Illinois lawmakers sent SB 315, the Artificial Intelligence Safety Measures Act, to Gov. JB Pritzker on June 3, clearing the House 110-0 and the Senate 52-5 and making Illinois the first state poised to mandate independent third-party safety audits of frontier AI developers. Pritzker is expected to sign within 30 days. The law takes effect Jan. 1, 2027.

The bill reaches companies with more than $500 million in annual gross revenue. Per IAPP, covered firms must publish catastrophic-risk plans, file pre-deployment reports, and submit to annual third-party audits beginning in 2028. “Catastrophic risk” is defined to include models capable of mass harm or causing over $1 billion in cyberattack-driven damages.

What’s striking is who isn’t fighting it. OpenAI and Anthropic publicly back the bill, with Anthropic’s Cesar Fernandez calling it “a new standard” for safety. Frontier labs have read the room: a fragmented patchwork of state regimes is worse for them than one demanding floor they helped shape.

The same week underscored the trend. New York’s Senate passed S 1169, authorizing independent audits of high-risk systems and AG enforcement against algorithmic discrimination. Vermont’s H 816 cleared before the legislature adjourned May 29. California advanced 30 AI bills through second-chamber committees. The vacuum left by the Trump administration’s shelved voluntary federal AI security order in May is filling fast.

NetChoice, in a June 2 veto-request letter, argued the “auditing standards, certifying bodies and compliance methodologies” the bill requires “simply do not exist,” calling it an “unattainable requirement” backed by $3 million civil penalties.

That complaint also describes a market opening. Model-agnostic platforms like LemonLime, which already abstract across providers, are well-positioned to absorb the overlapping disclosure logic the states are now writing into statute. The audit economy is being legislated into existence before the auditors arrive.

Sources

Sources