A major artificial intelligence regulation bill passed the Illinois House of Representatives unanimously yesterday and now awaits Governor Pritzker’s signature.
The legislation is aimed primarily at the most advanced AI systems developed by major technology companies. Notably, OpenAI and Anthropic have voiced their support for the bill.
Who does the bill impact?
The bill focuses on “Swiss Army knife” models. These models are trained on broad datasets and built for a wide range of uses. Examples could include systems that generate text, images, code, audio, or other content. The bill’s most significant requirements apply only to a narrower category called “large frontier models.”
What is a “large frontier model”?
The legislation applies stricter rules to models that exceed an extremely high computing threshold (10^26 floating-point operations, or FLOPs), and are developed by companies with more than $500 million in annual gross revenue.
These are essentially the most powerful and resource-intensive AI systems currently being developed, like ChatGPT, Claude, Gemini, and Grok.
What large AI developers will have to do
Safety protocols
Large frontier developers will have to publicly post a document explaining how they manage catastrophic risks associated with their AI systems.
The bill defines catastrophic risks as risks that could cause more than 50 deaths or more than $1 billion in property damage from a single incident.
Examples mentioned in the legislation include:
The public safety framework will need to explain how risks are evaluated and mitigated, and how the company will respond to major safety incidents.
Independent audits
Large frontier developers will also be required to undergo annual third-party audits. Auditors will receive unredacted access to internal safety documents and evaluate whether the company’s internal controls are actually being followed.
The audit will specifically examine whether senior safety personnel are properly designated and whether those personnel have meaningful authority within the company.
Within 30 days of receiving the audit, the company will have to publish a high-level summary and release a redacted version of the full report publicly.
The redacted report will also be sent to the Illinois Emergency Management Agency and the Office of the Illinois Attorney General. Those agencies could request access to the full audit report if necessary.
Timeline and penalties
The annual audit requirement will begin on January 1, 2028, or 90 days after a company first qualifies as a large frontier developer.
Failure to complete the required audit could result in fines up to $1 million for a first violation, and up to $3 million for subsequent violations.
The legislation does not create a private right of action. That means individual citizens will not be able to sue companies directly under the law. Instead, enforcement authority will rest exclusively with the Office of the Illinois Attorney General.
Rules for smaller frontier developers
The bill still regulates smaller companies developing frontier-scale AI models, but the requirements are narrower.
These rules apply to companies whose models exceed the compute threshold but whose annual revenue remains below $500 million.
Transparency reports
All frontier developers will have to publish basic information about their models, including:
Smaller developers will not have to publish detailed catastrophic risk management frameworks.
Incident reporting
These companies will also have to report major safety incidents to the state. Reports must be sent within 72 hours for most critical incidents and within 24 hours for incidents posing an imminent risk of death or serious injury.
The bill prohibits retaliation against employees who report violations of the law or disclose activities posing risks to public safety. Developers will also have to notify employees about these protections.
Misleading claims
Developers could not make materially false or misleading statements about the catastrophic risks posed by their models or how those risks are managed.
What About Most AI Companies?
For companies developing models below the frontier compute threshold, the bill is largely voluntary. Non-frontier developers are encouraged, but not required, to report critical safety incidents.
In practice, the bill’s regulatory focus is concentrated on the largest and most advanced AI systems rather than ordinary software companies or smaller AI startups.