OpenAI Governance Doc Targets California and EU AI Law
OpenAI published its first public compliance framework mapping internal safety practices to California's SB 53 and the EU AI Act - but critics note the underlying Preparedness Framework quietly dropped manipulation from its risk categories last April.
8 min read
OpenAI published its Frontier Governance Framework on May 28, 2026, its first public document explicitly mapping internal safety practices to two emerging regulatory regimes - California's Transparency in Frontier AI Act and the EU AI Act's General Purpose AI Code of Practice. The publication lands five months after California's law took effect and roughly ten weeks before the EU begins enforcing its provisions. Both timing details are doing a lot of work.
TL;DR
- OpenAI published its Frontier Governance Framework on May 28, mapping safety practices to California's SB 53 and the EU GPAI Code of Practice
- The framework covers four risk categories: cyber offense, CBRN threats, manipulation, and loss of control - with critical-risk models blocked from deployment until mitigated
- The underlying Preparedness Framework v2 (April 2025) quietly removed manipulation and deception from formal tracking, shifting them to lower-weight policy documents
- A "competitive parity" clause allows OpenAI to deploy critical-risk models if a competitor has already released something similar
- Anthropic published its compliance framework in December 2025, before California's law even took effect; OpenAI is five months behind
What the Framework Actually Says
Risk Categories and Thresholds
The Frontier Governance Framework organizes OpenAI's risk posture around four tracked categories: cyber offense (AI-enabled attacks and offensive capabilities), CBRN threats (chemical, biological, radiological, nuclear assistance), harmful manipulation and deception, and loss of control or autonomous replication. Models assessed as high risk - defined as those that could boost existing pathways to severe harm - may be rolled out if enough safeguards are in place. Severe harm is defined as more than 1,000 deaths or more than $100 billion in damages.
Critical-risk models, which could introduce entirely new pathways to that level of harm, face a harder bar: deployment is blocked until mitigations are in place, and development may continue during that period.
Testing and Reporting Commitments
OpenAI commits to scalable automated evaluation pipelines with adversarial red-team testing for each major release. An internal Safety Advisory Group must review all safeguards before deployment decisions are finalized. The company publishes public Safeguards and Capabilities Reports alongside major model releases, a practice begun with GPT-4o variants.
OpenAI CEO Sam Altman has framed the governance push as a step toward building global AI safety infrastructure.
Source: commons.wikimedia.org
Two Clocks, Two Deadlines
California's SB 53 - Already in Effect
California's Transparency in Frontier AI Act was signed by Governor Newsom in September 2025 and took effect January 1, 2026. It applies to any company that trained a model using more than 10^26 floating-point operations and earns more than $500 million in annual revenue - targeting roughly five to eight organizations globally.
The law requires three things: an annual frontier AI framework describing how catastrophic risks are identified and governed; pre-deployment transparency reports before each new or substantially modified model; and safety incident reports filed with California's Office of Emergency Services within 15 days of discovery, or 24 hours if there is imminent danger. Violations carry penalties of up to $1 million each, enforced by the California Attorney General. Whistleblower protections and internal anonymous reporting channels are also mandatory.
Anthropic published its SB 53 compliance framework in December 2025 - before the law took effect. OpenAI's document arrived five months after the January 1 effective date.
EU AI Act - Enforcement Begins August 2
The EU AI Act's GPAI Code of Practice has been in force since August 2, 2025, with a one-year grace period for most enforcement. On August 2, 2026 - roughly ten weeks after OpenAI's publication - the EU AI Office gains full enforcement authority, with fines reaching 3% of global annual turnover or €15 million, whichever is higher.
The compute threshold is lower than California's: models trained with more than 10^25 floating-point operations are presumed to carry systemic risk. The Code covers three domains: transparency (documentation, technical properties, energy usage, ten-year record retention), copyright (opt-out policies and piracy exclusion), and safety and security (risk management and incident reporting to the AI Office). Notable holdouts include Meta, which refused to sign on the grounds that the Code "introduces legal uncertainties." xAI signed the safety and security chapter only.
OpenAI's May 28 publication looks calibrated to build a compliance record before August enforcement begins.
The EU AI Act's GPAI Code of Practice covers transparency, copyright, and safety for general-purpose AI providers.
Source: code-of-practice.ai
What Was Quietly Removed
The April 2025 Retreat on Manipulation
Buried in the story of the Frontier Governance Framework is what the underlying Preparedness Framework v2 - published in April 2025 - stopped tracking. Manipulation and persuasion were removed from the formal risk-category system and shifted to OpenAI's Model Spec and terms of service, documents with lower regulatory weight and fewer enforcement hooks.
The change drew immediate criticism from researchers following AI safety closely. "Downgrading deception strikes me as a mistake given the increasing persuasive power of LLMs," said Oren Etzioni of TrueMedia. Courtney Radsch at Brookings and the Center for Democracy and Technology described it as "another example of the technology sector's hubris," noting that persuasion "may be existentially dangerous to individuals" in specific contexts. Gary Marcus was more blunt: the shift signals that "none of what they say about AI safety is carved in stone" when competitive pressure arrives.
Steven Adler, a former OpenAI safety researcher, summarized the direction: "OpenAI is quietly reducing its safety commitments."
The April 2025 update also removed safety testing requirements for fine-tuned models, a category that covers much of deployments on the API.
The Competitive Parity Loophole
The Preparedness Framework contains a clause that allows OpenAI to deploy critical-risk models - the highest category in its system - if a competitor has already released a model with similar capabilities. An academic analysis published on arXiv (arXiv:2509.24394) described this as a provision that "allows OpenAI's CEO to deploy even more dangerous capabilities" when the race dictates it. The framework "requests evaluation of a small minority of AI risks" and "encourages deployment of systems with 'Medium' capabilities for unintentionally enabling 'severe harm.'"
This clause doesn't appear in the Frontier Governance Framework's public-facing framing. It's downstream in the Preparedness Framework on which the governance document rests.
How OpenAI Stacks Up
| Dimension | OpenAI | Anthropic | Google DeepMind |
|---|---|---|---|
| Risk structure | High/Critical binary | ASL-1 through ASL-4+ tiers | Critical Capability Levels (CCLs) |
| Manipulation tracking | Removed from formal categories (April 2025) | Retained | Retained; includes deceptive alignment |
| Fine-tuned model testing | Removed (April 2025) | Required at ASL-3+ | Required at trigger levels |
| Scaling halt mechanism | No explicit halt; competitive parity clause applies | Yes - RSP creates freeze if safety lags behind capability | Yes - CCLs trigger graduated responses |
| Governance body | Internal Safety Advisory Group | Long Term Benefit Trust plus board | Safety councils plus external experts |
| Compliance timing | May 2026 | December 2025 (pre-SB 53) | March 2026 (FSF v3) |
The sharpest divergence is on deceptive alignment. Google DeepMind's Frontier Safety Framework v3, published in March 2026, explicitly addresses the risk that a model pursues covert goals that differ from its stated objectives. Anthropic's biosafety-level tiering creates genuine friction against rapid capability scaling. OpenAI's structure has the most procedurally flexible deployment rules of the three.
Critics: Disclosure Without Enforcement
Stanford Law researchers graded SB 53 against typical disclosure regimes in February 2026, giving the governance requirements a 2 out of 5. Their assessment: the statute "does not define what constitutes an adequate assessment, does not mandate specific testing protocols or evaluation methodologies." Accountability received the same 2-out-of-5 rating because the law creates no private right of action - everything runs through the Attorney General's office, creating a potential bottleneck.
"The disclosure-without-enforcement model has a weak historical track record. Financial, environmental, and nutritional disclosure regimes all produced compliance documents without producing meaningfully safer outcomes. AI governance should learn from those failures rather than repeat them." - Stanford Law analysis, January 2026
Illinois is moving further. SB 315, which passed the Illinois legislature in May 2026 and awaits Governor Pritzker's signature, would be the first state law requiring third-party audits of frontier model safety protocols - a step beyond SB 53's self-reporting model. If signed, it creates a new compliance obligation that a public framework document can't satisfy on its own.
OpenAI's Mission Bay headquarters in San Francisco. The company's governance framework aims to satisfy regulators in both California and the EU.
Source: commons.wikimedia.org
What It Means
OpenAI has always had a complicated relationship with the safety commitments it puts in writing. The company was founded, in part, as a response to fears about unchecked AI development. It has watched a sustained exodus of its most prominent safety researchers over the past two years. Its legal battles have exposed deep internal disagreements about the boundaries of its original mission.
The Frontier Governance Framework is the company's clearest attempt yet to speak the language of regulators. The document is real, the risk categories are real, and the testing commitments are real. But reading it with the April 2025 Preparedness Framework v2 - the document it's built on - tells a more complicated story. The competitive parity clause is not a minor technical detail. Neither is the removal of manipulation from formal risk tracking.
The EU's August 2, 2026 enforcement date is the moment this moves from governance theater into a regime with financial consequences. Between now and then, the difference between a framework that constrains behavior and one that merely documents it is a question regulators, researchers, and OpenAI's own engineers will have to answer.
Sources:
- OpenAI Frontier Governance Framework
- StartupHub.ai - OpenAI Frontier Governance Framework coverage
- Future of Privacy Forum - California SB 53 explainer
- Stanford Law - SB 53 disclosure analysis
- Lawfare - Governing Frontier AI: SB 53
- EU AI Act GPAI Code of Practice
- arXiv:2509.24394 - Academic critique of OpenAI Preparedness Framework
- Enkrypt AI - Comparative safety frameworks
- Anthropic SB 53 compliance framework
