AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News

GPT-4.5 Arrives as 'Research Preview,' Triggering Procurement and Risk Controls Before Any Production Use

What happened

OpenAI published Model Release Notes identifying GPT-4.5 as a research preview of its largest and most capable chat model to date. The research preview designation indicates an intermediate stage of maturity in which the model is accessible for evaluation but has not completed the full suite of red-teaming, safety evaluations, and deployment hardening that OpenAI applies before a general availability release. The published notes do not include detailed disclosure of red-team findings, capability thresholds, known failure modes, or deployment restrictions specific to GPT-4.5, leaving gaps in the information enterprises need to complete a standard AI risk assessment. The release affects organizations using OpenAI's API or platform products, as well as those evaluating GPT-4.5 through the ChatGPT Enterprise interface. The absence of full safety documentation shifts a significant portion of residual risk characterization onto procuring organizations, particularly those in regulated industries such as financial services, healthcare, and legal services.

Why it matters

  • ·Enterprises operating under the EU AI Act or U.S. sector-specific AI guidance may face regulatory exposure if they deploy a preview model without documented, stable risk profiles, as these frameworks increasingly require pre-deployment assessments based on vendor-disclosed safety information.
  • ·The release creates an operational control gap for organizations that lack internal policies distinguishing how preview or beta AI models are governed versus general availability releases, potentially allowing unapproved production use before adequate evaluation is complete.
  • ·Regulated-industry organizations bear heightened organizational risk because the absence of published red-team findings and failure mode disclosures means AI risk assessments cannot be completed using vendor documentation alone, increasing liability exposure if the model produces harmful or erroneous outputs.

Governance controls affected

What to do now

  • Route any internal request to deploy GPT-4.5 in a production workflow through the existing AI procurement review process with an explicit preview-status flag, requiring sign-off from risk or legal functions before approval.
  • Formally request from OpenAI any available safety evaluation summaries, red-team findings, or capability documentation specific to GPT-4.5 and document both the request and the response for audit purposes.
  • Review internal model lifecycle policies to confirm they explicitly address the preview-to-production transition, including the criteria that must be satisfied and the authority required to approve elevation to production status.
  • Verify that use of a preview model does not conflict with obligations under the EU AI Act's high-risk AI system requirements or sector-specific guidance from bodies such as the U.S. Treasury or financial regulators.
  • Update vendor risk management records for OpenAI to reflect GPT-4.5's preview status and flag the entry for reassessment when the model reaches general availability.

What to watch next

Compliance teams should monitor OpenAI's Model Release Notes page for an update to GPT-4.5's status from research preview to general availability, which would signal that full safety evaluations and deployment hardening have been completed and may trigger a fresh procurement review. Teams should also track any enforcement signals from EU AI Act supervisory authorities or U.S. sector regulators regarding acceptable practices for procuring and deploying preview AI models, particularly in high-risk application contexts. Pending guidance from NIST on operationalizing the AI Risk Management Framework for third-party model procurement may also clarify documentation expectations relevant to this scenario.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Insight2026-06-26

OpenAI's GPT-5.6 Deferral Establishes Government Pre-Review as a Real Variable in Frontier AI Releases

OpenAI delayed the full public rollout of GPT-5.6 at the request of the U.S. government, limiting initial access to vetted partners under a June 2026 executive order that grants the government up to 30 days of advance access to covered frontier models. OpenAI complied while stating publicly it does not want this to become a permanent standard. For compliance teams, the headline is not the delay but what it signals: government pre-deployment review is now an operational fact in AI vendor release cycles.

Insight2026-06-27

Mythos 5 Partial Reinstatement Creates Government-Controlled AI Access Tiers With No Transparent Process

The US government on June 27 granted roughly 100 approved companies access to Claude Mythos 5, partially reversing a June 12 export control suspension, while Fable 5 and organizations outside the approved list remain locked out with no published selection criteria or recourse. The action is the first commercial enforcement under a new executive order framework requiring government pre-release review of frontier models, making tiered access structural rather than ad hoc.

Research2026-07-14

OpenAI Proposes Mandatory Federal Pre-Release Evaluations for Frontier Models via CAISI, With Annual Audits and Incident Reporting Requirements

OpenAI submitted a formal response to the White House executive order on AI governance, proposing that the Center for AI Standards and Innovation (CAISI) conduct mandatory pre-release evaluations of the most capable frontier AI models. The proposal calls for annual third-party audits, transparency reports, and mandatory critical incident reporting for frontier model developers, while arguing that regulators should not have authority to block deployments outright.