Illinois SB 315: The Historic Frontier AI Safety Measures Act Signed into Law Mandating First-in-Nation Audits
On July 6, 2026, Illinois Governor JB Pritzker officially signed Senate Bill 315, the "Artificial Intelligence Safety Measures Act," into law. The bill's enactment marks a historic regulatory milestone as Illinois becomes the first state to mandate annual independent third-party audits of large frontier AI developers.
By enacting SB 315, Illinois joins California (Transparency in Frontier Artificial Intelligence Act, September 2025) and New York (Responsible AI Safety and Education Act, December 2025) in establishing a powerful tri-state block that creates a de facto national compliance framework for frontier AI systems in the absence of federal legislation.
Core Obligations Under the Enacted Law
The law introduces several stringent mandates for developers of "frontier models" (defined as models trained using more than 10^26 floating-point operations, or FLOPs) and "large frontier developers" (frontier developers with annual gross revenues exceeding $500 million):
- Mandatory Third-Party Audits (Effective January 1, 2028): In a nation-leading provision, large frontier developers must undergo annual audits by independent, financially disinterested third parties to examine model risks and mitigations. A "high-level summary" of the report must be published within 30 days of receipt, and full copies must be provided to the Illinois Emergency Management Agency (IEMA) and the Illinois Attorney General upon request.
- AI Safety Frameworks (Effective January 1, 2028): Large developers are required to publish, implement, and annually update structured frameworks documenting how they assess and mitigate "catastrophic risks" (defined as severe material risks of death or injury to more than 50 people or over $1 billion in property damage) and handle critical safety incidents.
- Critical Safety Incident Reporting: Developers must report critical safety incidents—such as unauthorized weight modifications, catastrophic risk events, or a model using deceptive techniques to evade control—to the Agency and the AG within 72 hours of discovery. If the incident poses an imminent risk of death or serious injury, this reporting window shrinks to just 24 hours.
- Transparency Reports: Frontier developers must publish transparency reports detailing intended uses, restrictions, and website mechanisms for public communication before deploying or substantially modifying a model.
- Whistleblower Protections: The Act prohibits retaliation against employees or contractors who report safety concerns or legal violations and mandates anonymous internal reporting channels.
De Facto National Precedent and Preemption Battles
Because these state-level laws apply to any developer whose models are accessible to residents in California, New York, or Illinois, the tri-state standards effectively govern the global frontier AI industry. Leading developers have already begun shifting to align with these requirements. For example, OpenAI endorsed SB 315 as "one of the strongest frontier AI safety laws in the country" and released its own "Frontier Governance Framework" to harmonize with the emerging state-level block.
Meanwhile, the conflict between state-level regulations and federal preemption remains an ongoing battleground. The Trump administration's December 2025 Executive Order directed the FCC to evaluate a federal reporting standard intended to preempt state laws. However, legal experts note that such federal-level administrative maneuvers are highly vulnerable to legal challenges absent an explicit congressional delegation of powers.