HB3506
ARTIFICIAL INTELLIGENCE SAFETY
TL;DR
Illinois HB3506, introduced by Rep. Daniel Didech, would require large AI developers (those spending $100M+ on training a foundation model) to publish detailed safety protocols, quarterly risk assessments, and annual third-party audits focused on catastrophic risks like bioweapons or mass cyberattacks. It also creates whistleblower protections for employees who report unsafe practices and allows the Attorney General to seek up to $1M in penalties per violation.
How This Might Impact Your Business
Only applies to 'large developers' that have spent at least $100 million training a foundation model, so this targets frontier AI labs (OpenAI, Anthropic, Google DeepMind, Meta, xAI) rather than typical enterprise AI users or startups.
Covered developers must publish a detailed safety and security protocol covering how they manage 'critical risks' (defined as foreseeable risks of 100+ deaths or $1B+ in damage from bioweapons, cyberattacks, criminal conduct, or loss of model control).
Risk assessment reports must be published every 90 days, and a reputable third-party auditor must produce a compliance report annually, with results published within 90 days.
Whistleblower protections bar developers with Illinois employees from restricting employee disclosures to government, law enforcement, or internal leadership about critical risk concerns; developers must also run an anonymous internal reporting channel with monthly status updates.
Civil penalties reach $1M per violation of the protocol or audit provisions, and the Attorney General can seek injunctions if activities pose imminent catastrophic harm.
Companies deploying foundation models built by covered developers should expect more transparency documentation to reference in their own vendor due diligence and enterprise risk reviews.
Records of tests, disclosures, and unredacted documents must be retained for 5 to 7 years and made available to the Attorney General on request.
What Should You Do
If your company trains foundation models at or near the $100M compute threshold, have legal and safety teams begin drafting a publishable safety and security protocol now, since compliance requires quarterly and annual public reporting cycles.
Enterprises that license frontier models should ask vendors whether they will fall under this Act and request copies of their published protocols and audit reports as part of procurement and vendor risk reviews.
Review employment agreements, NDAs, and internal reporting channels to ensure they do not restrict Illinois-based employees from reporting critical AI safety concerns, and set up an anonymous disclosure process with monthly status updates.
Identify qualified third-party AI auditors early, since demand for reputable auditors will spike if similar laws pass in other states (California SB 53 has comparable requirements).
Track this bill through the Illinois House Rules Committee and monitor co-sponsor additions as a signal of momentum.
Who It Affects
Sponsors
Status Timeline
introduced
Added Co-Sponsor Rep. Matt Hanson
February 7, 2025