Illinois Just Passed the Strongest AI Safety Law in America — And OpenAI Can’t Be Happy About It
Table of Contents
What Is Illinois SB 315?
While Silicon Valley has been lobbying furiously against AI regulation at every level of government, the state of Illinois just quietly passed the most aggressive AI safety legislation in the United States. SB 315, the Artificial Intelligence Safety Measures Act, will require frontier AI companies like OpenAI, Anthropic, and Google DeepMind to submit to mandatory third-party safety audits — something no other U.S. jurisdiction has ever mandated. And when the House voted on it, the result was not even close: 110 to 0.
Let that number sink in. In a political environment where virtually nothing achieves bipartisan consensus, every single member of the Illinois House of Representatives voted in favor of requiring AI companies to prove their models are safe. The Senate had previously approved the bill on May 21, 2026, and Governor J.B. Pritzker has indicated he will sign it into law. When it takes effect, every major AI lab in the world will need to comply or face legal consequences in one of America’s largest states.
This is not the watered-down, industry-friendly regulation that tech companies prefer. SB 315 has real teeth — mandatory independent audits, public disclosure requirements, and a 72-hour incident reporting window that borrows from aviation and nuclear safety frameworks. For the first time in the United States, AI companies will face external accountability for the safety of their most powerful models.
Unanimous 110-0 Vote: Why That Matters
The unanimous House vote is arguably the most significant aspect of SB 315. AI regulation has been a politically contentious issue, with tech companies spending millions on lobbying and the political divide over regulation tracking roughly along partisan lines — Democrats generally favoring more oversight and Republicans generally preferring lighter regulation.
For both parties to unanimously support mandatory AI safety audits suggests a bipartisan consensus has emerged around the idea that the most powerful AI systems need external oversight. This consensus was likely driven by the rapid proliferation of AI capabilities over the past two years, growing public concern about AI safety risks, and high-profile incidents that have made the abstract risks of AI feel very concrete to lawmakers.
The unanimous vote also makes it extremely difficult for the AI industry to challenge the law politically. When a bill passes 110-0, any attempt to overturn or weaken it faces an uphill battle — there is no partisan wedge to exploit and no political coalition to rally against it. The tech industry’s lobbying playbook, which relies heavily on partisan divisions, simply does not work against this kind of consensus.
What the Bill Requires From AI Companies
SB 315 establishes several key requirements for companies developing frontier AI models. First, covered companies must create, publish, and annually update detailed safety plans that address severe or catastrophic risks from their AI models. These plans must identify specific risks, describe mitigation strategies, and explain how the company will monitor for emerging threats.
Second, companies must submit to annual independent third-party audits of their safety practices. These audits are not self-assessments or industry-led reviews — they must be conducted by accredited independent auditors who have no financial relationship with the company being audited. The audit results must be made publicly available, creating transparency that the AI industry has fiercely resisted.
Third, the bill establishes a 72-hour reporting window for AI safety incidents. When a covered company identifies a safety incident involving one of its frontier models, it must notify the relevant authorities within 72 hours. This is modeled on incident reporting requirements in other high-risk industries like aviation and nuclear energy, where rapid disclosure is essential for learning from failures and preventing recurrence.
The Third-Party Audit Requirement
The mandatory third-party audit is the centerpiece of SB 315 and the provision that AI companies are most nervous about. Currently, AI safety assessments are largely self-reported — companies publish model cards, safety reports, and red-teaming results that they control and curate. Critics have long argued that these self-assessments are inherently conflicted, since companies have strong financial incentives to downplay risks and overstate safety measures.
Independent audits would change this dynamic fundamentally. An accredited third-party auditor would have access to the company’s internal safety documentation, testing results, and incident records. They would evaluate whether the company’s safety practices match its public claims and whether its risk mitigation strategies are adequate given the capabilities of its models. The audit results would then be published, creating a permanent public record.
The practical challenge is that the field of AI safety auditing barely exists yet. There are few organizations with the technical expertise to meaningfully evaluate frontier AI systems, and standards for what constitutes a thorough AI safety audit have not been established. SB 315 will need to address these gaps, likely through the development of accreditation standards and audit frameworks in collaboration with existing AI safety research organizations.
72-Hour Incident Reporting: The NTSB for AI
The 72-hour incident reporting requirement is inspired by regulatory frameworks in aviation (where the NTSB requires immediate reporting of accidents and incidents) and nuclear energy (where the NRC mandates prompt disclosure of safety events). Applying this framework to AI acknowledges that frontier AI systems have become critical infrastructure whose failures can have far-reaching consequences.
The definition of an “AI safety incident” under the bill is broad enough to capture a wide range of events — from models producing harmful outputs that cause real-world damage to security breaches that compromise model weights or training data. The 72-hour window is tight enough to be meaningful but provides enough time for companies to conduct initial assessment and prepare a substantive disclosure.
This requirement addresses a persistent frustration in the AI safety community: the information asymmetry between AI companies and the public. When an AI model behaves unexpectedly or causes harm, the company that deployed it currently has no obligation to disclose what happened, why it happened, or what they are doing about it. The 72-hour reporting requirement closes that gap and creates a feedback loop that should improve safety practices over time.
Which Companies Are Affected
SB 315 applies to companies with more than $500 million in annual gross revenue that deploy frontier models capable of catastrophic risk. This threshold captures the major AI labs — OpenAI, Anthropic, Google DeepMind, Meta AI, and potentially others — while exempting smaller AI companies and startups that do not operate at frontier scale.
The $500 million revenue threshold is calibrated to target companies that have both the resources and the obligation to maintain robust safety practices. It avoids burdening early-stage startups with compliance costs they cannot afford while ensuring that the companies building the most powerful AI systems in the world are held to appropriate standards.
The “catastrophic risk” component adds a capability-based filter. Not every large AI company operates at the frontier — many use established models for specific applications that do not pose catastrophic risks. The bill targets specifically those companies that are pushing the boundaries of AI capability, where the potential for severe negative outcomes is highest.
California Tried and Failed — Illinois Succeeded
Illinois’s success stands in sharp contrast to California’s failed attempt at AI safety legislation. California’s SB 1047, proposed in 2024, would have imposed safety requirements on frontier AI developers but was vetoed by Governor Newsom after intense lobbying by the AI industry. The California bill’s failure was widely seen as a victory for the tech lobby and a setback for AI regulation in the United States.
Illinois succeeded where California failed for several reasons. First, the political dynamics are different — Illinois does not have the same economic dependence on the tech industry that makes California legislators susceptible to industry pressure. Second, SB 315 benefited from the additional year of AI development and public discourse that occurred after the California vote, during which AI capabilities advanced dramatically and public concern about AI safety grew. Third, the bill’s supporters learned from California’s mistakes, crafting a narrower and more targeted bill that was harder to argue against.
The Domino Effect: New York, Connecticut, and Beyond
Illinois is not the only state moving on AI regulation. New York and Connecticut have also advanced notable AI legislation, creating what could become a patchwork of state-level AI regulations that collectively shape how AI companies operate across the country. This mirrors the pattern established by state-level data privacy laws, where California’s CCPA was followed by similar legislation in dozens of other states.
The state-by-state approach has both advantages and disadvantages for the AI industry. On one hand, it allows for experimentation and learning — different states can try different approaches and see what works. On the other hand, a patchwork of conflicting state regulations creates compliance complexity and uncertainty that the industry would prefer to avoid. Many AI companies have argued that federal legislation would be preferable to state-level regulation, but Congress has shown little inclination to act.
What the AI Industry Thinks
The AI industry’s response to SB 315 has been notably subdued compared to the fierce opposition that killed California’s bill. Publicly, major AI companies have expressed support for the principles of transparency and accountability while raising concerns about specific implementation details. Privately, industry insiders are reportedly more worried — particularly about the precedent that mandatory third-party audits set and the potential for other states to adopt similar or more aggressive measures.
Some AI safety researchers have praised the bill as a necessary first step toward meaningful AI governance. The third-party audit requirement, in particular, has been championed by researchers who have long argued that self-regulation is insufficient for technology with potential catastrophic consequences. However, they also caution that the effectiveness of the law will depend entirely on the quality of the audit standards and the independence of the auditors.
Governor Pritzker Expected to Sign
Governor J.B. Pritzker has indicated that he will sign SB 315 into law, which would make Illinois the first state in the nation to require mandatory third-party safety audits of frontier AI systems. Pritzker has been vocal about his belief that AI innovation and AI safety are not mutually exclusive, and that responsible regulation can strengthen rather than hinder the AI industry.
Once signed, the law will take effect following a designated implementation period that gives covered companies time to establish compliance programs, select qualified auditors, and prepare their first safety disclosures. The exact timeline for full enforcement has not been finalized, but industry observers expect companies to have approximately 12 to 18 months to achieve full compliance.
The Bottom Line
Illinois SB 315 is the most significant AI safety legislation passed in the United States to date, and its unanimous passage signals a political consensus around AI oversight that the industry cannot afford to ignore. Mandatory third-party audits, 72-hour incident reporting, and public safety disclosures represent a regulatory framework that treats frontier AI systems with the seriousness their potential impacts demand. Whether you see this as necessary safeguarding or regulatory overreach probably depends on how much faith you have in AI companies to police themselves — and given the industry’s track record, Illinois lawmakers clearly decided that faith alone is not enough.