), archiving the workspace immediately revokes every API key in it — a satisfying single stroke, but note it cannot be undone, so complete Steps 4–5 first if you need anything from the workspace. - Cloud platforms: remove the IAM roles and policies (Bedrock), service-account bindings (Vertex AI), or deployments, keys, and RBAC assignments (Foundry) that existed for this feature. Delete any secrets from your secret manager.
- Gateways and integrations: remove the feature's routes from any API gateway, and revoke tokens held by third-party integrations on its behalf.
Remember that on the Claude API, keys belong to the organization and workspace, not to people — a key does not die when its creator leaves, so nothing revokes it except you.
Step 4: clean up stored data
Transient prompts and outputs age out on their own under the Claude API's default retention (deletion within 30 days), but stateful features do not clean up after themselves — by design. Anthropic's documentation is explicit that Files API files are retained until explicitly deleted and Managed Agents session transcripts persist until you delete them. So inventory and delete: uploaded files, agent sessions, skills, and batch inputs/outputs on the Anthropic side; and on your side, prompt logs, cached responses, vector indexes, and evaluation datasets containing production data. On Bedrock and Google Cloud, the cloud provider is the data processor — sweep the buckets, logs, and datasets in your own cloud environment under that platform's controls. Whatever your retention policy requires you to keep (see Step 6), move to archival storage with an expiry, and document the disposition either way.
Step 5: retire the configuration
Archive — do not silently delete — the system prompts, tool definitions, guardrail configurations, and prompt-version history. They are part of the historical record of what ran (your prompt versioning should make this trivial), and stale copies left in live config repositories have a way of being resurrected by someone who finds them and assumes they are current. Mark them clearly as retired. Remove feature flags, dashboards, and alerts so your monitoring surface reflects reality.
Step 6: close the registry entry — don't delete it
Set the registry status to retired with the date, the decision record from Step 1, and the data disposition from Step 4. A deleted entry is an undocumented gap; a retired entry is an answer. Examiners ask about systems that used to run — "we retired it on this date, here is the record" is the response you want available. Keep validation results, change logs, and incident records for the period your compliance team specifies.
Where to go next
Upstream of this checklist sit sunset review triggers and retention and deletion policy; the registry practices that make Step 6 trivial are in maintaining an enterprise AI registry.