OpenAI Publishes Frontier Governance Framework, Aligning Safety Practices With US and EU Regulation

The gap between how AI labs describe their safety practices to the public and what those practices actually require in writing has been a persistent critique of the frontier AI industry since at least 2022. On May 28, OpenAI moved to close that gap in a concrete and legally consequential way, publishing its Frontier Governance Framework — a formal document that maps the company’s existing internal safety and preparedness architecture onto the specific obligations of two major regulatory regimes: California’s Transparency in Frontier AI Act and the EU AI Act’s General Purpose AI Code of Practice.

The framework is not a new policy. OpenAI describes it explicitly as an application of its existing Preparedness Framework — the internal document that defines how the company identifies, evaluates, and mitigates risks from frontier AI systems — translated into the language of external legal accountability. What makes it notable is the architecture of specificity: rather than broad commitments to safety principles, the framework enumerates particular risk categories, particular evaluation methods, and particular response commitments, tied to regulatory definitions that carry enforcement weight.

What the Framework Covers

The Frontier Governance Framework organizes OpenAI’s risk management approach around four core danger categories that regulators and safety researchers consider the most critical concerns for powerful AI systems:

Cyber offense: AI systems capable of meaningfully assisting in the development, deployment, or execution of cyberattacks at scale — beyond what a sophisticated human adversary could accomplish without AI assistance. OpenAI’s framework commits to evaluating new models against cyber offense thresholds before deployment and maintaining monitoring for post-deployment capability emergence.

CBRN risks: AI that could provide “serious uplift” to actors seeking to create chemical, biological, radiological, or nuclear weapons. This category reflects the concern that LLMs with sufficiently detailed scientific knowledge could lower the technical barrier for catastrophic-scale attacks. The framework establishes explicit evaluation protocols and red-line thresholds — capabilities above which a model would not be deployed without specific security controls.

Harmful manipulation: AI capable of sophisticated psychological manipulation at scale, particularly in political contexts — targeted disinformation, personalized persuasion campaigns, or synthetic media designed to destabilize institutions. This risk category is less about weapons and more about the integrity of democratic processes and public epistemics.

Loss of control: AI systems that develop goals or take actions not intended or authorized by operators and users — what the field variously calls misalignment, deceptive alignment, or power-seeking behavior. This is the category most closely associated with long-term AI safety concerns and the one where evaluation methods are the least mature.

From Internal Policy to External Accountability

OpenAI’s Preparedness Framework, introduced in late 2023, was a significant step toward systematic internal risk governance. It established scorecard-based evaluations for model capabilities across risk domains and created escalation procedures tied to those scores. But internal policies, however detailed, carry limited accountability: they can be modified, reinterpreted, or quietly set aside without external visibility.

The Frontier Governance Framework is different in kind. By aligning with California’s Transparency in Frontier AI Act — which requires developers of frontier AI systems to disclose safety testing methodology, results, and incident reports — OpenAI is accepting external audit obligations. By aligning with the EU AI Act’s GPAI Code of Practice — which European regulators are actively enforcing — it is accepting obligations that carry financial penalties for non-compliance.

The practical implication is that the framework creates a paper trail. Model evaluation results must be documented. Incidents — defined as cases where a model’s capabilities exceed pre-deployment risk thresholds — must be reported to regulatory bodies. External experts, through what the framework calls a formal “external input mechanism,” must have structured access to evaluate OpenAI’s compliance claims.

The Regulatory Moment This Responds To

The framework arrives at a moment when regulatory pressure on frontier AI developers has moved from theoretical to operational. California’s Transparency in Frontier AI Act, after years of legislative negotiation and the failed SB 1047 effort in 2024, achieved a version that focused specifically on disclosure and transparency rather than pre-deployment approval. European regulators have been implementing the GPAI Code of Practice provisions of the EU AI Act since early 2026, with formal compliance deadlines creating real urgency.

Simultaneously, the US government has accelerated its engagement with AI safety. The National Institute of Standards and Technology’s CAISI initiative — which secured pre-deployment model access commitments from Microsoft, Google, and xAI in May — represents the federal government inserting itself into the evaluation process in a way that was politically impossible just eighteen months ago. OpenAI separately committed to making its most advanced models available to vetted government users.

OpenAI’s framework can be read as a proactive move to shape how these regulatory processes apply to its operations, rather than waiting to be shaped by them. A company that publishes a detailed governance document first has more influence over how regulators interpret their practices than one that responds to regulatory inquiries reactively.

The Industry Context

OpenAI is not operating in a vacuum here. Anthropic has its own Responsible Scaling Policy, revised in 2025 to incorporate similar risk level frameworks. Google DeepMind published its Frontier Safety Framework in mid-2024. Microsoft has aligned its AI safety commitments with both Anthropic and its own internal standards through its Azure AI safety architecture.

What distinguishes OpenAI’s Frontier Governance Framework is the explicit dual alignment with California and EU regulation — the two regulatory regimes most likely to create enforceable compliance obligations for US-based AI developers in the near term. By naming these regimes and mapping specific framework provisions to their specific requirements, OpenAI is building a compliance architecture that can be directly audited against known external standards.

The framework’s commitment to ongoing updates — “as model capabilities, evaluations, and regulatory requirements develop” — is also notable. The current evaluation methods for loss-of-control risks are rudimentary; no one has fully solved how to robustly test whether a model is deceptively aligned. OpenAI’s framework commits to updating its evaluation methodology as the science improves, which creates a ratchet: the framework becomes more demanding over time as the field’s ability to detect risk improves.

What Critics Will Ask

The framework will face scrutiny on several fronts. First, verification: OpenAI is both the entity setting the evaluation criteria and performing the evaluations. External auditors have limited access to model weights and internal evaluation data. The framework references external expert input, but the specifics of what that access entails, what data auditors can inspect, and what enforcement actions follow non-compliance remain to be established by regulators.

Second, completeness: the framework addresses the risk categories that regulators have prioritized, but the AI safety community has argued that the most important long-term risks — gradual capability accumulation, emergent strategic behavior, societal concentration of AI-derived economic and political power — are not well-captured by the current evaluation framework. A document that is precisely aligned with existing regulatory requirements may be precisely misaligned with the actual risk surface.

Third, incentives: OpenAI is also a company competing to deploy increasingly capable models as fast as possible. A governance framework produced by that company, however detailed, will be read by some observers as a tool of regulatory legitimacy rather than a genuine safety commitment.

These critiques are serious and deserve serious engagement. But the alternative — no formal governance documentation tied to external standards — is clearly worse. The Frontier Governance Framework represents the kind of specific, auditable commitment that makes regulatory enforcement possible. Whether the enforcement proves effective depends on regulators, independent researchers, and the willingness of governments to exercise the oversight authority they are beginning to claim.

---

OpenAI published the Frontier Governance Framework on May 28, 2026. The document is available at openai.com.