The Chicago Journal

Illinois Governor Signs AI Safety Measures Act, Creating Strongest State Framework for Frontier AI Regulation

Illinois Signs AI Safety Measures Act With Audit Mandate
Photo Credit: Unsplash.com

Governor JB Pritzker signed Senate Bill 315, the Artificial Intelligence Safety Measures Act, into law on July 6, making Illinois the third state to establish regulatory standards for frontier AI developers and the first to mandate annual independent third-party safety audits. The bipartisan legislation targets AI companies generating more than $500 million in annual revenue that train models above defined computing thresholds, requiring them to publish transparency frameworks, report critical safety incidents within 72 hours, and submit to external compliance audits beginning in 2028. Civil penalties reach $1 million for a first violation and $3 million for subsequent infractions, with the Illinois Attorney General holding exclusive enforcement authority.

Key Takeaways

  • SB 315 applies to “large frontier developers” — AI companies with more than $500 million in annual gross revenue that train models above a computing threshold of 10²⁶ floating-point operations.
  • Illinois is the first state to require annual independent third-party audits of AI developers’ safety practices, with auditors required to demonstrate technical expertise and financial independence from the companies they evaluate.
  • Developers must report critical safety incidents to the Illinois Emergency Management Agency and the Attorney General within 72 hours, or within 24 hours if the incident poses an imminent risk of death or serious physical injury.
  • The law establishes whistleblower protections and confidential reporting channels for employees who flag safety concerns, prohibiting companies from adopting policies that prevent internal disclosures.
  • SB 315 passed the Illinois House 110-0 and the Senate 52-5, with both Anthropic and OpenAI publicly supporting the legislation during the spring session.

What Does SB 315 Actually Require?

The law creates a layered compliance structure that distinguishes between general frontier developers and the subset classified as “large frontier developers” based on the $500 million revenue threshold. The core requirements, which take effect January 1, 2028, mandate that large frontier developers establish documented “frontier AI frameworks” — technical and organizational protocols designed to assess, manage, and mitigate catastrophic risks.

The frameworks must address how the developer incorporates industry standards, defines capability thresholds, applies risk mitigations, uses third-party evaluators, and maintains cybersecurity protections for unreleased model weights. Before deploying new or substantially modified models, developers must publish transparency reports disclosing the model’s intended uses, supported languages, output modalities, and summaries of catastrophic-risk assessments. These transparency reports must be updated annually.

The law defines “catastrophic risk” with specific quantified thresholds: the likelihood that an AI model could contribute to incidents causing death or serious injury to more than 50 people, or more than $1 billion in property damage. The definition also covers enumerated categories including assistance in creating chemical, biological, radiological, or nuclear weapons; autonomous cyberattacks; and loss of control of a frontier model. A separate provision addresses frontier models that use deceptive techniques against their own developers to subvert controls or monitoring in ways that demonstrate materially increased catastrophic risk.

Why Does the Third-Party Audit Requirement Matter?

The audit mandate is the provision that differentiates SB 315 from California’s SB-53 and New York’s Responsible AI Safety and Education Act, both signed in late 2025. While all three laws require frontier developers to publish safety frameworks and report incidents, Illinois is the first to require that an independent external auditor verify compliance with those frameworks on an annual basis.

The distinction addresses a criticism that has followed voluntary AI safety commitments since the White House’s 2023 executive order on AI: that self-reporting and self-assessment allow companies to define the terms of their own accountability. Nick Beckstead, CEO of the Secure AI Project, described the audit provision as making Illinois’ law the strongest in the country. Fisher Phillips, an employment law firm, noted that SB 315 attempts to stop the fox from guarding the henhouse by requiring external validation rather than relying on developer self-assessment.

TechNet, a coalition of technology executives, opposed the third-party audit provision during the legislative process, arguing that mandated external audits could create operational burdens. Despite that opposition, the bill passed the Illinois House unanimously at 110-0 and cleared the Senate 52-5, reflecting bipartisan consensus that exceeded the margins achieved by either the California or New York bills.

How Does Illinois Fit Into the Emerging State-Level AI Regulatory Framework?

Illinois is the third state to enact frontier AI safety legislation, following California and New York in late 2025. Lawmakers estimate that the three states collectively account for roughly 40% of the U.S. AI market, a share large enough to effectively establish a de facto national standard in the absence of federal legislation.

The three laws share a common architecture: all target frontier developers rather than downstream deployers, all require published safety frameworks, and all mandate incident reporting. The differences are in enforcement mechanisms and compliance verification. California’s SB-53, the Transparency in Frontier AI Act, established transparency requirements but stopped short of mandating third-party audits. New York’s RAISE Act imposed regulatory requirements on models exceeding defined cost thresholds. Illinois added the audit mandate and strengthened whistleblower protections beyond what either predecessor required.

Rep. Daniel Didech, the bill’s House sponsor, argued at the signing ceremony that the risks the law addresses are not theoretical. Didech cited what he described as the first AI-inspired mass shooting and AI systems used to attack a municipal water and drainage utility as examples of real-world harms already occurring. Senate sponsor Mary Edly-Allen described the systems covered by the law as capable of writing code, generating synthetic media, conducting complex reasoning, and influencing millions of people at scale.

What Are the Whistleblower and Labor Protections?

SB 315 creates whistleblower protections that prohibit frontier AI companies from adopting policies that would prevent employees from disclosing information to state or federal authorities if they believe the company’s AI systems pose a public safety hazard. The law requires developers to notify every employee of their rights by posting and displaying a notice, and to send an annual written acknowledgment of those rights.

The whistleblower framework creates confidential reporting channels for internal safety concerns and protects employees from retaliation for raising issues about catastrophic risk, model safety, or compliance failures. For companies operating in Illinois, the obligation extends beyond the development team to any covered employee who encounters evidence of safety risks in their work.

What Comes Next for AI Regulation in Illinois?

SB 315 was part of a broader legislative package that Pritzker has advanced on technology regulation. The governor last month signed a separate law banning the use of bots to buy tickets for live events. A proposal to crack down on AI-driven rental pricing platforms that lawmakers say facilitate rent-fixing through shared algorithmic pricing software is also on the governor’s desk. Several additional AI-related measures — including a bill that would require AI companies to detect signs that a user may be suicidal and refer them to crisis services — passed the Senate but did not clear the House before the summer adjournment.

Illinois Attorney General Kwame Raoul, who holds exclusive enforcement authority under SB 315, acknowledged at the signing ceremony that the $3 million penalty cap for subsequent violations may prove insufficient as the industry scales, describing the law as a beginning step.

The AI Safety Measures Act positions Illinois alongside California and New York in a state-driven regulatory framework that collectively covers enough of the domestic AI market to function as a national compliance baseline, with the third-party audit requirement establishing a verification standard that neither predecessor law attempted.

FAQs

What is the Illinois AI Safety Measures Act? SB 315 is a state law requiring the largest AI developers to publish transparency frameworks, undergo annual independent safety audits, report critical incidents within 72 hours, and establish whistleblower protections. It was signed by Governor Pritzker on July 6, 2026.

Which companies does SB 315 apply to? The law targets “large frontier developers” — AI companies with more than $500 million in annual gross revenue that train models above a computing threshold of 10²⁶ floating-point operations, potentially affecting companies such as OpenAI, Anthropic, Google, Meta, and xAI.

When does the law take effect? The core requirements, including the frontier AI framework, transparency reports, and third-party audit mandates, take effect January 1, 2028. The law was signed July 6, 2026.

What are the penalties for noncompliance? The Illinois Attorney General can levy fines of up to $1 million for a first violation and up to $3 million for subsequent infractions, with daily penalties available for missed disclosure deadlines.

What makes Illinois’ law different from California and New York? Illinois is the first state to require annual independent third-party audits of frontier AI developers’ safety practices and includes stronger whistleblower protections with mandatory employee notification requirements.

Did AI companies support or oppose the bill? Both Anthropic and OpenAI publicly supported SB 315 during the legislative process. TechNet, a technology executive coalition, opposed the third-party audit provision. The bill passed the House 110-0 and the Senate 52-5.

What is defined as a “catastrophic risk” under SB 315? The law defines catastrophic risk as incidents that could cause death or serious injury to more than 50 people or more than $1 billion in property damage, including assistance with CBRN weapons, autonomous cyberattacks, and loss of control of a frontier model.

The Chicago Journal

Embracing the spirit and chronicles of the Second City