Illinois SB 315: First Binding State-Level Third-Party Audit
The Illinois legislature passed a bill requiring the largest AI developers to submit to independent annual audits of their own safety plans. Both OpenAI and Anthropic publicly supported it. The law closes a specific verification gap that a year of hearings, executive orders, and evaluation findings had separately exposed without resolving.
On May 27, 2026, the Illinois House of Representatives passed Senate Bill 315, the Artificial Intelligence Safety Measures Act, by a vote of 110 to 0, following the Illinois Senate's 52 to 5 vote the week prior, according to GovTech's reporting. Governor JB Pritzker signaled his intent to sign the bill in a social media post the same week, and, according to The Hill's reporting, signed the Artificial Intelligence Safety Measures Act into law on Monday, July 6, 2026, at a signing ceremony, making Illinois the first state to mandate third-party audits of frontier AI labs' safety practices. SB 315 requires the largest AI developers, those with more than 500 million dollars in annual revenue training models above a specified computing threshold, to publish and annually update a framework assessing catastrophic risks, including cybersecurity risk, and to submit that framework to an independent third-party audit verifying that the developer's actual practices match what it published, according to Wired's coverage of the bill's passage. The law includes whistleblower protections for employees who report safety concerns and requires critical safety incidents to be reported within 72 hours, or within 24 hours if the incident poses an imminent risk of death or serious physical harm. The core requirements take effect January 1, 2028.
What Distinguishes This From Prior State Disclosure Laws
California and New York had previously passed laws requiring AI companies to disclose information about their model safeguards and publish reports on safety incidents, a disclosure-based approach. Illinois SB 315 goes further by requiring an independent auditor to confirm compliance, not merely requiring the company to self-report, according to Wired's reporting. Candidate auditors named in coverage of the bill include the major accounting firms and members of an AI Evaluator Forum, a consortium of research-focused evaluation organizations. The distinction between self-disclosure and third-party verification is the entire substance of the bill: a disclosure law asks a company to say what it does. An audit law asks an independent party to check whether what the company says matches what it actually does.
That distinction maps directly onto a gap this arc has tracked across multiple governance instruments. The CISA-led Five Eyes advisory on agentic AI names accountability risk as a category where agentic system architecture can obscure what caused a particular action, and the advisory itself does not specify the artifacts that would let an outside party verify compliance after the fact. SB 315 is the first binding state law to require exactly that artifact, an independent audit report, for a defined class of developer.
What the Bill Does Not Specify
SB 315's audit requirement covers safety frameworks addressing catastrophic risk broadly, not agentic AI specifically. The bill does not name agentic AI systems, autonomous tool use, or multi-agent orchestration as a distinct audit category, which means the third-party audits it mandates will be scoped by whatever the developer's own safety framework defines as catastrophic risk, subject to the auditor's independent verification of compliance with that self-defined framework. An auditor confirming that a developer follows its own published framework is a meaningfully different verification than an auditor confirming that the framework itself adequately covers the risk categories a document like the Five Eyes advisory identifies. The bill's audit mandate closes the verification gap between stated policy and actual practice. It does not, on its own, close the separate gap between what a developer chooses to include in its safety framework and what a more complete risk taxonomy would require.
The Verification Gap This Closes, and the One It Does Not
Public testimony, pulled federal pre-deployment executive orders, and independent evaluation findings had each separately exposed the same underlying problem from a different angle over the preceding year: safety claims made by frontier AI developers were not independently verified by anyone outside the developer's own organization. SB 315 is the first state-level binding instrument to require that verification as a matter of law, with civil penalty enforcement, rather than leaving it to voluntary disclosure or federal rulemaking that had not materialized. Both OpenAI and Anthropic publicly supported the bill's passage, according to The Hill's reporting, a notable alignment given that the same companies are the audit's primary subjects.
What the law does not resolve is the standard against which the audit is measured. An auditor verifying that a developer's actual practices match its published framework is verifying internal consistency, not external adequacy. A developer could, in principle, publish a narrow framework, comply with it fully, and pass its audit, while still leaving categories of risk the framework never addressed entirely outside the audit's scope.
Open Questions
- Will the independent auditors named as candidates, major accounting firms and the AI Evaluator Forum consortium, develop a common standard for what a catastrophic risk framework must cover, or will each developer's framework remain independently scoped?
- Does an audit confirming internal consistency, that practice matches published policy, meaningfully address the accountability gap the Five Eyes advisory identifies, where the concern is what caused a specific action, not whether a general policy was followed?
- How will the January 1, 2028 effective date interact with the pace of agentic AI deployment between now and then, given that the systems being audited in 2028 may look substantially different from the systems in deployment when the bill was signed?
- What enforcement mechanism applies if an audit finds a developer's practices do not match its published framework, beyond the civil penalties described in the law?
- Will other states adopt Illinois's third-party audit model as a template, given that Illinois lawmakers explicitly framed the bill as a testing ground for future federal legislation?
- Does the bill's revenue and compute thresholds for "large frontier" developers create an incentive for a developer to structure itself to fall just below the threshold, and if so, does that undermine the audit regime's coverage over time?
The governance artifact is retained. The governance function is not.