HB3506 104TH GENERAL ASSEMBLY

104TH GENERAL ASSEMBLY State of Illinois 2025 and 2026
HB3506

Introduced 2/18/2025, by Rep. Daniel Didech

SYNOPSIS AS INTRODUCED:

New Act

Creates the Artificial Intelligence Safety and Security Protocol Act. Provides that a developer shall produce, implement, follow, and conspicuously publish a safety and security protocol that includes specified information. Provides that, no less than every 90 days, a developer shall produce and conspicuously publish a risk assessment report that includes specified information. Provides that, at least once every calendar year, a developer shall retain a reputable third-party auditor to produce a report assessing whether the developer has complied with its safety and security protocol. Sets forth provisions on the redaction of sensitive information and whistleblower protections. Provides for civil penalties for violations on the Act.

LRB104 12155 SPS 22255 b

A BILL FOR

HB3506

LRB104 12155 SPS 22255 b

1 AN ACT concerning business.

2 Be it enacted by the People of the State of Illinois,

3 represented in the General Assembly:

4 Section 1. Short title. This Act may be cited as the

5 Artificial Intelligence Safety and Security Protocol Act.

6 Section 5. Legislative findings and purpose. The General

7 Assembly finds and declares:

8 (a) Artificial intelligence, including new advances in

9 generative artificial intelligence, has the potential to

10 catalyze innovation and the rapid development of a wide range

11 of benefits for Illinoisans and the Illinois economy,

12 including advances in medicine, climate science, and

13 education, and to push the bounds of human creativity and

14 capacity.

15 (b) If not properly subject to human controls, future

16 development in artificial intelligence may also have the

17 potential to be used to create novel threats to public safety

18 and security, including by enabling the creation and the

19 proliferation of weapons of mass destruction, such as

20 biological, chemical, and nuclear weapons, as well as weapons

21 with cyber-offensive capabilities.

22 (c) If not properly subject to human controls, future

23 artificial intelligence models may be able to cause serious

HB3506

- 2 -

LRB104 12155 SPS 22255 b

1 harm with limited human intervention.

2 (d) This State has an essential role in fostering

3 transparency, security, and reasonable care in the development

4 of the most powerful artificial intelligence systems, in order

5 to protect the safety, health, and economic interests of this

6 State.

7 (e) Actions taken by developers that reduce consumer

8 prices for access to foundation models, increase the ability

9 of artificial intelligence safety and security researchers to

10 conduct research, increase interoperability between foundation

11 models produced by different developers, improve the ability

12 for small businesses to use foundation models, and promote

13 privacy of user inputs to foundation models provide important

14 societal benefits.

15 Section 10. Definitions. As used in this Act:

16 "Artificial intelligence model" means an engineered or

17 machine-based system that varies in its level of autonomy and

18 that can, for explicit or implicit objectives, infer from the

19 input it receives how to generate outputs that can influence

20 physical or virtual environments.

21 "Critical risk" means a foreseeable and non-trivial risk

22 that a developer's development, storage, or deployment of a

23 foundation model will result in the death of, or serious

24 injury to, more than 100 people, or more than $1,000,000,000

25 in damage to rights in money or property, through any of the

HB3506

- 3 -

LRB104 12155 SPS 22255 b

1 following:

2 (1) the creation and release of a chemical,

3 biological, radiological, or nuclear weapon;

4 (2) a cyber-attack;

5 (3) engaging in conduct that, would, if committed by a

6 human, constitute a crime specified under the Criminal

7 Code of 2012 that requires intent, recklessness, or gross

8 negligence, or the solicitation or aiding and abetting of

9 the crime, if that conduct occurs with limited human

10 intervention; and

11 (4) evading the control of its developer or user.

12 For the purposes of this definition, a harm inflicted by

13 an intervening human actor does not result from the

14 developer's activities unless those activities make it

15 substantially easier or more likely for the actor to inflict

16 the harm.

17 "Deploy" means to use a foundation model or to make a

18 foundation model foreseeably available to one or more third

19 parties for use, modification, copying, or combination with

20 other software, except as reasonably necessary for developing

21 the foundation model or evaluating the foundation model or

22 other foundation models.

23 "Developer" means a person that has trained at least one

24 foundation model with a quantity of computational power that

25 costs at least $100,000,000 when measured using prevailing

26 market prices of cloud computing.

HB3506

- 4 -

LRB104 12155 SPS 22255 b

1 "Employee" means any individual permitted to work by a

2 developer. "Employee" includes any corporate officers of the

3 developer and any contractors, subcontractors, and unpaid

4 advisors involved with assessing, managing, or addressing the

5 risk of critical harm from covered models and covered model

6 derivatives.

7 "Foundation model" means an artificial intelligence model

8 that:

9 (1) is trained on a broad data set;

10 (2) uses self-supervision in the training process; and

11 (3) is applicable across a wide range of contexts.

12 "Safety and security protocol" means a set of documented

13 technical and organizational protocols used by a developer

14 that describes in detail:

15 (1) how the developer will manage critical risks;

16 (2) how, if at all, the developer excludes certain

17 foundation models from being covered by its safety and

18 security protocol when those foundation models pose

19 limited critical risks;

20 (3) thresholds at which critical risks would be deemed

21 intolerable and justifications for these thresholds and

22 what the developer will do if one or more thresholds are

23 surpassed;

24 (4) the testing and assessment procedures the

25 developer uses to investigate critical risks and how these

26 tests account for the possibility that a foundation model

HB3506

- 5 -

LRB104 12155 SPS 22255 b

1 could be misused, modified, or used to create another

2 foundation model;

3 (5) the procedure the developer will use to determine

4 whether and how to deploy a foundation model when doing so

5 poses critical risks;

6 (6) the physical, digital, and organizational security

7 protections the developer will implement to prevent

8 insiders or third parties from accessing foundation models

9 within the developer's control in a manner that is

10 unauthorized by the developer and could create critical

11 risk;

12 (7) any safeguards and risk mitigation measures the

13 developer uses to reduce critical risks from its

14 foundation models and how the developer assesses their

15 efficacy and limitations;

16 (8) how the developer will respond if a critical risk

17 materializes or is imminently about to materialize;

18 (9) the procedure that the developer uses to determine

19 whether to conduct additional assessments for critical

20 risk when it modifies or expands access to its foundation

21 models or combines its foundation models with other

22 software and how the assessments are conducted;

23 (10) the conditions under which the developer will

24 report incidents relevant to critical risk that have

25 occurred in connection with one or more of its foundation

26 models and the entities to which the developer will make

HB3506

- 6 -

LRB104 12155 SPS 22255 b

1 those reports;

2 (11) the conditions under which the developer may or

3 will make modifications to its safety and security

4 protocol;

5 (12) the parts of the safety and security protocol, if

6 any, that the developer believes provide sufficient

7 scientific detail to allow for the independent assessment

8 of the methods used to generate the results, evidence, and

9 analysis, and to which experts, if any, unredacted

10 versions are made available; and

11 (13) any other role, if any, financially disinterested

12 third parties play in the implementation of the other

13 items of this definition.

14 Section 15. Safety and Security Protocol.

15 (a) A developer shall produce, implement, follow, and

16 conspicuously publish a safety and security protocol. If a

17 developer makes a material modification to the safety and

18 security protocol, the developer shall conspicuously publish

19 those modifications no later than 30 days after the effective

20 date of those modifications.

21 (b) No less than every 90 days, a developer shall produce

22 and conspicuously publish a risk assessment report. The risk

23 assessment report shall cover the period between 120 and 30

24 days before the submission of the risk assessment report `and

25 include the following:

HB3506

- 7 -

LRB104 12155 SPS 22255 b

1 (1) the conclusion of any risk assessments made

2 pursuant to the developer's safety and security protocol

3 during the reporting period;

4 (2) if different from the preceding reporting period,

5 for each type of critical risk, an assessment of the

6 relevant capabilities in whichever of the developer's

7 foundation models, whether deployed or not, would pose the

8 highest level of that critical risk if deployed without

9 adequate safeguards and protections; and

10 (3) if the developer has deployed a foundation model

11 or a modified version of a foundation model during the

12 reporting, that would, if deployed without adequate

13 safeguards and protections, pose a higher level of

14 critical risk than any of the developer's existing

15 deployed foundation models:

16 (A) the grounds on which, and the process by

17 which, the developer decided to deploy the foundation

18 model; and

19 (B) any safeguards and protections implemented by

20 the developer to mitigate critical risks.

21 (c) A developer shall record and retain for a period of no

22 less than 5 years any specific tests used and test results

23 obtained as part of any assessments of critical risks,

24 including sufficient detail for qualified third parties to

25 replicate the testing.

26 (d) A developer shall not knowingly make false or

HB3506

- 8 -

LRB104 12155 SPS 22255 b

1 materially misleading statements or omissions in or regarding

2 documents produced under this Section.

3 Section 20. Redactions. If a developer publishes documents

4 in order to comply with this Act, the developer may make

5 redactions to those documents that are reasonably necessary to

6 protect the developer's trade secrets, public safety, or the

7 national security of the United States or to comply with any

8 federal or State law. If a developer redacts information in a

9 document, the developer shall:

10 (1) retain an unredacted version of the document for

11 at least 5 years and allow the Attorney General to inspect

12 the unredacted version of the document upon request; and

13 (2) describe the character and justification of the

14 redaction in any published version of the document, to the

15 extent permitted by the concerns that justify redaction.

16 Section 25. Audits.

17 (a) At least once every calendar year, a developer shall

18 retain a reputable third-party auditor to produce a report

19 assessing the following:

20 (1) whether the developer has complied with its safety

21 and security protocol and any instances of noncompliance

22 or ambiguous compliance;

23 (2) any instances where the developer's safety and

24 security protocol has not been stated clearly enough to

HB3506

- 9 -

LRB104 12155 SPS 22255 b

1 determine whether the developer has complied; and

2 (3) any instances where the auditor believes the

3 developer may have violated subsection (d) of Section 15

4 or Section 20.

5 (b) A developer shall allow the third-party auditor access

6 to all materials produced to comply with this Act and any other

7 materials reasonably necessary to perform the assessment

8 required under subsection (a).

9 (c) No later than 90 days after the completion of the

10 third-party auditor's report required under subsection (a),

11 the developer shall conspicuously publish the report.

12 Section 30. Whistleblower protections.

13 (a) The provisions of the Whistleblower Act shall apply to

14 this Act, except that the criminal penalties provided in the

15 Whistleblower Act shall not be assessed in reference to this

16 Act, in cases where an employee of a developer discloses

17 information to the Attorney General and the employee has

18 reasonable cause to believe that the information indicates

19 that the developer's activities pose unreasonable or

20 substantial critical risk.

21 (b) A developer shall provide a reasonable internal

22 process through which an employee may anonymously disclose

23 information to the developer if the employee believes in good

24 faith that information indicates that the developer's

25 activities present an unreasonable critical risk, including a

HB3506

- 10 -

LRB104 12155 SPS 22255 b

1 monthly update to the person who made the disclosure regarding

2 the status of the developer's investigation of the disclosure

3 and the actions taken by the developer in response to the

4 disclosure.

5 (c) The disclosures and responses of the process required

6 by this Section shall be maintained for a minimum of 7 years

7 after the date when the disclosure is made to the developer or

8 the response to the disclosure is made by the developer. Each

9 disclosure and response shall be shared with the officers and

10 directors of the developer who do not have a conflict of

11 interest no less frequently than once every fiscal quarter.

12 Section 35. Enforcement.

13 (a) The Attorney General may bring a civil action against

14 a developer that violates Sections 15 or 25. A developer found

15 guilty of violating Sections 15 or 25 may be assessed a civil

16 penalty not to exceed $1,000,000. In calculating the civil

17 penalty assessed under this subsection, a court shall consider

18 the severity of the violation and whether the violation

19 resulted in, or could have resulted in, the materialization of

20 a critical risk.

21 (b) The Attorney General may seek injunctive or

22 declaratory relief for any violation of this Act. The Attorney

23 General may seek injunctive relief if a developer's activities

24 present an imminent threat of catastrophic harm to the public.

25 (c) In determining whether a developer's act or omission

HB3506

- 11 -

LRB104 12155 SPS 22255 b

1 breached its common law duty to take reasonable care with

2 respect to critical risks, the following considerations are

3 relevant but not conclusive:

4 (1) the quality of the developer's safety and security

5 protocol and the extent of the developer's adherence to

6 it;

7 (2) whether, in quality and implementation, the

8 developer's investigation, documentation, evaluation, and

9 management of critical risks was inferior, comparable, or

10 superior to other developers of foundation models that may

11 pose comparable critical risk;

12 (3) the extent to which the developer responsibly

13 informed the public of critical risks posed by its

14 foundation models; and

15 (4) whether the societal benefit produced by the

16 developer's act or omission outweighed the associated

17 critical risk.

18 Section 40. Other duties required by law. The duties and

19 obligations imposed by this Act are cumulative with any other

20 duties or obligations imposed under other law and shall not be

21 construed to relieve any party from any duties or obligations

22 imposed under other law and do not limit any rights or remedies

23 under existing law.

24 Section 97. Severability. The provisions of this Act are

HB3506

- 12 -

LRB104 12155 SPS 22255 b

1 severable under Section 1.31 of the Statute on Statutes.