Illinois Enacts Frontier AI Safety Law with Audit Mandate
The state becomes the third to regulate advanced AI models, adding unique third-party audit requirements to a now-standard compliance framework.

Illinois Joins California and New York in Frontier AI Regulation
Illinois has passed the Artificial Intelligence Safety Measures Act (SB 315), becoming the third state to enact comprehensive safety and transparency requirements for developers of advanced AI systems. The legislation, sent to the governor on June 26, 2026, closely follows regulatory frameworks already established in California and New York, signaling the emergence of a coordinated state-level approach to frontier AI governance.
The law applies to developers of "frontier models"—foundation models trained using more than 10^26 integer or floating-point operations—and imposes heightened obligations on "large frontier developers" with annual gross revenue exceeding $500 million. The Illinois Emergency Management Agency and Office of Homeland Security will administer the law in consultation with the attorney general.
Core Requirements Mirror California and New York
Starting January 1, 2028, large frontier developers operating in Illinois must publish a "frontier AI framework" addressing ten governance and risk-management topics, including risk thresholds, pre-deployment review, cybersecurity protections for model weights, and incident response protocols. Companies must file transparency reports before deploying new or modified frontier models and report critical safety incidents to the state within 72 hours—or 24 hours when imminent risk of death or serious injury exists.
The law adopts the same "catastrophic risk" definition used in California and New York: a foreseeable and material risk that a frontier model could materially contribute to the death of or serious injury to more than 50 people, or more than $1 billion in property damage, from a single incident. Covered scenarios include assistance with chemical, biological, radiological, or nuclear weapons; unsupervised cyberattacks; or a model evading its developer's control.
Civil penalties match New York's structure, with fines up to $1 million for first violations and $3 million for subsequent violations, enforced by the attorney general. The law prohibits materially false or misleading statements about catastrophic risk or framework compliance, though it includes a good-faith exception and creates no private right of action.
Illinois Adds Distinctive Audit and Whistleblower Provisions
While following the same structural template as California and New York, Illinois introduces several unique requirements. Most significantly, it mandates annual independent third-party audits of large frontier developer compliance beginning January 1, 2028. The law specifies detailed requirements for auditor competence, conflict-of-interest screening, and public report publication. Neither California nor New York requires independent audits.
Illinois also enhances whistleblower protections beyond what California offers and what New York lacks entirely. Large frontier developers must maintain an anonymous internal reporting process with monthly status updates to reporting employees and quarterly disclosure summaries to officers and directors. Covered employees may also use the Illinois attorney general's Workplace Rights Hotline.
Additionally, SB 315 preempts local AI regulation, declaring that regulation of AI frontier models is "an exclusive power and function of the State" under the Illinois Constitution. While California's law also preempts local regulation, New York's legislation is silent on this issue.
Why it matters
With three major states now adopting substantially harmonized frontier AI legislation, developers of advanced models face what has effectively become a de facto national compliance standard. Companies deploying frontier models will need to meet these requirements to operate in states representing a significant portion of the U.S. economy and technology sector. The differences in audit mandates and whistleblower requirements mean compliance teams cannot simply copy-paste frameworks across states—they must account for state-specific obligations even within a common regulatory structure.
The law takes effect January 1, 2027, with disclosure and whistleblower obligations beginning immediately and the full frontier AI framework and audit requirements starting January 1, 2028.
These details were first reported by Davis Wright Tremaine LLP in their AI Law Advisor blog.
This is an original analysis by the Omega editorial team. Source reporting: AI Watch.
Want systems like this working for your business?
Book a Call