Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Trending Regulation

Illinois Becomes Third Major State to Sign AI Safety Law

Governor Pritzker signed the Artificial Intelligence Safety Measures Act on July 6, creating audit and reporting requirements for AI model developers.

Enterprise DNA | | via Capitol News Illinois
Illinois Becomes Third Major State to Sign AI Safety Law

Illinois Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act into law on July 6, 2026, making Illinois the third major state after California and New York to pass substantive AI safety legislation. The law takes effect January 1, 2028, and sets a notable precedent: it includes the first mandatory annual third-party audit requirement for AI model developers in the country.

For business leaders tracking the regulatory landscape, this is a signal you cannot ignore. State-by-state AI regulation is no longer a distant possibility. It is already here, and it is accelerating.

What the Law Actually Requires

The Illinois law focuses primarily on “model developers” — companies that build and release AI models — rather than businesses that deploy them. But the obligations are significant, and the downstream effects will reach every organization that relies on AI tools.

Three core requirements come into force:

1. A published AI safety framework. Developers must document how they identify and assess what the law calls “catastrophic risk” — incidents with a meaningful likelihood of causing death or serious injury to more than 50 people, or property damage exceeding one million dollars.

2. Incident reporting within 72 hours. If a developer identifies an incident that could cause harm, they must report it to the state within 72 hours. That window drops to 24 hours if the risk is imminent.

3. Annual independent third-party audits. This is the clause that set Illinois apart from similar laws. No other state has made annual independent audits a legal requirement. It puts compliance on the calendar, not just in the policy manual.

The law passed with broad bipartisan support — only five Republican senators voted against it, and it passed unanimously in the House. Notably, OpenAI and Anthropic both supported the legislation throughout its path through the Illinois General Assembly.

The Counter-Argument Worth Hearing

The bill was not without its critics. Industry groups raised a concern that deserves attention: the law asks developers to make complex subjective judgments about AI safety without established national standards to guide them. When each state defines “catastrophic risk” differently, businesses operating across state lines face a patchwork of compliance obligations with no clear framework tying them together.

TechNet, a technology industry association, argued the law creates barriers to entry for smaller AI startups that lack the legal and compliance infrastructure of the OpenAIs and Anthropics of the world. There is something to that. Audit requirements are expensive. When the established players support regulation that burdens the next generation of competitors, that is worth examining honestly.

What This Means for Business

If your organization builds or fine-tunes AI models and has any operations or users in Illinois, the 2028 clock is now running. That sounds like a long runway, but implementing audit-ready documentation, incident reporting systems, and third-party review processes takes longer than most teams expect.

If you are a business that deploys AI tools built by others, this law does not apply to you directly. But here is the practical reality: as model developers are required to publish safety frameworks and submit to audits, the documentation they produce will become a legitimate procurement evaluation tool. Buyers will have more information, and the better vendors will use compliance as a differentiator.

We are also watching Illinois, California, and New York build what looks increasingly like a de facto national standard. Federal AI legislation has stalled repeatedly. When three of the largest states in the country pass similar laws with bipartisan support, businesses outside those states should not assume they have permanently opted out. This pattern tends to converge.

The practical move today is to start building the internal capability to evaluate your AI vendors against emerging compliance frameworks. Understanding what your model providers do with your data, how they define and manage risk, and whether they have undergone any form of independent review is no longer a bonus — it is becoming a baseline expectation.

If you want the playbook other teams are using with Claude and Codex right now, grab the free Working With Claude field guide. Download it here.

The states are not waiting for Washington. Neither should you.