The vote wasn’t close. The implications aren’t simple.
The Illinois Senate passed SB 315 on a 52-5 vote, per Capitol News Illinois reporting. The bill establishes safety and transparency requirements for large AI developers, defined as companies with more than $500 million in annual gross revenue, that deploy frontier models capable of catastrophic risk. If it clears the Illinois House and receives the governor’s signature, it would become one of the most prescriptive state-level AI safety frameworks in the country.
The requirements are specific. Covered developers must publicly disclose safety frameworks, assess and report catastrophic risks, retain independent third-party auditors annually, and report AI-related safety incidents to state officials within 72 hours of discovery. The revenue threshold and catastrophic risk scoping mean this targets a narrow set of companies: Meta, OpenAI, Anthropic, Google, and a handful of others. It’s not a broad AI disclosure regime like Colorado’s ADMT framework. It’s a safety-specific mandate aimed at the frontier.
The bill is modeled after similar proposals in New York and California. But Illinois’s version has already attracted direct engagement from the labs. Per Capitol News Illinois, amendments were negotiated with input from the Illinois Emergency Management Agency, Secure AI, Anthropic, and Senate Republicans. Those negotiations produced meaningful changes: the effective deadline was extended from 2027 to 2028, new requirements were added to the transparency framework, large frontier developers must file disclosure statements and pay fees, and the bill explicitly clarifies that no civil liability is created.
That last point matters. SB 315 creates reporting and transparency obligations. It doesn’t create a private right of action. Companies that fail to report within 72 hours face regulatory consequences, not lawsuits from affected parties. For compliance teams, that’s a fundamentally different risk profile than a bill with tort liability attached.
The 72-hour reporting window is the sharpest operational requirement. For comparison: GDPR requires breach notification within 72 hours. The SEC’s cybersecurity disclosure rule requires material incident reporting within four business days. Illinois is applying the tighter standard to AI safety incidents, which creates an immediate operational question for covered companies: what internal escalation process gets an AI safety incident from detection to state-official notification in 72 hours? Most frontier labs don’t have that pathway built today.
What to Watch
Context: this is one bill inside Illinois’s broader eight-bill AI legislative package introduced in May 2026. SB 315 is the safety-specific component. The package as a whole covers employment, transparency, consumer protection, and government use. For compliance teams tracking state-level AI regulation, Illinois now sits alongside California’s workforce EO and Colorado’s ADMT disclosure regime as the third distinct state model, each creating different obligations for different categories of AI companies.
Watch the Illinois House timeline. The bill passed the Senate with overwhelming bipartisan support (52-5), which suggests House passage is likely but not guaranteed, amendments in the House could alter the scope. The 2028 effective date gives covered companies runway, but the third-party audit requirement means procurement of qualified auditors needs to start well before that deadline.