Gov. JB Pritzker on Monday signed what his office calls the country's most stringent AI law, requiring annual third party audits of OpenAI, Anthropic, and 'megadevelopers' above $500 million a year.
Illinois Gov. JB Pritzker on Monday signed the Artificial Intelligence Safety Measures Act, making Illinois the first state to require annual third-party audits of the largest U.S. AI labs and force them to publish safety plans aimed at catastrophic harm. The regime lands squarely on OpenAI, Anthropic, and any other "megadeveloper" earning at least $500 million a year.
The law, Senate Bill 0315, takes effect immediately. Wired reports it is the first U.S. state statute to tie annual independent audits of frontier AI developers to civil penalty enforcement, and the bill mirrors AI safety laws passed in New York and California while tightening the independent-audit cadence. Pritzker cast Monday's signing as filling a vacuum in Washington. "There has been a glaring but not unsurprising lack of leadership and foresight from our own federal government," he said in Chicago, according to the Chicago Sun-Times. He also criticized "a mindless rush to riches among private-sector tech leaders."
The $500 million revenue threshold, defined in the enrolled text and Pritzker's newsroom summary, pulls OpenAI and Anthropic directly into scope on current form.
The substantive requirements are unusually specific for a state-level AI bill. Covered companies must submit to annual independent third-party audits, file the results with the Illinois Attorney General, and publish a mandatory safety plan tied to a statutory definition of catastrophic risk: death or serious injury to more than 50 people, or expert-level assistance with chemical, biological, radiological, or nuclear weapons. Critical safety incidents must be reported within 72 hours; imminent-risk events within 24 hours. Employees who flag noncompliance internally gain whistleblower protections. Civil penalties of up to $1 million for a first violation and $3 million for a repeat violation sit with the Illinois Attorney General.
The law does not give Illinois any power to halt a model deployment, revoke a license, or expand product liability. Attorney General Kwame Raoul conceded the gap on Monday. "$3 million is perhaps not enough" for companies approaching trillion-dollar valuations, Raoul said, as reported by Capitol News Illinois. That concession names the gap plainly: Illinois is building real audit and reporting infrastructure, but the enforcement teeth are civil fines calibrated to companies for which those fines are closer to a routine cost than a deterrent.
For readers outside Illinois, the stakes are concrete even without federal action. OpenAI, Anthropic, and other frontier developers do not ship state-specific models, which means Illinois-compliant audit and incident-reporting infrastructure effectively becomes the baseline anywhere those systems operate. The federal vacuum matters because it sets up the next two questions: whether Illinois's audit cadence becomes a de facto floor other states copy, and whether the new Congress treats any part of SB0315 as a template. Capitol News Illinois and the Chicago Tribune both report the law is being watched as a potential model, not as a final word.
First audit filings are due January 1, 2028, or 90 days after a developer first crosses the $500 million revenue threshold, whichever is later. The incident-reporting clock starts running as soon as a covered lab crosses that threshold.