How do we govern AI models from preview release through retirement?

Many organizations deploy vendor AI capabilities in "preview" or "beta" without recognizing that preview models carry governance risks that GA models do not. Preview models may change their behavior between invocations without notice, lack the audit history of established production models, and are typically excluded from vendor SLAs and security commitments. Using a preview model in a production workflow is a governance decision, not a technical one.

Establish a clear policy for preview model use. The most defensible position is that preview models may be used in internal research and evaluation environments, but must not process regulated data, influence consequential decisions, or be exposed to external users until they have been explicitly promoted to production status through the governance process. Any exception requires written approval from the AI governance function.

The promotion process from Preview to Production should require at minimum: a risk classification, a pre-deployment adversarial test, documentation in the model registry, and sign-off from the system owner and a compliance representative. This process is not bureaucracy — it is the evidentiary record that demonstrates due diligence if a model incident later occurs.

Models do not remain safe to deploy indefinitely. A model that met your governance standards at deployment may need re-assessment if its capabilities change, if its use case expands, or if new risks emerge. Defining re-assessment triggers in advance — rather than relying on periodic reviews alone — is one of the most important things a lifecycle policy can do.

Common re-assessment triggers include: a vendor announcing a capability-significant model update (defined as a change to the model's training, fine-tuning, or safety configuration, not just infrastructure changes); a new attack technique published that specifically targets the model or architecture in use; a production incident classified as Significant or Critical; an expansion of the model's use case beyond what was evaluated at deployment; and any change to the regulatory obligations applicable to the deployment.

Re-assessment does not always mean taking the model offline. It means evaluating the changed risk profile against current controls and documenting the conclusion. In many cases, existing controls are sufficient and the re-assessment produces a record confirming continued production approval. The record is the point — it demonstrates that someone reviewed the change and made a considered decision.

AI model retirement is the stage governance programs most frequently neglect. When a model is replaced or discontinued, the governance obligations do not end — they conclude with a formal decommissioning process that creates an auditable record of the model's production life.

The retirement process should include: migrating or decommissioning all systems that depend on the model; deleting model weights from all environments and logging the deletion; archiving the model's governance documentation (risk classification, incident records, re-assessment history) for the retention period required by applicable regulations; and notifying any downstream data processors or vendors whose systems depended on the model.

Decommissioning records matter because auditors and regulators may ask, after the fact, about AI systems that are no longer in production. If a decision influenced by a deprecated model becomes the subject of an adverse action challenge or regulatory inquiry, you need the documentation to demonstrate the oversight that was in place while the model was running.