The Publish Your Policies Programme

AIWI, with 35+ global signatories, calls on frontier AI companies to publicly release their internal whistleblowing policies. Transparency is the first step — it allows independent evaluation, enables informed decisions by current and prospective employees, and creates accountability for stated commitments.

OpenAI Led the Way (And Still Does)

In October 2024, OpenAI became the first frontier AI company to publish its internal whistleblowing policy, a notable step toward transparency following widely discussed concerns about its use of non-disparagement agreements. Anthropic has since released a policy addressing RSP non-compliance (Read our first thoughts on this), but OpenAI’s policy remains the most comprehensive public commitment from a frontier AI company to date. Other major players — xAI, Google DeepMind, and Meta — have yet to publish their whistleblowing policies.

Transparency Disclaimer: Engagement with OpenAI

As part of the Publish Your Policies programme mentioned above, AIWI conducted an independent evaluation of OpenAI’s 2024 policy and shared our findings directly with OpenAI leadership. We engaged in subsequent discussions with the company. OpenAI informed us that a policy revision was already underway prior to receiving our assessment — a revision that has since resulted in an updated 13-page policy.

What You’ll Find Here:

• Takeaways for AI insiders — What this means if you’re considering raising a concern internally
• Preliminary assessment of the 2026 policy — Our initial analysis of OpenAI’s expanded whistleblowing policy
• Full evaluation of the 2024 policy — Our complete assessment of the 2024 policy (Download PDF)

Why this Evaluation Matters: Get Legal Advice As Early As Possible

OpenAI publishing its whistleblowing policy was a meaningful step toward transparency — but a policy alone doesn’t make internal reporting safe. The gaps we identified in OpenAI’s original 2024 policy reflect structural issues common across the industry. Whether you work at OpenAI or another frontier AI company, understanding these gaps matters.

The Gap Between Policy and Protection

Internal policies don’t create legally enforceable rights unless explicitly stated and not disclaimed through employment contracts. At-will employment disclaimers — standard across U.S. technology companies — typically preserve full management discretion.

Research by Kohn et al. found that internal whistleblowers account for over 90% of corporate retaliation cases under federal whistleblower laws. The very act of trying to help can carry significant personal risk — and raising concerns internally may actually increase that risk.

Takeaways for AI Insiders

If you’re considering raising a concern internally — at OpenAI or any frontier AI company — read this first.

Before you report, understand your situation

Assess your trust in the company:

• Alignment with leadership interests: How likely is it that senior management is unaware of the issue? Does your report align with leadership or commercial objectives?
• Previous treatment of those who raised concerns: Look at the culture of ‘speaking up’, court filings, press coverage, employee reviews, and colleagues’ experiences.
• How seriously does the company take internal reporting: Is there a published, well-developed policy? Are trainings required and taken seriously? Is system performance measured and shared?
• Independence of the whistleblowing function: How independent is it from management and legal? Do you trust the individuals who will evaluate your concerns?

Assess your legal position:

• Your contractual exposure: Review NDAs, your employment contract, severance terms, and equity agreements for clawback provisions.
• Legal protection gaps: Certain safety concerns, especially outside of California, may fall outside existing whistleblower statutes. The AI Whistleblower Protection Act seeks to address this gap but has not yet been enacted.
• The Digital Realty ruling: The Supreme Court established that whistleblowers who report only internally — without also reporting to the SEC — are not protected under Dodd-Frank’s anti-retaliation provisions.

Consider structural risks:

The National Whistleblower Center advises insiders to generally avoid internal channels, especially if reports are handled by a company’s legal department: “Company lawyers who receive whistleblower complaints are not obligated to report those complaints to the government. They are required to act in the best interest of the company, not the whistleblower.”

Our Recommendation

Consult independent legal counsel before escalating high-stakes concerns. An experienced whistleblower attorney can:

• Assess which legal protections actually apply to your specific situation
• Advise whether internal reporting is safe given your jurisdiction and concern
• Help you document issues in legally protected ways
• Prepare you for potential retaliation scenarios

The safest path is professional legal guidance — not reliance on company commitments alone.

Need Support?

Visit the AIWI Contact Hub to connect with specialized nonprofit organizations and pro bono legal counsel who have helped thousands of whistleblowers navigate this complex journey.

Preliminary Assessment of the 2026 Policy

OpenAI has released a substantially revised Whistleblowing Policy, expanding their original 3-page document to a comprehensive 13-page policy with formal structure, definitions, and country-specific provisions. This is currently the most comprehensive whistleblowing policy from among all frontier AI companies. Here, we present our analysis of the original policy alongside which issues have been corrected in the new policy. Our preliminary review indicates that OpenAI has made important and significant progress. We find 8 of 13 recommendations significantly or partially addressed, including 3 of 5 of our ‘critical’ feedback items. We will publish a more thorough evaluation of OpenAI’s new policy soon (subscribe to our Substack to stay in the loop). Note: We had reviewed OpenAI’s previous Whistleblowing Policy, then shared and discussed our feedback with OpenAI’s leadership. OpenAI stated that they were already reworking their policy when we sent our findings.

Major Improvements: Three Critical Issues Addressed

Our preliminary review indicates that OpenAI has made important progress on several of our most critical recommendations:

1. Dedicated Compliance Function: OpenAI has elevated the Compliance team to a central coordinating role—a positive development that creates more dedicated infrastructure for whistleblowing, partially addressing our concerns about the Legal team’s heavy involvement and potential conflicts of interest.

2. AI Safety Concerns as Distinct Category: The policy establishes “AI Safety Concerns” as a separate reporting category with explicit examples (Preparedness Framework violations, unsafe model outputs, gaps in red-teaming) and a dedicated review pathway involving subject matter experts (although it is unclear whether these are internal or external), senior leadership, and potentially the Board’s Safety and Security Committee. This partially addresses our concerns about confusing material scope.

3. Communication Commitments and Timelines: OpenAI has introduced concrete procedural timelines: acknowledgment within 2 business days, updates within 30 days, and importantly, follow-up checks 30-45 days after closure specifically for retaliation, discrimination, and harassment cases—directly addressing our feedback on the detrimental effects of communication blackouts.

Additionally, the policy significantly expands guidance on external reporting rights, including detailed country-specific provisions for the EU, India, Ireland, Korea, and UAE.

California TFAIA Compliance 

Requirements: The policy explicitly references and links to California’s Transparency in Frontier Artificial Intelligence Act (formerly SB 53, which we have written about here), including a direct link to the Attorney General’s whistleblowing page.

Core Requirements Met: OpenAI meets the core structural requirements of anonymous reporting channels, anti-retaliation protections, and external reporting rights.

Gaps in TFAIA Commitments: However, the policy does not explicitly commit to several specific TFAIA requirements: (1) monthly progress updates to whistleblowers during investigations (committing only to a 30-day initial update and post-closure follow-up), (2) quarterly reporting of whistleblowing activity to officers and directors, (3) annual notice to employees of their TFAIA rights, which must be “displayed at all times,” and (4) separate escalation processes when misconduct involves senior leadership. While OpenAI may implement these practices operationally, their absence from the policy leaves employees unclear about what protections and communications they can expect.

Positive Interpretation: Notably, the policy does not restrict which employees can use the anonymous channel for TFAIA concerns, suggesting OpenAI interprets all employees as “covered employees” responsible for addressing critical safety risks — a commendable approach other companies should follow. If this interpretation is incorrect, greater clarity would be important.

Persistent Structural Gaps

Beyond TFAIA-specific issues, several concerns from our original assessment remain unaddressed or unclear:

Legal Enforceability: The legal enforceability of anti-retaliation commitments beyond statutory protections is not established through binding language, nor are employees informed that such commitments may be voluntary. The policy provides no assurance that attorney-client privilege cannot be invoked over discussions on reports and investigations, which could weaken whistleblower protections in retaliation cases.

Independence and Governance: While the Compliance team’s role is strengthened, the degree of independence from Legal, HR, and executive interests remains ambiguous—governance details that would demonstrate structural independence are not provided.

Appeals and Escalation: The policy offers no information about appeals mechanisms or direct escalation paths (for example, to the Safety and Security Committee) when whistleblowers disagree with outcomes.

Confidentiality Protections: Consent requirements for sharing identity-related information appear only in the EU appendix, leaving employees in other jurisdictions without visibility into whether similar protections apply. Details on a broader confidentiality protection framework are likewise missing.

System Monitoring and Accountability: Finally, the policy provides no information about monitoring of the whistleblowing system, performance indicators for the whistleblowing function, or regular reporting on whistleblowing activity to the Board, employees, or public — leaving stakeholders unable to assess system effectiveness or organizational accountability.

Implications: OpenAI may implement these practices operationally. Their absence from the policy may however leave employees unclear about what protections they can expect, leading to type 1 or type 2 errors in regards to outreach and expected protections from retaliation.

Next Steps

This is a draft assessment based on the policy document itself. We will be conducting a comprehensive evaluation against international best practice standards and California legal requirements, and will share our detailed findings with OpenAI for comment before publication — including seeking clarification on practices that may exist but are not documented in the employee-facing policy. While the expanded policy represents meaningful progress — particularly the dedicated Compliance team infrastructure and improved procedural transparency— well-informed insiders may refrain from using the channel if concerns about independence, legal enforceability, and system accountability are not addressed and clearly communicated, especially when contemplating reports involving senior leadership or catastrophic safety risks.

Context to the Previous Assessment of the 2024 Policy

This evaluation assesses OpenAI’s original 3-page “Raising Concerns Policy” published in October 2024. We shared our findings directly with OpenAI leadership prior to publication; OpenAI informed us that a policy revision was already underway, which has since resulted in the updated 2026 policy.

Our Methodology

We structured our analysis around established global standards for whistleblower protection:

• Transparency International’s Internal Whistleblowing Systems Best Practice Principles
• The EU Whistleblowing Directive, which OpenAI is also subject to
• Data from the Future of Life Institute AI Safety Index to cross-reference policy claims with reported internal practices

Expert Review

A network of legal and governance scholars specializing in whistleblower protection contributed to and reviewed our analysis:

• Professor Wim Vandekerckhove, Professor of Business Ethics at EDHEC Business School — one of the world’s leading scholars on whistleblowing and convenor for ISO 37002, the international standard for internal whistleblowing systems
• Jennifer Gibson, Co-Founder & Director of Psst.org — a nonprofit supporting tech industry whistleblowers; JD from Stanford University, California barred
• Kosmas Zittel & Detlev Böttcher, Whistleblower-Netzwerk e.V. — Germany’s most prominent whistleblower support organization, under which AIWI is hosted
• Ashley Gjøvik, Technologist and Whistleblower Advocate — former Apple employee who faced retaliation for internal whistleblowing
• Sonya Smallets, Partner at Minnis & Smallets LLP — award-winning San Francisco labor lawyer specializing in wrongful termination

This analysis is not legal advice. Individuals considering raising concerns should consult qualified legal counsel before taking action.

Download the Full 2024 Evaluation (PDF)

Strengths of OpenAI’s 2024 Policy

OpenAI’s policy contains important strengths that distinguish it from other frontier AI companies — none of whom have published their whistleblowing policies at this time.

Key strengths include:

• Public and transparent — The policy is publicly available, signaling commitment to accountability
• Multiple reporting channels — Including an anonymous option with two-way communication
• Broad material scope — Covers suspected violations of the employee handbook and law
• Explicit non-retaliation commitment — Clear statement on disciplinary consequences for retaliation
• Extended personal scope — Covers contractors and extended workers, not just employees
• External channel references — Clear reference to federal whistleblowing authorities

Limitations of OpenAI’s 2024 Policy

We identified seven priority issues that likely deter well-informed insiders from using OpenAI’s internal system for safety concerns:

1. Legal team control creates structural conflict of interest — The Legal team’s primary duty is to protect the company, not advocate for whistleblowers
2. No independent governance or oversight structure — No evidence of board-level accountability for the system
3. Absence of system monitoring and public accountability — No performance indicators or reporting on effectiveness
4. No communication commitments to whistleblowers — Feedback is purely discretionary
5. Unclear legal enforceability of protections — Standard at-will disclaimers likely override policy commitments
6. Confusing material scope and report recipients — Unclear what actually triggers an independent investigation
7. No documented confidentiality protection framework — No clarity on who can access whistleblower identities

Important note: These limitations should not be taken as evidence that OpenAI’s system is weak compared to other frontier AI companies. No other company has published their policy — we believe this makes it unlikely their systems are stronger.

For detailed analysis of each issue and our recommendations, Download the full evaluation (PDF)

How We Can Help

Before reporting internally on high-stakes issues, we recommend obtaining independent legal counsel to understand your situation. An experienced whistleblower attorney can assess which legal protections actually apply to your specific situation, advise on whether internal reporting is safe or risky given your concern and jurisdiction, help you document concerns in legally protected ways, and prepare you for potential retaliation scenarios.

The safest path is professional legal guidance — not reliance on company commitments alone.

Even well-intentioned policies can have structural gaps. 

AIWI provides confidential guidance and can connect you with independent legal counsel who specialize in whistleblower protections. Get pro bono legal help here.

About AIWI (The AI Whistleblower Initiative)

The AI Whistleblower Initiative (AIWI) is an independent, non-profit project dedicated to strengthening the position of frontier AI insiders in raising concerns and seeing them addressed effectively. 

Founded in 2024, AIWI is led by Karl Koch and Maximilian Nebl, former tech entrepreneurs with a background in AI safety and open-source development. The project is currently hosted by Whistleblower Netzwerk e.V., one of the oldest whistleblower support non-profits globally, and a member of the Whistleblower International Network (WIN).

AIWI realizes its mission through strengthening reporting channels, educating and supporting insiders, as well as research. 

We strengthen regulator reporting channels through our policy thought leadership and work, e.g. in California or the EU. 

We aim to educate on and strengthen company reporting channels through our Publish Your Policies Campaign and provide input to frontier AI companies (as you are reading right now).

We offer advice and education to insiders, for instance by helping them access specialized (pro bono) legal and financial support through the AIWI Contact Hub and Defense Grants For AI Whistleblowers respectively. We also offer resources on Digital Privacy and, for insiders that wish to ask questions surrounding a concern and without revealing confidential information, Third Opinion, which allows anonymous consultation with jointly selected independent (technical) experts via a secure platform.

Lastly, we conduct research on barriers to AI whistleblowing, study impacts of disclosures on global safety levels, as well as legal scholarship. 

For more information, contact us at our ProtonMail at [email protected] or visit aiwi.org/contact for guidance on safe and secure communication methods.