OpenAI releases Frontier Governance Framework for enterprises

OpenAI published the Frontier Governance Framework on its website to describe how enterprises can assess and manage risks from high-capability AI models. The document maps its approaches to the EU General-Purpose AI Code of Practice and California’s Transparency in Frontier AI Act.

The framework defines systemic risk as foreseeable events that could cause more than 50 fatalities or more than $1 billion in property damage from a single incident. OpenAI ties those thresholds to concrete deployment and monitoring requirements so teams can set safeguards when a model reaches higher risk levels.

OpenAI groups threats into domains: cyber offense; chemical, biological, radiological and nuclear (CBRN) risks; harmful manipulation; and loss of control. Each domain is scored in tiers that describe model capabilities and the level of oversight needed. A Tier 3 cyber offense capability is one that could find and build working zero-day exploits across many hardened systems without human help. In the CBRN category, a Tier 3 model could enable an expert to design a novel, highly dangerous agent or complete a regulated synthesis cycle autonomously. For loss of control, the framework describes Tier 2 capabilities as reliably evading some detection methods and Tier 3 as outperforming expert humans on complex projects, operating autonomously for sustained periods and showing stealth that undermines monitoring. Harmful manipulation covers uses like influence operations and election interference; OpenAI recommends addressing it with system-level safeguards and ongoing monitoring rather than only pre-deployment checks.

The framework emphasizes system-level mitigations and continuous post-deployment controls. Recommended measures include real-time content classifiers for consumer-facing applications, deterministic fail-safes and sustained human oversight for automated enterprise workflows such as logistics or trading, and third-party audits to verify protections.

Security controls align with recognized standards including ISO 27001, 27017, 27018 and 27701, and SOC 2 Type II. OpenAI advises encrypting unreleased model weights in transit and at rest, enforcing multi-factor authentication and multi-party approval for sensitive actions, running models in sandboxed environments with restricted egress, and providing regular staff training.

On data integration, the framework addresses patterns like retrieval-augmented generation and dense vector databases. OpenAI recommends routing API requests through security classifiers before they reach vector stores and screening retrieved context before producing output. When cloud-hosted AI must interact with older mainframe systems, the framework recommends heavily encrypted middleware and additional compute to reduce risks of data extraction or adversarial prompting.

To maintain compliance, OpenAI solicits external domain experts and independent evaluators to stress-test safeguards for models nearing higher risk tiers. The company publishes mitigation results in a Safety and Security Model Report and commits to reassessing whether to update those reports at least every six months under EU provisions. Updates are required if a model’s capabilities change materially or if new integrations raise risk. OpenAI Ireland Limited is responsible for EU compliance and OpenAI OpCo LLC manages obligations under the California law.

For operational incidents, OpenAI uses an AI Safety Incident Response Plan that standardizes triage, investigation and external reporting. Incidents can be flagged by automated monitoring, employee escalation or end-user feedback. Response teams assess root cause, scope and impact and take containment actions. The framework undergoes a formal review at least once every 12 months, and updates can be proposed by leaders such as the Head of Safety Systems, the chief information security officer and the general counsel.

The Frontier Governance Framework sets out specific thresholds, controls and procedural steps that enterprises can adapt when they deploy higher-capability AI models internally.