nbcnews.com web signal

Illinois mandates annual third-party AI lab audits

openai anthropic regulation safety ai-regulation safety frontier-ai

Key insights

  • Illinois SB 315 passed 110-0 in the House and 110-0 in the Senate, making it the first US law mandating annual third-party audits of frontier AI labs.
  • Both OpenAI and Anthropic publicly supported the bill while a trade association representing other AI companies formally opposed it.
  • Covered frontier developers must publish frameworks addressing catastrophic-risk assessment, cybersecurity, internal governance, and third-party evaluations annually.

Why this matters

State-level mandatory auditing establishes an enforceable accountability floor that federal AI policy has failed to create, giving Illinois regulators direct legal leverage over frontier lab operations for the first time. The unanimous vote combined with explicit support from OpenAI and Anthropic makes legal challenges harder and signals that major labs are calculating structured compliance is preferable to continued regulatory ambiguity. Every frontier lab with Illinois users or operations now faces an annual third-party audit cycle requiring dedicated compliance resources, vendor relationships, and published safety frameworks, and a Pritzker signature will likely trigger similar bills in other large states within months.

Summary

Illinois just became the first US state to require annual independent audits of frontier AI developers, with SB 315 passing the House 110-0 on May 27 after the Senate approved it May 21. The bill targets large frontier AI developers, requiring published frameworks covering catastrophic-risk assessment, cybersecurity, internal governance, and third-party evaluations. Governor Pritzker has signaled he will sign. Essentially: OpenAI and Anthropic backed the bill; a trade group representing other AI companies opposed it. - Annual independent third-party audits of safety protocols are now mandatory for qualifying frontier labs operating in Illinois. - Required frameworks must address catastrophic risk, cybersecurity, governance, and third-party evaluations as distinct components. - The 110-0 House vote is near-unprecedented legislative consensus for AI regulation at the state level. Illinois sets a template that could accelerate similar audit requirements in other states and sharpen the pressure for federal action.

Potential risks and opportunities

Risks

  • Frontier labs could argue Illinois lacks jurisdiction over developers headquartered outside the state, triggering multi-year litigation that delays first audits well past the law's intended timeline.
  • Publicly required safety frameworks could give adversarial actors structured insight into exactly which risk categories each lab is and is not evaluating, creating an unintended attack surface.
  • Smaller frontier AI developers without dedicated legal and compliance teams face disproportionate audit costs relative to incumbents like OpenAI and Anthropic, potentially accelerating market consolidation toward those who wrote the bill's playbook.

Opportunities

  • AI audit and red-teaming firms positioning for Illinois compliance work (METR, Apollo Research, Redwood Research) gain first-mover credibility and pricing leverage before federal mandates follow.
  • OpenAI and Anthropic, having publicly backed the bill, can market their established compliance posture as a trust differentiator against frontier competitors whose trade group opposed the legislation.
  • Law firms and compliance consultancies with AI governance practices (Covington, Wilson Sonsini, Cooley) face immediate inbound demand from frontier labs needing Illinois audit readiness frameworks before Pritzker signs.

What we don't know yet

  • Enforcement mechanism: public reporting on SB 315 does not specify penalties or enforcement triggers for frontier labs that miss audit deadlines or publish inadequate frameworks.
  • Whether the 'large frontier AI developer' threshold has a defined metric (parameter count, training compute, revenue) that determines which labs are covered versus exempt.
  • Whether existing AI safety evaluation organizations (METR, Apollo Research, ARC Evals) automatically qualify as approved third-party auditors or whether Illinois will establish a separate certification process.

Originally reported by nbcnews.com

Read the original article →

Original headline: Illinois House Passes AI Safety Measures Act 110-0 — First US Law to Mandate Annual Third-Party Audits of Frontier AI Labs, Governor Plans to Sign