Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
,
Regulation
SB 315 Requires Annual Independent Audits, 72-Hour Incident Reporting for AI Giants

Illinois became the first state in the United States to require annual independent audits of frontier artificial intelligence developers, becoming the home to the toughest AI safety law in the nation after Gov. JB Pritzker signed the Artificial Intelligence Safety Measures Act.
See Also: Securing AI Workloads With Ubuntu Pro
The governor’s office described the bipartisan legislation as the strongest AI accountability framework in the country. The law requires the largest AI developers to identify, disclose and mitigate risks from their most powerful systems while establishing independent oversight and protections for workers who report safety concerns.
The bill targets large frontier developers – companies with annual gross revenues exceeding $500 million – including industry giants such as OpenAI, Anthropic, Google, Meta and xAI.
“As AI systems become more powerful and the federal government is unwilling to step in, states have a responsibility to protect our people from the dangers of AI while still harnessing the unique potential of the technology,” Pritzker said in a statement. “People want protections from the risks of AI and Illinois is stepping up with a bipartisan, first- and most-protective-in-the-nation law.”
The audit mandate sets Illinois apart from every other state. It requires regular third-party safety reviews of covered AI systems conducted by qualified experts without financial conflicts of interest. Covered developers must create, publish and annually update a frontier AI framework detailing how they assess catastrophic risk, apply industry safety standards, secure their systems against cyber intrusions and respond to safety incidents. The law also requires transparency reports before developers deploy new or substantially modified frontier models.
Developers face a 72-hour deadline to report critical safety incidents and a 24-hour window for incidents posing an imminent threat to life or safety. Reportable events include unauthorized access to model weights, loss of control of a system or any incident signaling materially increased catastrophic risk.
The Illinois Emergency Management Agency and Office of Homeland Security will oversee the reporting systems, issue rules and compile annual reports in consultation with the attorney general. Large frontier developers must also file disclosure statements identifying key contacts and pay proportional fees to cover administrative costs.
The Illinois attorney general will be tasked with overseeing enforcement. Civil penalties can reach $1 million for a first violation and $3 million for subsequent violations.
“Frontier model AI systems have the potential to be used for many good things,” Illinois Attorney General Kwame Raoul said in a statement. “However, due to their massive computing power, they also could cause catastrophic events, such as cyberattacks or the system evading control by developers or users.”
The law builds on California’s Transparency in Frontier Artificial Intelligence Act, enacted in September 2025, and New York’s Responsible AI Safety and Education Act, signed in December 2025. Illinois goes further than both. New York required only a single independent audit when developers first qualified under its law, while Illinois mandates the reviews annually.
“This bipartisan law is about putting responsible safeguards in place before a preventable catastrophe occurs,” said state Sen. Mary Edly-Allen, D-Grayslake, the bill’s Senate sponsor. “While AI holds extraordinary promises from curing disease to transforming scientific research, we have a responsibility to confront the catastrophic risks associated with the systems.”
Anthropic backed the measure, with the company’s head of U.S. state and local government relations Cesar Fernandez calling it “an important step toward the accountability this technology demands” and noting the company was the first AI lab to support the bill.
Advocacy groups including the Secure AI Project, Encode AI and the Transparency Coalition also praised the signing, with Encode AI co-executive director Sunny Gandhi saying the audit requirement means “the public doesn’t have to take AI companies at their word.”
The law provides whistleblower protections for covered employees, prohibits retaliation for good-faith disclosures of violations and amends the state’s Freedom of Information Act to exempt certain information submitted under the act from public disclosure.
