7 Total
3 High severity
3 Medium severity
1 Low severity
Summary

The GPT-5 System Card is a technical safety disclosure published by OpenAI describing the architecture, safety evaluations, risk ratings, and deployment constraints applied to the GPT-5 model family. The document discloses that GPT-5 received a 'medium' risk rating under OpenAI's Preparedness Framework across CBRN, cybersecurity, persuasion, and model autonomy categories, and that deployment proceeded under a set of mitigations including refusal training, monitoring, and operator-level access controls. The card also discloses that GPT-5 uses a routing system to direct queries to one of several sub-models including gpt-5-main, gpt-5-thinking, and gpt-5-thinking-nano, with capability and reasoning depth varying by sub-model and access tier.

Technical / Legal Breakdown

This document is the GPT-5 System Card published by OpenAI, a technical safety and governance disclosure covering the capabilities, evaluation methodology, risk classifications, and mitigation measures applied to the GPT-5 model family, including gpt-5-main, gpt-5-thinking, and gpt-5-thinking-nano. The card states that GPT-5 was evaluated against OpenAI's Preparedness Framework and internal safety policies, with the document disclosing that the model received a 'medium' rating across tracked risk categories including CBRN (chemical, biological, radiological, nuclear), cybersecurity, persuasion, and model autonomy. The card asserts that GPT-5 incorporates a unified model routing system that dynamically selects between sub-models based on task complexity, and discloses that the model underwent red-teaming, automated evaluations, and external third-party safety testing prior to deployment; the document does not assert user-facing contractual rights or financial terms, but does establish that operator and user access to model capabilities may be tiered and constrained through system prompt-level controls. The document engages frameworks including the EU AI Act, which classifies certain AI systems as high-risk and requires conformity assessments and transparency obligations; the FTC's authority over unfair or deceptive AI practices; and emerging voluntary commitments made under the White House AI Safety framework, though the card does not assert full compliance with any specific regulatory standard. Material compliance considerations include whether the disclosed evaluation methodology satisfies the EU AI Act's requirements for high-risk system documentation, how the 'medium' Preparedness rating translates to operator-level disclosure obligations, and how capability elicitation findings related to CBRN and cyberoffense interact with export control and dual-use research frameworks.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Get Compliance
High — 3 provisions
Medium — 3 provisions
Low — 1 provision

Monitoring

OpenAI has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Get Compliance

Cross-platform context

See how other platforms handle CBRN Capability Disclosure and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

California AB 2013 AI Training Data Transparency
US-CA
View official text ↗
CFAA
United States Federal
View official text ↗
DMCA
United States Federal
View official text ↗
DSA
European Union
View official text ↗
Trump Executive Order on AI Policy Framework
US
View official text ↗

Related Analysis

Privacy · May 3, 2026
OpenAI Privacy Policy Update May 2026: New Terms Authorize Advertiser Data Sharing

OpenAI expanded its data sharing terms to include third-party marketing partners. The updated policy authorizes the use of personal data fo…

Dependency Governance · June 11, 2026
AI Dependency Governance: How API Terms Govern Every App Built on OpenAI, Anthropic, and Google

872 provisions across 8 AI platforms. The terms your AI provider sets become the terms your product operates under.

Platform Analysis · June 12, 2026
OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.

Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.

Regulatory Analysis · June 28, 2026
The Great American AI Act, Explained: What the First Federal AI Law Would Require

The bill does not regulate most AI startups directly. But it changes the companies they depend on. Here is what the first federal AI law wo…

Archival ProvenanceSource & Archival Record
Last Captured July 6, 2026 21:53 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000923
Version ID CA-V-004521
SHA-256 69b6f6c6c1b9cd51d6a1ea03282a0aad54853f436ff7d52476917723688de5ab
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans