Illinois Enacts the Toughest AI Safety Law in the US So Far
Illinois Governor JB Pritzker signed SB 315 (Artificial Intelligence Safety Measures Act) into law on July 6, 2026, described as the strictest AI safety legislation in the United States to date.
What the new law requires
Starting January 1, 2028, major frontier AI developers operating in the United States will need to follow unprecedented rules in Illinois. Governor JB Pritzker signed SB 315, known as the Artificial Intelligence Safety Measures Act, into law on July 6, 2026. According to the official statement from the governor's office, Capitol News Illinois and the Chicago Sun-Times, the legislation is considered the strictest in the country on AI safety so far. The law requires covered companies to publish safety plans detailing how they assess and mitigate risks in their systems. It also requires that serious safety incidents be reported to authorities within 72 hours, a deadline that drops to 24 hours when there is imminent risk to the public. In addition, covered companies will need to undergo annual audits conducted by independent assessors with no ties to the audited company. The law sets clear financial penalties: $1 million for a first violation and $3 million for subsequent violations, figures that signal the state's intent to give real weight to enforcement.
Who is directly affected
Not every technology company falls within the scope of the new rule. SB 315 specifically targets frontier AI developers, meaning companies that build the most advanced models and report annual revenue of at least $500 million. Small and medium businesses that use AI tools in daily operations, including automation agencies, marketing firms and service providers that integrate third party models into their workflows, are not directly targeted by the audit, incident reporting or safety plan requirements. The obligation falls on those who develop and distribute the models, not on those who use them.
Why smaller companies and automation agencies should pay attention
Even so, there is reason for SMEs and automation agencies to follow how the law unfolds. State regulations in the United States that gain traction historically tend to become models for other states, creating a legislative cascade effect. Additionally, when large AI vendors start operating under stricter transparency, audit and incident reporting requirements, it is common for them to pass part of those obligations down contractually to clients and partners across the supply chain. In practice, this could mean smaller companies that depend on frontier models begin receiving requests for documentation, compliance attestations or additional contractual clauses from their own vendors, even without being formally subject to the Illinois law.
A fragmented regulatory landscape
The Illinois case also exposes a broader symptom of the current AI regulatory moment in the United States. While the US Congress has yet to pass comprehensive federal legislation on AI safety, states like Illinois are moving forward with their own rules. The result is a fragmented landscape, in which companies operating at national scale may need to navigate different requirements depending on the state where they operate or where their users are located. For the automation and applied AI sector, understanding this regulatory patchwork is no longer optional and becomes part of strategic planning, even for those not directly listed as targets of the law.