On July 6, 2026, Illinois Governor JB Pritzker signed into law SB 315, a frontier model safety act that resembles the New York RAISE Act, discussed in our prior blog post here, and California’s Transparency in Frontier Artificial Intelligence Act (TFAIA), discussed in our prior blog post here. The law takes effect January 1, 2027, with transparency-reporting and audit obligations beginning January 1, 2028.  Similar to the New York and California laws, SB 315 will apply to frontier developers (i.e., persons that train, or initiate the training of, a frontier model using computing power greater than 10^26 integer or floating point operations), with certain provisions applicable only to large frontier developers (i.e., frontier developers with annual gross revenue over $500 million in the preceding year). SB 315 also includes public safety disclosure and reporting requirements. Notably, SB 315 also imposes a third-party audit requirement not found in either the New York or the California law.

  • Frontier AI Frameworks: Large frontier model developers must implement, publicly post, and maintain a frontier AI framework that describes how the developer addresses catastrophic-risk assessment, mitigations, internal governance, cybersecurity, third-party evaluations, and risks from internal use of frontier models. This framework must be reviewed at least once per year, and where there are material updates, the modified framework and a justification must be clearly and conspicuously posted within 30 days.  For these frameworks, SB 315 takes an approach similar to TFAIA’s requirement that large frontier model developers describe their “approach” to these topics, rather than the RAISE Act’s requirement to describe how they “handle” these topics “in detail.”
  • Transparency Reports: Before deploying a new frontier model or substantially modifying an existing frontier model, all frontier developers must clearly and conspicuously publish a transparency report that includes, among other things, a mechanism for a natural person to communicate with the frontier developer, the languages supported by the model, any generally applicable restrictions or conditions on use, and summaries of catastrophic risk assessments.
  • Third Party Audits: Large frontier developers must retain independent third parties to annually audit compliance with SB 315. The auditor’s report must include, among other things, a description of any material deviations from the law and an assessment of the large frontier developer’s internal controls.
  • Reporting: The regulator must establish a mechanism that a frontier developer or member of the public can use to report a critical safety incident. Frontier developers must report to the Illinois Emergency Management Agency (“Agency”) and Attorney General within 72 hours after learning facts sufficient to establish a reasonable belief that a critical safety incident has occurred. If an incident involves an imminent risk of death or serious physical injury, the law requires reporting within 24 hours to the appropriate law enforcement or public safety agency.
  • Large Frontier Developer Disclosures: Beginning January 1, 2027, a large frontier developer generally may not develop, deploy, or operate a frontier model in Illinois without a current disclosure statement and payment of a required fee. The disclosure statement must identify the large frontier developer’s name and address and a primary, secondary, and tertiary point of contact.
  • Employee Reporting Protections: Similar to California’s TFAIA and Connecticut’s recently passed omnibus AI law, SB 315 will prohibit any frontier developer from preventing a covered employee from disclosing, or retaliating against a covered employee for disclosing, certain safety-related information to the government or a person with authority over the employee. Frontier developers must provide clear notice of these rights to the employee on a specified cadence and in a specified form.
  • Enforcement: The Attorney General has exclusive authority to enforce SB 315, except for relevant claims under Illinois’s Whistleblower Act, and the law does not create a private right of action. Failure to publish or transmit compliant documents, perform required third-party audits, disclose critical safety incidents, or comply with a frontier AI framework is subject to civil penalties of up to $1 million for a first violation and $3 million for each subsequent violation.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jennifer Johnson Jennifer Johnson

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors…

Jennifer Johnson is a partner specializing in communications, media and technology matters who serves as Co-Chair of Covington’s Technology Industry Group and its global and multi-disciplinary Artificial Intelligence (AI) and Internet of Things (IoT) Groups. She represents and advises technology companies, content distributors, television companies, trade associations, and other entities on a wide range of media and technology matters. Jennifer has three decades of experience advising clients in the communications, media and technology sectors, and has held leadership roles in these practices for more than twenty years. On technology issues, she collaborates with Covington’s global, multi-disciplinary team to assist companies navigating the complex statutory and regulatory constructs surrounding this evolving area, including product counseling and technology transactions related to connected and autonomous vehicles, internet connected devices, artificial intelligence, smart ecosystems, and other IoT products and services. Jennifer serves on the Board of Editors of The Journal of Robotics, Artificial Intelligence & Law.

Jennifer assists clients in developing and pursuing strategic business and policy objectives before the Federal Communications Commission (FCC) and Congress and through transactions and other business arrangements. She regularly advises clients on FCC regulatory matters and advocates frequently before the FCC. Jennifer has extensive experience negotiating content acquisition and distribution agreements for media and technology companies, including program distribution agreements, network affiliation and other program rights agreements, and agreements providing for the aggregation and distribution of content on over-the-top app-based platforms. She also assists investment clients in structuring, evaluating, and pursuing potential investments in media and technology companies.

Photo of Jayne Ponder Jayne Ponder

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy…

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy, artificial intelligence, sensitive data and biometrics, marketing and online advertising, connected devices, and social media. For example, Jayne regularly advises clients on the California Consumer Privacy Act, Colorado AI Act, and the developing patchwork of U.S. state data privacy and artificial intelligence laws. She advises clients on drafting consumer notices, designing consent flows and consumer choices, drafting and negotiating commercial terms, building consumer rights processes, and undertaking data protection impact assessments. In addition, she routinely partners with clients on the development of risk-based privacy and artificial intelligence governance programs that reflect the dynamic regulatory environment and incorporate practical mitigation measures.

Jayne routinely represents clients in enforcement actions brought by the Federal Trade Commission and state attorneys general, particularly in areas related to data privacy, artificial intelligence, advertising, and cybersecurity. Additionally, she helps clients to advance advocacy in rulemaking processes led by federal and state regulators on data privacy, cybersecurity, and artificial intelligence topics.

As part of her practice, Jayne also advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.

Jayne maintains an active pro bono practice, including assisting small and nonprofit entities with data privacy topics and elder estate planning.

Photo of Vanessa Lauber Vanessa Lauber

Vanessa Lauber is an associate in the firm’s New York office and a member of the Data Privacy and Cybersecurity Practice Group, counseling clients on data privacy and emerging technologies, including artificial intelligence.

Vanessa’s practice includes partnering with clients on compliance with federal…

Vanessa Lauber is an associate in the firm’s New York office and a member of the Data Privacy and Cybersecurity Practice Group, counseling clients on data privacy and emerging technologies, including artificial intelligence.

Vanessa’s practice includes partnering with clients on compliance with federal and state privacy laws and FTC and consumer protection laws and guidance. Additionally, Vanessa routinely counsels clients on drafting and developing privacy notices and policies. Vanessa also advises clients on trends in artificial intelligence regulations and helps design governance programs for the development and deployment of artificial intelligence technologies across a number of industries.

Photo of Evan Chiacchiaro Evan Chiacchiaro

Evan Chiacchiaro is an associate in the firm’s Washington, DC office and member of the Technology and Communications Regulation Practice Group.

Evan advises clients on a range of technology regulatory issues, including emerging artificial intelligence compliance matters and compliance with Federal Communications Commission…

Evan Chiacchiaro is an associate in the firm’s Washington, DC office and member of the Technology and Communications Regulation Practice Group.

Evan advises clients on a range of technology regulatory issues, including emerging artificial intelligence compliance matters and compliance with Federal Communications Commission (FCC) regulations. Evan also maintains an active pro bono practice focused on civil rights.