The 20-page Frontier Governance Framework details risk thresholds that determine whether a model can be deployed, tying each decision to California and EU law.

OpenAI published its Frontier Governance Framework, a 20-page document that outlines how the company identifies, evaluates, and responds to the most dangerous risks its models could pose. It covers four categories: cyber offense, CBRN (chemical, biological, radiological, and nuclear weapons), harmful manipulation, and loss of control. Loss of control covers models that could deceive humans, evade shutdowns, or take unauthorized autonomous action.

The release outlines how OpenAI’s security guidelines align with current and future regulations, including California’s Transparency in Frontier AI Act and the EU AI Act. Both examples require OpenAI to document its processes for managing catastrophic risks from its most capable models.

What triggers a risk review

OpenAI defines a systemic risk as any threat that could materially contribute to more than 50 fatalities or $1 billion in property damage from a single incident. For each of the four risk categories, the company uses a three-tier system to measure how much a model raises the danger level.

Tier 1 covers model capabilities comparable to other publicly available methods of gathering information. For example, if someone could get the same help by searching the web, reading a manual, or asking a domain expert, the model is operating at Tier 1. Tier 2 is when a model provides meaningful uplift to bad actors who couldn’t otherwise achieve the same result. For example, enabling someone with basic technical knowledge to create a known biological or chemical threat. Tier 3 covers the most severe: in the CBRN category, that means a model capable of enabling an expert to develop a novel pathogen, or one that could autonomously execute the full design and production of a biological weapon without human involvement.

If a model’s residual risk exceeds acceptable levels after mitigations are applied, OpenAI says it will not deploy it.

What’s still under development

Regarding loss of control, the risk tiers are still being developed, except for risks related to AI self-improvement, for which the thresholds are more clearly defined.

For harmful manipulation, OpenAI has not yet developed a way to evaluate risk before deployment. Risks in that category, including influence operations and election interference, are currently addressed through post-deployment monitoring rather than pre-release testing.

Reporting reviews and guardrail changes

The company reviews safety reports for covered models at least every six months. The framework itself gets a full assessment at least annually. Material changes require board-level approval at the OpenAI Foundation and must be published within 30 days.

OpenAI will update the framework as regulatory requirements and model capabilities evolve.