AI Regulation Tracker / Regulation in force
Illinois Just Passed a Sweeping Frontier AI Law. It Does Not Touch Your Practice
Governor Pritzker signed the AI Safety Measures Act on July 6. It binds a handful of billion-dollar model builders, not the professionals who use their tools. Here is the line that matters.
Illinois Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act into law on July 6, 2026. The Governor's office called it a nation-leading measure and the first to require independent third-party audits of frontier AI safety protocols. The bill, SB0315, became Public Act 104-0538, and passed the Illinois House 110 to 0.
The coverage that followed used words like landmark and strictest. But for the professional reading a headline about a new AI law in a state where they practice, the more useful fact is this: the Act does not regulate you. It regulates the companies that build the largest models, and it draws the line high enough that only a few of them qualify.
Who the law actually binds
The Act reaches a defined category it calls a "large frontier developer." Two conditions both have to be met. First, the developer, together with its affiliates, had "annual gross revenues in excess of $500,000,000 in the preceding calendar year." Second, it trains a "frontier model," which the statute defines as a foundation model "trained using a quantity of computing power greater than 10 to the 26th integer or floating-point operations."
That combination is deliberate. It describes a short list of well-capitalized labs, not a law firm running a document review tool, not an advisory practice using a research assistant, and not a brokerage generating listing copy. If your business is on the buying side of AI, you are outside the definition.
What the covered developers now owe
For the companies inside the line, the obligations are concrete. Beginning January 1, 2028, a large frontier developer must "create, implement, publish" and annually review a frontier AI framework, defined as "documented technical and organizational protocols to manage, assess, and mitigate catastrophic risks." From the same date, the developer must "annually retain a third party to perform an independent audit of compliance," and the auditor cannot hold a financial interest or be paid on the basis of the result.
The statute also builds a reporting duty. A developer must report a critical safety incident "to the Agency and the Attorney General within 72 hours" of forming a reasonable belief that one occurred. If an incident "poses an imminent risk of death or serious physical injury," the disclosure window drops to 24 hours to a law enforcement or public safety authority.
The word doing the heavy lifting is "catastrophic risk," and the statute defines it at a scale that clarifies the law's intent. It means a foreseeable and material risk that a model "will materially contribute to the death of, or serious injury to, more than 50 people or more than $1,000,000,000 in damage to, or loss of, property arising from a single incident." Some early summaries reported that figure as one million dollars. The enrolled text says one billion. This is a law about weapons-scale and infrastructure-scale failure, not about a chatbot giving a wrong answer.
The enforcement design
Enforcement runs through the Illinois Attorney General, exclusively. Civil penalties reach up to $1,000,000 for a first violation and up to $3,000,000 for each subsequent violation. The Act closes the door on plaintiffs: "Nothing in this Act shall be construed to establish a private right of action associated with violations of this Act." A client cannot sue a developer under this statute, and neither can anyone else. Only the state can bring the case.
Why it still matters to you
A law that does not bind you can still change the ground you stand on. Illinois now joins California, which put its own frontier transparency law, SB 53, into force earlier this year. When Illinois takes effect it sits alongside New York and California as a bloc that, by the Governor's own framing, covers a large share of the American market and pushes toward a de facto national standard set by states rather than Washington.
For a working professional that has two practical consequences. The models you depend on will carry more published documentation about their own limits, which is useful evidence when you need to explain a tool to a client, a regulator, or a court. And the direction of travel is now unmistakable: responsibility for AI output is being assigned deliberately, developer duties in one place and professional duties in another. The Illinois Act puts a heavy obligation on the builder. It leaves the duty to check the work exactly where it already sat, with you.
Frequently Asked Questions
Does the Illinois AI Safety Measures Act apply to my business if I use AI tools?
Almost certainly not. The Act binds "large frontier developers" with more than $500 million in prior-year revenue that train models above a defined compute threshold. A professional or firm that uses AI tools falls outside that definition and takes on no new duty under the statute.
When does the law take effect?
The Act is effective January 1, 2027. The two central obligations, the published safety framework and the annual independent audit, apply beginning January 1, 2028.
What is the penalty for a covered developer that violates it?
The Illinois Attorney General has exclusive authority to bring an action. Civil penalties reach up to $1 million for a first violation and up to $3 million for each subsequent violation. There is no private right of action.
How is "catastrophic risk" defined?
As a foreseeable, material risk that a model materially contributes to the death or serious injury of more than 50 people, or more than $1 billion in property damage, from a single incident. The threshold is set at weapons and infrastructure scale.
Sponsored Training
Browse the full AI Regulation News tracker
Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.