Top Stories

1. Illinois Signs Frontier AI Audits Into Law, Joining California and New York

July 6, 2026

Illinois Governor JB Pritzker signed Senate Bill 315, the Artificial Intelligence Safety Measures Act, on July 6, 2026, establishing what his office described as the nation’s strongest AI safety and accountability framework. The bipartisan law targets large-scale AI model developers generating more than $500 million in annual revenue – the same threshold used in New York’s RAISE Act – and imposes four core obligations: publishing a framework for identifying and assessing catastrophic risk (defined as incidents that could cause death or serious injury to more than 50 people, or more than $1 million in property damage); annual independent third-party audits of that framework, the first such requirement in any US state; reporting AI safety incidents to the state within 72 hours of identifying them, or within 24 hours if an incident poses imminent risk of death or serious physical injury; and whistleblower protections for employees who raise safety concerns. The law takes effect January 1, 2027.

Capitol News Illinois and WTTW report the law passed the Illinois General Assembly with bipartisan support. The Transparency Coalition noted that Illinois, California, and New York together account for roughly 40 percent of the US AI market, making the three states’ overlapping frontier-AI obligations functionally a de facto national standard. Illinois SB 315’s January 1, 2027 effective date aligns exactly with Colorado’s ADMT notice regime (SB 26-189) and New York’s RAISE Act – three very different state models all landing on the same day.

Why it matters: Illinois SB 315 closes the most significant gap in the existing state AI safety framework: required independent verification. California’s SB 53 requires frontier developers to publish a risk-management framework but does not mandate external auditing of it. New York’s RAISE Act requires written safety protocols but also stops short of independent audits. Illinois adds the audit layer on top of disclosure – and because the law applies to developers generating more than $500 million annually who operate or sell into Illinois, it will reach every major frontier AI company regardless of where they are headquartered. With three major states now imposing overlapping frontier-safety obligations, January 1, 2027 is becoming the single most consequential date on the US AI regulatory calendar.


2. Congress Tables First Comprehensive Federal AI Bill – with a Three-Year State Preemption Trade

June 4, 2026 (in circulation this week)

House Science Committee members Jay Obernolte (R-CA) and Lori Trahan (D-MA) released a 269-page bipartisan discussion draft of the Great American Artificial Intelligence Act (GAAIA) on June 4, 2026 – the first House discussion draft proposing a comprehensive federal governance framework for AI. The draft is organized in four titles: Frontier AI Governance, Workforce, Cybersecurity, and Research, Development, and International Cooperation. Under the Frontier AI Governance title, large frontier model developers would be required to disclose information about their models (Section 111), undergo audits conducted by federally licensed “independent verification organizations” (IVOs) (Section 112), and extend whistleblower protections to employees who report safety concerns (Section 113). The IVO audit framework closely mirrors the annual independent audit requirement Illinois enacted on July 6.

The bill’s most contested provision is a three-year preemption of state laws that specifically regulate how AI models are developed. According to TechPolicy.Press and DLA Piper, “development” is broadly defined as acts performed by a developer prior to deployment – meaning Illinois SB 315, California SB 53, and New York’s RAISE Act could all fall within the preemption’s scope. The preemption does not extend to post-deployment activities or to state laws of general applicability such as consumer protection, privacy, and health care statutes. The Future of Privacy Forum notes that the bill’s audit framework may be more detailed than the individual state laws it would preempt. The GAAIA remains a discussion draft; Obernolte and Trahan have solicited stakeholder feedback before formal introduction.

Why it matters: The GAAIA is the clearest congressional statement yet of the federal government’s theory for AI governance: replace the emerging state patchwork with a single federal standard, and offer a federal audit mandate in exchange for a three-year pause on state development laws. Whether that trade works politically depends on whether states and Democratic lawmakers accept a three-year freeze on laws like Illinois SB 315 and California SB 53 in exchange for a federal framework that may impose stricter audit obligations than any single state has enacted. The answer will determine whether the US gets a national AI framework before January 1, 2027 or spends the next year navigating three different state compliance regimes simultaneously.


3. FTC Proposes That Secret Ideological Steering of AI Outputs May Violate Federal Law

July 7, 2026

The Federal Trade Commission published a proposed policy statement in the Federal Register on July 7, 2026, asserting that AI companies that secretly steer their systems’ outputs toward undisclosed ideological objectives – rather than toward the objectives users request or reasonably expect – may be engaging in deceptive acts or practices in violation of Section 5 of the FTC Act. The Commission approved the proposed statement 2-0. Public comment is open through July 31, 2026, at regulations.gov, Matter No. P264200. The statement was issued pursuant to Executive Order 14365, signed by President Trump on December 11, 2025, which directed the FTC to clarify how Section 5 applies to AI systems and to address how state laws requiring alterations to AI outputs might conflict with federal law.

The proposed statement does not target political bias generally – it specifically addresses undisclosed steering. AI companies that transparently publish their content policies or that explicitly market tools with particular editorial stances would not be covered. The Federal Register notice cited consumer research finding that more than 90 percent of consumers accept AI outputs without independent verification, creating the information asymmetry that Section 5’s deception prohibition was designed to reach. Spencer Fane and Inside Privacy both flag a secondary implication: if hidden steering violates federal law, state laws that require specific AI output alterations without corresponding disclosure could themselves be in tension with the FTC’s framework.

Why it matters: The FTC’s proposed entry into AI output regulation is significant on two levels. First, it asserts federal enforcement authority over a category of AI conduct – secret ideological steering – that no federal law currently addresses directly, using an existing statute rather than waiting for new AI-specific legislation. If finalized, the statement would give the FTC a concrete enforcement hook it can apply immediately. Second, the EO 14365 direction to address state laws that require output alterations signals that the administration intends the FTC’s Section 5 authority to function as a preemption instrument against certain state AI accuracy mandates. Combined with the GAAIA discussion draft and EO 14409, this establishes a three-pronged federal strategy: voluntary executive frameworks for the most capable models, legislative preemption of state development laws, and enforcement-by-policy on output manipulation. Whether that strategy holds up legally depends on the comment record, any challenges to the policy statement, and the willingness of the current Commission to see it through.


4. EU in Final Countdown: Omnibus Publication Imminent, July 22 Code Deadline, ECB Requires Banks to Plan for AI Cyberattacks

July 7-10, 2026

The EU is compressing multiple regulatory tracks into a 23-day window. The Digital Omnibus – which defers stand-alone Annex III high-risk AI obligations from August 2, 2026 to December 2, 2027 and Annex I embedded-product systems to August 2, 2028 – has cleared all legislative steps: European Parliament approval on June 16 (423-57-174) and Council final approval on June 29. Freshfields and DLA Piper confirm the text is final. Official Journal publication – which triggers entry into force three days later – is expected at any point now and must occur before August 2 for the new high-risk deadlines to become legally binding.

Two AI Act deadlines were not deferred and arrive August 2 regardless. The Commission gains active enforcement powers over general-purpose AI (GPAI) providers on that date, exposing them to fines of up to EUR 15 million or 3 percent of global annual turnover. Article 50 transparency obligations – requiring AI-generated content to be marked, chatbots to disclose they are AI, and deepfakes to carry labels – become binding simultaneously. The EU AI Office has set July 22 as the deadline for companies to sign its Code of Practice on Transparency of AI-Generated Content; initial signatories receive a presumption of conformity with Article 50, while non-signatories face heightened regulatory scrutiny from August 2.

Also on July 7, the European Systemic Risk Board issued a formal warning that frontier AI models pose systemic cybersecurity risks to the financial sector, citing evidence that current frontier models can discover vulnerabilities, generate working exploits, and execute cyberattacks “at a speed, scale and level of accuracy far exceeding previous AI models.” The European Central Bank responded the same day, writing to the CEOs of significant eurozone institutions and requiring them to submit comprehensive AI cybersecurity action plans to their supervisory teams by October 31, 2026. A&O Shearman and Regulation Tomorrow detail the supervisory expectations: accelerated vulnerability management, AI-enabled attack monitoring, and review of third-party technology provider risks.

Why it matters: The ESRB/ECB action draws a direct line from the national-security concerns that drove EO 14409 and the Fable 5 export controls in the US to the EU’s financial stability framework. Both jurisdictions are now treating frontier AI cyber capabilities not as a product liability or consumer safety question but as systemic infrastructure risk – the US through the national-security channel, the EU through financial supervision. For AI companies with European banking-sector clients or that are themselves considered significant institutions, the October 31 ECB deadline is new and immediate compliance work. And for companies not yet engaged with the EU AI Act transparency requirements, the July 22 signatory deadline is the last organized on-ramp before August 2 enforcement begins.


5. Critical Watch Update: China’s Model Restrictions Still Deliberating; GPT-5.6 Fully Public

July 7-9, 2026

China MOFCOM (ongoing): Meetings between China’s Ministry of Commerce and Alibaba, ByteDance, and Z.ai on July 7 – reported by Reuters and confirmed by multiple outlets – covered potential restrictions on overseas access to China’s most advanced AI models, including models not yet publicly released and open-weight releases. Proposals under discussion range from light filing requirements for less capable tools to domestic-only lockdowns for the most sensitive models, with national-security law penalties for any leak or theft of model weights. No final decision had been made as of July 10, and no official rule or order has been published.

GPT-5.6 (resolved): The US Department of Commerce approved global release of OpenAI’s GPT-5.6 model family on July 8, 2026, ending the restricted trusted-partners period that began June 26. OpenAI released Sol, Terra, and Luna publicly on July 9, completing the first government-supervised pre-release cycle under EO 14409 in approximately 14 days. The model access restriction is lifted and the episode is closed; it now stands as the reference case for how the EO 14409 voluntary framework operates in practice.

Why it matters: The two cases are moving in opposite directions. The US/OpenAI cycle resolved cleanly in 14 days – government review, negotiated release, public availability – demonstrating that the EO 14409 voluntary framework can process a frontier model launch without blocking public access for extended periods. China’s MOFCOM discussions remain open-ended, and the potential application to open-weight model releases is particularly significant: restricting access to open-weight models is harder to enforce than restricting API access, and if extended to open-source releases from Alibaba’s Qwen series or ByteDance’s Doubao, it would directly affect the global developer community that uses those models freely today. Whether China moves from discussion to binding rule – and how quickly – is the most consequential unresolved model-access question on the board.


Analysis: Three Federal Moves, One State Counter

Three federal actions this week form a coordinated pattern. The GAAIA discussion draft pairs a federal audit mandate with a three-year preemption of state AI development laws. The FTC proposed policy statement uses the FTC Act’s broadest consumer-protection authority to reach AI output manipulation – and, by its own terms, to address state laws that require output alterations. EO 14409’s voluntary pre-release framework was proven operational this week via the GPT-5.6 cycle. Together these form a three-track federal AI governance strategy: an executive channel for the most capable models, a legislative proposal to preempt state development laws, and a federal enforcement posture on how model outputs are represented to users.

The state counter-move is accelerating on the same timeline. Illinois enacted a law on July 6 that sits squarely in the category of state development law the GAAIA would preempt. California, New York, and Illinois together now impose overlapping frontier-safety obligations on developers they reach. The convergence of the three states’ January 1, 2027 effective dates – alongside Colorado’s ADMT notice regime – means that even without federal preemption, AI developers face a multi-state compliance event in six months. The federal strategy is racing to establish a national standard before that event consolidates the state patchwork into something that would be politically very difficult to preempt.

The EU is running a parallel track – not a competition with the US but a different model of how to govern AI. August 2 will be the first time any major jurisdiction activates broad-population AI enforcement at scale. The ESRB/ECB action extends AI oversight from tech regulation into financial stability supervision, a domain the US has not yet reached for AI specifically. The two jurisdictions are increasingly addressing the same underlying concern – that frontier AI models capable of large-scale offensive cyber operations constitute infrastructure risk – but through fundamentally different institutional channels.


What to Watch

  • EU Digital Omnibus Official Journal publication – expected any day. The December 2, 2027 high-risk deadline is not legally binding until three days after publication. Monitor the EU Official Journal direct access portal.
  • EU Transparency Code signatory deadline: July 22 – twelve days from today. Companies within the scope of Article 50 (AI-content marking, chatbot disclosure, deepfake labelling) should confirm whether to sign the Code of Practice before the deadline to receive the presumption-of-conformity safe harbor.
  • EU GPAI enforcement activation: August 2 – twenty-three days out. Commission enforcement powers over GPAI providers activate on August 2 regardless of the Digital Omnibus; not affected by any further publication delays.
  • FTC AI Accuracy comment period: July 31 – twenty-one days to comment. The FTC is soliciting public input on whether secret ideological steering of AI outputs is a deceptive act under Section 5 of the FTC Act; submit at regulations.gov, Matter No. P264200.
  • EO 14409 frontier-model framework: approximately August 1 – agencies are to finalize the covered-frontier-model designation criteria and pre-release engagement process. The GPT-5.6 cycle established a 14-day review template; watch whether the framework formalizes or modifies that timeline.
  • China MOFCOM decision – no deadline announced. Watch for official CAC or MOFCOM filings confirming, rejecting, or narrowing the proposed overseas-access restrictions on advanced Chinese AI models.
  • GAAIA stakeholder feedback period – no formal deadline. Watch for formal House introduction, which would trigger a CBO score and committee markup process.
  • China July 15 AI regulations now in effect – the Anthropomorphic AI Interactive Services rules and the Intelligent Agents framework took effect July 15, as covered in Week 11. Businesses offering AI companion or agent products to Chinese users should confirm CAC filings are complete.
  • Missouri SB 1019: effective August 28 – the Missouri therapy-chatbot advertising ban, prohibiting companies from advertising AI as capable of providing therapy, mental health diagnosis, or counseling, takes effect August 28, 2026.
  • Connecticut CART Act: October 1, 2026 – the employment and transparency provisions of Connecticut’s CART Act (Public Act 26-15) begin their phased rollout.
  • New York Hochul decisions (through December 31, 2026) – five AI bills await signature: FAIR News Act, Kids Chatbot Safety Bill, AI Training Data Transparency Act, Data Center Moratorium, and AI-Assisted Surveillance Pricing Ban.
  • Illinois SB 315, Colorado SB 26-189, NY RAISE Act: January 1, 2027 – three different state AI models take effect the same day. Frontier AI developers should have Illinois SB 315’s audit-preparation requirements in their compliance roadmaps now.

Sources

  1. Gov. Pritzker signs AI Safety Measures Act (Governor’s newsroom, July 6, 2026): https://gov-pritzker-newsroom.prezly.com/gov-pritzker-signs-nation-leading-artificial-intelligence-safety-law
  2. Pritzker signs landmark AI regulation bill (Capitol News Illinois, July 6, 2026): https://capitolnewsillinois.com/news/pritzker-signs-landmark-ai-regulation-bill-that-aims-to-mitigate-risks/
  3. Illinois mandates safety audits for large AI labs (The Hill): https://thehill.com/policy/technology/5955442-illinois-ai-safety-bill/
  4. Illinois Gov. Pritzker signs landmark AI Safety Measures Act into law (Transparency Coalition): https://www.transparencycoalition.ai/news/illinois-gov-pritzker-signs-landmark-ai-safety-measures-act-into-law
  5. Frontier AI Goes Federal: How the Great American AI Act Compares to State Laws (Future of Privacy Forum): https://fpf.org/blog/frontier-ai-goes-federal-how-the-great-american-ai-act-compares-to-state-laws/
  6. Bipartisan Great American AI Act draft proposes new federal AI governance framework (FedScoop): https://fedscoop.com/bipartisan-great-american-ai-act-draft-proposes-new-federal-ai-governance-framework/
  7. Unpacking the Great American Artificial Intelligence Act of 2026 (TechPolicy.Press): https://www.techpolicy.press/unpacking-the-great-american-artificial-intelligence-act-of-2026/
  8. Unpacking the Great American AI Act (DLA Piper, June 2026): https://www.dlapiper.com/en-us/insights/publications/2026/06/unpacking-the-great-american-ai-act
  9. House GAAIA Discussion Draft proposes federal AI governance framework (ArentFox Schiff): https://www.afslaw.com/perspectives/ai-law-blog/house-gaaia-discussion-draft-proposes-federal-ai-governance-framework
  10. FTC seeks public comment on policy statement addressing AI accuracy (FTC press release, July 7, 2026): https://www.ftc.gov/news-events/news/press-releases/2026/07/ftc-seeks-public-comment-policy-statement-addressing-ai-accuracy
  11. Policy Statement concerning the suppression of accuracy in AI systems (Federal Register, July 7, 2026): https://www.federalregister.gov/documents/2026/07/07/2026-13628/policy-statement-concerning-the-suppression-of-accuracy-in-artificial-intelligence-systems
  12. FTC proposes new policy on AI accuracy – hiding how an AI system is steered may violate federal law (Spencer Fane): https://www.spencerfane.com/insight/ftc-proposes-new-policy-on-ai-accuracy-hiding-how-an-ai-system-is-steered-may-violate-federal-law/
  13. FTC seeks comment on AI accuracy policy under Section 5 (AI Weekly): https://aiweekly.co/alerts/ftc-seeks-comment-on-ai-accuracy-policy-under-section-5
  14. EU AI Act Digital Omnibus: Final text and key amendments (Freshfields): https://www.freshfields.com/en/our-thinking/blogs/technology-quotient/eu-ai-act-unpacked-34-the-final-digital-omnibus-on-ai-key-amendments-to-the-a-102nber
  15. Digital Omnibus deferral update (DLA Piper): https://knowledge.dlapiper.com/dlapiperknowledge/globalemploymentlatestdevelopments/2026/The-Digital-AI-Omnibus-Proposed-deferral-of-high-risk-AI-obligations-under-the-AI-Act
  16. Code of Practice on Transparency of AI-Generated Content (European Commission): https://digital-strategy.ec.europa.eu/en/policies/code-practice-ai-generated-content
  17. Frontier AI models could strain cyber resilience in the financial system, ESRB warns (ESRB, July 7, 2026): https://www.esrb.europa.eu/news/pr/date/2026/html/esrb.pr260707~4e1b68241a.en.html
  18. ECB requires significant institutions to address AI-enabled cybersecurity threats (A&O Shearman): https://www.aoshearman.com/en/insights/ecb-requires-significant-institutions-to-address-ai-enabled-cybersecurity-threats
  19. ESRB warning on frontier AI models and ECB writes to significant institutions (Regulation Tomorrow): https://www.regulationtomorrow.com/2026/07/esrb-warning-on-frontier-ai-models-and-ecb-writes-to-significant-institutions/
  20. China considers restricting overseas access to advanced AI models (Business Standard, July 9, 2026): https://www.business-standard.com/technology/tech-news/china-ai-model-export-limit-us-anthropic-fable-5-claude-code-india-rethink-strategy-126070901378_1.html
  21. OpenAI to release GPT-5.6 Sol, Terra and Luna on July 9 (Neowin): https://www.neowin.net/news/openai-to-release-gpt-56-sol-terra-and-luna-on-july-9/

Published: July 10, 2026 Next Issue: Week 13