AI

Illinois Enacts First-in-Nation AI Law Mandating Third-Party Audits

In a landmark move, Governor JB Pritzker has signed the Artificial Intelligence Safety Measures Act, making Illinois the first state to require independent audits of advanced AI models.

AI Tech Dialogue Editorial TeamAI Tech Dialogue Editorial Team6 min read
An abstract image representing the Illinois AI safety law, showing a complex neural network being inspected under a magnifying glass, symbolizing the new audit requirement.
An abstract image representing the Illinois AI safety law, showing a complex neural network being inspected under a magnifying glass, symbolizing the new audit requirement. — Illustration: AI Tech Dialogue.

A New Sheriff in Town for Big AI

Illinois just put Big AI on notice. A new sheriff is in town. On Monday, July 6, 2026, Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act, a law establishing a regulatory framework that blows past what other states have even tried. Here's the core of it: For the first time in the U.S., developers of powerful 'frontier' AI models must submit to annual safety audits from an independent third party.

"As AI systems become more powerful and the federal government is unwilling to step in, states have a responsibility to protect our people from the dangers of AI while still harnessing the unique potential of the technology," Pritzker said in a press release. "People want protections from the risks of AI and Illinois is stepping up with a bipartisan, first- and most-protective-in-the-nation law."

The law, also known as SB 315, passed with overwhelming bipartisan support. A true political rarity. It takes direct aim at the biggest and most capable AI systems—the so-called frontier models—built by companies with more than $500 million in annual revenue and trained with staggering amounts of computing power. That puts tech giants like OpenAI, Anthropic, and Google squarely in its crosshairs. But here's a twist. Both OpenAI and Anthropic actually supported the bill, a sign that the industry might just see regulation as inevitable while they scramble for workable state-level rules in the absence of a federal one.

What Does the Illinois AI Safety Law Actually Require?

So what's actually in this thing? It's not just the audits. The law writes a whole suite of safety and transparency practices—many of which leading AI labs have only followed voluntarily until now—into stone. It's a get-serious approach to stopping worst-case scenarios before they start. Here’s what developers of these models now have to do:

  • Publish Safety Frameworks: Companies must create, publish, and annually update a detailed framework for how they assess and mitigate "catastrophic risks." And the state's definition is chillingly specific: an incident that could cause over 50 deaths or serious injuries, or more than $1 billion in property damage. Think AI-assisted bioweapons or a crippling cyberattack.
  • Report Safety Incidents: If something goes wrong, they can't hide it. Developers have to report significant safety incidents to state authorities like the Illinois Emergency Management Agency and the Attorney General's office within 72 hours. If an incident poses an imminent threat of death or serious injury? That window slams shut to just 24 hours.
  • Undergo Independent Audits: This is the big one. Companies must bring in independent, third-party evaluators every year to verify their safety practices. It’s a crucial layer of outside validation—a move beyond simply trusting a company’s own PR. For a deeper dive into AI mechanics, our guide What Is Artificial Intelligence? has the background.
  • Protect Whistleblowers: The act creates formal, confidential channels for employees inside AI companies to report safety concerns without fearing retaliation.

And violations? They've got teeth. The Illinois Attorney General can hit a company with civil penalties up to $1 million for a first offense and a cool $3 million for subsequent ones.

Setting a De Facto National Standard

Illinois may be the first state to mandate audits, but it isn't acting in a vacuum. The law builds on safety frameworks recently passed in California and New York. "We are not willing to wait for Congress to act," said State Senator Mary Edly-Allen, one of the bill's sponsors. She has a point. With those three states alone making up an estimated 40% of the U.S. AI market, their combined rules are creating a de facto national standard, whether the rest of the country is ready or not.

This whole state-led push is happening because of the gaping hole left by a gridlocked U.S. Congress. It’s a familiar pattern in tech regulation—think data privacy, where state laws forced the issue long before any federal action. The paralysis isn't just an American problem, either. Even the European Union has hit delays with its own sweeping AI Act, highlighting the global difficulty of writing future-proof rules for a technology that changes by the day.

So what exactly is a third-party AI audit? The field is new, but it's growing fast. Groups like the Alignment Verification and Evaluation Research Institute (AVERI) describe it as a rigorous, independent check on a developer's safety promises, based on secure access to non-public information. The whole point is to move beyond trusting press releases and get an objective, expert assessment of risk.

The law won't kick in until January 1, 2028. That gives companies a few years to get their houses in order. It's a timeline that mirrors the federal government's own sluggish attempts to get a handle on AI, like the FTC's proposed rules on deceptive AI outputs. But for now, all eyes are on the Land of Lincoln. It has drawn a clear line in the sand for AI developers. How the industry adapts—and whether other states follow this new, more stringent model—will shape the future of AI safety in America.

#ai regulation#illinois#ai safety#jb pritzker#frontier models#tech policy

Frequently asked questions

What is the new Illinois AI Safety Law?
The Illinois Artificial Intelligence Safety Measures Act, signed by Governor JB Pritzker, is a landmark law that regulates developers of advanced AI systems, known as frontier models. It requires them to publish safety frameworks, report critical safety incidents, and, most notably, undergo annual independent third-party safety audits, a first-in-the-nation requirement.
Which companies does the Illinois AI law apply to?
The law applies to developers of large-scale "frontier" AI models. Specifically, it targets companies that report more than $500 million in annual revenue and use massive computing power to train their models. This includes major industry players like OpenAI, Google, and Anthropic.
What is a third-party AI safety audit?
A third-party AI safety audit is an independent assessment conducted by an external, unbiased expert to verify that an AI system is safe, secure, and compliant with standards. Under the Illinois law, these audits will evaluate how AI developers identify and mitigate catastrophic risks, providing a layer of external accountability beyond the company's own claims.
When does the Illinois AI Safety Measures Act take effect?
The requirements set forth in the Illinois Artificial Intelligence Safety Measures Act are scheduled to go into effect on January 1, 2028. This provides a transition period for AI development companies to establish the necessary compliance and reporting structures mandated by the new law.

Sources & further reading

More in this section