Pritzker Cracks Down: Illinois Targets AI Companies

Pritzker Cracks Down: Illinois Targets AI Companies

A software engineer in a Chicago lab freezes mid-commit as news flashes across their monitor. The governor signs a bill and the room hushes—this changes a company’s playbook overnight. You and I are now watching who gets to audit the largest AI models.

I’ve read the bill, tracked the lobbying, and talked to people on both sides. Let me walk you through what actually changed, who’s on the hook, and why Pritzker’s move will ripple from the Loop to Silicon Valley.

What the law requires

Someone at an AI lab will now have to file a safety report instead of moving on.

The Artificial Intelligence Safety Measures Act makes three things plain: public safety disclosures from the developers of the largest advanced AI systems; mandatory reporting of significant safety incidents; and formal compliance processes inside the firms. It also creates a secure whistleblower channel so employees can report safety concerns without fear of retaliation.

One headline point: companies with more than $500 million (€470 million) in revenue face regular, independent third-party safety audits — a step Illinois calls a first for any state. The audit requirement and most provisions kick in on January 1, 2028.

What does Illinois’ AI Safety Measures Act require?

It forces big-model developers to disclose safety practices, log and report significant incidents, keep compliance systems, and give inspectors independent audit access when a business crosses the $500M (€470M) threshold.

Why this actually matters

A lawyer in Springfield who studies consumer risk files a short memo and nods: the law fills a hole left by Washington.

The federal government hasn’t yet produced a sweeping AI safety framework, so states are writing the rules. Illinois’s demand for independent audits is the sharpest stick so far — and it’s not symbolic. That audit clause creates a repeatable, third-party inspection loop that forces real-world scrutiny onto research and deployment practices. Think of it as a referee’s whistle in a packed arena: it stops play and obliges everyone to explain what just happened.

That matters because the companies named in the bill — OpenAI, Anthropic, Google and their peers — have been actively shaping state laws. OpenAI and Anthropic both publicly backed this bill as it moved through the legislature, even after earlier clashes over competing proposals. Where California and New York laid similar ground rules, Illinois is adding teeth.

Who will be audited under the law?

Any company that reports more than $500 million (€470 million) in revenue is subject to the independent audit schedule; expect the usual suspects — OpenAI, Anthropic, Google — to be first in scope.

How companies are reacting on the ground

A compliance director in Palo Alto budgets for outside auditors and sighs: these audits cost time and money.

Companies have a clear incentive to shape the patchwork of state rules into something predictable. OpenAI’s earlier lobbying pushed other bills that would have limited liability for harms tied to large-scale models; Anthropic opposed that route. Now both firms applaud the Illinois law’s language. That alignment signals a pragmatic calculation: better clear, similar rules across states than wildly different standards that anchor every deployment to bespoke legal risk.

Audit work will likely go to established firms experienced in high-stakes reviews — think KPMG, Deloitte, major testing labs — and the compliance burden will look like an old-school ledger slapped with a fresh stamp: processes, records, and an external signature that somebody checked the math.

When does the law take effect?

Most requirements, including the audit mandate for large firms, start on January 1, 2028, giving companies time to prepare systems and contracts with auditors.

You’ll want to watch three moving parts: the audit standards regulators accept, who counts as an “advanced” system, and how whistleblower reports are protected in practice. I’ll be watching OpenAI, Anthropic, and Google — and you should too — because their compliance choices will set de facto norms for the industry. Is this the start of a durable, interstate patch of AI governance or just another stopgap before federal rules arrive?