AI SAFETY MEASURES ACT
Illinois enacts a regulatory framework for frontier AI, requiring large developers to publish safety frameworks, report incidents, and face penalties.
Illinois enacts a regulatory framework for frontier AI, requiring large developers to publish safety frameworks, report incidents, and face penalties.
Title: Artificial Intelligence Safety Measures Act
Purpose and intent
- Establish a state-level framework to govern “frontier” artificial intelligence (AI) models and their developers.
- Focus on catastrophic risk management, transparency, cybersecurity, and public safety.
- Create a public cloud computing consortium (ILCompute) to support safe AI development and access to computing resources.
Key terms defined
- Frontier model: a foundation model trained with computing power above a specified threshold, including fine-tuning and other modifications.
- Frontier developer: person who has trained or begun training a frontier model with substantial computing power.
- Large frontier developer: frontier developer with annual gross revenues exceeding $500 million (including affiliates).
- Frontier AI framework: documented protocols to manage, assess, and mitigate catastrophic risks.
- Catastrophic risk: foreseeable risk causing death or serious injury to 50+ people or >$1 billion in property damage from incidents involving a frontier model (e.g., weapon development aid, large-scale cyberattacks, or loss of control).
- Critical safety incident: incidents including unauthorized access to model weights causing harm, materialization of catastrophic risk, loss of model control resulting in harm, or deceptive attempts to subvert controls.
- Deploy: making a frontier model available to a third party; excludes internal development/evaluation purposes.
Substantive provisions
1) Frontier AI framework (Section 10)
- Requirement for large frontier developers to draft, publish, and maintain a frontier AI framework on their website.
- Framework must address:
- Alignment with national/international standards and industry best practices.
- Thresholds to identify catastrophic risk and related mitigations.
- Processes for reviewing risk assessments and mitigation adequacy prior to deployment.
- Use of third-party evaluators for risk assessment.
- Procedures to update the framework and disclose substantial model changes.
- Cybersecurity measures to protect unreleased model weights.
- Incident response for critical safety incidents.
- Internal governance to ensure implementation.
- Managing risks from internal use of frontier models, including avoidance of oversight circumvention.
- Annual review and updates of the framework (at least once per year); material modifications must be published with justification within 30 days.
- Requires transparency reports before or with deployment of a new frontier model or substantial modification, including:
- Developer website, contact mechanism, release date, languages, modalities, intended uses, and restrictions.
- Summaries of risk assessments, results, third-party involvement, and other compliance steps.
- Publication may be redacted for trade secrets or national security, with justification described and unredacted material retained for 5 years.
- Encourages, but does not require, disclosures aligned with best practices.
2) Reporting of critical safety incidents (Section 15)
- Establishes a reporting mechanism for frontier developers and the public to report critical safety incidents to the Illinois Emergency Management Agency (IEMA) and Office of Homeland Security.
- Reports must include date, why it qualifies, a plain description, and whether internal use was involved.
- Developers must report incidents within 15 days of discovery; imminent risk disclosures must occur within 24 hours to appropriate authorities.
- Agency reviews incident reports and may share with the General Assembly, Governor, federal partners, or other state agencies, with trade secret/public safety considerations.
- Incident reports and internal risk assessments are exempt from disclosure under the Illinois Freedom of Information Act (FOIA).
- Beginning Jan 1, 2028, the Agency must produce an annual anonymized, aggregated public report on reviewed incidents; sensitive information protected.
3) Penalties (Section 25)
- Civil penalties up to $1,000,000 per violation for:
- Failure to publish/transmit required documents, false statements about catastrophic risk or framework compliance, failure to report incidents, or noncompliance with own frontier AI framework.
- Penalties are recoverable only by the Illinois Attorney General.
4) ILCompute – public cloud consortium (Section 30)
- Creates a consortium within the Department of Innovation and Technology to develop ILCompute, a public cloud computing resource.
- Goals: advance safe, ethical, equitable, and sustainable AI development; expand access to computational resources.
- Aims to house a fully owned/hosted cloud platform with staffing to operate and support users; align with labor laws.
- Requires a preliminary report by Jan 1, 2028 outlining:
- Illinois’ cloud landscape, cost analysis, governance, user/project parameters, workforce equity, potential partnerships, and leveraging the public sector workforce.
- Consortium composition (4-year terms, non-compensated but reimbursed):
- University of Illinois and other public/private research entities; representatives from workforce and stakeholder groups (ethicists, consumer advocates, etc.); AI/tech experts.
- ILCompute is subject to appropriation; dissolution after the required report.
5) FOIA amendments (Section 80)
- Updates to FOIA exemptions to maintain confidentiality for sensitive AI safety information and related documents.
6) DOTI recommendations (Section 20)
- Department of Innovation and Technology to annually assess and propose updates to definitions (frontier model, frontier developer, large frontier developer) and align with evolving standards.
- Consider stakeholder input, ease of determining coverage, verifiability, and alignment with federal standards where appropriate.
- Report findings to the General Assembly and Governor.
Effective date and timelines
- Key reporting deadlines:
- January 1, 2028: initial ILCompute framework/report to General Assembly.
- January 1, 2028 and annually thereafter: DolI updates on definitions and frontier concepts.
- Biennial/regular cadence for critical safety incident reporting and framework reviews prescribed in the act.
- Penalties and compliance apply to violations by large frontier developers; FOIA exemptions govern disclosure.
Potential impact
- Creates a regulatory framework for frontier AI in Illinois, emphasizing safety, transparency, and accountability.
- Establishes a state-backed compute resource to support public-interest AI work.
- Imposes reporting obligations and civil penalties on noncompliant large frontier developers.
- Encourages alignment with national/international standards and ongoing updates to definitions as technology evolves.
- May affect how large AI players classify and deploy frontier models in Illinois, and how they engage in risk assessment and disclosure.
Compiled from official sources — confirm details with the bill’s official record.
Sign in to ask a question.