Illinois just gave frontier AI labs their steepest compliance mandate yet.
SB 315, the Artificial Intelligence Safety Measures Act, passed the Senate on May 21 and the House on May 27. Gov. JB Pritzker said he’ll sign it. Once he does, large frontier developers face four obligations: create a frontier AI framework addressing risks and governance, file transparency reports before deploying new models, submit to annual independent third-party audits, and report critical safety incidents. Whistleblower protections for employees who flag violations come standard.
The third-party audit requirement is the sharpest edge here. Unlike California’s and New York’s frontier AI laws, Illinois’s version requires independent auditors to verify that a lab is actually adhering to its own stated safety standards, not just publishing them.
Here’s the tell: OpenAI endorsed SB 315, calling it “a thoughtful approach” and noting that three states are now “beginning to create a de facto national framework.” When the largest regulated entity publicly backs a compliance regime, it’s usually because the cost of entry fits their infrastructure and not many others’. A compliance team OpenAI fields in a quarter takes a Series B startup two years to hire.
For founders building on top of frontier APIs, this law doesn’t bite you yet. But if your inference provider qualifies as a large frontier developer under Illinois law, add two items to your diligence checklist: when their first audit report drops, and what happens to your SLA if they get cited.
— Nathan Zakhary