104TH GENERAL ASSEMBLY
State of Illinois
2025 and 2026 HB3506 Introduced , by Rep. Daniel Didech SYNOPSIS AS INTRODUCED: New Act Creates the Artificial Intelligence Safety and Security Protocol Act. Provides that a developer shall produce, implement, follow, and conspicuously publish a safety and security protocol that includes specified information. Provides that, no less than every 90 days, a developer shall produce and conspicuously publish a risk assessment report that includes specified information. Provides that, at least once every calendar year, a developer shall retain a reputable third-party auditor to produce a report assessing whether the developer has complied with its safety and security protocol. Sets forth provisions on the redaction of sensitive information and whistleblower protections. Provides for civil penalties for violations on the Act. LRB104 12155 SPS 22255 b A BILL FOR 104TH GENERAL ASSEMBLY
State of Illinois
2025 and 2026 HB3506 Introduced , by Rep. Daniel Didech SYNOPSIS AS INTRODUCED: New Act New Act Creates the Artificial Intelligence Safety and Security Protocol Act. Provides that a developer shall produce, implement, follow, and conspicuously publish a safety and security protocol that includes specified information. Provides that, no less than every 90 days, a developer shall produce and conspicuously publish a risk assessment report that includes specified information. Provides that, at least once every calendar year, a developer shall retain a reputable third-party auditor to produce a report assessing whether the developer has complied with its safety and security protocol. Sets forth provisions on the redaction of sensitive information and whistleblower protections. Provides for civil penalties for violations on the Act. LRB104 12155 SPS 22255 b LRB104 12155 SPS 22255 b A BILL FOR
104TH GENERAL ASSEMBLY
State of Illinois
2025 and 2026 HB3506 Introduced , by Rep. Daniel Didech SYNOPSIS AS INTRODUCED:
New Act New Act
New Act
Creates the Artificial Intelligence Safety and Security Protocol Act. Provides that a developer shall produce, implement, follow, and conspicuously publish a safety and security protocol that includes specified information. Provides that, no less than every 90 days, a developer shall produce and conspicuously publish a risk assessment report that includes specified information. Provides that, at least once every calendar year, a developer shall retain a reputable third-party auditor to produce a report assessing whether the developer has complied with its safety and security protocol. Sets forth provisions on the redaction of sensitive information and whistleblower protections. Provides for civil penalties for violations on the Act.
LRB104 12155 SPS 22255 b LRB104 12155 SPS 22255 b
LRB104 12155 SPS 22255 b
A BILL FOR
HB3506LRB104 12155 SPS 22255 b HB3506 LRB104 12155 SPS 22255 b
HB3506 LRB104 12155 SPS 22255 b
1 AN ACT concerning business.
2 Be it enacted by the People of the State of Illinois,
3 represented in the General Assembly:
4 Section 1. Short title. This Act may be cited as the
5 Artificial Intelligence Safety and Security Protocol Act.
6 Section 5. Legislative findings and purpose. The General
7 Assembly finds and declares:
8 (a) Artificial intelligence, including new advances in
9 generative artificial intelligence, has the potential to
10 catalyze innovation and the rapid development of a wide range
11 of benefits for Illinoisans and the Illinois economy,
12 including advances in medicine, climate science, and
13 education, and to push the bounds of human creativity and
14 capacity.
15 (b) If not properly subject to human controls, future
16 development in artificial intelligence may also have the
17 potential to be used to create novel threats to public safety
18 and security, including by enabling the creation and the
19 proliferation of weapons of mass destruction, such as
20 biological, chemical, and nuclear weapons, as well as weapons
21 with cyber-offensive capabilities.
22 (c) If not properly subject to human controls, future
23 artificial intelligence models may be able to cause serious
104TH GENERAL ASSEMBLY
State of Illinois
2025 and 2026 HB3506 Introduced , by Rep. Daniel Didech SYNOPSIS AS INTRODUCED:
New Act New Act
New Act
Creates the Artificial Intelligence Safety and Security Protocol Act. Provides that a developer shall produce, implement, follow, and conspicuously publish a safety and security protocol that includes specified information. Provides that, no less than every 90 days, a developer shall produce and conspicuously publish a risk assessment report that includes specified information. Provides that, at least once every calendar year, a developer shall retain a reputable third-party auditor to produce a report assessing whether the developer has complied with its safety and security protocol. Sets forth provisions on the redaction of sensitive information and whistleblower protections. Provides for civil penalties for violations on the Act.
LRB104 12155 SPS 22255 b LRB104 12155 SPS 22255 b
LRB104 12155 SPS 22255 b
A BILL FOR
New Act
LRB104 12155 SPS 22255 b
HB3506 LRB104 12155 SPS 22255 b
HB3506- 2 -LRB104 12155 SPS 22255 b HB3506 - 2 - LRB104 12155 SPS 22255 b
HB3506 - 2 - LRB104 12155 SPS 22255 b
1 harm with limited human intervention.
2 (d) This State has an essential role in fostering
3 transparency, security, and reasonable care in the development
4 of the most powerful artificial intelligence systems, in order
5 to protect the safety, health, and economic interests of this
6 State.
7 (e) Actions taken by developers that reduce consumer
8 prices for access to foundation models, increase the ability
9 of artificial intelligence safety and security researchers to
10 conduct research, increase interoperability between foundation
11 models produced by different developers, improve the ability
12 for small businesses to use foundation models, and promote
13 privacy of user inputs to foundation models provide important
14 societal benefits.
15 Section 10. Definitions. As used in this Act:
16 "Artificial intelligence model" means an engineered or
17 machine-based system that varies in its level of autonomy and
18 that can, for explicit or implicit objectives, infer from the
19 input it receives how to generate outputs that can influence
20 physical or virtual environments.
21 "Critical risk" means a foreseeable and non-trivial risk
22 that a developer's development, storage, or deployment of a
23 foundation model will result in the death of, or serious
24 injury to, more than 100 people, or more than $1,000,000,000
25 in damage to rights in money or property, through any of the
HB3506 - 2 - LRB104 12155 SPS 22255 b
HB3506- 3 -LRB104 12155 SPS 22255 b HB3506 - 3 - LRB104 12155 SPS 22255 b
HB3506 - 3 - LRB104 12155 SPS 22255 b
1 following:
2 (1) the creation and release of a chemical,
3 biological, radiological, or nuclear weapon;
4 (2) a cyber-attack;
5 (3) engaging in conduct that, would, if committed by a
6 human, constitute a crime specified under the Criminal
7 Code of 2012 that requires intent, recklessness, or gross
8 negligence, or the solicitation or aiding and abetting of
9 the crime, if that conduct occurs with limited human
10 intervention; and
11 (4) evading the control of its developer or user.
12 For the purposes of this definition, a harm inflicted by
13 an intervening human actor does not result from the
14 developer's activities unless those activities make it
15 substantially easier or more likely for the actor to inflict
16 the harm.
17 "Deploy" means to use a foundation model or to make a
18 foundation model foreseeably available to one or more third
19 parties for use, modification, copying, or combination with
20 other software, except as reasonably necessary for developing
21 the foundation model or evaluating the foundation model or
22 other foundation models.
23 "Developer" means a person that has trained at least one
24 foundation model with a quantity of computational power that
25 costs at least $100,000,000 when measured using prevailing
26 market prices of cloud computing.
HB3506 - 3 - LRB104 12155 SPS 22255 b
HB3506- 4 -LRB104 12155 SPS 22255 b HB3506 - 4 - LRB104 12155 SPS 22255 b
HB3506 - 4 - LRB104 12155 SPS 22255 b
1 "Employee" means any individual permitted to work by a
2 developer. "Employee" includes any corporate officers of the
3 developer and any contractors, subcontractors, and unpaid
4 advisors involved with assessing, managing, or addressing the
5 risk of critical harm from covered models and covered model
6 derivatives.
7 "Foundation model" means an artificial intelligence model
8 that:
9 (1) is trained on a broad data set;
10 (2) uses self-supervision in the training process; and
11 (3) is applicable across a wide range of contexts.
12 "Safety and security protocol" means a set of documented
13 technical and organizational protocols used by a developer
14 that describes in detail:
15 (1) how the developer will manage critical risks;
16 (2) how, if at all, the developer excludes certain
17 foundation models from being covered by its safety and
18 security protocol when those foundation models pose
19 limited critical risks;
20 (3) thresholds at which critical risks would be deemed
21 intolerable and justifications for these thresholds and
22 what the developer will do if one or more thresholds are
23 surpassed;
24 (4) the testing and assessment procedures the
25 developer uses to investigate critical risks and how these
26 tests account for the possibility that a foundation model
HB3506 - 4 - LRB104 12155 SPS 22255 b
HB3506- 5 -LRB104 12155 SPS 22255 b HB3506 - 5 - LRB104 12155 SPS 22255 b
HB3506 - 5 - LRB104 12155 SPS 22255 b
1 could be misused, modified, or used to create another
2 foundation model;
3 (5) the procedure the developer will use to determine
4 whether and how to deploy a foundation model when doing so
5 poses critical risks;
6 (6) the physical, digital, and organizational security
7 protections the developer will implement to prevent
8 insiders or third parties from accessing foundation models
9 within the developer's control in a manner that is
10 unauthorized by the developer and could create critical
11 risk;
12 (7) any safeguards and risk mitigation measures the
13 developer uses to reduce critical risks from its
14 foundation models and how the developer assesses their
15 efficacy and limitations;
16 (8) how the developer will respond if a critical risk
17 materializes or is imminently about to materialize;
18 (9) the procedure that the developer uses to determine
19 whether to conduct additional assessments for critical
20 risk when it modifies or expands access to its foundation
21 models or combines its foundation models with other
22 software and how the assessments are conducted;
23 (10) the conditions under which the developer will
24 report incidents relevant to critical risk that have
25 occurred in connection with one or more of its foundation
26 models and the entities to which the developer will make
HB3506 - 5 - LRB104 12155 SPS 22255 b
HB3506- 6 -LRB104 12155 SPS 22255 b HB3506 - 6 - LRB104 12155 SPS 22255 b
HB3506 - 6 - LRB104 12155 SPS 22255 b
1 those reports;
2 (11) the conditions under which the developer may or
3 will make modifications to its safety and security
4 protocol;
5 (12) the parts of the safety and security protocol, if
6 any, that the developer believes provide sufficient
7 scientific detail to allow for the independent assessment
8 of the methods used to generate the results, evidence, and
9 analysis, and to which experts, if any, unredacted
10 versions are made available; and
11 (13) any other role, if any, financially disinterested
12 third parties play in the implementation of the other
13 items of this definition.
14 Section 15. Safety and Security Protocol.
15 (a) A developer shall produce, implement, follow, and
16 conspicuously publish a safety and security protocol. If a
17 developer makes a material modification to the safety and
18 security protocol, the developer shall conspicuously publish
19 those modifications no later than 30 days after the effective
20 date of those modifications.
21 (b) No less than every 90 days, a developer shall produce
22 and conspicuously publish a risk assessment report. The risk
23 assessment report shall cover the period between 120 and 30
24 days before the submission of the risk assessment report `and
25 include the following:
HB3506 - 6 - LRB104 12155 SPS 22255 b
HB3506- 7 -LRB104 12155 SPS 22255 b HB3506 - 7 - LRB104 12155 SPS 22255 b
HB3506 - 7 - LRB104 12155 SPS 22255 b
1 (1) the conclusion of any risk assessments made
2 pursuant to the developer's safety and security protocol
3 during the reporting period;
4 (2) if different from the preceding reporting period,
5 for each type of critical risk, an assessment of the
6 relevant capabilities in whichever of the developer's
7 foundation models, whether deployed or not, would pose the
8 highest level of that critical risk if deployed without
9 adequate safeguards and protections; and
10 (3) if the developer has deployed a foundation model
11 or a modified version of a foundation model during the
12 reporting, that would, if deployed without adequate
13 safeguards and protections, pose a higher level of
14 critical risk than any of the developer's existing
15 deployed foundation models:
16 (A) the grounds on which, and the process by
17 which, the developer decided to deploy the foundation
18 model; and
19 (B) any safeguards and protections implemented by
20 the developer to mitigate critical risks.
21 (c) A developer shall record and retain for a period of no
22 less than 5 years any specific tests used and test results
23 obtained as part of any assessments of critical risks,
24 including sufficient detail for qualified third parties to
25 replicate the testing.
26 (d) A developer shall not knowingly make false or
HB3506 - 7 - LRB104 12155 SPS 22255 b
HB3506- 8 -LRB104 12155 SPS 22255 b HB3506 - 8 - LRB104 12155 SPS 22255 b
HB3506 - 8 - LRB104 12155 SPS 22255 b
1 materially misleading statements or omissions in or regarding
2 documents produced under this Section.
3 Section 20. Redactions. If a developer publishes documents
4 in order to comply with this Act, the developer may make
5 redactions to those documents that are reasonably necessary to
6 protect the developer's trade secrets, public safety, or the
7 national security of the United States or to comply with any
8 federal or State law. If a developer redacts information in a
9 document, the developer shall:
10 (1) retain an unredacted version of the document for
11 at least 5 years and allow the Attorney General to inspect
12 the unredacted version of the document upon request; and
13 (2) describe the character and justification of the
14 redaction in any published version of the document, to the
15 extent permitted by the concerns that justify redaction.
16 Section 25. Audits.
17 (a) At least once every calendar year, a developer shall
18 retain a reputable third-party auditor to produce a report
19 assessing the following:
20 (1) whether the developer has complied with its safety
21 and security protocol and any instances of noncompliance
22 or ambiguous compliance;
23 (2) any instances where the developer's safety and
24 security protocol has not been stated clearly enough to
HB3506 - 8 - LRB104 12155 SPS 22255 b
HB3506- 9 -LRB104 12155 SPS 22255 b HB3506 - 9 - LRB104 12155 SPS 22255 b
HB3506 - 9 - LRB104 12155 SPS 22255 b
1 determine whether the developer has complied; and
2 (3) any instances where the auditor believes the
3 developer may have violated subsection (d) of Section 15
4 or Section 20.
5 (b) A developer shall allow the third-party auditor access
6 to all materials produced to comply with this Act and any other
7 materials reasonably necessary to perform the assessment
8 required under subsection (a).
9 (c) No later than 90 days after the completion of the
10 third-party auditor's report required under subsection (a),
11 the developer shall conspicuously publish the report.
12 Section 30. Whistleblower protections.
13 (a) The provisions of the Whistleblower Act shall apply to
14 this Act, except that the criminal penalties provided in the
15 Whistleblower Act shall not be assessed in reference to this
16 Act, in cases where an employee of a developer discloses
17 information to the Attorney General and the employee has
18 reasonable cause to believe that the information indicates
19 that the developer's activities pose unreasonable or
20 substantial critical risk.
21 (b) A developer shall provide a reasonable internal
22 process through which an employee may anonymously disclose
23 information to the developer if the employee believes in good
24 faith that information indicates that the developer's
25 activities present an unreasonable critical risk, including a
HB3506 - 9 - LRB104 12155 SPS 22255 b
HB3506- 10 -LRB104 12155 SPS 22255 b HB3506 - 10 - LRB104 12155 SPS 22255 b
HB3506 - 10 - LRB104 12155 SPS 22255 b
1 monthly update to the person who made the disclosure regarding
2 the status of the developer's investigation of the disclosure
3 and the actions taken by the developer in response to the
4 disclosure.
5 (c) The disclosures and responses of the process required
6 by this Section shall be maintained for a minimum of 7 years
7 after the date when the disclosure is made to the developer or
8 the response to the disclosure is made by the developer. Each
9 disclosure and response shall be shared with the officers and
10 directors of the developer who do not have a conflict of
11 interest no less frequently than once every fiscal quarter.
12 Section 35. Enforcement.
13 (a) The Attorney General may bring a civil action against
14 a developer that violates Sections 15 or 25. A developer found
15 guilty of violating Sections 15 or 25 may be assessed a civil
16 penalty not to exceed $1,000,000. In calculating the civil
17 penalty assessed under this subsection, a court shall consider
18 the severity of the violation and whether the violation
19 resulted in, or could have resulted in, the materialization of
20 a critical risk.
21 (b) The Attorney General may seek injunctive or
22 declaratory relief for any violation of this Act. The Attorney
23 General may seek injunctive relief if a developer's activities
24 present an imminent threat of catastrophic harm to the public.
25 (c) In determining whether a developer's act or omission
HB3506 - 10 - LRB104 12155 SPS 22255 b
HB3506- 11 -LRB104 12155 SPS 22255 b HB3506 - 11 - LRB104 12155 SPS 22255 b
HB3506 - 11 - LRB104 12155 SPS 22255 b
1 breached its common law duty to take reasonable care with
2 respect to critical risks, the following considerations are
3 relevant but not conclusive:
4 (1) the quality of the developer's safety and security
5 protocol and the extent of the developer's adherence to
6 it;
7 (2) whether, in quality and implementation, the
8 developer's investigation, documentation, evaluation, and
9 management of critical risks was inferior, comparable, or
10 superior to other developers of foundation models that may
11 pose comparable critical risk;
12 (3) the extent to which the developer responsibly
13 informed the public of critical risks posed by its
14 foundation models; and
15 (4) whether the societal benefit produced by the
16 developer's act or omission outweighed the associated
17 critical risk.
18 Section 40. Other duties required by law. The duties and
19 obligations imposed by this Act are cumulative with any other
20 duties or obligations imposed under other law and shall not be
21 construed to relieve any party from any duties or obligations
22 imposed under other law and do not limit any rights or remedies
23 under existing law.
24 Section 97. Severability. The provisions of this Act are
HB3506 - 11 - LRB104 12155 SPS 22255 b
HB3506- 12 -LRB104 12155 SPS 22255 b HB3506 - 12 - LRB104 12155 SPS 22255 b
HB3506 - 12 - LRB104 12155 SPS 22255 b
HB3506 - 12 - LRB104 12155 SPS 22255 b