WHAT THIS BILL REGULATES · 5 REQUIREMENT TYPES
How Is This Bill Enforced
Verbatim statutory text on the left; plain-language analysis and a per-section checklist on the right. Numbered markers cross-link to the matching checklist row.
(a)–(e) Artificial intelligence, including new advances in generative artificial intelligence, has the potential to catalyze innovation and the rapid development of a wide range of benefits for Illinoisans and the Illinois economy, including advances in medicine, climate science, and education, and to push the bounds of human creativity and capacity. (b) If not properly subject to human controls, future development in artificial intelligence may also have the potential to be used to create novel threats to public safety and security, including by enabling the creation and the proliferation of weapons of mass destruction, such as biological, chemical, and nuclear weapons, as well as weapons with cyber-offensive capabilities. (c) If not properly subject to human controls, future artificial intelligence modelsArtificial intelligence model"Artificial intelligence model" means an engineered or machine-based system that varies in its level of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments.Section 10 may be able to cause serious harm with limited human intervention. (d) This State has an essential role in fostering transparency, security, and reasonable care in the development of the most powerful artificial intelligence systems, in order to protect the safety, health, and economic interests of this State. (e) Actions taken by developersDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 that reduce consumer prices for access to foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10, increase the ability of artificial intelligence safety and security researchers to conduct research, increase interoperability between foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 produced by different developersDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10, improve the ability for small businesses to use foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10, and promote privacy of user inputs to foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 provide important societal benefits.
Section 5 sets out the General Assembly's legislative findings and purpose, recognizing both the benefits and risks of AI — particularly frontier foundation models that could enable weapons of mass destruction or autonomous harmful conduct. These findings provide interpretive context for the Act's obligations but impose no independent compliance duties.
As used in this Act: "Artificial intelligence modelArtificial intelligence model"Artificial intelligence model" means an engineered or machine-based system that varies in its level of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments.Section 10" means an engineered or machine-based system that varies in its level of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments. "Critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10" means a foreseeable and non-trivial risk that a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's development, storage, or deployment of a foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 or user. "DeployDeploy"Deploy" means to use a foundation model or to make a foundation model foreseeably available to one or more third parties for use, modification, copying, or combination with other software, except as reasonably necessary for developing the foundation model or evaluating the foundation model or other foundation models.Section 10" means to use a foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 or to make a foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 foreseeably available to one or more third parties for use, modification, copying, or combination with other software, except as reasonably necessary for developing the foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 or evaluating the foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 or other foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10. "DeveloperDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10" means a person that has trained at least one foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing. "EmployeeEmployee"Employee" means any individual permitted to work by a developer. "Employee" includes any corporate officers of the developer and any contractors, subcontractors, and unpaid advisors involved with assessing, managing, or addressing the risk of critical harm from covered models and covered model derivatives.Section 10" means any individual permitted to work by a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10. "Foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10" means an artificial intelligence modelArtificial intelligence model"Artificial intelligence model" means an engineered or machine-based system that varies in its level of autonomy and that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments.Section 10 that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts. "Safety and security protocolSafety and security protocol"Safety and security protocol" means a set of documented technical and organizational protocols used by a developer that describes in detail: (1) how the developer will manage critical risks; (2) how, if at all, the developer excludes certain foundation models from being covered by its safety and security protocol when those foundation models pose limited critical risks; (3) thresholds at which critical risks would be deemed intolerable and justifications for these thresholds and what the developer will do if one or more thresholds are surpassed; (4) the testing and assessment procedures the developer uses to investigate critical risks and how these tests account for the possibility that a foundation model could be misused, modified, or used to create another foundation model; (5) the procedure the developer will use to determine whether and how to deploy a foundation model when doing so poses critical risks; (6) the physical, digital, and organizational security protections the developer will implement to prevent insiders or third parties from accessing foundation models within the developer's control in a manner that is unauthorized by the developer and could create critical risk; (7) any safeguards and risk mitigation measures the developer uses to reduce critical risks from its foundation models and how the developer assesses their efficacy and limitations; (8) how the developer will respond if a critical risk materializes or is imminently about to materialize; (9) the procedure that the developer uses to determine whether to conduct additional assessments for critical risk when it modifies or expands access to its foundation models or combines its foundation models with other software and how the assessments are conducted; (10) the conditions under which the developer will report incidents relevant to critical risk that have occurred in connection with one or more of its foundation models and the entities to which the developer will make those reports; (11) the conditions under which the developer may or will make modifications to its safety and security protocol; (12) the parts of the safety and security protocol, if any, that the developer believes provide sufficient scientific detail to allow for the independent assessment of the methods used to generate the results, evidence, and analysis, and to which experts, if any, unredacted versions are made available; and (13) any other role, if any, financially disinterested third parties play in the implementation of the other items of this definition.Section 10" means a set of documented technical and organizational protocols used by a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10.
Section 10 defines the key terms used throughout the Act. The most consequential definitions are Developer — limited to persons that have trained at least one foundation model at a compute cost of at least $100 million — and Critical risk, which sets a mass-casualty or $1 billion property-damage threshold tied to CBRN weapons, cyber-attacks, autonomous criminal conduct, or loss of developer control. The Foundation model definition uses a functional three-part test (broad training data, self-supervision, wide applicability) rather than a compute threshold. The Safety and security protocol definition is itself a substantive 13-element specification that shapes the obligations in Section 15.
(a) 1 A developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall produce, implement, follow, and conspicuously publish a safety and security protocolSafety and security protocol"Safety and security protocol" means a set of documented technical and organizational protocols used by a developer that describes in detail: (1) how the developer will manage critical risks; (2) how, if at all, the developer excludes certain foundation models from being covered by its safety and security protocol when those foundation models pose limited critical risks; (3) thresholds at which critical risks would be deemed intolerable and justifications for these thresholds and what the developer will do if one or more thresholds are surpassed; (4) the testing and assessment procedures the developer uses to investigate critical risks and how these tests account for the possibility that a foundation model could be misused, modified, or used to create another foundation model; (5) the procedure the developer will use to determine whether and how to deploy a foundation model when doing so poses critical risks; (6) the physical, digital, and organizational security protections the developer will implement to prevent insiders or third parties from accessing foundation models within the developer's control in a manner that is unauthorized by the developer and could create critical risk; (7) any safeguards and risk mitigation measures the developer uses to reduce critical risks from its foundation models and how the developer assesses their efficacy and limitations; (8) how the developer will respond if a critical risk materializes or is imminently about to materialize; (9) the procedure that the developer uses to determine whether to conduct additional assessments for critical risk when it modifies or expands access to its foundation models or combines its foundation models with other software and how the assessments are conducted; (10) the conditions under which the developer will report incidents relevant to critical risk that have occurred in connection with one or more of its foundation models and the entities to which the developer will make those reports; (11) the conditions under which the developer may or will make modifications to its safety and security protocol; (12) the parts of the safety and security protocol, if any, that the developer believes provide sufficient scientific detail to allow for the independent assessment of the methods used to generate the results, evidence, and analysis, and to which experts, if any, unredacted versions are made available; and (13) any other role, if any, financially disinterested third parties play in the implementation of the other items of this definition.Section 10. If a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 makes a material modification to the safety and security protocolSafety and security protocol"Safety and security protocol" means a set of documented technical and organizational protocols used by a developer that describes in detail: (1) how the developer will manage critical risks; (2) how, if at all, the developer excludes certain foundation models from being covered by its safety and security protocol when those foundation models pose limited critical risks; (3) thresholds at which critical risks would be deemed intolerable and justifications for these thresholds and what the developer will do if one or more thresholds are surpassed; (4) the testing and assessment procedures the developer uses to investigate critical risks and how these tests account for the possibility that a foundation model could be misused, modified, or used to create another foundation model; (5) the procedure the developer will use to determine whether and how to deploy a foundation model when doing so poses critical risks; (6) the physical, digital, and organizational security protections the developer will implement to prevent insiders or third parties from accessing foundation models within the developer's control in a manner that is unauthorized by the developer and could create critical risk; (7) any safeguards and risk mitigation measures the developer uses to reduce critical risks from its foundation models and how the developer assesses their efficacy and limitations; (8) how the developer will respond if a critical risk materializes or is imminently about to materialize; (9) the procedure that the developer uses to determine whether to conduct additional assessments for critical risk when it modifies or expands access to its foundation models or combines its foundation models with other software and how the assessments are conducted; (10) the conditions under which the developer will report incidents relevant to critical risk that have occurred in connection with one or more of its foundation models and the entities to which the developer will make those reports; (11) the conditions under which the developer may or will make modifications to its safety and security protocol; (12) the parts of the safety and security protocol, if any, that the developer believes provide sufficient scientific detail to allow for the independent assessment of the methods used to generate the results, evidence, and analysis, and to which experts, if any, unredacted versions are made available; and (13) any other role, if any, financially disinterested third parties play in the implementation of the other items of this definition.Section 10, the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall conspicuously publish those modifications no later than 30 days after the effective date of those modifications.
(b) 2 No less than every 90 days, a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall produce and conspicuously publish a risk assessment report. The risk assessment report shall cover the period between 120 and 30 days before the submission of the risk assessment report and include the following: (1) the conclusion of any risk assessments made pursuant to the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's safety and security protocolSafety and security protocol"Safety and security protocol" means a set of documented technical and organizational protocols used by a developer that describes in detail: (1) how the developer will manage critical risks; (2) how, if at all, the developer excludes certain foundation models from being covered by its safety and security protocol when those foundation models pose limited critical risks; (3) thresholds at which critical risks would be deemed intolerable and justifications for these thresholds and what the developer will do if one or more thresholds are surpassed; (4) the testing and assessment procedures the developer uses to investigate critical risks and how these tests account for the possibility that a foundation model could be misused, modified, or used to create another foundation model; (5) the procedure the developer will use to determine whether and how to deploy a foundation model when doing so poses critical risks; (6) the physical, digital, and organizational security protections the developer will implement to prevent insiders or third parties from accessing foundation models within the developer's control in a manner that is unauthorized by the developer and could create critical risk; (7) any safeguards and risk mitigation measures the developer uses to reduce critical risks from its foundation models and how the developer assesses their efficacy and limitations; (8) how the developer will respond if a critical risk materializes or is imminently about to materialize; (9) the procedure that the developer uses to determine whether to conduct additional assessments for critical risk when it modifies or expands access to its foundation models or combines its foundation models with other software and how the assessments are conducted; (10) the conditions under which the developer will report incidents relevant to critical risk that have occurred in connection with one or more of its foundation models and the entities to which the developer will make those reports; (11) the conditions under which the developer may or will make modifications to its safety and security protocol; (12) the parts of the safety and security protocol, if any, that the developer believes provide sufficient scientific detail to allow for the independent assessment of the methods used to generate the results, evidence, and analysis, and to which experts, if any, unredacted versions are made available; and (13) any other role, if any, financially disinterested third parties play in the implementation of the other items of this definition.Section 10 during the reporting period; (2) if different from the preceding reporting period, for each type of critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10, an assessment of the relevant capabilities in whichever of the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10, whether deployed or not, would pose the highest level of that critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10 if deployed without adequate safeguards and protections; and (3) if the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 has deployed a foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 or a modified version of a foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 during the reporting, that would, if deployed without adequate safeguards and protections, pose a higher level of critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10 than any of the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's existing deployed foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10: (A) the grounds on which, and the process by which, the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 decided to deployDeploy"Deploy" means to use a foundation model or to make a foundation model foreseeably available to one or more third parties for use, modification, copying, or combination with other software, except as reasonably necessary for developing the foundation model or evaluating the foundation model or other foundation models.Section 10 the foundation modelFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10; and (B) any safeguards and protections implemented by the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 to mitigate critical risksCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10.
(c) 3 A developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall record and retain for a period of no less than 5 years any specific tests used and test results obtained as part of any assessments of critical risksCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10, including sufficient detail for qualified third parties to replicate the testing.
(d) 4 A developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall not knowingly make false or materially misleading statements or omissions in or regarding documents produced under this Section.
Section 15 is the Act's core operative section, imposing four distinct obligations on developers. First, developers must produce, implement, follow, and conspicuously publish a safety and security protocol meeting the 13-element specification defined in Section 10, and publish material modifications within 30 days. Second, developers must produce and publish a risk assessment report at least every 90 days, covering critical risk assessments, model capability evaluations, and deployment rationale for newly deployed models posing elevated risk. Third, developers must retain all test data and results for at least 5 years with sufficient detail for third-party replication. Fourth, developers must not knowingly make false or materially misleading statements in documents produced under this section.
5 If a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 publishes documents in order to comply with this Act, the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 may make redactions to those documents that are reasonably necessary to protect the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's trade secrets, public safety, or the national security of the United States or to comply with any federal or State law. If a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 redacts information in a document, the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall: (1) retain an unredacted version of the document for at least 5 years and allow the Attorney General to inspect the unredacted version of the document upon request; and (2) describe the character and justification of the redaction in any published version of the document, to the extent permitted by the concerns that justify redaction.
Section 20 permits developers to redact information from published documents when reasonably necessary to protect trade secrets, public safety, U.S. national security, or to comply with federal or state law. The redaction permission is conditioned on two requirements: the developer must retain an unredacted version for at least 5 years and make it available to the Attorney General on request, and the published version must describe the character and justification of each redaction to the extent permitted by the underlying concerns.
(a) 6 At least once every calendar year, a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall retain a reputable third-party auditor to produce a report assessing the following: (1) whether the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 has complied with its safety and security protocolSafety and security protocol"Safety and security protocol" means a set of documented technical and organizational protocols used by a developer that describes in detail: (1) how the developer will manage critical risks; (2) how, if at all, the developer excludes certain foundation models from being covered by its safety and security protocol when those foundation models pose limited critical risks; (3) thresholds at which critical risks would be deemed intolerable and justifications for these thresholds and what the developer will do if one or more thresholds are surpassed; (4) the testing and assessment procedures the developer uses to investigate critical risks and how these tests account for the possibility that a foundation model could be misused, modified, or used to create another foundation model; (5) the procedure the developer will use to determine whether and how to deploy a foundation model when doing so poses critical risks; (6) the physical, digital, and organizational security protections the developer will implement to prevent insiders or third parties from accessing foundation models within the developer's control in a manner that is unauthorized by the developer and could create critical risk; (7) any safeguards and risk mitigation measures the developer uses to reduce critical risks from its foundation models and how the developer assesses their efficacy and limitations; (8) how the developer will respond if a critical risk materializes or is imminently about to materialize; (9) the procedure that the developer uses to determine whether to conduct additional assessments for critical risk when it modifies or expands access to its foundation models or combines its foundation models with other software and how the assessments are conducted; (10) the conditions under which the developer will report incidents relevant to critical risk that have occurred in connection with one or more of its foundation models and the entities to which the developer will make those reports; (11) the conditions under which the developer may or will make modifications to its safety and security protocol; (12) the parts of the safety and security protocol, if any, that the developer believes provide sufficient scientific detail to allow for the independent assessment of the methods used to generate the results, evidence, and analysis, and to which experts, if any, unredacted versions are made available; and (13) any other role, if any, financially disinterested third parties play in the implementation of the other items of this definition.Section 10 and any instances of noncompliance or ambiguous compliance; (2) any instances where the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's safety and security protocolSafety and security protocol"Safety and security protocol" means a set of documented technical and organizational protocols used by a developer that describes in detail: (1) how the developer will manage critical risks; (2) how, if at all, the developer excludes certain foundation models from being covered by its safety and security protocol when those foundation models pose limited critical risks; (3) thresholds at which critical risks would be deemed intolerable and justifications for these thresholds and what the developer will do if one or more thresholds are surpassed; (4) the testing and assessment procedures the developer uses to investigate critical risks and how these tests account for the possibility that a foundation model could be misused, modified, or used to create another foundation model; (5) the procedure the developer will use to determine whether and how to deploy a foundation model when doing so poses critical risks; (6) the physical, digital, and organizational security protections the developer will implement to prevent insiders or third parties from accessing foundation models within the developer's control in a manner that is unauthorized by the developer and could create critical risk; (7) any safeguards and risk mitigation measures the developer uses to reduce critical risks from its foundation models and how the developer assesses their efficacy and limitations; (8) how the developer will respond if a critical risk materializes or is imminently about to materialize; (9) the procedure that the developer uses to determine whether to conduct additional assessments for critical risk when it modifies or expands access to its foundation models or combines its foundation models with other software and how the assessments are conducted; (10) the conditions under which the developer will report incidents relevant to critical risk that have occurred in connection with one or more of its foundation models and the entities to which the developer will make those reports; (11) the conditions under which the developer may or will make modifications to its safety and security protocol; (12) the parts of the safety and security protocol, if any, that the developer believes provide sufficient scientific detail to allow for the independent assessment of the methods used to generate the results, evidence, and analysis, and to which experts, if any, unredacted versions are made available; and (13) any other role, if any, financially disinterested third parties play in the implementation of the other items of this definition.Section 10 has not been stated clearly enough to determine whether the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 has complied; and (3) any instances where the auditor believes the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 may have violated subsection (d) of Section 15 or Section 20.
(b) 6 A developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall allow the third-party auditor access to all materials produced to comply with this Act and any other materials reasonably necessary to perform the assessment required under subsection (a).
(c) 6 No later than 90 days after the completion of the third-party auditor's report required under subsection (a), the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall conspicuously publish the report.
Section 25 requires developers to retain a reputable third-party auditor at least annually to assess compliance with the developer's safety and security protocol. The audit scope covers three areas: compliance with the protocol (including instances of noncompliance or ambiguous compliance), protocol clarity (identifying where the protocol is insufficiently clear to determine compliance), and potential violations of the truthfulness and redaction requirements in Sections 15(d) and 20. Developers must grant auditors access to all compliance materials. The audit report must be conspicuously published within 90 days of completion.
(a) 7 The provisions of the Whistleblower Act shall apply to this Act, except that the criminal penalties provided in the Whistleblower Act shall not be assessed in reference to this Act, in cases where an employee of a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 discloses information to the Attorney General and the employeeEmployee"Employee" means any individual permitted to work by a developer. "Employee" includes any corporate officers of the developer and any contractors, subcontractors, and unpaid advisors involved with assessing, managing, or addressing the risk of critical harm from covered models and covered model derivatives.Section 10 has reasonable cause to believe that the information indicates that the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's activities pose unreasonable or substantial critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10.
(b) 8 A developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 shall provide a reasonable internal process through which an employeeEmployee"Employee" means any individual permitted to work by a developer. "Employee" includes any corporate officers of the developer and any contractors, subcontractors, and unpaid advisors involved with assessing, managing, or addressing the risk of critical harm from covered models and covered model derivatives.Section 10 may anonymously disclose information to the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 if the employeeEmployee"Employee" means any individual permitted to work by a developer. "Employee" includes any corporate officers of the developer and any contractors, subcontractors, and unpaid advisors involved with assessing, managing, or addressing the risk of critical harm from covered models and covered model derivatives.Section 10 believes in good faith that information indicates that the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's activities present an unreasonable critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10, including a monthly update to the person who made the disclosure regarding the status of the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's investigation of the disclosure and the actions taken by the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 in response to the disclosure.
(c) 9 The disclosures and responses of the process required by this Section shall be maintained for a minimum of 7 years after the date when the disclosure is made to the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 or the response to the disclosure is made by the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10. Each disclosure and response shall be shared with the officers and directors of the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 who do not have a conflict of interest no less frequently than once every fiscal quarter.
Section 30 establishes whistleblower protections in two tiers. First, it incorporates the Illinois Whistleblower Act's civil protections (but not criminal penalties) for employees who disclose to the Attorney General information they reasonably believe indicates the developer's activities pose unreasonable or substantial critical risk. Second, it requires developers to provide an internal anonymous disclosure process with monthly status updates to the disclosing employee. All disclosures and responses must be retained for at least 7 years and shared quarterly with non-conflicted officers and directors.
(a) The Attorney General may bring a civil action against a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 that violates Sections 15 or 25. A developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 found guilty of violating Sections 15 or 25 may be assessed a civil penalty not to exceed $1,000,000. In calculating the civil penalty assessed under this subsection, a court shall consider the severity of the violation and whether the violation resulted in, or could have resulted in, the materialization of a critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10.
(b) The Attorney General may seek injunctive or declaratory relief for any violation of this Act. The Attorney General may seek injunctive relief if a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's activities present an imminent threat of catastrophic harm to the public.
(c) In determining whether a developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's act or omission breached its common law duty to take reasonable care with respect to critical risksCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10, the following considerations are relevant but not conclusive: (1) the quality of the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's safety and security protocolSafety and security protocol"Safety and security protocol" means a set of documented technical and organizational protocols used by a developer that describes in detail: (1) how the developer will manage critical risks; (2) how, if at all, the developer excludes certain foundation models from being covered by its safety and security protocol when those foundation models pose limited critical risks; (3) thresholds at which critical risks would be deemed intolerable and justifications for these thresholds and what the developer will do if one or more thresholds are surpassed; (4) the testing and assessment procedures the developer uses to investigate critical risks and how these tests account for the possibility that a foundation model could be misused, modified, or used to create another foundation model; (5) the procedure the developer will use to determine whether and how to deploy a foundation model when doing so poses critical risks; (6) the physical, digital, and organizational security protections the developer will implement to prevent insiders or third parties from accessing foundation models within the developer's control in a manner that is unauthorized by the developer and could create critical risk; (7) any safeguards and risk mitigation measures the developer uses to reduce critical risks from its foundation models and how the developer assesses their efficacy and limitations; (8) how the developer will respond if a critical risk materializes or is imminently about to materialize; (9) the procedure that the developer uses to determine whether to conduct additional assessments for critical risk when it modifies or expands access to its foundation models or combines its foundation models with other software and how the assessments are conducted; (10) the conditions under which the developer will report incidents relevant to critical risk that have occurred in connection with one or more of its foundation models and the entities to which the developer will make those reports; (11) the conditions under which the developer may or will make modifications to its safety and security protocol; (12) the parts of the safety and security protocol, if any, that the developer believes provide sufficient scientific detail to allow for the independent assessment of the methods used to generate the results, evidence, and analysis, and to which experts, if any, unredacted versions are made available; and (13) any other role, if any, financially disinterested third parties play in the implementation of the other items of this definition.Section 10 and the extent of the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's adherence to it; (2) whether, in quality and implementation, the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's investigation, documentation, evaluation, and management of critical risksCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10 was inferior, comparable, or superior to other developersDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 of foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10 that may pose comparable critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10; (3) the extent to which the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10 responsibly informed the public of critical risksCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10 posed by its foundation modelsFoundation model"Foundation model" means an artificial intelligence model that: (1) is trained on a broad data set; (2) uses self-supervision in the training process; and (3) is applicable across a wide range of contexts.Section 10; and (4) whether the societal benefit produced by the developerDeveloper"Developer" means a person that has trained at least one foundation model with a quantity of computational power that costs at least $100,000,000 when measured using prevailing market prices of cloud computing.Section 10's act or omission outweighed the associated critical riskCritical risk"Critical risk" means a foreseeable and non-trivial risk that a developer's development, storage, or deployment of a foundation model will result in the death of, or serious injury to, more than 100 people, or more than $1,000,000,000 in damage to rights in money or property, through any of the following: (1) the creation and release of a chemical, biological, radiological, or nuclear weapon; (2) a cyber-attack; (3) engaging in conduct that, would, if committed by a human, constitute a crime specified under the Criminal Code of 2012 that requires intent, recklessness, or gross negligence, or the solicitation or aiding and abetting of the crime, if that conduct occurs with limited human intervention; and (4) evading the control of its developer or user. For the purposes of this definition, a harm inflicted by an intervening human actor does not result from the developer's activities unless those activities make it substantially easier or more likely for the actor to inflict the harm.Section 10.
Section 35 vests enforcement authority exclusively in the Attorney General, who may bring civil actions for violations of Sections 15 (safety and security protocol) or 25 (audits), with penalties up to $1,000,000 per violation. The court must consider both the severity of the violation and whether it resulted in or could have resulted in a critical risk materializing. The Attorney General may also seek injunctive or declaratory relief for any violation of the Act, and injunctive relief specifically when a developer's activities present an imminent threat of catastrophic harm. Subsection (c) provides common-law duty of reasonable care guidance, listing four non-conclusive factors courts should consider when evaluating breach.
The duties and obligations imposed by this Act are cumulative with any other duties or obligations imposed under other law and shall not be construed to relieve any party from any duties or obligations imposed under other law and do not limit any rights or remedies under existing law.
Section 40 is a cumulative-duties savings clause confirming that the Act's obligations are additive — they do not displace or limit any existing duties, obligations, rights, or remedies under other law.
The provisions of this Act are severable under Section 1.31 of the Statute on Statutes.
Standard severability clause incorporating Section 1.31 of the Statute on Statutes. Creates no independent compliance obligation.