Illinois Gov. JB Pritzker signed the Artificial Intelligence Safety Measures Act into law on July 6, 2026, imposing new transparency and safety requirements on developers of the largest AI models. The law aligns with similar statutes in California and New York, and its supporters say the three-state bloc creates a de facto national regulatory framework for an industry that has largely escaped federal oversight.
"Congress and the president ought to be passing similar legislation, but they've so far been unwilling, because many are captive to special interests that profit from the industry having no regulation," Pritzker said before the signing. "We can work together to establish thoughtful guardrails in ways that benefit both industry and the public, or we can allow a handful of actors to evade accountability and push the costs and detriment onto ordinary people. Illinois has chosen our path."
Who the law covers and what it requires
The measure targets AI models trained with massive computing power and generating more than $500 million in annual revenue. Developers must publish a safety framework that explains how they identify and assess catastrophic risk - defined as the likelihood of incidents causing death or serious injury to more than 50 people or more than $1 million in property damage.
Firms must also report any harmful incident to the state within 72 hours, or within 24 hours if the event poses an imminent risk of death or serious physical injury. "We have already seen the first AI-inspired mass shooting. We have already seen AI systems utilized to attack a municipal water and drainage utility," said Rep. Daniel Didech, the bill's House sponsor. He pointed to the example of Anthropic's Mythos model, which the company deemed too powerful as a cyberweapon to release publicly.
First-in-the-nation audit mandate
Illinois' version of the law adds a requirement that covered developers undergo mandatory annual third-party audits. New York's comparable law required only a single independent audit at the point a developer grew large enough to qualify. That provision drew pushback from industry group TechNet during committee hearings.
"We remain concerned that Illinois would effectively be requiring private actors to make highly subjective determinations requiring AI safety compliance without established national standards, certifications, or clear regulatory guardrails," said TechNet representative Ninia Linero.
The bill passed with wide bipartisan support - unanimously in the House and with just five Republican no votes in the Senate. OpenAI and Anthropic both endorsed the legislation. OpenAI's Caitlin Niedermeyer told lawmakers the company saw a role for Illinois, California, and New York "really to lead in advancing aligned frameworks, which we believe can absolutely help create a de facto national direction of travel."
Penalties and what comes next
The attorney general can pursue civil penalties of up to $1 million for a first violation and up to $3 million for subsequent violations. Didech said medical care and education are likely next frontiers for evaluating AI public safety risks. Scott Wisor, policy director for Secure AI, said future work should involve more external evaluation of the risks models pose, not just verifying compliance with a company's own safety plan.
"Right now, the evaluation in this bill is, are you complying with your safety framework? Because suppose you had a safety framework, just like, 'We're going to do A, B, C, and D,' you do that, the evaluator confirms it, and yet it's still a risky thing to have out in the world," Wisor said. The law takes effect on Jan. 1, 2028.
Why this matters for legal professionals
The reporting obligations and third-party audit mandate create immediate documentation and compliance pressures for large AI developers. Because Illinois, California, and New York together account for an estimated 40% of the U.S. AI market, these state-level rules will influence how companies design safety protocols nationwide. In-house and outside counsel advising AI firms will need to track the interplay among the three states' frameworks and prepare clients for investigations if an incident triggers the 24-hour notification deadline. Civil penalties escalate quickly, making thorough internal reporting systems and audit-ready records a practical necessity.
For legal professionals building expertise in this fast-moving regulatory area, resources like AI for Legal training can help deepen understanding of the technical and compliance risks that now carry significant financial exposure.
Your membership also unlocks: