The framework establishes four categories of behaviors that the policy states are permanently disabled across all OpenAI model deployments and cannot be enabled by any operator or user instruction, covering CBRN weapons uplift, critical infrastructure attacks, cyberweapon creation, and AI oversight circumvention.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the outer boundary of what OpenAI's models are stated to be capable of producing under any operator or user instruction configuration, which is directly relevant to enterprise operators building products on the API who need to understand non-negotiable capability limitations.
Interpretive note: The document does not specify the technical mechanisms used to enforce these prohibitions across all model variants, fine-tuned versions, or operator-customized deployments, creating ambiguity about scope of application.
Under this clause, OpenAI's models will not provide assistance with CBRN weapons creation, critical infrastructure attacks, cyberweapon development, or AI oversight circumvention regardless of how operator system prompts or user instructions are configured.
Cross-platform context
See how other platforms handle Hardcoded Absolute Behavioral Prohibitions and similar clauses.
Compare across platforms →Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Some behaviors are 'hardcoded' — meaning they are absolute restrictions that cannot be unlocked by any operator or user, regardless of context or instruction. These include: providing serious uplift to those seeking to create biological, chemical, nuclear, or radiological weapons with the potential for mass casualties; providing serious uplift to attacks on critical infrastructure (power grids, water systems, financial systems) or critical safety systems; creating cyberweapons or malicious code that could cause significant damage if deployed; taking actions that meaningfully undermine the ability of legitimate principals to oversee and correct advanced AI models.— Excerpt from OpenAI's OpenAI Frontier Governance Framework
REGULATORY LANDSCAPE: This provision directly engages the EU AI Act's prohibitions on certain AI system uses and its requirements for GPAI models with systemic risk to implement safeguards against foreseeable misuse. It also intersects with US export control regimes (EAR/ITAR) insofar as CBRN weapons assistance restrictions overlap with export-controlled information categories. The FTC retains authority over misrepresentations about AI capability restrictions. GOVERNANCE EXPOSURE: Medium. The provision asserts absolute technical restrictions, but the document does not detail the technical implementation or testing regime used to verify these restrictions hold across all model versions and API configurations. Governance exposure arises if these stated prohibitions are not uniformly enforced across all model versions, fine-tuned variants, or operator-customized deployments. JURISDICTION FLAGS: EU/EEA operators have the highest regulatory interest given the EU AI Act's prohibited uses provisions. US federal agencies including DOJ, DHS, and CISA may have interest in CBRN and critical infrastructure provisions. No specific carve-outs for jurisdiction are stated in the document. CONTRACT AND VENDOR IMPLICATIONS: API operators building security, research, or dual-use applications should review whether these hardcoded restrictions affect their use case eligibility. The document does not specify whether operators can receive written clarification on edge cases or whether an escalation process exists for borderline applications. COMPLIANCE CONSIDERATIONS: Legal teams at operator organizations should document reliance on these stated restrictions in their own product risk assessments. Where operators are deploying AI tools in regulated sectors (defense, critical infrastructure, healthcare), alignment between these stated prohibitions and sector-specific regulatory requirements should be verified.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the outer boundary of what OpenAI's models are stated to be capable of producing under any operator or user instruction configuration, which is directly relevant to enterprise operators building products on the API who need to understand non-negotiable capability limitations.
Under this clause, OpenAI's models will not provide assistance with CBRN weapons creation, critical infrastructure attacks, cyberweapon development, or AI oversight circumvention regardless of how operator system prompts or user instructions are configured.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.