OpenAI publishes governance framework mapping to EU AI Act and California SB 1047
OpenAI released a formal governance document detailing how its safety, security, and risk protocols map to incoming EU AI Act and California SB 1047 requirements.
OpenAI published its Frontier Governance Framework this week, a formal document outlining how the company's internal safety, security, and risk management practices align with regulatory requirements under the EU AI Act and California's SB 1047. The framework arrives as both jurisdictions move toward enforcement deadlines later this year — the EU's high-risk AI provisions take effect in August 2026, and California's SB 1047 compliance window closes in December 2026.
The document describes OpenAI's tiered risk classification system, incident response protocols, and third-party audit mechanisms. It names specific internal review boards responsible for pre-deployment safety checks and post-deployment monitoring, and it maps those processes to the EU's transparency and documentation mandates. The framework also addresses SB 1047's requirements for catastrophic-risk assessments on models above 10^26 FLOPs, though OpenAI does not disclose which current or future models cross that threshold.
OpenAI's move follows similar disclosures from Anthropic and Google DeepMind earlier this year, as frontier labs race to demonstrate compliance before regulators finalize enforcement guidance. The framework is available on OpenAI's site but does not include sample audit reports or redacted incident case studies, leaving some details about real-world application unclear. Whether the framework's internal review boards will publish any findings publicly, and whether the EU or California will accept the company's self-assessment as sufficient evidence of compliance, remains uncertain — both jurisdictions are expected to release final enforcement guidance in the next 60 days.
