From the journal

Illinois signs Artificial Intelligence Safety Measures Act into law, effective January 2027

Governor JB Pritzker signed the Illinois Artificial Intelligence Safety Measures Act on 6 July 2026, making Illinois the first US state to require mandatory annual third-party audits of frontier AI model developers. The Act applies to large frontier developers operating or deploying models in Illinois, requires transparency reports before each new or substantially modified frontier model deployment, and establishes civil penalties. Core obligations take effect 1 January 2027.

2 min read

Governor JB Pritzker signed the Artificial Intelligence Safety Measures Act (AIMSA) on 6 July 2026. The Act applies to large frontier developers, defined as companies that develop frontier AI models, and creates the first US state mandate for annual independent third-party audits of AI safety governance. Core provisions take effect 1 January 2027. The independent audit requirement takes effect 1 January 2028. The Illinois Emergency Management Agency and Office of Homeland Security, in consultation with the Attorney General, administer the regulatory programme.

AIMSA requires large frontier developers to create, implement, publish, and annually update a frontier AI safety framework addressing catastrophic-risk assessment, risk mitigations, governance procedures, cybersecurity controls, third-party evaluation standards, and internal-use catastrophic-risk analysis. Covered developers must file transparency reports with the Illinois Emergency Management Agency and Office of Homeland Security before deploying any new or substantially modified frontier model. Annual independent third-party audits of the safety framework are mandatory from 1 January 2028. Civil penalties apply for violations.

Large frontier developers whose models are deployed in Illinois or accessible to Illinois users fall within AIMSA's scope, regardless of where the developer is domiciled. Both Illinois-based companies and out-of-state or foreign developers are in scope. The Act defines covered employees and prohibits retaliation against those who report non-compliance. The threshold for what constitutes a large frontier developer will be set through rulemaking by the administering agencies.

AIMSA draws on model legislation developed in California and New York. Open questions include how regulators will define frontier model and set compute thresholds through rulemaking, how the Illinois obligations will interact with federal AI governance proposals pending in Congress, and whether developers serving Illinois users exclusively through API access fall within scope.

Licentium advises AI developers and deployers on US state AI law compliance, including readiness assessments under AIMSA and frontier model governance programme design. We maintain a partner network with US counsel for safety framework drafting and regulatory filing support. Work we undertake includes AI governance programme design, frontier model risk assessment, transparency report preparation, regulatory filing assistance, and AI compliance audit preparation.

Source: Illinois General Assembly, SB 315, Artificial Intelligence Safety Measures Act, signed 6 July 2026, effective 1 January 2027

AI Regulatory

More from the journal

See all

UK consults on modernising payment services regulation covering stablecoins and AI agents, 2026

HM Treasury launched a consultation on modernising the UK payment services regulatory regime, with responses due by 6 October 2026. The consultation addresses how to adapt regulation for tokenised payments including qualifying stablecoins, Open Banking expansion, and agentic AI systems authorised to conduct payments. It follows the February 2026 Payments Forward Plan and the government's decision to transfer Payment Systems Regulator functions to the Financial Conduct Authority.

Hong Kong SFC mandates phishing-resistant authentication for internet brokers and VATPs, July 2026

The Hong Kong Securities and Futures Commission issued a circular on 9 July 2026 requiring licensed corporations engaged in electronic trading and SFC-licensed virtual asset trading platform operators to replace one-time passwords with phishing-resistant authentication methods. Covered firms must implement passkeys or bound-device recognition for client login and device binding. Large internet brokers must act immediately. All other in-scope firms have up to 12 months to comply.

EU AI Act Article 50 transparency obligations enter application on 2 August 2026

Article 50 of Regulation (EU) 2024/1689 takes effect across all EU member states on 2 August 2026, requiring providers and deployers of AI systems to disclose AI interactions, label AI-generated content, and implement machine-readable detection marks in generative AI outputs. The obligations cover providers of general-purpose AI models, deployers of emotion recognition and biometric categorisation systems, and entities producing AI-generated content on matters of public interest.