The card discloses that GPT-5's training includes behavioral mitigations in the form of refusal responses and output constraints corresponding to the risk categories identified in the Preparedness Framework evaluation, applied as a condition of deployment authorization.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that certain categories of output are constrained at the training level rather than solely through operator or user controls, and the scope and reliability of these constraints are directly relevant to deployers' own risk assessments and regulatory compliance representations.
Interpretive note: The robustness benchmarks, bypass rates, and update mechanisms for refusal training are not specified in the available document text, limiting assessment of the reliability of this mitigation.
Under these terms, GPT-5 is trained to refuse certain categories of requests related to CBRN, cyberoffense, and other identified risk categories, and these refusal behaviors apply across all access tiers and operator configurations within the bounds of OpenAI's policy.
Cross-platform context
See how other platforms handle Refusal Training and Output Mitigation Measures and similar clauses.
Compare across platforms →Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"GPT-5 incorporates refusal training and output constraints applied prior to deployment to mitigate risks identified in Preparedness Framework evaluations across CBRN, cybersecurity, persuasion, and model autonomy categories.— Excerpt from OpenAI's OpenAI GPT-5 System Card
1) REGULATORY LANDSCAPE: Trained refusal and output constraint measures engage the EU AI Act's technical robustness and safety requirements for high-risk and GPAI systems, as well as the FTC's standards for AI systems that make safety-related representations. The reliability and consistency of refusal behaviors may be subject to scrutiny under consumer protection frameworks if they are found to be inconsistently applied. 2) GOVERNANCE EXPOSURE: Medium. The card discloses that refusal training was applied but does not specify the robustness benchmarks used to validate refusal reliability, the rate of refusal bypass observed in red-teaming, or the mechanism by which refusal behaviors are updated when new elicitation methods are identified. This creates uncertainty for deployers who rely on these mitigations in their own risk documentation. 3) JURISDICTION FLAGS: EU deployers must assess whether trained refusal behaviors constitute sufficient technical and organizational measures under the AI Act and GDPR. Deployers in healthcare or financial services must assess whether refusal behaviors adequately address sector-specific harm categories beyond those disclosed in the card. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise agreements should specify OpenAI's obligations to maintain and update refusal training in response to newly identified elicitation techniques, and whether OpenAI provides notification to operators when significant changes to refusal behavior are made. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should not treat disclosed refusal training as a substitute for their own application-level content filtering, particularly in deployments serving vulnerable populations or operating in regulated sectors where the consequences of refusal failure are material.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that certain categories of output are constrained at the training level rather than solely through operator or user controls, and the scope and reliability of these constraints are directly relevant to deployers' own risk assessments and regulatory compliance representations.
Under these terms, GPT-5 is trained to refuse certain categories of requests related to CBRN, cyberoffense, and other identified risk categories, and these refusal behaviors apply across all access tiers and operator configurations within the bounds of OpenAI's policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.