Illinois passes landmark AI safety bill, becoming first state to mandate frontier model audits

Illinois lawmakers sent a landmark AI safety bill to Governor J.B. Pritzker on Wednesday after it cleared the House 110-0 and the Senate 52-5 — and Pritzker has publicly stated he intends to sign it. When he does, Illinois will become the first state in the country to require independent, third-party audits of the safety practices of large frontier AI developers.

What the bill requires

Senate Bill 315, formally titled the Artificial Intelligence Safety Measures Act, applies to AI developers with more than $500 million in annual gross revenue. That scope covers Anthropic, OpenAI, Google DeepMind, and Meta AI, among others.

Covered companies must create and annually update a published framework covering catastrophic-risk assessment, risk mitigation strategies, cybersecurity practices, internal governance, and third-party evaluations. Beyond publishing frameworks, they must disclose how they identify and respond to "critical safety incidents" — and report those incidents to the Illinois Emergency Management Agency and the Attorney General within 72 hours of having sufficient reason to believe one has occurred. If the incident poses an imminent risk of death or serious physical harm, that window shrinks to 24 hours.

The audit requirement is the bill's most significant provision. Starting January 1, 2028, large developers must submit to annual independent third-party audits of their safety practices — a requirement that does not exist at the federal level or in any other state law.

The legislation also includes whistleblower protections for employees who raise safety concerns, requiring companies to maintain an anonymous internal reporting process. The Illinois Attorney General gets civil enforcement authority over noncompliant firms.

The politics behind the vote

The bill's chief Senate sponsor, Democratic state Sen. Mary Edly-Allen of Grayslake, has described the current AI regulatory landscape as "the Wild Wild West." State Rep. Daniel Didech, the House sponsor, told colleagues on the floor that AI "has the potential to drastically improve the quality of life of people throughout the world but only if deployed and developed responsibly."

The near-unanimous House vote (110-0) reflects unusually broad bipartisan agreement. Illinois Democrats are pushing a package of AI-related bills this session, explicitly framing them as a response to federal inaction on AI regulation. Illinois is modeling its approach on similar legislation in New York and California, with the goal of creating a de facto national standard for states that choose to adopt it.

What it means for the industry

A 72-hour incident reporting window is notably aggressive — stricter, for instance, than the 72-hour notification rule under GDPR and comparable to the SEC's cybersecurity incident disclosure rules. For AI companies, defining what constitutes a "critical safety incident" will be a major implementation challenge.

The mandatory annual audit requirement is a significant compliance burden. There is currently no established audit ecosystem for frontier AI safety practices, which means companies and third-party auditors will need to define methodologies from scratch before the 2028 effective date. That gap will be an immediate focus for standards bodies, audit firms, and the industry itself.

The bill passed with backing from several AI companies, suggesting the industry sees state-level regulation as preferable to a patchwork of more restrictive local laws — or as a hedge against less predictable federal legislation. As Capitol News Illinois reported, advocates describe SB 315 as "only the first step."