Quick take: On July 6, 2026, Illinois Governor JB Pritzker signed SB 315, the Artificial Intelligence Safety Measures Act, making Illinois the first US state to require annual, independent, third-party safety audits of the largest AI developers. The law reaches companies with more than $500 million in annual revenue that also train models above a frontier-scale compute threshold — roughly a dozen labs, including OpenAI, Anthropic, Google DeepMind, Meta, and xAI. It defines a "catastrophic risk" as a frontier model materially contributing to the death or serious injury of more than 50 people or more than $1 billion in property damage, requires incident reports within 72 hours, and carries civil penalties of up to $1 million for a first violation and up to $3 million after that. It passed 110 to 0 in the House and 52 to 5 in the Senate, was backed by both OpenAI and Anthropic, and takes effect January 1, 2027, with the first mandatory audits phasing in by 2028.
The five things to know
- A national first. SB 315 is the first US state law to make an independent, third-party safety audit of frontier AI systems mandatory — not merely a disclosure or transparency duty.
- It only hits the giants. The obligations land on developers with more than $500 million in revenue that also cross a frontier compute threshold of more than 10^26 operations. Startups and most open-weight projects are exempt.
- The bar for "catastrophic" is high. The triggering harm is mass-casualty or $1 billion-scale: more than 50 deaths or serious injuries, or more than $1 billion in property damage, from a single incident.
- The clock is fast and the fines are real. Critical incidents must be reported within 72 hours, or 24 hours if death or serious injury is imminent, with penalties reaching $1 million and then $3 million per violation, enforced only by the Illinois Attorney General.
- Industry did not fight it. OpenAI and Anthropic both supported the bill, which passed with near-unanimous bipartisan votes — a notable contrast with the federal push to freeze exactly this kind of state law.
What SB 315 actually requires
SB 315, the Artificial Intelligence Safety Measures Act, is an Illinois statute that imposes a set of safety, transparency, and audit duties on the largest frontier AI developers. At its core, covered developers must publish and annually update a "frontier AI framework," submit to annual independent third-party audits, file transparency reports before deploying major new models, report critical safety incidents on a tight clock, and protect whistleblowers — all enforced by the Illinois Attorney General through civil penalties.
The framework requirement is the backbone. According to legal analysis from Akerman LLP, a covered developer must maintain a documented framework that spells out how it defines capability thresholds, assesses and mitigates catastrophic risk, secures the weights of unreleased models, governs internal use of frontier systems, and brings in third-party evaluators. Before it deploys a new or substantially modified frontier model, the developer must also publish a transparency report describing the model's intended uses, supported languages, output modalities, and a summary of its catastrophic-risk assessment.
What makes SB 315 stand out is the audit. Other 2026 state laws lean on self-disclosure; Illinois adds an outside examiner. The statute, whose full text sits with the Illinois General Assembly, requires that auditors have demonstrated competence in frontier AI safety, work to generally accepted auditing standards, receive access to unredacted versions of the developer's published documents, and carry no financial conflict of interest with the company they are reviewing. That combination — mandatory, independent, conflict-screened, and recurring every year — is what earns SB 315 its "first in the nation" label.
Who the law actually hits
SB 315 is deliberately narrow. It applies only to "large frontier developers" — companies with more than $500 million in annual gross revenue that also train models using more than 10^26 computational operations. Analysts estimate the combined revenue-and-compute test captures roughly a dozen companies, including OpenAI, Anthropic, Google DeepMind, Meta, and xAI. The long tail of smaller startups and open-weight projects sits below the line and is not covered.
That scoping is a design choice, not an accident. By pairing a revenue floor with a compute ceiling, Illinois aimed the law at the handful of labs actually building frontier systems while sparing the broader ecosystem of application developers and fine-tuners. As NBC News reported when the legislature passed the bill, the target is the "largest AI developers," not the average software company shipping an AI feature.
The scale involved is easy to underestimate. The revenue threshold alone clears most of the industry; the companies that meet it are the same names behind the models we cover most closely, and the same firms whose finances now run into the tens of billions of dollars — as our breakdown of OpenAI's 2025 costs and losses laid out. For those developers, SB 315 turns internal safety practices that were previously voluntary and private into documented, audited, and partly public obligations. That is the shift the law is really making, and the Akerman analysis flags it as the compliance lift most developers will feel first.
How Illinois defines "catastrophic risk"
SB 315 does not regulate everyday AI mistakes. It targets "catastrophic risk," defined as a foreseeable and material risk that a developer's frontier model materially contributes to the death or serious injury of more than 50 people, or more than $1 billion in property damage, arising from a single incident. That is a mass-casualty or billion-dollar bar, and it deliberately excludes ordinary harms and errors.
The definition is also tied to specific conduct. Per the statutory language summarized by Akerman, the risk has to flow from enumerated behavior: a model providing expert-level assistance in creating or releasing chemical, biological, radiological, or nuclear weapons; engaging in autonomous conduct such as a cyberattack, murder, assault, extortion, or theft with no meaningful human oversight; or evading the control of its own developer or user. Harms that come from publicly available information, lawful federal activity, or cases where the model did not materially contribute are expressly carved out.
It is worth being clear-eyed about what that threshold does. Setting the bar at 50 deaths or $1 billion focuses the law on genuine worst-case scenarios rather than the day-to-day failures — biased outputs, hallucinations, privacy leaks — that dominate real AI harm today. Supporters call that appropriate triage for a "frontier" law; skeptics note that the most common harms people actually experience fall entirely outside it. As local coverage from WGN underscored, SB 315 is a catastrophe-prevention statute by design, not a general-purpose AI consumer-protection law.
Audits, 72-hour reports, and million-dollar penalties
Three mechanisms give SB 315 its teeth: mandatory annual independent third-party audits, fast incident reporting, and civil penalties. A critical safety incident must be reported within 72 hours to the Illinois Emergency Management Agency and the Attorney General, or within 24 hours if there is an imminent risk of death or serious physical injury. Penalties reach up to $1 million for a first violation and up to $3 million for each subsequent violation, and only the Illinois Attorney General can enforce them — there is no private right of action.
The reporting definition is broad enough to matter. A "critical safety incident" includes unauthorized access to or exfiltration of model weights that causes death or injury, a materialization of catastrophic risk, a loss of model control that causes harm, or a model using deceptive techniques that demonstrate a materially increased catastrophic risk. When the imminent-harm clock applies, the 24-hour report must also reach any law enforcement or public safety agency with jurisdiction, per the Akerman breakdown.
On enforcement, the design is narrow but concentrated. The penalties attach to concrete failures — not publishing required documents, making materially false or misleading statements, failing to retain a qualified auditor, failing to report incidents, or not complying with the framework requirements. Because the Illinois Attorney General holds exclusive enforcement authority, there will be no wave of private lawsuits, a point Capitol News Illinois noted lawmakers added by amendment. The open question is capacity: whether a single state attorney general's office can meaningfully audit-check the internal safety practices of the world's largest AI labs is exactly the kind of strategic doubt that will shape how much SB 315 changes in practice.
How SB 315 became law
SB 315 moved through Illinois with unusual speed and consensus. The General Assembly passed it on May 27, 2026, by a vote of 110 to 0 in the House and 52 to 5 in the Senate. Governor JB Pritzker signed it on July 6, 2026. The law takes effect January 1, 2027, though legal analysts note the heaviest obligations — published frameworks and the first annual third-party audits — phase in through 2028.
The bill was carried by Sen. Mary Edly-Allen (D-Libertyville) in the Senate and Rep. Daniel Didech (D-Buffalo Grove) in the House, and its sponsors framed it explicitly as filling a federal vacuum. In the signing statement released by his office, Pritzker said: "As AI systems become more powerful and the federal government is unwilling to step in, states have a responsibility to protect our people from the dangers of AI while still harnessing the unique potential of the technology." He went further in remarks reported by Capitol News Illinois, arguing that "Congress and the president ought to be passing similar legislation, but they've so far been unwilling, because many are captive to special interests that profit from the industry having no regulation."
The near-unanimous margin is itself a data point. Frontier AI regulation is not usually a consensus issue, yet SB 315 drew a single dissenting bloc of five state senators and zero opposition in the House. Part of that owes to the narrow scoping — the law touches only a dozen out-of-state giants, not Illinois employers — and part owes to the fact that the industry's two most prominent labs were on board rather than lobbying against it, as the Governor's official announcement emphasized.
Why OpenAI and Anthropic backed a law that regulates them
Unusually for a bill that imposes audits and penalties on frontier labs, both OpenAI and Anthropic supported SB 315 as it advanced. Governor Pritzker's office noted that Anthropic was the first AI lab to back the bill, and OpenAI publicly endorsed the state-led approach. Their support helps explain the lopsided vote — and signals a strategic bet that a predictable state framework beats regulatory uncertainty.
Anthropic's rationale was framed around enforceability. Its head of US state and local government relations said that "SB 315 makes Illinois the first state to pair AI transparency requirements with independent verification, an important step toward the accountability this technology demands," per the Governor's newsroom. OpenAI's read was more geographic: its global affairs representative, Caitlin Niedermeyer, told lawmakers that while the federal government remains best positioned to lead on frontier safety, Illinois, California, and New York can "really lead in advancing aligned frameworks," which she argued "can absolutely help create a de facto national direction of travel," according to Capitol News Illinois.
Not everyone was persuaded. The technology trade group TechNet warned that Illinois would be "requiring private actors to make highly subjective determinations requiring AI safety compliance without established national standards, certifications, or clear regulatory guardrails." That critique — that the state is asking labs to self-assess catastrophic risk against thresholds no federal body has defined — is the sharpest strategic objection to the bill, and it foreshadows the coming fight over whether frontier-AI rules belong to the states at all. It also lands in the same season that OpenAI is facing multistate scrutiny on other fronts, as our report on the multistate attorney general subpoena of OpenAI detailed.
How this fits the federal-vs-states fight
SB 315 lands in the middle of a jurisdictional tug-of-war over who governs frontier AI. It joins California's SB 53 and New York's RAISE Act to form a growing patchwork of state frontier-AI laws — the very patchwork that a bipartisan federal effort is now trying to freeze. Whether SB 315 endures depends less on Springfield than on Washington.
The most direct threat is the Great American AI Act, a 269-page federal discussion draft that would suspend state laws regulating how AI models are built for three years in exchange for a federal framework. Analysts list Illinois SB 315 among the development-focused state laws that draft could preempt — meaning a federal bill could override the law Illinois just passed. We unpacked that proposal and its "build versus use" distinction in our analysis of the Great American AI Act's bid to override state AI laws. SB 315 anticipates the tension: it lets the Illinois Emergency Management Agency designate a "substantially equivalent" federal law as satisfying its requirements, a built-in off-ramp if Congress ever acts.
Zoom out and the convergence is striking. In a single stretch of 2026, Illinois enacted an audit mandate, a wave of state laws targeting AI companion chatbots advanced across the country, the G7 took up AI governance at Evian, and the European Union kept recalibrating its own regime — a story we tracked in our coverage of the EU AI Act's delayed high-risk rules. Four jurisdictions, four different answers to the same question. The Transparency Coalition, which tracked SB 315 through the legislature, framed it as proof that states will not wait for Congress; you can read its bill tracker alongside the Capitol News Illinois passage report. The strategic bet Illinois is making is that a first-mover state standard, backed by the industry's own leading labs, becomes hard for any future federal framework to simply erase.
The bottom line
Illinois SB 315 is the first US state law to make independent third-party AI safety audits mandatory, signed July 6, 2026 and effective January 1, 2027. It reaches only the largest frontier developers — more than $500 million in revenue and a frontier compute threshold — and it targets genuine catastrophe: more than 50 deaths or $1 billion in damage, reported within 72 hours, with penalties up to $3 million. That both OpenAI and Anthropic supported it makes it a rare consensus in AI policy. What remains unsettled is durability: a federal preemption draft could freeze it, a single attorney general has to enforce it, and its high threshold leaves everyday AI harms untouched. SB 315 is a milestone, but the fight over who governs frontier AI is only starting.
Sources
- Office of Governor JB Pritzker — signing announcement (July 6, 2026)
- Capitol News Illinois — Pritzker signs landmark AI regulation bill
- Capitol News Illinois — Illinois lawmakers pass landmark AI accountability bill
- Akerman LLP — Illinois SB 315 legal analysis
- NBC News — Illinois legislature passes historic AI bill
- Illinois General Assembly — SB 315 bill status
Frequently asked questions
What is Illinois SB 315?
Illinois SB 315, the Artificial Intelligence Safety Measures Act, is a state law signed by Governor JB Pritzker on July 6, 2026. It makes Illinois the first US state to require annual, independent, third-party safety audits of the largest frontier AI developers. It also mandates published safety frameworks, transparency reports, 72-hour incident reporting, whistleblower protections, and civil penalties enforced by the Illinois Attorney General.
When does Illinois SB 315 take effect?
SB 315 was signed on July 6, 2026. The Governor's office cites a January 1, 2027 effective date, while legal analysts note that the heavier compliance obligations phase in through 2028, when covered developers must publish their frontier AI frameworks and complete their first annual independent third-party audits.
Which companies does Illinois SB 315 apply to?
SB 315 targets large frontier developers: companies with more than $500 million in annual gross revenue that also train models using more than 10^26 computational operations. Analysts estimate this captures roughly a dozen labs, including OpenAI, Anthropic, Google DeepMind, Meta, and xAI. Smaller startups and most open-weight projects fall below the threshold and are not covered.
How does SB 315 define catastrophic risk?
SB 315 defines catastrophic risk as a foreseeable and material risk that a frontier model materially contributes to the death or serious injury of more than 50 people, or more than $1 billion in property damage, from a single incident. The triggering conduct includes expert-level assistance with chemical, biological, radiological, or nuclear weapons, autonomous criminal conduct with no meaningful human oversight, or a model evading the control of its developer or user.
What are the penalties under Illinois SB 315?
Civil penalties reach up to $1 million for a first violation and up to $3 million for each subsequent violation. Violations include failing to publish required documents, making materially false or misleading statements, failing to retain an auditor, and failing to report incidents. The Illinois Attorney General has exclusive authority to enforce the law, and there is no private right of action for individuals to sue.
How fast must AI incidents be reported under SB 315?
Covered developers must report a critical safety incident within 72 hours to the Illinois Emergency Management Agency and the Attorney General. If the incident poses an imminent risk of death or serious physical injury, the window shrinks to 24 hours and the report must also go to any law enforcement or public safety agency with jurisdiction.
Is Illinois really the first US state to require AI safety audits?
Yes. According to Governor Pritzker's office, Illinois is the first state in the nation to require regular, independent, third-party safety audits of covered frontier AI systems. Earlier state laws such as California SB 53 and New York's RAISE Act imposed transparency and disclosure duties, but SB 315 is the first to make an outside audit mandatory.
Did OpenAI and Anthropic support Illinois SB 315?
Yes. Both OpenAI and Anthropic supported the bill as it moved through the Illinois General Assembly. The Governor's office noted that Anthropic was the first AI lab to back the bill. OpenAI's global affairs team framed states like Illinois, California, and New York as helping to create a de facto national direction on frontier AI safety.
Who opposed Illinois SB 315?
The technology trade group TechNet raised concerns, arguing that Illinois would require private companies to make highly subjective safety determinations without established national standards or certifications. Despite that opposition, the bill passed with broad bipartisan margins: 110 to 0 in the House and 52 to 5 in the Senate.
How is SB 315 different from the Great American AI Act?
SB 315 is an enacted Illinois state law. The Great American AI Act is a federal discussion draft that would freeze state laws regulating how AI models are built for three years, and analysts list Illinois SB 315 among the development-focused state laws it could preempt. In short, SB 315 is in force now, while the federal draft could later override it.
How does SB 315 compare to California SB 53 and New York's RAISE Act?
All three target frontier AI developers, but SB 315 goes furthest on oversight by mandating annual independent third-party audits, which California SB 53 and New York's RAISE Act do not require. Together, the three laws form the emerging patchwork of US state frontier-AI rules that the federal government is now trying to standardize or preempt.
What is a frontier AI framework under SB 315?
A frontier AI framework is a documented safety plan that covered developers must publish, implement, and update every year. It has to describe how the developer assesses and mitigates catastrophic risk, secures unreleased model weights, governs internal use, and uses third-party evaluators. Developers must also publish transparency reports before deploying new or substantially modified frontier models.



