ARTIFICIAL INTELLIGENCE SAFETY
Illinois requires frontier AI developers and large chatbots to publish safety plans, report incidents, allow audits, protect whistleblowers, and face penalties for violations.
Illinois requires frontier AI developers and large chatbots to publish safety plans, report incidents, allow audits, protect whistleblowers, and face penalties for violations.
Title: Artificial Intelligence Public Safety and Child Protection Transparency Act
Effective date: January 1, 2027
Purpose and intent
- Establishes a comprehensive safety, transparency, and accountability framework for frontier artificial intelligence (AI) models and large chatbots.
- Aims to balance innovation with public safety by requiring public disclosure, risk assessment, incident reporting, whistleblower protections, and periodic third-party audits.
- Focuses specifically on “frontier models” (very large, advanced AI systems) and “covered chatbots” (high-use, child-accessible chatbots).
Key definitions (selected)
- Frontier model: foundation model trained with extremely high computing power (training and subsequent modifications) beyond a defined threshold.
- Large frontier developer: a frontier model creator with substantial annual revenue, operating with significant resources.
- Large chatbot provider: a provider of a covered chatbot in Illinois with substantial revenue (annual revenue ≥ $25 million, including affiliates).
- Covered chatbot: a chatbot service accessible to the public that uses a foundation model, is likely to be accessed by minors, and has at least 1,000,000 monthly active users.
- Catastrophic risk: grave risk involving mass harm, such as death or >$1 billion in property damage from a single incident, linked to capabilities like weaponization, cyberattack, or loss of control.
- Child safety risk: risk to minors in chats that could cause death, bodily harm, or severe mental distress.
- Public safety and child protection plan: a documented protocol to identify, assess, and mitigate covered risks.
Main requirements and provisions
1) Public safety and child protection plans (Section 15)
- Large frontier developers and large chatbot providers must write, implement, and publish a public safety and child protection plan on their website.
- Plans for large frontier developers must include:
- Thresholds to identify catastrophic risk, mitigation strategies, review processes, third-party assessments, cybersecurity for unreleased model weights, and management of internal-use risk.
- Plans for large chatbot providers must include:
- Assessment of child safety risks, mitigations, and third-party evaluation of those risks.
- Both types must integrate national/international standards and best practices, periodically update plans, and outline governance to ensure implementation.
- If plans are materially modified, modified plans and justification must be published within 30 days.
- Before deploying new or substantially modified models, providers must publish summaries of risk assessments, third-party involvement, and mitigation steps.
2) Safety incident reporting (Section 20)
- The Attorney General (AG) will establish a reporting mechanism for safety incidents (public can also report).
- Frontier developers must report critical safety incidents within 15 days; imminent-risk incidents must be reported to appropriate authorities within 24 hours.
- Large chatbot providers must report child safety incidents within 15 days.
- The AG may receive confidential summaries of catastrophe-risk assessments and quarterly internal-use summaries from frontier developers.
- AG may share reports with state/federal entities, balancing public safety with trade secrets and security concerns.
3) Whistleblower protections (Section 30)
- Prohibits retaliation/controls against whistleblowers under the Illinois Whistleblower Act.
- Requires an internal anonymous disclosure process with regular updates to the disclosing employee and quarterly reporting to officers/directors (with carve-outs for allegations against officers or directors).
4) Third-party audits (Section 35)
- Annual requirement for a reputable third-party audit of the large frontier developer’s compliance, clarity of disclosures, and the reasonableness of any redactions.
- Auditors must have expertise in corporate compliance and AI safety.
5) Civil penalties (Section 40)
- Large frontier developers: up to $1,000,000 per violation.
- Large chatbot providers: up to $50,000 per violation.
- Penalties are enforceable via the Attorney General.
6) Compliance flexibilities (Section 50)
- Allows for alternative compliance pathways via rules if aligned with federal law/regulations or another state’s similar standards, provided they are substantially equivalent or more protective.
- Rules may define steps to demonstrate compliance; entities can declare intent to use an alternative pathway, with ongoing compliance under that pathway subject to revocation if conditions no longer apply.
7) Rulemaking and updates (Section 25)
- The AG must review and, by January 1, 2028, and annually thereafter, update definitions (frontier model, frontier developer, large frontier developer, large chatbot provider) to reflect evolving tech and standards.
- Rules consider external verifiability, international standards, and input from diverse stakeholders.
Whistleblower and reporting guardrails, transparency, and enforcement
- Emphasizes public reporting, independent audits, and internal governance to ensure accountability.
- Provides protections for employees and mechanisms for ongoing oversight.
- Balances disclosure with protecting trade secrets and national security information where appropriate.
Overall impact
- Establishes Illinois as a regulated environment for the most capable AI systems and high-risk chatbots.
- Requires proactive risk management, external scrutiny, and transparent reporting to inform the public and policymakers.
- Creates significant compliance obligations and potential penalties for noncompliance, with a structured framework for ongoing updates as AI technology evolves.
Compiled from official sources — confirm details with the bill’s official record.
Sign in to ask a question.