Frontier Models

The most capable AI systems — “frontier models” — are governed by a distinct set of frameworks that overlap with, but go beyond, general AI governance. The EU AI Act’s GPAI obligations, the GPAI Code of Practice, the CAISI testing agreements, California SB 53, Korea’s frontier-safety track, and the International Network of AI Safety Institutes all target this category. This chapter consolidates frontier-model governance in one place because the obligations are otherwise scattered across multiple jurisdictional chapters.

Figure: Frontier-model governance is layered — binding regulation at the top, standards and benchmarks operationalising it, voluntary government frameworks bridging to industry, and developer commitments at the base. The AI Safety Institute network coordinates evaluation across all layers.

What counts as a “frontier model”?

There is no universal definition, but converging criteria include:

• Compute — training compute exceeding ~10²⁵ FLOPs (the EU AI Act systemic-risk threshold under Article 51(2)). This threshold can be adjusted by the AI Office.
• Capability — ability to perform a wide range of distinct tasks, particularly tasks plausibly relevant to severe harm (CBRN, cybersecurity, autonomous replication, deception).
• Designation — the EU AI Office can designate a model as posing systemic risk regardless of compute.

As of May 2026, models commonly understood as frontier include OpenAI’s GPT-5 (released 7 August 2025), Google’s Gemini 3 (released 18 November 2025), and Anthropic’s Claude Opus 4.5 (released 24 November 2025), along with subsequent Q1-Q2 2026 revisions of each.

EU GPAI obligations (in force August 2025)

Under Articles 53-55 of the EU AI Act, providers of general-purpose AI models must:

• Maintain technical documentation of the model (training, evaluation, capabilities, limitations).
• Provide downstream documentation to providers integrating the model into AI systems.
• Comply with Union copyright law, including TDM opt-outs.
• Publish a summary of training content.
• For models with systemic risk (10²⁵ FLOPs or AI Office designation): conduct adversarial testing, track and report serious incidents, ensure adequate cybersecurity.

The GPAI Code of Practice (10 July 2025) provides a structured way to demonstrate compliance — see EU AI Act for governance structure. Code signatories as of August 2025: Google, Microsoft, OpenAI, Anthropic. Meta declined.

CAISI testing agreements (US, 2025-2026)

The Center for AI Standards and Innovation (formerly NIST AI Safety Institute) has signed bilateral pre-deployment and post-deployment evaluation agreements with frontier developers:^[1]

• Google DeepMind — 2025 agreement covering Gemini frontier models.
• Microsoft — 2025 agreement.
• xAI — 2025 agreement covering Grok models.
• Anthropic — pre-existing agreement (signed under the prior AISI brand).
• OpenAI — pre-existing agreement.

Testing covers cybersecurity, CBRN risk, and a small number of designated dual-use capability categories. The agreements are voluntary; CAISI does not have statutory authority to compel testing of frontier models, but agreements provide structured access for evaluation.

California SB 53 — Transparency in Frontier AI Act

Signed 29 September 2025 and discussed in detail under US State Laws, SB 53 requires large frontier developers to:

• Publish a frontier AI framework describing risk-assessment and mitigation methodology.
• Publish a safety case before deploying a covered model.
• Report critical incidents to the California Office of Emergency Services.
• Provide whistleblower protections for safety-related employee disclosures.

SB 53’s substantive structure mirrors the GPAI Code of Practice’s Safety & Security chapter, simplifying dual compliance.

Korea AI Basic Act — frontier safety track

Korea’s AI Basic Act (effective 22 January 2026) includes a frontier-safety track applicable to “high-impact AI” — broadly aligned with frontier-model concepts. Obligations include safety frameworks, pre-deployment evaluation, and incident reporting to Korean authorities. Extraterritorial application means providers serving Korean users are within scope regardless of where models are developed.

Voluntary frameworks and the AI Safety Institute network

Several voluntary mechanisms supplement statutory obligations:

• Responsible Scaling Policies (RSPs) — published by Anthropic and (in different forms) by other developers; commit to specific capability evaluations and risk thresholds.
• Frontier Model Forum — industry consortium (Anthropic, Google, Microsoft, OpenAI) focused on frontier-model safety research and best-practice sharing.
• MLCommons AI Safety v1.0 — benchmark suite for evaluating safety properties of frontier models.
• International AI Safety Report (Paris AI Action Summit, February 2025) — 96-expert consensus document on frontier AI risks.

The International Network of AI Safety Institutes — including UK AISI, US CAISI, Singapore, Japan AISI, Korea, France INESIA, and others — conducts coordinated evaluations and shares findings through agreed protocols. India is hosting the next major summit in the series.

Common frontier-safety architecture

Across the EU GPAI Code, SB 53, the CAISI agreements, and most RSPs, a common architecture is converging:

1. Capability evaluations at defined thresholds — before initial deployment, before scaling, after substantial updates.
2. Risk identification and mitigation — with documented thresholds at which mitigation actions trigger.
3. Safety case — structured argument that residual risk is acceptable, addressed to a defined audience (internal governance, regulator, public).
4. Pre-deployment testing — either internal or in cooperation with AI Safety Institutes.
5. Post-deployment monitoring — for misuse, incidents, capability change.
6. Incident reporting — to regulators (EU AI Office, Cal OES, Korean MSIT) and, where applicable, to the Frontier Model Forum or peer institutions.
7. Transparency — published framework, safety case, model card.

Recommended posture for frontier developers (May 2026)

If you are developing frontier models, the minimum credible posture includes:

• EU GPAI Code of Practice signature or equivalent compliance demonstrated in technical documentation.
• CAISI evaluation agreement if operating in the US.
• California SB 53 compliance if making large frontier models available to California users.
• Korea AI Basic Act compliance if serving Korean users (mind the extraterritorial scope).
• Published frontier AI framework / RSP with specified capability thresholds and mitigation actions.
• Safety case for each major release.
• ISO/IEC 42001 management system as foundation.
• Incident reporting procedures consistent with all applicable regimes.

For deployers and downstream integrators

If you integrate frontier models rather than develop them, the governance focus is:

1. Verify GPAI compliance of the upstream model (Code signatory, technical documentation available).
2. Receive and act on downstream documentation provided under Article 53(1)(b) EU AI Act.
3. Implement use-case-specific risk management — the frontier-safety framework of the upstream developer does not substitute for your own risk assessment of the deployed application.
4. Maintain provenance — document which model version is in production, what changed when, and your validation of those changes.
5. Monitor for incidents in your deployment and feed back to the upstream developer.