Anthropic's Responsible Scaling Policy: Genuine Brake or Sophisticated PR?
A fair audit of Anthropic's Responsible Scaling Policy, its AI Safety Levels, who actually audits compliance, and whether it has ever delayed a release.
In September 2023, Anthropic published version 1.0 of its Responsible Scaling Policy. By 2024 it had been revised to version 2.0. By 2025, Anthropic had made it a core part of investor pitches, government testimony, and customer trust packets. By April 2026, the RSP is the most concrete public safety governance document any frontier AI lab has produced — and also a competitive narrative tool.
Both can be true. This post is an attempt to take the RSP seriously as engineering and seriously as positioning, without resolving into either cheerleading or cynicism.
What the RSP Actually Is
The Responsible Scaling Policy is a written commitment by Anthropic to evaluate every frontier model against a defined ladder of capability thresholds before deployment, and to gate deployment on specific safety mitigations being in place at each level. The ladder uses the language of AI Safety Levels, or ASLs, modeled loosely on the biosafety levels (BSL-1 through BSL-4) used for handling pathogens.
ASL-1 covers narrow, non-frontier systems (pre-2022 models, narrow tools). ASL-2 covers current frontier models that show "early signs" of dangerous capability but where mitigations like fine-tuning, monitoring, and use-case restrictions are sufficient. ASL-3 covers models that "substantially increase the risk of catastrophic misuse" by, for instance, providing meaningful uplift to a non-expert attempting bioweapons synthesis. ASL-4 is reserved for models showing the early signs of autonomous self-replication or large-scale cyber capability.
As of April 2026, all publicly deployed Claude models — including Opus 4.6 and Sonnet 4.6 — are classified by Anthropic as ASL-3, having crossed the threshold during the 2025 evaluation cycles. ASL-4 has not been publicly invoked.
flowchart TB
A[New Frontier Model] --> B[Pre-Deployment Eval Suite]
B --> C{Capability Threshold Crossed?}
C -->|No| D[Deploy at Current ASL]
C -->|Yes ASL-3| E[Mandatory ASL-3 Mitigations]
C -->|Yes ASL-4| F[Mandatory ASL-4 Mitigations]
E --> G[External Red Team Review]
F --> G
G --> H{Mitigations Sufficient?}
H -->|No| I[Delay Deployment]
H -->|Yes| J[Deploy with Monitoring]
I --> K[Iterate Mitigations]
K --> G
What ASL-3 actually requires
The ASL-3 commitments include hardened model weights security (the goal is to resist a state-level actor for some bounded period), deployment-time misuse detection, internal red-team coverage of the relevant catastrophic-misuse scenarios, and external red-team review by partners with specific domain expertise (the public list has included METR, Apollo Research, and several biosecurity-focused organizations whose names Anthropic does not always publish in full).
ASL-4 is more demanding: weights security at a level that resists state actors over longer horizons, automated and human monitoring for autonomous-capability behaviors, and a written argument that the model cannot meaningfully escape its deployment environment. The thresholds for triggering ASL-4 are not fully specified in the public RSP. Anthropic has been explicit that the definitions will evolve as evaluations mature.
The Myth vs the Engineering
The myth is that the RSP is a binding external constraint. The reality is more interesting.
Who actually audits compliance
The RSP is enforced by a combination of Anthropic's internal Responsible Scaling Officer, the Long-Term Benefit Trust, and external red-team partners. There is no government regulator with statutory authority to enforce ASL gates. There is no independent inspector general. The Long-Term Benefit Trust holds a class of stock with governance rights and is meant to override commercial pressure when safety demands it, but the Trust is itself populated by people Anthropic selected.
The external red-team partners do real work. METR has published evaluations of frontier models including Claude on autonomous AI R&D capability. Apollo Research has published deception evaluations. UK AISI and US AISI have run pre-deployment evaluations under bilateral agreements. These organizations are not Anthropic. But they are also not regulators, and their access depends on Anthropic continuing to invite them.
This is the honest picture: the RSP is self-imposed, audited by selected outsiders, and enforced by a governance structure designed to be more durable than ordinary corporate governance — but ultimately still inside Anthropic's control.
Has the RSP ever delayed a release?
This is the load-bearing question for whether the RSP is a real brake or a real narrative tool.
The public answer is partially yes. Anthropic has acknowledged that ASL-3 evaluations on Claude Opus 4.0 in 2025 led to additional mitigation work before deployment. The exact length of the delay is not public. There has been no publicly disclosed instance where the RSP forced Anthropic to abandon a release entirely or where ASL-4 was triggered and deployment paused.
See AI Voice Agents Handle Real Calls
Book a free demo or calculate how much you can save with AI voice automation.
The harder question is whether release timelines were quietly trimmed to avoid triggering thresholds in the first place — that is, whether the RSP shaped what got built rather than what got deployed. There is anecdotal reporting from Anthropic engineers describing capability work that was deferred or scoped down to stay inside ASL-3 mitigations. None of this is independently verified.
A more interesting comparison is what happens when a frontier lab does not have a published gating policy at all. xAI, for instance, has shipped capability without an equivalent public framework, and Meta's open-weights releases have not been gated on the same kind of thresholded evaluation. Whether those decisions reflect different risk judgments, different commercial pressures, or simply different communication strategies is not public. The point is that the RSP creates a discipline that the absence of an RSP does not, even if that discipline is self-imposed.
What ASL-4 would actually require
The public RSP language describes ASL-4 as the level at which a model shows early signs of "autonomous self-replication" or capabilities that would substantially uplift large-scale cyber operations. The mitigations include weights security against state-level actors over multi-year horizons, automated monitoring for autonomous-capability indicators in deployment, and an explicit safety case — a written argument, reviewed externally, that the model cannot meaningfully escape its deployment environment. None of these mitigations are fully specified to the level a regulator would require. The RSP itself acknowledges that the ASL-4 definition will need to evolve as evaluation methods mature, which is honest but also leaves room for interpretation when the time comes.
The Long-Term Benefit Trust
The Trust is the most novel governance structure at any frontier lab. It holds a class of voting stock with rights that include electing some board members and intervening in specific safety decisions. The Trustees, as of public 2025 disclosures, include figures with backgrounds in AI safety research, public-interest law, and academia, none of whom have day-to-day operational roles at Anthropic.
The Trust's actual track record of intervention is not public. Whether it has ever blocked or modified an Anthropic decision is unknown. The skeptical reading is that it functions primarily as a symbolic commitment device. The generous reading is that its existence shapes management decisions before any formal vote is needed. Neither reading is fully verifiable from outside.
What the Evidence Shows
| Question | What is verifiable | Verdict |
|---|---|---|
| Is the RSP written and public? | Yes, v1.0 (2023), v2.0 (2024), updates ongoing | Real |
| Are external red teams involved in evaluations? | Yes — METR, Apollo, AISIs, biosecurity partners | Real |
| Has the RSP ever changed deployment plans? | Acknowledged delays for additional mitigation work | Partially real |
| Is enforcement independent of Anthropic? | No — internal officer, selected Trust, invited red teams | Limited |
| Is there a regulator with statutory authority? | No, in any jurisdiction as of April 2026 | Not yet |
| Is the RSP a competitive narrative tool? | Used in investor, customer, government contexts | Yes |
The accurate summary: the RSP is the most concrete public safety governance among frontier labs, and it is also the strongest piece of safety positioning any frontier lab has produced. Both descriptions are true at the same time.
Implications for Production AI
If you are buying frontier AI in 2026, here is what the RSP actually means for you.
It means there is a published policy you can point to in your own risk register. That has real value for regulated buyers in finance, healthcare, and government, even if the policy is self-imposed. A documented commitment is better than a verbal one for compliance purposes.
It means Anthropic is willing to slow itself down in ways that competitors are not, at least publicly. OpenAI's Preparedness Framework and Google DeepMind's Frontier Safety Framework are real documents but they are less specific about deployment gates and less integrated with governance structures like the Trust. Whether that matters for your decision depends on how much weight you give to safety theater versus safety substance.
It does not mean the RSP will protect you from a model behavior issue in your specific deployment. The RSP is about catastrophic misuse and frontier capability thresholds, not about whether Claude will hallucinate a wrong appointment time on Tuesday afternoon. Day-to-day safety is on you and your guardrails.
What CallSphere Does
CallSphere reads RSPs, Preparedness Frameworks, and Frontier Safety Frameworks as inputs to vendor risk assessment, not as substitutes for our own controls. We document each model provider's published safety governance in our customer trust packet, and we re-evaluate annually. Day-to-day, our safety story is at the application layer: tool-layer guardrails, human-in-the-loop for emergency triage in after-hours escalation, structured logs, and quarterly red-team passes against our own agents. Frontier governance is necessary but not sufficient for production safety. We treat it that way.
FAQ
Q: What is Anthropic's Responsible Scaling Policy?
The Responsible Scaling Policy (RSP) is Anthropic's published commitment to evaluate every frontier model against a defined capability ladder — the AI Safety Levels (ASL-1 through ASL-4) — and to require specific safety mitigations before deploying models that cross each threshold. As of April 2026, current Claude models are classified as ASL-3. The RSP is self-imposed and enforced through a combination of internal governance, the Long-Term Benefit Trust, and external red-team partners.
Q: Is the RSP legally binding?
The RSP is not a contract or a regulation. It is a written corporate commitment, more analogous to a published code of conduct than to a binding legal instrument. There is no government regulator with statutory authority to enforce ASL gates as of April 2026. The Long-Term Benefit Trust has internal governance rights that could in principle enforce some commitments, but its enforcement track record is not publicly disclosed.
Q: Has the RSP ever stopped a Claude release?
Anthropic has publicly acknowledged that ASL-3 evaluations led to additional mitigation work before deploying certain frontier models, which functionally delayed release timelines. There is no publicly known instance of the RSP forcing a complete release abandonment or of ASL-4 being triggered and a deployment paused. Whether the RSP has more subtly shaped capability work that never reached evaluation is an open question.
Q: How does the RSP compare to OpenAI's Preparedness Framework?
Both documents commit to pre-deployment evaluation against capability thresholds and to specific mitigations at each level. The RSP is more specific about governance integration (the Long-Term Benefit Trust) and more explicit about external red-team partners. OpenAI's Preparedness Framework is more recent, more focused on imminent risk categories (CBRN, cyber, persuasion, autonomy), and more integrated with their internal Safety Advisory Group. Reasonable people disagree on which is more substantive.
Q: Should the RSP affect my buying decision?
It should be one input, not the whole decision. A documented safety governance framework matters for regulated buyers and for credible risk registers. It does not protect you from application-layer issues like hallucinations, refusals, or bad tool-use behavior. Treat the RSP as evidence of organizational maturity at the model provider, then build your own controls at the application layer.
The RSP is a real artifact and a real piece of positioning. The mistake is to treat those as mutually exclusive.
#ResponsibleScalingPolicy #AIGovernance #Anthropic #AISafety #FrontierAI #CallSphere
Try CallSphere AI Voice Agents
See how AI voice agents work for your industry. Live demo available -- no signup required.