OpenAI's Frontier Governance Framework: A Public Safety Contract for Frontier Models

OpenAI published its Frontier Governance Framework on May 28, a public document that maps the company’s internal safety practices to two emerging legal regimes: California’s Transparency in Frontier AI Act and the EU AI Act’s Code of Practice for General Purpose AI. The framework is not a new safety system. It is an accounting exercise — a translation of existing processes into regulatory language.

The document draws directly from OpenAI’s Preparedness Framework, which has been the company’s internal methodology for defining and managing catastrophic risks since late 2023. The Frontier Governance Framework takes that internal playbook and turns it into a public-facing governance document that addresses specific regulatory obligations. OpenAI says the framework covers risk assessment and mitigation across cyber offense, CBRN (chemical, biological, radiological, nuclear) risks, harmful manipulation, and loss of control. It also addresses model reporting, security risk management, incident response, external expert input, and framework updates.

What is genuinely new here is not the content of the safety practices. OpenAI has described these risk categories and mitigation approaches before. What is new is the act of formalization — the decision to publish a single, auditable document that regulators can point to and say “this is what OpenAI committed to.” That formalization carries legal weight that internal blog posts do not.

The timing matters. California’s Transparency in Frontier AI Act, signed into law in 2025, requires developers of frontier models to publish governance frameworks that describe their safety practices. The EU AI Act’s Code of Practice for General Purpose AI, still under development, is expected to impose similar obligations. OpenAI is publishing this framework now to shape the regulatory conversation before those requirements harden into binding rules. It is a preemptive compliance move, not a reaction to enforcement.

The framework covers the right categories. Cyber offense and CBRN risks are the standard frontier-model concerns. Harmful manipulation and loss of control are less commonly discussed in public governance documents — loss of control in particular is a category that most labs have avoided formalizing in regulatory-facing documents because it implies a failure mode they would rather not acknowledge publicly. OpenAI’s inclusion of loss of control is notable. It signals that the company expects regulators to ask about it, and it wants to be seen as having an answer.

But the framework has a structural weakness that is common to all voluntary governance documents in AI: it describes processes, not outcomes. The framework says OpenAI will conduct risk assessments, report on model capabilities, respond to incidents, and update the framework as evaluations evolve. It does not say what threshold of risk triggers a model not being deployed. It does not specify what constitutes an acceptable level of loss-of-control risk. It does not commit to third-party audits with binding consequences.

This is not a criticism unique to OpenAI. Every frontier lab faces the same challenge: how do you write a governance document that satisfies regulators without committing to specific capability thresholds that you might not be able to meet in a future model release? The answer so far has been to describe process in detail and leave outcomes vague. The Frontier Governance Framework follows that pattern.

The document does reference external expert input, which is a meaningful step. OpenAI says the framework will incorporate input from outside evaluators and subject-matter experts. The question is whether that input is advisory or binding. If external experts can flag a risk and the company can proceed anyway, the governance framework becomes a transparency exercise rather than a safety mechanism. If external input can block a deployment, the framework becomes a real constraint on the company’s release decisions. The framework as published does not make this distinction clear.

The EU AI Act’s Code of Practice for General Purpose AI is still being written. The California Transparency Act’s implementing regulations are not final. OpenAI is publishing this framework into a regulatory vacuum, which gives the company the advantage of defining the terms of the conversation. The risk for regulators is that they accept a framework that looks comprehensive but lacks enforcement teeth. The risk for OpenAI is that regulators later demand stronger commitments than the framework provides, forcing a rewrite.

For AI builders, the Frontier Governance Framework is a template worth watching. Other frontier labs — Anthropic, Google DeepMind, Meta, Mistral — will need to produce similar documents as the California and EU regulations come into force. The specific choices OpenAI made in this framework — which risk categories to include, how to describe mitigation processes, whether to mention loss of control — will become reference points for what regulators expect. The document sets a baseline. The question is whether that baseline rises over time as regulations harden.

The framework closes with a commitment to update as model capabilities, evaluations, and regulatory requirements develop. That is the most important sentence in the document. The first version of any governance framework is easy to write. The hard part is the second version, the third version, the version that comes after a regulator finds a gap or after a model exhibits a failure mode the framework did not anticipate. OpenAI’s Frontier Governance Framework is a useful starting point. It is not a finished product.