One vote. That’s all that remains between the first state-mandated frontier AI safety audit requirement and US law.
According to legislative reporting, the Illinois House passed SB 315 on May 27 by a margin of 110-0. Governor Pritzker confirmed his intent to sign on May 29, according to coverage by PYMNTS. The Senate passed the bill 52-5 on May 21, covered in the hub’s prior brief on Senate passage. The story has moved: this is no longer a bill watching for votes. It’s a law waiting for a pen.
What the bill requires
The bill, as reported, applies to frontier AI developers with annual gross revenue exceeding $500 million and models meeting specified computing thresholds. According to the legislation as passed, covered developers must retain an independent third party annually to audit compliance with safety and risk mitigation requirements, beginning January 1, 2028. That’s the hard deadline. The audit isn’t optional, isn’t self-certified, and isn’t scoped to a single product. It covers the developer.
Incident reporting adds a parallel obligation. According to the bill, critical safety incidents must be reported to the Illinois Emergency Management Agency and the Attorney General within 72 hours, or within 24 hours if the incident poses an imminent risk of physical harm. The distinction between a reportable incident and a routine safety flag will matter enormously in implementation, and the bill’s specific definitions will need close reading once the signed text is available.
The audit infrastructure problem
Don’t expect a smooth compliance path on day one. The Computer & Communications Industry Association has argued that the ecosystem for the mandated independent audits doesn’t yet exist, no standardized methodology, no credentialed auditor class, no agreed-upon evidentiary standards. That’s a legitimate implementation concern, not lobbying noise. January 1, 2028 looks like 18 months. In practice, companies subject to this law will need to begin scoping audit programs well before that, because the auditors, the methodology, and the legal definitions will all be in flux simultaneously.
Industry positioning
Both OpenAI and Anthropic reportedly supported the finalized version of the legislation. That’s notable. The two largest frontier labs didn’t oppose the first state-level audit mandate, and OpenAI published its Frontier Governance Framework the day after the House vote. Whether that timing reflects deliberate coordination or coincidence, the effect is that the companies most likely to be covered by this law are already on record with documented internal governance standards. The catch is that self-published frameworks and independent audits are structurally different things, a point Illinois’s legislature apparently understood when it chose the latter.
What to watch
The Governor’s signature converts the bill into law and starts the official clock. After that: the rulemaking window matters more than the vote margin. How Illinois defines the computing threshold, what “independent” means in audit context, and which incident severity triggers the 24-hour window will all be settled in implementing regulation, not in the statute as passed. Those definitions will be the real compliance targets.
TJS synthesis
A 110-0 House vote in a politically divided state isn’t a close call, it’s a signal. Other state legislatures watching Illinois will read unanimous passage as evidence that frontier AI audit mandates can attract cross-aisle support. Colorado, Connecticut, and California are already moving in the same direction. The patchwork is consolidating faster than the audit infrastructure that’s supposed to support it.