[Breaking] Illinois Passes Landmark AI Safety Law, Skirting Federal Gridlock

Illinois has passed the strongest AI safety law in the United States, requiring frontier AI developers to submit independent third-party safety audits, report critical incidents within 72 hours, and provide whistleblower protections for employees who surface emerging risks.

What SB 315 requires

Senate Bill 315, sponsored by Democratic Representative Daniel Didech, targets companies developing the most capable frontier AI models. Key provisions:

• **Public safety plans** — firms must publish how they evaluate and mitigate catastrophic risks
• **Annual independent audits** — third-party safety testing by accredited firms such as Deloitte, EY, KPMG, or PwC
• **72-hour incident reporting** — critical safety incidents must be reported to the state within three days (24 hours if there is an imminent risk of death or serious harm)
• **Whistleblower protections** — employees who report safety concerns are protected under Illinois whistleblower law

Governor J.B. Pritzker has confirmed he will sign the bill, proclaiming that "Illinois is leading the nation in holding Big Tech accountable."

Why OpenAI and Anthropic support it

Both OpenAI and Anthropic — whose models would be directly affected — supported SB 315. Anthropic's head of state and local government relations, Cesar Fernandez, said the law's requirements mirror safety testing protocols that leading AI firms are already voluntarily doing.

The subtext is that big AI firms can easily meet the requirements, while smaller competitors may struggle with the compliance costs. This dynamic mirrors the ongoing tension in AI regulation: incumbents often benefit from rules that raise the barrier to entry.

This also marks a shift in approach from the Trump administration, which has prioritised promoting AI industry growth over regulation. President Trump had reportedly been considering an executive order on federal AI safety testing, but leaked plans drew criticism that the federal government lacks the expertise to audit frontier models effectively.

What it means for the self-hosted AI community

While SB 315 primarily targets frontier AI firms (those developing the largest, most capable models), its implications ripple through the broader AI ecosystem:

• **Smaller AI firms** will face increased compliance pressure if similar laws spread to other states
• **Open-source models** may benefit from regulatory arbitrage — if frontier proprietary models face costly audits, organisations may turn to self-hosted open models to avoid compliance overhead
• **Audit expectations** could eventually trickle down to AI service providers, much like SOC 2 compliance began with large SaaS firms and became industry-standard

For a broader look at how regulation affects private AI operations, see Decision Guide for Going Private with AI at Home or in a Small Team.

What comes next

Didech made it clear that state-level regulation is a fallback, not a preference. "The states shouldn't be doing this," he said. "The best way to regulate these types of catastrophic risks would be a federal approach. But the reality is that Congress has not taken up this issue yet."

The law takes effect when Pritzker signs it, but enforcement mechanisms and the exact definition of "frontier model" will be refined through rulemaking. Firms operating in Illinois — or serving Illinois users — should begin preparing compliance frameworks now.

**Source:** Ars Technica — Trump loses more control over AI regulation as Illinois passes landmark law