News
Illinois Introduces First Mandatory Annual AI Safety Audits in the US

Illinois Governor JB Pritzker has signed the Artificial Intelligence Safety Measures Act, requiring large AI model developers to publish safety frameworks, report incidents within 72 hours, and undergo annual independent audits. Violations carry penalties of up to $3 million.
Illinois Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act on July 6, making it the first law in the United States to require annual independent safety audits for the largest developers of artificial intelligence models. The law puts Illinois alongside California and New York in the group of states regulating AI on their own in the absence of federal legislation.
The law defines catastrophic risk as the probability of an incident that could cause death or serious injury to more than 50 people, or property damage exceeding $1 million. Developers of covered models must publish safety frameworks describing how they identify and assess such risks before a model reaches the market.
Annual Audits Required
The key difference from earlier California and New York rules is the requirement for an annual independent audit conducted by an outside party. New York's Responsible AI Safety and Education Act, signed in late 2025, requires only a one-time audit. Illinois goes a step further, requiring companies to undergo independent verification every year for as long as a model remains in use.
Enforcement falls to the state attorney general's office. Violations will carry civil penalties, with fines increasing for repeated noncompliance.
Congress hasn't wanted to act, because so many of its members are beholden to interests that profit from the lack of regulation - JB Pritzker, Governor of Illinois
We are not willing to wait for Congress to act - Mary Edly-Allen, Illinois State Senator
Industry Support and Pushback
Notably, the law was backed by OpenAI and Anthropic, two of the largest companies it covers. The industry group TechNet opposed it, arguing that annual audits introduce subjective compliance criteria without a uniform national standard, effectively creating different requirements in every state.
Republican state representative Daniel Didech, a co-sponsor of the bill, defended its necessity, stressing that every transformative technology has carried real risks alongside its benefits and has required appropriate oversight frameworks before the side effects became irreversible.
A Patchwork of State Rules
The absence of a single federal law regulating AI in the US means that large states like California, New York and now Illinois are effectively setting the market standard for the whole industry, since no major model provider can afford to ignore these markets. Compliance lawyers describe an emerging patchwork of regulations in which companies must simultaneously meet the requirements of several different state jurisdictions before Congress even takes up the issue nationally.
For Polish companies and developers using models from OpenAI, Anthropic or Google, the change matters indirectly but concretely. Rising audit requirements in the US typically translate into more detailed safety reports published globally by providers whose models are also used by companies in Europe, and practices developed in Illinois or California often later become a reference point in discussions about implementing the EU's AI Act.
What's Next
The law does not take effect until January 1, 2028, giving companies more than a year to prepare audit and reporting procedures. In the meantime, attention in the US industry will focus on whether other states follow Illinois's lead, and whether the federal administration finally moves toward its own uniform regulation that could replace the growing number of separate state laws.
Sources: Capitol News Illinois (capitolnewsillinois.com), Chicago Sun-Times (chicago.suntimes.com), Washington Post (washingtonpost.com)


