AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News
Insight2026-06-27

Introducing Model Radar: Weekly Compliance Status for Frontier AI Models

Source

Model Radar

AI Governance Institute

What happened

AI Governance Institute has launched Model Radar, a weekly-updated compliance status tracker for frontier AI models. The tracker covers 10 models across three status tiers: Restricted (active government suspension or export control), Use with Caution (active compliance flags without a legal prohibition), and Cleared (no active flags, generally available with published safety documentation). Status is reviewed every Wednesday and updated when material compliance events occur. The initial release tracks GPT-4o, Claude 3.7 Sonnet, Gemini 2.5 Pro, Llama 4, and Mistral Large 2 as Cleared; DeepSeek V3, Qwen3, GPT-5.6, and Claude Mythos 5 as Use with Caution; and Claude Fable 5 as Restricted. Each model page includes enterprise guidance, data handling facts, vendor compliance certifications, key use restrictions, safety documentation status, and cross-links to relevant governance controls and playbook guides.

Why it matters

  • ·The June 2026 export control action against Claude Fable 5 and the restricted-access architecture of Claude Mythos 5 exposed a gap in most enterprise AI governance programs: no systematic process for tracking the compliance status of the models their teams use. Procurement frameworks assess vendors at point-of-purchase, but the regulatory and operational environment around a specific model can change materially after procurement, sometimes within days. An export control suspension, a government-mandated access restriction, or a government disclosure about vendor relationships does not trigger an automatic re-assessment in most programs. It should.
  • ·Data residency and vendor jurisdiction are active compliance risks, not theoretical ones. DeepSeek V3 and Qwen3 are both high-capability models with permissive open-weight licenses, but their API offerings route data through China-based infrastructure subject to the National Intelligence Law. That does not disqualify them from enterprise use, but it does require a specific deployment posture (self-hosted open weights) rather than the default API access. Without a tracker that surfaces this distinction clearly, procurement teams frequently evaluate these models on capability benchmarks alone and default to the easiest access path.
  • ·Model Radar is designed to be a standing resource for the AI procurement workflow, not a one-time reference. The published status rubric is explicit: Red status requires a legal basis (government suspension, export control, sanctions); Yellow requires active compliance flags without a legal prohibition; Green requires no active flags, general availability, and published safety documentation. The criteria are public and fixed so that organizations can reference them in procurement policy documentation and audit responses.

Governance controls affected

What to do now

  • Review Model Radar now for any model your organization currently uses or is evaluating. If a model in your production environment carries a Restricted or Use with Caution status, initiate a formal re-assessment under your procurement framework and document the outcome. A status of Restricted means continuing access creates regulatory and legal risk; Use with Caution means you need a documented rationale for why the specific deployment posture you are using mitigates the identified flags.
  • For organizations using DeepSeek V3 or Qwen3 via API: verify immediately whether your deployment routes data through those vendors' China-based infrastructure. If it does, assess whether that routing conflicts with your GDPR, CCPA, sector-specific, or contractual data residency obligations. Self-hosted open-weight deployment eliminates the data residency risk; the DGC-005 cross-border data transfer control provides a framework for documenting that assessment.
  • If Claude Fable 5 was in production at any point after the June 12 export control directive, document the suspension date as an AI governance incident, record which workflows were affected and which contingency model replaced it, and confirm that access has been fully decommissioned. This documentation will be relevant to internal audit, regulatory inquiry, or insurance review if the export control action is referenced in future compliance assessments.
  • Add a Model Radar review step to your AI procurement and intake process. Before approving a new model for production use, confirm current status on Model Radar and document it in the intake record. For models carrying any active compliance flags, require a written rationale for why the deployment posture chosen mitigates the specific flags identified. This creates a defensible audit trail without requiring a full vendor risk assessment for every model update.

What to watch next

Model status changes in the coming weeks, particularly any resolution of the GPT-5.6 government review or the Fable 5 export control directive. Any formal codification of the implied regulatory standard from the Fable 5 action would be significant: if the government publishes explicit capability thresholds that trigger export control review for AI models, the scope of what requires monitoring expands beyond the current set of frontier models. Also watch whether other major vendors adopt dual-track access architectures similar to the Fable/Mythos split, which would require compliance teams to distinguish between model versions from the same vendor rather than treating a vendor relationship as a single procurement decision.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Insight2026-06-27

Mythos 5 Partial Reinstatement Creates Government-Controlled AI Access Tiers With No Transparent Process

The US government on June 27 granted roughly 100 approved companies access to Claude Mythos 5, partially reversing a June 12 export control suspension, while Fable 5 and organizations outside the approved list remain locked out with no published selection criteria or recourse. The action is the first commercial enforcement under a new executive order framework requiring government pre-release review of frontier models, making tiered access structural rather than ad hoc.

Research2026-07-17

Kimi K3, the World's First Open 2.8T-Parameter Model, Creates New Intake and Agentic Governance Obligations for Enterprise Teams

Moonshot AI has released Kimi K3, a 2.8 trillion-parameter open-weight model described as the world's first open 3T-class model, with full model weights scheduled for public release on July 27, 2026. The model features native vision capabilities, a 1-million-token context window, and is designed for long-horizon agentic coding and autonomous knowledge work with minimal human oversight. Enterprise compliance teams must now assess intake, deployment, and oversight controls before the weight release date triggers broad self-hosted adoption.

Insight2026-06-26

OpenAI's GPT-5.6 Deferral Establishes Government Pre-Review as a Real Variable in Frontier AI Releases

OpenAI delayed the full public rollout of GPT-5.6 at the request of the U.S. government, limiting initial access to vetted partners under a June 2026 executive order that grants the government up to 30 days of advance access to covered frontier models. OpenAI complied while stating publicly it does not want this to become a permanent standard. For compliance teams, the headline is not the delay but what it signals: government pre-deployment review is now an operational fact in AI vendor release cycles.