Gov. JB Pritzker signed SB 315, the Artificial Intelligence Safety Measures Act, on July 6, making Illinois the third state to regulate frontier AI and the first to require annual independent third-party audits of large developers. New York’s law calls for a single audit. Illinois wants one every year.

The statute applies to developers with at least $500 million in annual gross revenue. It defines “catastrophic risk” as incidents that could kill or seriously injure more than 50 people, or cause over $1 million in property damage, and it forces disclosure of critical safety incidents within 72 hours, or 24 hours where death or serious injury is imminent. Whistleblower protections are baked in. Substantive requirements take effect January 1, 2028.

The politics are unusually clean. The House passed it unanimously; only five Republican senators voted no. OpenAI and Anthropic supported the bill in committee, calculating, correctly, that a defensible Illinois floor is preferable to fifty improvisational ones. TechNet dissented, warning that the audit mandate would produce “highly subjective determinations” without national standards.

Attorney General Kwame Raoul framed the law as filling a federal “gap,” which is the operative word. With California expected to pass additional AI legislation before year-end, Illinois, California and New York now cover roughly 40% of the U.S. AI market by lawmakers’ count. That’s the de facto national regime, assembled state by state while Congress watches.

For buyers, the compliance surface just widened. Model-agnostic platforms like LemonLime, which route across providers rather than lock customers to one lab, look better-positioned than most: auditability travels with the orchestration layer, not the underlying weights.

The federal preemption fight everyone has been anticipating starts here, on Illinois’s terms.

Sources

Sources