Procurement workflow surface
OpenAI Preparedness Framework — vendor disclosure form
This is a sample disclosure form a procurement team can adapt for vendor RFPs and ITTs evaluating systems against OpenAI Preparedness Framework. The provision-specific questions below were derived from the catalog's coverage cells; before issuing, a qualified procurement lawyer should review the adapted version against your jurisdiction's contract law. This form is NOT legal advice (see charter §7.4).
1. Vendor identification
2. AI system identification
3. Provision-specific questions
- Foundation Models / GPAI. Does the offered system meet the threshold for a general-purpose / foundation model under OpenAI Preparedness Framework (Preparedness Framework §1-2 — applies to all OpenAI frontier-model releases)? If yes, identify the specific obligations you will satisfy and the evidence you will provide.
(Cite: Preparedness Framework §1-2 — applies to all OpenAI frontier-model releases)
- Catastrophic & Existential Risk. Has the offered system been evaluated against catastrophic-risk thresholds (e.g., CBRN information uplift, autonomous replication) consistent with OpenAI Preparedness Framework (Preparedness Framework risk-tier matrix — Critical tier explicitly targets CBRN, cyber, persuasion, autonomy)? Provide the evaluation report or its public-disclosure equivalent.
(Cite: Preparedness Framework risk-tier matrix — Critical tier explicitly targets CBRN, cyber, persuasion, autonomy)
- Agentic AI Governance. Does the offered system act as an autonomous agent (multi-step tool-use, transactions, recursion) within scope of OpenAI Preparedness Framework (Preparedness Framework — Model Autonomy is one of four named risk categories)? Describe the tool-use surface, authorisation model, and human-oversight checkpoints.
(Cite: Preparedness Framework — Model Autonomy is one of four named risk categories)
4. Documentation enclosures expected
Tick each enclosure attached to the vendor response. Missing enclosures should be explained in the “Variances” field below.
- Safety / capability evaluation results
- Copies of submitted regulatory reports / registrations
- Vendor company registration + insurance certificates
- Sub-processor / supply-chain list (including model upstream)
5. Vendor attestation
The undersigned, on behalf of the vendor, attests that the disclosures above are true and complete to the best of their knowledge at the date signed, and undertakes to notify the buyer in writing within 30 days of any material change to those disclosures.
This is a sample form derived from the catalog at /wiki/openai-preparedness. Adapt before issuing. Not legal advice; not jurisdiction-specific. See charter §7.4.