OpenAI's internal Preparedness Framework classifies GPT-5.5 at 'medium' risk across all evaluated safety-relevant categories, and the document states this classification permitted deployment to proceed. The framework establishes that a 'high' rating in any category would trigger a deployment block.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the internal governance mechanism OpenAI uses to authorize model deployment and defines the risk threshold criteria that would restrict access. The classification methodology and threshold definitions are set by OpenAI internally, and the document does not describe an independent third-party audit of these classifications.
Interpretive note: The document's description of the Preparedness Framework methodology is summarized rather than fully specified, creating some uncertainty about the precise criteria and weighting applied to each risk category rating.
This provision establishes that GPT-5.5 was cleared for deployment based on OpenAI's internal risk assessment process. Under this framework, the model is accessible to users and operators despite acknowledged medium-level risk ratings in categories including cybersecurity and persuasion.
Cross-platform context
See how other platforms handle Preparedness Framework Risk Classification and similar clauses.
Compare across platforms →Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"GPT-5.5 received medium risk ratings across all evaluated categories in OpenAI's Preparedness Framework, including cybersecurity, biological, chemical, nuclear, and radiological threats, persuasion, and model autonomy. No category reached the high threshold that would block deployment under the framework.— Excerpt from OpenAI's OpenAI GPT-5.5 System Card
1) REGULATORY LANDSCAPE: The Preparedness Framework classification process engages with the EU AI Act's requirements for general-purpose AI models with systemic risk, which include obligations for adversarial testing, incident reporting, and cybersecurity measures. The FTC may evaluate the adequacy of internal risk classification processes under its unfair or deceptive practices authority if deployment decisions result in consumer harm. The document does not indicate engagement with external regulatory bodies in the classification decision. 2) GOVERNANCE EXPOSURE: Medium. The self-certification nature of the Preparedness Framework, without disclosed third-party validation, creates governance exposure for enterprise deployers who rely on this document as their primary due diligence reference for AI safety conformity assessments, particularly under the EU AI Act. 3) JURISDICTION FLAGS: EU/EEA operators deploying GPT-5.5 face heightened exposure given the EU AI Act's mandatory conformity assessment and third-party audit requirements for general-purpose AI with systemic risk designations. US-based deployers face lower immediate regulatory exposure but should monitor FTC enforcement posture on AI safety representations. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise operators integrating GPT-5.5 should assess whether their vendor agreements with OpenAI include representations about the Preparedness Framework methodology and whether those representations are contractually warranted. The document's internal classification methodology may not satisfy contractual due diligence requirements in regulated industries. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the Preparedness Framework's medium risk ratings in cybersecurity and persuasion categories require additional controls at the operator deployment level. Organizations in financial services, healthcare, or critical infrastructure may need to conduct supplementary risk assessments beyond what this document provides.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the internal governance mechanism OpenAI uses to authorize model deployment and defines the risk threshold criteria that would restrict access. The classification methodology and threshold definitions are set by OpenAI internally, and the document does not describe an independent third-party audit of these classifications.
This provision establishes that GPT-5.5 was cleared for deployment based on OpenAI's internal risk assessment process. Under this framework, the model is accessible to users and operators despite acknowledged medium-level risk ratings in categories including cybersecurity and persuasion.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.