Illinois passes the strictest AI law in the US with mandatory audits
SB 315 requires large developers to undergo independent audits, create safety plans, and report incidents within 24 hours.
July 10, 2026 · 3 min read
TL;DR: Illinois has passed the strictest AI law in the US, requiring annual independent audits, safety plans, and incident notification for large developers. Fines reach $3 million and whistleblowers are protected.
What happened?
On July 7, 2026, Illinois Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act (SB 315), which will take effect on January 1, 2027. The law passed with exceptional bipartisan support: 110-0 in the House and 52-5 in the Senate, according to the Chicago Sun-Times. This regulation applies to developers of frontier AI models with annual revenues exceeding $500 million, including OpenAI, Anthropic, Google DeepMind, Meta, and Microsoft, among others.
What does the law require?
SB 315 establishes four main obligations:
- Annual safety plans: Companies must publish and update each year a detailed plan identifying and mitigating catastrophic risks, such as those that could cause the death of more than 50 people or facilitate the creation of biological, chemical, radiological, or nuclear weapons.
- Mandatory independent audits: For the first time in the US, an annual external audit is required, conducted by experts without financial conflicts of interest with the audited companies.
- Incident notification: Companies must report critical safety incidents to the state within 72 hours, or within 24 hours if the incident poses an imminent risk of death or serious physical harm.
- Whistleblower protection: Confidential reporting channels and legal protections are established for employees who report unsafe or unethical practices.
Civil penalties can reach up to $3 million per violation, according to statements from Attorney General Kwame Raoul.
Why is this important?
Illinois is ahead of the federal government, which has yet to articulate a coherent national regulation. California and New York had passed similar laws in structure, but none included the requirement for mandatory independent audits. This law sets a precedent that could influence future regulations at the federal level and in other states.
The law reflects growing concern about existential risks from AI. The language of the regulation, which specifically mentions the death of more than 50 people and weapons of mass destruction, shows the seriousness with which lawmakers are addressing these dangers.
Consequences for companies and users
For big tech companies, the law means additional costs in compliance, audits, and adjustments to their development processes. Companies like OpenAI and Anthropic have already expressed support for regulation, but may face practical challenges in adapting to the timelines.
For users and society, the law offers greater transparency and accountability. Safety plans and independent audits will provide better insight into company practices and reduce information asymmetry. Additionally, whistleblower protection fosters a safety culture within organizations.
What readers should know
This law is just the beginning. Other states are expected to follow Illinois' lead, and the federal government is likely to accelerate its own regulatory efforts. Companies operating in Illinois must prepare to meet the requirements before January 2027. For everyone else, it is a sign that AI regulation is advancing rapidly, with transparency and safety as central pillars.
The law also raises questions about its scope: How are “catastrophic risks” defined? What standards will audits follow? How will auditor independence be ensured? These issues will be resolved in the coming months, but the direction is clear.
“Illinois has taken a bold step that could redefine AI governance in the United States. The combination of independent audits, public safety plans, and whistleblower protection sets a new global standard.” — Analyst at TheVortiq