Illinois has passed SB 315, a bill mandating independent third-party safety audits for the largest AI companies — the first legal requirement of this kind in the United States. The state House of Representatives approved it 110-0 and Governor JB Pritzker announced he would sign it, calling it a precedent for holding Big Tech accountable for AI.
Key takeaways
- SB 315 passed the House 110-0 and the Senate 52-5
- Requires independent AI safety audits — the first such mandate in US law
- OpenAI and Anthropic support the bill; industry group CCIA opposes it
- Trump declined to sign a federal AI safety executive order days earlier
- The law takes effect January 1 if signed by the governor
What SB 315 requires
SB 315 imposes three key obligations on frontier AI companies — those like OpenAI and Anthropic that develop advanced AI models. First, companies must create, publish, and annually update plans to address severe or catastrophic risks from their AI models. Second — and this is new at a national level — they must undergo annual independent third-party safety audits. Third, they must establish whistleblower protections for employees who report violations internally or publicly.
The law applies to companies operating in Illinois. In practice, this covers all major AI model providers, since they have users and infrastructure distributed nationwide. Violations are subject to civil penalties.
How Illinois goes further than California and New York
Illinois is not the first state to regulate AI. California passed SB 53, establishing transparency standards for AI companies, and New York is working on its own framework. But neither requires mandatory independent external audits — a qualitative difference, not merely a quantitative one. SB 315 creates a third-party verification mechanism, meaning companies can no longer rely solely on their own safety assessments.
The bill's House sponsor, Democratic Representative Daniel Didech, put it plainly: "The states shouldn't be doing this. The best way to regulate these types of catastrophic risks would be a federal approach. The reality is that Congress has not taken up this issue yet, and the technology is developing at such a rapid pace that states have had no choice."
Industry divided
Reactions from the private sector are mixed. OpenAI issued a statement supporting the bill, praising the Illinois legislature’s "real bipartisan leadership." Spokesperson Jamie Radice said that "as AI systems become more capable, clear expectations around safety, transparency, incident reporting, and accountability matter." Anthropic was similarly supportive, with its head of state and local government relations Cesar Fernandez calling SB 315 a baseline "that every leading AI developer is expected to meet."
On the other side, the Computer & Communications Industry Association (CCIA), which represents companies including Google, Meta, and xAI (none of which commented directly on the bill), submitted formal objections. CCIA argues that a patchwork of state regulations will impose conflicting requirements on companies and effectively slow AI development in the US.
The White House retreats from federal regulation
SB 315 passed at a critical political moment. Just days before, President Donald Trump declined to sign a planned executive order that would have established a voluntary federal framework for AI safety testing. The draft order reportedly would have allowed government agencies to vet advanced AI models for safety issues before public release. The administration justified the reversal by citing concerns that such regulation would hamper investment and innovation in the AI sector.
The federal government's retreat from AI safety regulation has created a regulatory vacuum that states — with Illinois leading the way — are now trying to fill. It is a textbook example of federalism in action: when Washington steps back, Springfield, Sacramento, and Albany step up.
Why this matters
SB 315 is a precedent that could set a new regulatory standard for the country. Mandatory third-party audits are a mechanism well-known from financial services and pharma, but previously absent from AI regulation. If the law takes effect and proves workable, other states will likely follow Illinois — just as California's privacy law became an informal model for other jurisdictions.
The divide between OpenAI and Anthropic on one side and CCIA on the other reveals a deeper split: large frontier AI labs that already invest heavily in safety and transparency may actually gain competitive advantage from this regulation — because smaller players without resources for audits will struggle to comply. A regulation that ostensibly protects the public could paradoxically entrench dominant players.
The real test will come at the implementation stage: who conducts the audits, according to what standards, and with what enforcement power? The bill does not specify these details in a way that would prevent companies from selecting auditors favorable to their own safety approaches. The regulatory details will matter as much as the law itself.
What's next?
- Governor JB Pritzker has pledged to sign the bill; the Legislature has 30 days to transmit it.
- SB 315 takes effect January 1, 2027 — companies have months to prepare for audit requirements.
- Other states — particularly New York and Massachusetts — may use SB 315 as a template for their own AI audit legislation.
