In one support queue, a single delayed handoff can slow a threat response.
In the field, the phrase “just block it and we’re done” is dangerous.
A blocked person can try again using another account.
Some teams say, “this needs to go through the reporting line.”
Time can pass when ownership and procedure are unclear.
When content could connect to real-world violence, model performance is only one factor.
Safety can also depend on an operational system.
That system can include reporting, escalation, evidence preservation, and law enforcement cooperation.

The key news is simple.
Public documents describe reporting via a web form or an in-product reporting feature.
If human review determines an “imminent threat of serious physical harm to others,” referral may occur.
From externally verifiable documents, a single consolidated protocol is not obvious.
That protocol would combine evidence fields, timelines, and ownership.
This point may need additional confirmation.

TL;DR

• This describes public reporting paths and an “imminent threat” referral option, plus operational gaps in one protocol.
• It matters because timelines like “as quickly as possible” can allow delays and increase trust risk.
• Draft one incident procedure with If/Then rules, owners, and log retention, then test it.

Example: A moderator sees a credible threat and checks the internal playbook. The handoff path looks unclear, so the case bounces between teams. The moderator saves context, escalates, and documents decisions for later review.

Current state

OpenAI’s public documents suggest two branches.

First, a user or third party can submit content through a web form.
They can also use an in-product reporting feature.
The described scope includes conversations and shared links.
It also includes responses, GPTs, Sora content, and forum posts.

Second, OpenAI states a law enforcement referral may occur.
This applies if human review finds an “imminent threat of serious physical harm to others.”
Another help document notes account action for “abusive or threatening behavior.”
Some language suggests credible threats of harm may be reported to authorities.
This may need additional confirmation for detailed criteria.

Operational detail looks incomplete from public information alone.
One page says external reports will be reviewed “as quickly as possible.”
Another policy page cites a goal of review within 10 business days.
That page relates to Australia’s online safety policy.
It also notes complex reports may take longer.
Public documents do not clearly separate threat cases from general reports by SLA.
Global consistency of any SLA is also unclear.
This point may need additional confirmation.

Analysis

An “imminent” determination can be an organizational design problem.
It can also be a technical classification problem.
A risk signal arrives through reports or monitoring.
Delays can happen without predefined roles and decision points.
Define who does first-level triage.
Define what evidence should be secured at minimum.
Define when to engage Legal, Security, or Trust and Safety.
Define when to share information with external organizations.

The law enforcement referral language is externally visible.
However, requirements, timelines, and accountability are not visible in one place.
That limits external verification of consistency.

The NIST AI RMF Playbook offers direction.
It recommends applying an existing incident response policy to AI.
It also suggests creating an AI-specific incident response policy.
It recommends assigning monitoring and response owners.
It also recommends incident reporting and documentation.
It recommends disclosure and information-sharing policies when needed.
It mentions “appeal and override” for real-time flagging and re-review.
A single flow can help connect flags, determination, logs, and escalation.
That flow can also support auditability.

There are tradeoffs to consider.
More explicit sharing criteria could increase over-reporting.
It could also raise privacy and infringement risks.
A tight “imminent threat” definition could increase false positives.
That can cause user harm through account blocks or monitoring.
A conditional If/Then approach can reduce ambiguity.
Log-based verification can support later consistency checks.
Record what was shared and when.
Record why information was not shared.

A user may imply intent to carry out violence.
The operations team might block the account.
The same person may re-register and repeat conversations.
Repeated blocking alone can miss accumulating signals.
Classification and escalation can change the outcome.
Evidence preservation can support post-review and accountability.

Practical application

Breaking decision rules down more finely can speed execution.

• If a violence or threat signal arrives Then route it outside the general report queue.
• If human review deems an “imminent threat of serious physical harm” Then consider law enforcement referral and preserve evidence.
• If imminence is ambiguous Then consider account action and escalate with documented rationale.

Checklist for Today:

• Draft one page of threat severity criteria with If/Then actions and internal routing.
• Write a log preservation hold step that fits your generation-to-disposal log flow.
• Run a tabletop walk-through and document the first two handoff bottlenecks.

FAQ

Q1. Based only on public documents, when can OpenAI notify law enforcement?
A. Public documents say referral may occur after human review finds an “imminent threat of serious physical harm to others.”
Step-by-step requirements and timelines are not shown in one consolidated document.
This point may need additional confirmation.

Q2. Why is wording like “as quickly as possible” a problem?
A. Qualitative goals can make prioritization difficult when queues build.
Separation criteria, ownership, and handoff rules can reduce recurring delays.

Q3. Doesn’t strengthening blocking solve it?
A. Blocking can be necessary, but it can be insufficient.
Evasion via re-registration can repeat the same risk pattern.
If a case is imminent, blocking alone may not address escalation and evidence preservation.
Operational design can support consistent decisions and reviewability.

Conclusion

Real-world AI safety outcomes are not determined by the model alone.
The incident response protocol and its handoffs can change outcomes.
Public documents state an “imminent threat” may lead to referral.
That principle can connect to roles, timelines, logs, and escalation steps.
Clarity of this connective tissue affects external understanding and internal execution.

Further Reading

• AI Resource Roundup (24h) - 2026-03-01
• AI Resource Roundup (24h) - 2026-02-28
• Defense LLM Deployment: Redlines, Audits, and Liability Allocation
• Stop Chasing AI Detection, Build Content QA Pipelines
• AI Resource Roundup (24h) - 2026-02-27

References

• Helping people when they need it most | OpenAI - openai.com
• Reporting Content in ChatGPT and OpenAI Platforms | OpenAI Help Center - help.openai.com
• Transparency & content moderation | OpenAI - openai.com
• Communicating with OpenAI support | OpenAI Help Center - help.openai.com
• The Australian Online Safety Act | OpenAI - openai.com
• AI RMF Playbook (NIST AI Risk Management Framework Playbook) - airc.nist.gov
• NIST SP 800-92 Rev. 1 (Initial Public Draft): Cybersecurity Log Management Planning Guide - csrc.nist.gov