Illinois Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act (SB 315) into law, establishing new transparency and accountability rules for the largest AI models. The legislation, modeled after similar laws in California and New York signed in late 2025, targets developers with more than $500 million in annual revenue and requires them to report on catastrophic risks, creating what lawmakers estimate to be a de facto national standard covering roughly 40% of the U.S. AI market.
"Congress and the president ought to be passing similar legislation, but they've so far been unwilling, because many are captive to special interests that profit from the industry having no regulation," Pritzker said before signing the bill. "We can work together to establish thoughtful guardrails in ways that benefit both industry and the public, or we can allow a handful of actors to evade accountability and push the costs and detriment onto ordinary people. Illinois has chosen our path."
New transparency and audit requirements
The law requires model developers to publish a safety framework explaining how they identify and assess catastrophic risk, defined as incidents likely to cause death or serious injury to more than 50 people or more than $1 million in property damage. Developers must also report any harmful incidents to the state within 72 hours, or within 24 hours if the risk is imminent.
Illinois' version adds a first-in-the-nation requirement for mandatory annual third-party audits. New York's law, by contrast, required only a single independent audit when a developer first met the revenue threshold. During legislative debate, industry group TechNet raised concerns that the audit provision would force companies to make subjective safety compliance determinations without established national standards.
State-driven de facto national standard
With California, New York, and Illinois adopting aligned frameworks, lawmakers estimate the three states represent roughly 40% of the U.S. AI market. This coordinated state-driven approach is creating a de facto national standard, with implications for AI for Government and industry alike. Caitlin Niedermeyer of OpenAI's Global Affairs said, "While we have been very clear that the federal government remains well-positioned to lead on frontier safety because it has the resources, expertise and institutions, we also strongly actually see a position for both Illinois but also California and New York to really lead in advancing aligned frameworks, which we believe can absolutely help create a de facto national direction of travel."
Real-world harms drive urgency
House sponsor Rep. Daniel Didech pointed to concrete incidents the bill aims to address. "We have already seen the first AI-inspired mass shooting. We have already seen AI systems utilized to attack a municipal water and drainage utility," Didech said. He also referenced Anthropic's Mythos model, which the company deemed too powerful a cyberweapon to release publicly. Anthropic supported the Illinois bill, as did OpenAI.
Senate sponsor Sen. Mary Edly-Allen said, "We are not willing to wait for Congress to act. There's an old saying: Give a man a fish, he eats for a day. Teach him to fish, he eats for a lifetime. Teach AI to fish, though, and it might just empty the whole river trying to figure out how."
Penalties and future steps
Companies that violate the law face civil penalties of up to $1 million for a first offense and up to $3 million for subsequent violations, enforced by the attorney general's office. Lawmakers expect to continue working on AI regulation, with Didech identifying medical care and education as areas needing further evaluation of public safety risks.
Scott Wisor, policy director for Secure AI, said the next step for transparency would be external evaluation of model risks before release. "Right now, the evaluation in this bill is, are you complying with your safety framework? ... This is a huge step forward, but I think there's more we can do," Wisor said. The law takes effect on January 1, 2028.
Why this matters for IT and Development professionals
For developers and engineers working on large-scale AI systems, this law introduces concrete compliance obligations: documented safety frameworks, incident reporting timelines, and annual third-party audits. While the $500 million revenue threshold limits immediate impact to major AI companies, the de facto national standard created by three large states will likely influence procurement requirements, enterprise risk assessments, and future regulations across the industry. IT professionals involved in AI deployment should begin familiarizing themselves with catastrophic risk assessment methodologies and audit-ready documentation practices.
Your membership also unlocks: