OpenAI releases Frontier Governance Framework for enterprises

OpenAI released the Frontier Governance Framework, a blueprint that maps enterprise AI safety and compliance controls to the EU General-Purpose AI Code of Practice and California’s Transparency in Frontier AI Act. The document defines risk tiers, monitoring requirements and incident response processes for high-capability models.

OpenAI defines systemic risk as scenarios in which a model could foreseeably cause more than 50 fatalities or more than $1 billion in property damage from a single incident. The framework separates threats into domains: cyber offense; chemical, biological, radiological and nuclear (CBRN) risks; harmful manipulation; and loss of control.

The framework applies tiered capability ratings to each domain. In cyber offense, a Tier 3 model is described as a tool-augmented system that can find and develop functional zero-day exploits across many hardened systems without human intervention. In CBRN, a Tier 3 model could enable an expert to design a highly dangerous novel threat vector or autonomously complete the synthesis cycle of a regulated biological agent.

For loss of control risks, a Tier 2 model can reliably evade detection across multiple evaluation methods. A Tier 3 model can outperform expert humans on complex projects, operate autonomously for sustained periods and show situational awareness and stealth that make evasion difficult to detect. For harmful manipulation-intentional distortion of human behavior-the framework emphasizes system-level mitigations and continuous monitoring. For consumer-facing uses such as marketing automation, OpenAI recommends pairing language models with real-time classifiers to screen messaging.

Security controls in the framework align with ISO 27001, 27017, 27018 and 27701 standards and with SOC 2 Type II evaluations. Technical measures described include encryption of model weights at rest and in transit, multi-factor authentication, multi-party approval protocols and sandboxed execution with restricted data egress. Personnel who handle models are subject to regular training and model operations occur in controlled environments.

The document addresses integration with enterprise data systems. For retrieval-augmented generation and dense vector stores, OpenAI recommends routing API requests through security classifiers before they query vector databases and screening retrieved context before generating responses. Enterprises connecting cloud AI to legacy mainframes are advised to use heavily encrypted middleware and to allocate compute resources to defend against adversarial prompting and data extraction.

OpenAI prescribes an AI Safety Incident Response Plan (AIRP) that covers triage, investigation and external reporting. Potential incidents may be flagged by automated monitoring, employee escalation or end-user feedback. OpenAI publishes Safety and Security Model Reports and commits under EU rules to reassess whether to update those reports for its most capable models at least every six months; reports must be revised if a model’s capabilities change through post-training or new integrations increase risk.

OpenAI Ireland Limited is responsible for EU compliance while OpenAI OpCo LLC manages requirements under California law. The company uses outside domain experts and independent third-party evaluators to test safeguards and advise internal safety groups. Updates to the framework can be proposed by leaders including the head of safety systems, the chief information security officer and the general counsel, and the company conducts a formal framework assessment at least once a year.

The Frontier Governance Framework lays out technical and operational controls, monitoring practices and response steps that enterprises can map to emerging EU and California rules when deploying high-capability AI models.