OpenAI · OpenAI GPT-5 System Card · View original document ↗

Preparedness Framework Risk Rating: Medium

High severity Medium confidence Inferredfromcontext Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity OpenAI recorded 14 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for OpenAI Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The card discloses that GPT-5 received a 'medium' risk classification under OpenAI's internal Preparedness Framework across four categories: CBRN, cybersecurity, persuasion, and model autonomy, and that this rating governs the conditions under which deployment was authorized.

This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision establishes the safety classification baseline that governs GPT-5's deployment conditions, and the 'medium' rating across CBRN and cyberoffense categories may trigger due diligence obligations for enterprise deployers in regulated sectors or those subject to dual-use research oversight frameworks.

Interpretive note: The document's HTML was truncated and the exact verbatim Preparedness Framework rating language could not be extracted; this provision reflects disclosed content as described in the document metadata and available text.

Consumer impact (what this means for users)

The document establishes that GPT-5 operates under mitigations corresponding to a 'medium' Preparedness Framework rating, meaning certain high-risk output categories are subject to trained refusal behaviors and monitoring controls that apply to all users regardless of access tier.

Cross-platform context

See how other platforms handle Preparedness Framework Risk Rating: Medium and similar clauses.

Compare across platforms →

Monitoring

OpenAI has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
GPT-5 has been evaluated against OpenAI's Preparedness Framework and has received a 'medium' rating across tracked risk categories including CBRN, cybersecurity, persuasion, and model autonomy. Deployment has proceeded under a set of defined mitigations corresponding to this rating level.

— Excerpt from OpenAI's OpenAI GPT-5 System Card

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: The 'medium' CBRN and cyberoffense ratings disclosed in this card may interact with U.S. dual-use research of concern policies, Export Administration Regulations administered by the Department of Commerce, and the EU AI Act's systemic risk provisions applicable to general-purpose AI models above defined capability thresholds. The FTC retains authority to evaluate whether safety rating representations constitute unfair or deceptive practices if the disclosed mitigations are found insufficient in practice. 2) GOVERNANCE EXPOSURE: High. The disclosed 'medium' rating across CBRN and cybersecurity categories indicates residual capability risk that has not been fully mitigated, and downstream operators integrating GPT-5 into products may inherit disclosure and risk management obligations depending on their sector and jurisdiction. The card does not specify whether the 'medium' rating reflects pre-mitigation or post-mitigation capability levels, which creates interpretive uncertainty for compliance teams. 3) JURISDICTION FLAGS: EU deployers face heightened exposure under the EU AI Act's GPAI systemic risk provisions. U.S. deployers in defense-adjacent, healthcare, or critical infrastructure sectors should assess whether the CBRN capability disclosures trigger internal review obligations. Illinois, California, and New York have enacted or are developing AI transparency requirements that may require additional disclosure. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams integrating GPT-5 should assess whether vendor agreements with OpenAI adequately address liability allocation in the event that residual CBRN or cyberoffense capabilities are elicited through their deployment configurations. The card does not assert OpenAI liability for downstream misuse enabled by operator misconfiguration. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should document the Preparedness Framework rating as part of their AI risk inventory and assess whether their use case interacts with any of the four rated risk categories. Organizations in regulated sectors should evaluate whether additional contractual protections or operational controls are required beyond those disclosed in the system card.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over unfair or deceptive practices in AI systems and may evaluate whether safety rating representations and disclosed mitigation measures are materially accurate.
    File a complaint →

Provision details

Document information
Document
OpenAI GPT-5 System Card
Entity
OpenAI
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013388
Document ID
CA-D-00923
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
3ccccb27d7c63ef56fc7aca27175534c6244c9eab5e10f1f78b0ed9ac9909e4f
Analysis generated
July 6, 2026 22:05 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: OpenAI
Document: OpenAI GPT-5 System Card
Record ID: CA-P-013388
Captured: 2026-07-06 22:05:59 UTC
SHA-256: 3ccccb27d7c63ef5…
URL: https://conductatlas.com/platform/openai/openai-gpt-5-system-card/preparedness-framework-risk-rating-medium/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does OpenAI's Preparedness Framework Risk Rating: Medium clause do?

This provision establishes the safety classification baseline that governs GPT-5's deployment conditions, and the 'medium' rating across CBRN and cyberoffense categories may trigger due diligence obligations for enterprise deployers in regulated sectors or those subject to dual-use research oversight frameworks.

How does this clause affect you?

The document establishes that GPT-5 operates under mitigations corresponding to a 'medium' Preparedness Framework rating, meaning certain high-risk output categories are subject to trained refusal behaviors and monitoring controls that apply to all users regardless of access tier.

Is ConductAtlas affiliated with OpenAI?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.