On July 6, 2026, Illinois Governor JB Pritzker signed into law SB 315, a frontier model safety act that resembles the New York RAISE Act, discussed in our prior blog post here, and California’s Transparency in Frontier Artificial Intelligence Act (TFAIA), discussed in our prior blog post here. The law takes effect January 1, 2027, with transparency-reporting and audit obligations beginning January 1, 2028. Similar to the New York and California laws, SB 315 will apply to frontier developers (i.e., persons that train, or initiate the training of, a frontier model using computing power greater than 10^26 integer or floating point operations), with certain provisions applicable only to large frontier developers (i.e., frontier developers with annual gross revenue over $500 million in the preceding year). SB 315 also includes public safety disclosure and reporting requirements. Notably, SB 315 also imposes a third-party audit requirement not found in either the New York or the California law.
- Frontier AI Frameworks: Large frontier model developers must implement, publicly post, and maintain a frontier AI framework that describes how the developer addresses catastrophic-risk assessment, mitigations, internal governance, cybersecurity, third-party evaluations, and risks from internal use of frontier models. This framework must be reviewed at least once per year, and where there are material updates, the modified framework and a justification must be clearly and conspicuously posted within 30 days. For these frameworks, SB 315 takes an approach similar to TFAIA’s requirement that large frontier model developers describe their “approach” to these topics, rather than the RAISE Act’s requirement to describe how they “handle” these topics “in detail.”
- Transparency Reports: Before deploying a new frontier model or substantially modifying an existing frontier model, all frontier developers must clearly and conspicuously publish a transparency report that includes, among other things, a mechanism for a natural person to communicate with the frontier developer, the languages supported by the model, any generally applicable restrictions or conditions on use, and summaries of catastrophic risk assessments.
- Third Party Audits: Large frontier developers must retain independent third parties to annually audit compliance with SB 315. The auditor’s report must include, among other things, a description of any material deviations from the law and an assessment of the large frontier developer’s internal controls.
- Reporting: The regulator must establish a mechanism that a frontier developer or member of the public can use to report a critical safety incident. Frontier developers must report to the Illinois Emergency Management Agency (“Agency”) and Attorney General within 72 hours after learning facts sufficient to establish a reasonable belief that a critical safety incident has occurred. If an incident involves an imminent risk of death or serious physical injury, the law requires reporting within 24 hours to the appropriate law enforcement or public safety agency.
- Large Frontier Developer Disclosures: Beginning January 1, 2027, a large frontier developer generally may not develop, deploy, or operate a frontier model in Illinois without a current disclosure statement and payment of a required fee. The disclosure statement must identify the large frontier developer’s name and address and a primary, secondary, and tertiary point of contact.
- Employee Reporting Protections: Similar to California’s TFAIA and Connecticut’s recently passed omnibus AI law, SB 315 will prohibit any frontier developer from preventing a covered employee from disclosing, or retaliating against a covered employee for disclosing, certain safety-related information to the government or a person with authority over the employee. Frontier developers must provide clear notice of these rights to the employee on a specified cadence and in a specified form.
- Enforcement: The Attorney General has exclusive authority to enforce SB 315, except for relevant claims under Illinois’s Whistleblower Act, and the law does not create a private right of action. Failure to publish or transmit compliant documents, perform required third-party audits, disclose critical safety incidents, or comply with a frontier AI framework is subject to civil penalties of up to $1 million for a first violation and $3 million for each subsequent violation.