Show Your Work: Illinois Makes AI Companies Prove Safety Steps

Illinois QT (1)
July 16, 2026

Illinois is pushing the bounds of frontier AI regulation in the US by requiring the leading AI labs to submit their safety commitments to annual third-party audits.

The requirement lies in a law, SB 315, signed by Governor JB Pritzker on July 6. It requires leading AI labs to publish frameworks detailing how they intend to manage “catastrophic risks”—defined as incidents in which a model materially contributes to mass casualty or property damage through weapons assistance, autonomous attacks, or escaping its developer’s control. Crucially, companies must subject those frameworks to independent audits to confirm compliance with their own standards. 

New York state had initially passed a similar audit requirement in its RAISE Act, but the provision was quietly stripped after months of negotiations featuring heavy industry influence. Illinois faced a fierce tech lobby—minus Anthropic and OpenAI, which chose to endorse the bill—but held firm. Tech groups including NetChoice, the Computer & Communications Industry Association, and the Chamber of Progress all opposed the bill, arguing that its audit requirement was premature given the lack of preexisting certified auditors, auditing methodologies, or canonical safety standards. 

But this argument was weak. First, the law takes effect January 1, 2027, while framework and audit obligations begin in 2028, giving developers, regulators, and auditors enough runway to develop their safety frameworks and auditing machinery. If anything, the law will act as a much-needed catalyst for the proliferation of frontier AI auditing expertise, standards, and assessment methodologies nationwide.

Second, the audit SB 315 requires is relatively modest: one that verifies compliance with the developer’s own published safety framework, rather than one that evaluates a model’s capability or the adequacy of its safeguards. Experts generally agree that safety benchmarks remain contested and elusive. 

For Illinois’s audit requirement to fulfill its purpose, two things need to happen. First, AI developers need to publish concrete safety frameworks backed by verifiable internal processes. Several labs already publish frameworks but make vague commitments—statements like, “we may also solicit external expert input…”—that cannot be meaningfully audited. 

Lastly, the AI audit ecosystem needs to buttress its methodologies and terms of engagement in line with what the statute calls “generally accepted auditing standards and best practices.” The Illinois Emergency Management Agency and Office of Homeland Security could aid this process by issuing (non-binding) interpretive guidance on what constitutes an adequate audit. 

Illinois’s law brings much-needed and real, if modest, accountability to frontier AI development. But other US states should push further by setting substantive standards for what counts as an adequate safety framework. Eventually, the emergence of a patchwork state-based system or a de facto national standard would push the federal government to pass a robust, harmonized law.

Related

See all