Illinois Governor J.B. Pritzker signed the Artificial Intelligence Safety Measures Act (SB 315) on 6 July 2026, making Illinois the first U.S. state to require independent third‑party audits of frontier AI models. The law applies to developers with more than $500 million in annual revenue that train models using a defined “massive computing” threshold.
Under the Act, covered companies must evaluate and mitigate catastrophic risks, submit to yearly independent audits, report critical safety incidents within 72 hours, and ensure that public disclosures are accurate. The Illinois Attorney General has the authority to enforce the law and levy fines: $1 million for a first violation and up to $3 million for each repeat violation.
The legislation passed the Illinois House with a 110‑0 vote and received endorsements from major AI firms including OpenAI and Anthropic. It builds on similar 2025 laws in New York and California but goes further by mandating external audits performed by qualified experts without financial conflicts of interest.
The Act defines a “catastrophic event” as an incident resulting in the deaths of at least 50 people or causing $1 billion or more in damage per occurrence. Developers must publish an annual transparency framework that explains how they apply industry standards, measure model capabilities, assess catastrophic risk, and respond to safety incidents.
Third‑party auditors are required to verify compliance with each developer’s framework — a provision that has drawn some pushback from industry groups such as TechNet, a coalition of technology executives. Nevertheless, the bill enjoyed bipartisan support in the Illinois Legislature and was endorsed by both OpenAI and Anthropic, which called the pairing of transparency and external verification “an important step toward the accountability this technology demands.”
📌 Road to the Artificial Intelligence Safety Measures Act
🗺️ First‑mover states on frontier AI regulation
Illinois joins New York and California in setting state‑level AI transparency rules.
Governor Pritzker framed the law as a state‑level response to federal inaction: “As AI systems become more powerful and the federal government is unwilling to step in, states have a responsibility to protect our people from the dangers of AI while still harnessing the unique potential of the technology.” Attorney General Kwame Raoul, who will enforce the Act, noted that advanced AI models carry risks including cyberattacks, the creation or release of weapons, and the potential for developers or users to lose control of systems.
While OpenAI and Anthropic supported the bill, some industry stakeholders have expressed concerns about the cost and feasibility of annual third‑party audits. The law’s sponsors have pointed to the 110‑0 House vote as evidence of broad consensus on the need for AI oversight at the state level.
🇺🇸 Illinois (2026)
- ✓ Mandatory third‑party audits
- ✓ 72‑hour incident reporting
- ✓ $500M revenue threshold
- ✓ Catastrophic risk framework
🗽 New York (2025)
- ✓ Transparency disclosures
- ✓ Risk assessment required
- ✗ No mandatory external audit
- ✗ No fixed incident reporting window
🌴 California (2025)
- ✓ Safety framework mandate
- ✓ Public transparency reports
- ✗ Audits not explicitly required
- ✗ Lower penalty caps
The Artificial Intelligence Safety Measures Act establishes a regulatory framework for frontier AI developers operating in Illinois. The law requires annual third‑party audits, 72‑hour incident reporting, and public transparency disclosures. Penalties for violations range from $1 million for a first offence to $3 million for repeat violations. The Act takes effect on 1 January 2027.
Covered developers include those with more than $500 million in annual revenue that train models using a defined massive‑computing threshold. The Illinois Attorney General’s office is responsible for enforcement. The legislation passed the Illinois House with a 110‑0 vote and received support from OpenAI and Anthropic, while some industry groups have raised concerns about the audit requirements.
🔗 Previous coverage: PlayStation physical disc phase‑out · NVIDIA’s AI cloud revenue model · Agentic ransomware and AI‑run attacks






