What is the severity of this clause?

ConductAtlas classifies this Cybersecurity Dual-Use Restrictions clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Cybersecurity Dual-Use Restrictions — OpenAI

Share 𝕏 Share in Share

Consumer impact (what this means for users)

OpenAI's Usage Policy directly affects what you can ask ChatGPT or other OpenAI tools to do, and violations — even unintentional ones — can result in account suspension or termination without a guaranteed restoration process. The policy also makes developers and businesses that build on OpenAI's API responsible for ensuring their own users comply, meaning the apps you use powered by OpenAI may impose additional restrictions beyond OpenAI's own defaults. You can submit an appeal if OpenAI takes action against your account by visiting https://openai.com/transparency-and-content-moderation/#:~:text=determining%20enforcement%20actions.-,Appeals%20process.

How other platforms handle this

Salesforce Medium

BeReal Medium

BeReal never knowingly or willingly collects any personal data concerning children under 13 years of age. If you are under 13, please do not use BeReal.

Amazon Medium

If you do post content or submit material, and unless we indicate otherwise, you grant Amazon a nonexclusive, royalty-free, perpetual, irrevocable, and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such content t...

See all platforms with this clause type →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The cybersecurity dual-use restriction affects security researchers, penetration testers, and IT professionals who legitimately need to understand attack techniques, as the line between permitted security research and prohibited cyberweapon creation may be unclear.

View original clause language

We don't want our models to be used to create cyberweapons or malicious code that could cause significant damage if deployed. We want to support the security community through education about attack techniques and defenses, helping with CTFs and security research, assisting with penetration testing, and building tools that improve security. However, we need to balance this with the risk that this same assistance could be used to compromise systems, networks, and devices without appropriate authorization.

Applicable regulations

CFAA

United States Federal

DMCA

United States Federal

DSA

European Union

Provision details

Document information

Document

Usage Policies

Entity

OpenAI

Document last updated

March 5, 2026

Tracking information

First tracked

March 10, 2026

Last verified

April 27, 2026

Record ID

CA-P-002435

Document ID

CA-D-00005

Evidence Provenance

Source URL

https://openai.com/policies/usage-policies

Wayback Machine

View archived versions →

SHA-256

d69a24617758e5b44e4be8eedeceb598a26dc4e280f2ab1469a45b64203e7403

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: OpenAI | Document: Usage Policies | Record: CA-P-002435
Captured: 2026-03-10 03:28:59 UTC | SHA-256: d69a24617758e5b4…
URL: https://conductatlas.com/platform/openai/usage-policies/cybersecurity-dual-use-restrictions/
Accessed: April 29, 2026

Classification

Severity

Medium

Cybersecurity Dual-Use Restrictions

Consumer impact (what this means for users)

Why it matters (compliance & risk perspective)

Applicable regulations

Provision details

Other provisions in this document