By ByteBot
Illinois lawmakers passed SB 315 this week with a 110-0 House vote — the first U.S. state law mandating annual independent safety audits for frontier AI companies. The Artificial Intelligence Safety Measures Act covers any company with $500M+ in annual revenue deploying frontier models: OpenAI, Anthropic, Google, and Meta are in scope. Governor Pritzker has committed to signing it; the law takes effect January 1, 2028. The bill passed the Senate 52-5 on May 21 and the House unanimously on May 27. For developers who build on AI platforms daily, this directly changes the accountability rules for the tools you depend on.
What SB 315 Actually Requires
The law creates five concrete obligations for covered companies. First, they must publish a transparency framework — a document detailing how the company assesses catastrophic risk, what mitigations are in place, and how governance works internally. Second, before deploying any new or substantially modified frontier model, companies must release summaries of their catastrophic-risk assessments. That means a paper trail before the next GPT or Claude release, not after. Third, companies must retain annual independent third-party auditors with specified access and publication requirements for audit results. Fourth, safety incidents must be reported to state officials within 72 hours of discovery. Fifth, companies file disclosure statements with the Illinois Emergency Management Agency, paying proportional fees to cover oversight costs. Civil penalties reach $3 million per violation, enforced exclusively by the Illinois attorney general. No private right of action exists — only the state can sue.
Notably, the 72-hour incident window deserves attention. The bill does not define precisely what qualifies as a reportable safety incident, which means covered companies need to build internal classification systems and escalation pathways well before the 2028 deadline. That infrastructure gap is already a compliance conversation at legal teams inside every major AI lab.
Why OpenAI and Anthropic Backed Their Own Regulation
Both OpenAI and Anthropic supported SB 315 throughout the legislative process. TechNet — the trade coalition representing the broader tech industry — opposed it, citing “highly subjective determinations requiring AI safety compliance without established national standards.” The bill passed 110-0 in the House anyway. That gap between lab support and trade group opposition is worth examining.
Anthropic’s head of U.S. government relations stated: “As these models grow more powerful, this kind of enforceable accountability matters more than ever.” That is a genuine position, but the strategic read is also coherent: the $500M revenue threshold effectively excludes most AI startups from compliance costs. Labs that already run red-teaming operations, safety teams, and Constitutional AI frameworks face far lower marginal audit costs than a competitor entering the market without that infrastructure. Mandatory audits, when you are already audit-ready, are a moat.
There is a third angle: both Anthropic and OpenAI are approaching valuations in the hundreds of billions ahead of potential IPOs. Institutional investors want regulated, auditable companies — not black boxes. Supporting SB 315 signals accountability before those conversations happen. Whether that is principled safety commitment, competitive positioning, or both, the effect is the same: the biggest AI labs helped write the law that will govern them.
Related: Altman and Amodei Flip on AI Jobs Ahead of $1T IPOs
A Third State in Three Weeks
Moreover, Illinois did not legislate in isolation. According to IAPP’s analysis of recent state AI bills, three states passed distinct AI regulatory frameworks in rapid succession: California issued an AI workforce executive order on May 21, Colorado’s employment algorithmic decision-making transparency law (SB 26-189) takes effect January 1, 2027, and Illinois SB 315 follows on January 1, 2028. These frameworks do not overlap — they stack. Frontier companies now face separate compliance obligations across three different regulatory architectures with different timelines and requirements.
Consequently, the White House has opposed provisions like SB 315, warning of a “burdensome jumble of state regulations” that could harm the AI industry. However, that opposition has not stopped states from legislating into the federal vacuum. The more relevant comparison is California’s CCPA: when one large state establishes a compliance baseline that major companies must meet, it often becomes a de facto national standard — because it is cheaper to build one global compliance architecture than separate state-by-state ones. If Pritzker signs as expected, Illinois may set the audit floor for the entire U.S. AI industry.
Key Takeaways
- Illinois SB 315 is the first U.S. law mandating annual third-party safety audits for frontier AI companies — covering OpenAI, Anthropic, Google, and Meta, effective January 1, 2028
- Covered companies must publish catastrophic-risk assessments before new model deployments, report safety incidents within 72 hours, and submit to annual independent audits with published results
- Both OpenAI and Anthropic supported the law — a mix of genuine safety conviction, competitive moat-building, and IPO positioning that makes the support less surprising than it first appears
- State AI regulations are stacking: California, Colorado, and Illinois passed distinct frameworks in three weeks; the federal vacuum is being filled state by state, and Illinois may become the de facto national audit standard
