OpenAI's Frontier Governance Framework

Published 28 May 2026, OpenAI's Frontier Governance Framework is a discrete public document that maps the company's existing safety and security practices to specific regulatory obligations, principally California's Transparency in Frontier AI Act and the EU AI Act's Code of Practice for General Purpose AI. The framework states that OpenAI's Preparedness Framework 'remains the foundation for how we define and operationalize our approach to managing the most serious risks from advanced AI systems,' while this new document applies 'relevant parts of that approach into a public governance document focused on specific regulatory obligations.' Coverage spans risk assessment and mitigation across cyber offense, CBRN risks, harmful manipulation, and loss of control, as well as model reporting, security risk management, incident response, external expert input, and planned update cadences. This is the first time OpenAI has produced a consolidated, jurisdiction-mapped governance disclosure rather than discrete policy posts, representing a meaningful increase in regulatory transparency from a frontier lab.

Policy leads and CISOs at organisations procuring or deploying OpenAI models now have a single reference document mapping OpenAI's internal safety controls to the specific regulatory frameworks that will govern frontier AI in the EU and California — directly relevant to vendor due diligence and supply-chain risk assessments.

Pass to legal and procurement teams to incorporate into OpenAI vendor due-diligence reviews; map the framework's risk categories (cyber, CBRN, manipulation, loss-of-control) against your organisation's own AI risk taxonomy before the EU AI Act obligations take effect.