| HB3494 | HEALTH DATA PRIVACY ACT (REP. MARY BETH CANTY) Creates the Protect Health Data Privacy Act. Provides that a regulated entity shall disclose and maintain a health data privacy policy that clearly and conspicuously discloses specified information. Sets forth provisions concerning health data privacy policies. Provides that a regulated entity shall not collect, share, or store health data, except in specified circumstances. Provides that it is unlawful for any person to sell or offer to sell health data concerning an individual without first obtaining valid authorization from the individual. Provides that a valid authorization to sell individual health data must contain specified information; a copy of the signed valid authorization must be provided to the individual; and the seller and purchaser of health data must retain a copy of all valid authorizations for sale of health data for 6 years after the date of its signature or the date when it was last in effect, whichever is later. Sets forth provisions concerning the consent required for collection, sharing, and storage of health data. Provides that an individual has the right to withdraw consent from the processing of the individual's health data. Provides that it is unlawful for a regulated entity to engage in discriminatory practices against individuals solely because they have not provided consent to the processing of their health data or have exercised any other rights provided by the provisions or guaranteed by law. Sets forth provisions concerning an individual's right to confirm whether a regulated entity is collecting, selling, sharing, or storing any of the individual's health data; an individual's right to have the individual's health data that is collected by a regulated entity deleted; prohibitions regarding geofencing; and individual health data security. Provides that any person aggrieved by a violation of the provisions shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. Provides that the Attorney General may enforce a violation of the provisions as an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Defines terms. Makes a conforming change in the Consumer Fraud and Deceptive Business Practices Act. |
| | Current Status: | 5/30/2026 - Added Co-Sponsor Rep. Daniel Didech
|
| | Recent Status: | 5/26/2026 - Added Co-Sponsor Rep. Nicolle Grasse
5/21/2026 - Added Co-Sponsor Rep. Stephanie A. Kifowit
|
| | State Bill Page: | HB3494 |
| | Notes: | - A/O 7 May-Sponsor agreed to hold bill through the Fall for further discussions to resolve issues
- Discussions ongoing to address concerns and issues with the bill as written.
|
| | Reports: | 3-2026 The Parking Lot, 9.1-Information Technology & Data Protection |
| |
| HB4248 | ALGORITHMIC PRICE TRANSPARENCY (REP. MAURA HIRSCHAUER; SEN. ROBERT PETERS) Senate Floor Amendment No. 1 - Replaces everything after the enacting clause. Creates the Protection from Surveillance Pricing Act. Provides that a person shall not engage in surveillance pricing. Sets forth exemptions and limitations to the prohibition. Provides that the Attorney General or the State's Attorney of any county in the State may bring an action against any person to restrain and prevent any pattern or practice in violation of the provisions of the Act. Provides for enforcement under the Consumer Fraud and Deceptive Business Practices Act. Provides that any waiver of the provisions of the Act is void and unenforceable as contrary to public policy. Limits home rule powers. Amends the Consumer Fraud and Deceptive Business Practices Act to make a conforming change. |
| | Current Status: | 6/1/2026 - Added as Alternate Chief Co-Sponsor Sen. Rachel Ventura
|
| | Recent Status: | 6/1/2026 - Added as Alternate Chief Co-Sponsor Sen. Graciela Guzmán
6/1/2026 - Added as Alternate Chief Co-Sponsor Sen. Michael W. Halpin
|
| | State Bill Page: | HB4248 |
| | Notes: | ALGORITHMIC PRICING-ProhibitionsHA #2 becomes the Act w/ HA# 3 This Act, titled the Algorithmic Pricing Prohibition Act, prohibits covered entities from engaging in surveillance pricing—using a consumer’s personal data to set personalized prices for Illinois residents. It defines key terms: algorithmic pricing, personal data, personalized price, and surveillance pricing (Section 10). It explicitly bars surveillance pricing(Section 15) and sets out numerous important exemptions (Section 20),including: - cost-based and geographic price variations (20(a)(1)-(2)),
- supply chain disruptions and other logistical constraints (20(a)(3)),
- time-limited promotions, taxes/fees, and pass-through costs (20(a)(4)-(9)),
- discounts, coupons, loyalty programs, and market-matching tools (20(a)(7)),
- special eligibility pricing (20(a)(8)),
- third-party fees (20(a)(9)),
- credits or discounts issued after service issues or customer service actions (20(a)(10)),
- non-use of personal data in aggregate-demand models (20(b)),
- prohibition on using personal data for creditworthiness (20(c)),
- and specific exemptions for insurance-related pricing and certain financial services (20(d)-(e)). Enforcement is vested in the Attorney General, with powers to investigate, compel testimony and records, seek injunctions, restitution, civil penalties, and costs (Section 25). The act preempts home rule authority, requiring uniform state regulation of algorithmic/surveillance pricing (Section 30). It confirms it does not limit other federal or state laws (Section 35). A significant shift toward consumer protection and pricing transparency is achieved by centralizing prohibition, definitions, exemptions, and enforcement at the state level.
|
| | Reports: | 9.1-Information Technology & Data Protection |
| |
| HB4799 | AI SAFETY MEASURES ACT (REP. KIMBERLY DU BUCLET) Creates the Transparency in Frontier Artificial Intelligence Act. Requires large frontier artificial intelligence developers to adopt and publish a frontier artificial intelligence framework addressing catastrophic risk management, transparency, and cybersecurity. Mandates reporting of critical safety incidents to the Attorney General and establishes civil penalties for noncompliance. Directs the Department of Innovation and Technology to review and recommend updates to definitions and standards. Creates a consortium to develop ILCompute, a public cloud computing resource that advances the development and deployment of artificial intelligence that is safe, ethical, equitable, and sustainable. Exempts specified information under the Freedom of Information Act. Makes conforming changes to the Freedom of Information Act. |
| | Current Status: | 2/6/2026 - Referred to House Rules
|
| | Recent Status: | 2/6/2026 - FIRST READING
2/2/2026 - Filed with the Clerk by Rep. Kimberly Du Buclet
|
| | State Bill Page: | HB4799 |
| | Notes: | AI Regulatory Oversight-Transparency in Frontier Artificial Intelligence Act See Companion-SB 315 |
| | Reports: | 1-2026 General Tracking Report, 9.1-Information Technology & Data Protection |
| |
| HB5044 | CHATBOT PROVIDER-LIABILITY (REP. JENNIFER GONG-GERSHOWITZ) Creates the Chatbot Provider Liability Act. Provides that for purposes of the Act, chatbots are deemed products for the purpose of strict liability as other product liability actions. Provides that a chatbot provider has a duty to ensure that the use of its chatbot does not cause injury to a user and is liable for any injury it caused a user through the use of its chatbot regardless of whether the chatbot provider exercised all reasonable care in the design and distribution of the chatbot; or did not directly distribute the chatbot to the user or otherwise enter into a contractual relationship with the user. Provides that a user who is harmed by the actions of a chatbot provider under this Act may file a civil action in State or federal court seeking actual damages as allowed under Illinois law, injunctive relief, and reimbursement of reasonable attorney's fees and costs. |
| | Current Status: | 5/4/2026 - House Judiciary - Civil |
| | Recent Status: | 5/4/2026 - House Consumer Protection3/27/2026 - Rule 19(a) / Re-referred to Rules Committee
|
| | State Bill Page: | HB5044 |
| | Notes: | Technology AI-Chatbot Provider Liability
- Business Software Alliance provided a letter to the sponsor outlining concerns with Chat Bot Liability
- Copy of BSWA provided to Andrew at State Chamber of Commerce-Business Community negotiator on technology issues for concerns to be voiced during discussions
- Flagged by TAC
|
| | Reports: | 9-Accountants Coalition, 9.1-Information Technology & Data Protection |
| |
| HB5511 | DIGITAL AGE ASSURANCE (REP. JENNIFER GONG-GERSHOWITZ; SEN. WILLIE PRESTON) Senate Committee Amendment No. 1 - Replaces everything after the enacting clause. Creates the Children's Online Safety Act. Establishes procedures for Internet-enabled device providers and covered providers to verify the age of users. Sets forth default settings for all users that the covered operator has actual knowledge to be a covered minor or has received a signal indicating that the user is a covered minor. Limits a covered operator from sending notifications between the hours of 10 p.m. and 7 a.m. Prohibits a covered operator of an addictive social media platform to enable the automatic playing of media to a covered minor by default. Allows a covered operator of an addictive social media platform to choose not to provide services to minors under specified conditions. Sets forth provisions concerning privacy protections for age assurance data and limitations of the Act. Provides that a violation of the Act constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Amends the Consumer Fraud and Deceptive Business Practices Act to make a conforming change. Effective January 1, 2027.
Senate Floor Amendment No. 2 - Replaces everything after the enacting clause. Reinserts the provisions of Senate Amendment No. 1 with the following changes. Provides that, by July 1, 2028, a covered operator shall request from a covered manufacturer an age bracket signal for the primary user of an Internet-enabled device when the user downloads or launches a covered platform. Provides that, if the signal indicates that a user is under 18, then the covered operator shall treat the signal as an authoritative indicator of the user's age bracket and the covered operator shall be deemed to have actual knowledge that a user is a covered minor with respect to that specific device. Limits the use of information collected to determine a user's age bracket to specified purposes. Provides that a parent of a covered minor or a covered minor determined by a covered operator to be over the age of 16 may override the default privacy settings. Provides that a parent of a covered minor may override the default privacy settings for a covered minor under the age of 16. Provides that the Act does not apply to any entity whose primary purpose is news media and that has a majority of its workforce consisting of individuals engaging in news media. Provides for enforcement of the Act by the Attorney General. Defines terms. Removes amendatory changes to the Consumer Fraud and Deceptive Business Practices Act. Effective January 1, 2028. |
| | Current Status: | 6/5/2026 - Added as Alternate Co-Sponsor Sen. Sue Rezin
|
| | Recent Status: | 6/1/2026 - Passed Both Houses
6/1/2026 - 3/5 Vote Required
|
| | State Bill Page: | HB5511 |
| | Notes: | ARTIFICIAL INTELLENCE-Children's Online Safety Act (Digital Age Verification)This measure establishes the Children’s Online Safety Act, creating a comprehensive framework to protect minors online through age assurance, privacy protections, and restricted platform features. Key elements include: - Definitions and scope: Introduces terms such as Addictive Feed, Addictive Social Media Platform, Covered Platform/Operator, Covered Minor, Precise Geolocation, and Account Holder to govern how platforms interact with minors in this state.
- Age assurance requirements: Internet-enabled device providers must offer an age-signaling interface at setup and allow operators to call a digital age signal via a secure API, sharing only the minimum necessary data.
- Privacy protections for age assurance data: Data collected for age assurance must be strictly limited, deleted promptly after age determination, not reused or disclosed beyond necessary purposes, and subject to a review/appeal process for age determinations.
- Default privacy protections for minors: For users deemed minors, defaults restrict: displaying minor accounts to known adults, exposing minor media, allowing adults to like/comment on minor media, direct messaging with adults, sharing precise location, and gifting currency with minors. Parents may override certain protections under specified conditions, with safeguards to prevent sweeping downgrades of privacy.
- Controls for parents: Parents can set monthly limits on gifted currency and view a history of gifted currency activity.
- Restrictions on platform behavior: Addictive feeds require knowledge that a user is not a minor (or parental consent for minors); automatic media playback by default is prohibited; and search indexing of minor profiles can be disabled.
- Optional protections and exemptions: Operators may implement more protective privacy settings; the act does not require removal of existing user content or prohibit access to information about sex and health where not already prohibited.
- Enforcement and remedies: Violations of the Act are deemed unlawful practices under the Consumer Fraud Act, enforceable by the Attorney General or county State’s Attorneys; the act explicitly states there is no private right of action.
- Privacy protections for age assurance data and process: Operators must minimize data collection, delete data after use, and provide an appeal mechanism for age determinations; no data collected for age assurance may be used for other purposes.
- Exclusions and effective date: The law excludes broadband providers from coverage and includes severability. It becomes effective January 1, 2027.
***BREAK***BREAK*** A/O April 27th-There is movement afoot with 4-profit and Non-Profit Sub ware - Monitor closely. Likely this will be the omnibus vehicle for AI
- Area ripe for AI Legal Field
- Anthropic has registered their lobbyist-James Hartman and retained Jim Durkin
- Anticipate a comprehensive bill on AI, however, not known to what degree at this time.
|
| | Reports: | 4-2026 Executive Tracking Report, 9.1-Information Technology & Data Protection, Geof's Special |
| |
| SB315 | BUSINESS-TECH (SEN. MARY EDLY-ALLEN; REP. DANIEL DIDECH) Senate Floor Amendment No. 2 - Replaces everything after the enacting clause. Creates the Artificial Intelligence Safety Measures Act. Defines terms. Requires large frontier developers to create, implement, publish, and annually update a frontier AI framework addressing catastrophic-risk assessment, mitigations, cybersecurity, internal governance, third-party evaluations, and risks from internal use of frontier models. Requires transparency reports before deploying new or substantially modified frontier models and requires summaries of catastrophic-risk assessments. Mandates annual independent third-party audits and establishes access, reporting, retention, and publication requirements for audit results. Requires frontier developers to report critical safety incidents and requires large frontier developers to submit periodic summaries of internal-use risk assessments. Directs the Illinois Emergency Management Agency and Office of Homeland Security, in consultation with the Attorney General, to administer reporting mechanisms, issue guidance, and prepare annual reports. Establishes interoperability with certain regulatory regimes. Requires large frontier developers to file disclosure statements and pay fees. Provides whistleblower protections and internal reporting processes for covered employees. Establishes civil penalties for violations and clarifies that no private right of action is created. Amends the Freedom of Information Act to exempt specified information related to the Act from disclosure. Amends the Whistleblower Act to prohibit retaliation for good-faith disclosures of violations of the Artificial Intelligence Safety Measures Act. Contains home rule limitations and severability provisions. Effective January 1, 2027.
Senate Floor Amendment No. 3 - Removes a provision providing that a home rule unit may not regulate disclosures related to the use of artificial intelligence in commercial communications with consumers.
Senate Floor Amendment No. 4 - Deletes specified provisions in the definition of "frontier developer". |
| | Current Status: | 5/30/2026 - Added as Co-Sponsor Sen. Erica Harriss
|
| | Recent Status: | 5/29/2026 - Added as Chief Co-Sponsor Sen. Karina Villa
5/29/2026 - Added as Chief Co-Sponsor Sen. Darby A. Hills
|
| | State Bill Page: | SB315 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-Artificial Intelligence Safety Measure Act (Frontier Models) SUMMARY-this applies to large frontier developers as defined by the Act to perform a compliance audit on Frontier AI framework to review protocols to manage assess and mitigate catastrophic risk. Enacts critical protections against the most catastrophic risks that advanced AI systems poste the public safety. Open AI and Anthropic supported throughout the process.
A/O 26 May-ICPAS wrote to the House and Senate sponsors providing information on alignment with appropriate audit and assurance standards. Also distinguished advisors versus developers. Lastly, posed an open question as to whom the Audit Report is delivered to as the legislative language is not clear.
Staff have indicated that there will be a trailer bill to make corrections. ##BREAK##BREAK## - The audit requirement appears on page 8 in Section 10(d), which requires large frontier developers to annually retain a third party to perform an independent audit of compliance.
- The bill requires large frontier developers to undergo regular, independent audits of their compliance with the Act’s safety and governance requirements:
Scope and standards - The audit must be conducted by an independent third party using best practices.
- The auditor must be given access to unredacted materials necessary to perform the audit.
Required audit report contents - The auditor must produce a report that includes:
- A detailed assessment of compliance efforts
- Any instances of noncompliance and recommendations for improvement
- A review of internal controls, including compliance governance and responsible personnel
- A certification (signature) from the lead auditor
- See Companion-HB 4799 dormant
- ---BREAK---BREAK---
- See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency-See special report of roster of AI and Information Privacy Bills here http://www.hannah-il.com/Report_Custom.aspx?sid=DqEIEoBsgzQ%3d&rid=%2bTZ47git6WM%3d&oldFormat=False
- SB 315 Artificial Intelligence Safety Measures Act
- SB 316 Artificial Intelligence Companion Model Safety Act
- SB 317 Consumer Artificial Intelligence Notice Act
- SB 340 Illinois Consumer Data Privacy Act
- SB 343 (algorithmic rental pricing systems) Prohibits use of pricing coordination systems for residential rental units
- SB 416 Student Educational Technology Rights Act
- SB 318 Prohibition on Bots Purchasing Tickets Act
|
| | Reports: | 1-2026 General Tracking Report, 4-2026 Executive Tracking Report, 9-Accountants Coalition, 9.1-Information Technology & Data Protection |
| |
| SB316 | BUSINESS-TECH (SEN. LAURA ELLMAN; REP. JENNIFER GONG-GERSHOWITZ) Senate Floor Amendment No. 2 - Replaces everything after the enacting clause. Creates the Artificial Intelligence Companion Model Safety Act. Provides that an operator shall not make available or deploy an artificial intelligence companion unless the artificial intelligence companion maintains and implements a protocol to detect and address suicidal ideation or expressions of self-harm by a user to the artificial intelligence companion. Requires an operator to provide a clear and conspicuous notification to a user, either verbally or in writing, in the language that the user is interacting with the artificial intelligence companion, that the user is communicating with an automated system and not with a human. Provides that an operator shall, for a user that the operator determines to be a minor, or if the operator's artificial intelligence companion is directed to minors, implement reasonable measures to prevent its artificial intelligence companion from generating or producing material that is harmful to minors or directly stating that the minor should engage in conduct that is harmful to minors. Provides that a violation of specified provisions constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Specifies that the remedies provided in the Act are cumulative and do not preclude any other lawful civil, administrative, or criminal remedy available under State or federal law, including, but not limited to, product liability actions. Amends the State Finance Act, the Wellness and Oversight for Psychological Resources Act, and the Consumer Fraud and Deceptive Business Practices Act to make conforming changes. Effective January 1, 2027.
Senate Floor Amendment No. 3 - Provides that the Wellness and Oversight for Psychological Resources Act does not apply to a chatbot that complies with the Artificial Intelligence Companion Model Safety Act and does not provide therapy or psychotherapy services (rather than a chatbot that compiles with the Artificial Intelligence Companion Model Safety Act, if the chatbot does not provide therapy, psychotherapy, or diagnoses by a licensed professional). |
| | Current Status: | 5/29/2026 - Added as Co-Sponsor Sen. Sally J. Turner
|
| | Recent Status: | 5/29/2026 - House Executive5/28/2026 - House Executive |
| | State Bill Page: | SB316 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-Artificial Intelligence Companion Model Safety Act (AI Companions) SUMMARY-Requirements for AI systems to detect suicidal thoughts or self-harm and to make referrals to crisis services. ----BREAK---BREAK---See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency. See Information Technology & Data Protection Tracking Report for AI Bill Package
|
| | Reports: | 1-2026 General Tracking Report, 9-Accountants Coalition, 9.1-Information Technology & Data Protection |
| |
| SB317 | BUSINESS-TECH (SEN. RACHEL VENTURA; REP. JENNIFER GONG-GERSHOWITZ) Senate Floor Amendment No. 2 - Replaces everything after the enacting clause. Creates the Consumer Artificial Intelligence Notice Act. Provides that a person who uses a conversational customer service artificial intelligence system in a chat interface to communicate with a consumer shall provide the consumer with a clear and conspicuous disclosure that the consumer is communicating with an automated system and not with a human. Provides that a violation of the provision constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Sets forth procedures concerning notice of violation. Preempts home rule powers. Amends the Consumer Fraud and Deceptive Business Practices Act to make a conforming change. |
| | Current Status: | 5/30/2026 - Added as Co-Sponsor Sen. Li Arellano, Jr.
|
| | Recent Status: | 5/29/2026 - Added as Co-Sponsor Sen. Sally J. Turner
5/29/2026 - House Executive |
| | State Bill Page: | SB317 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-Consumer Artificial Intelligence Notice Act (AI Chat Notice) SUMMARY-Requires disclosure of automated systems and not a human in customer sales and support. Creates a framework to ensure consumers are aware when they are interacting with AI in real-time conversations. Important that businesses realize this applies to their customer service or sales tools and creates new liability exposure. Key elements: - Implementation details: disclosures must be at the beginning of the interaction in writing or verbally in a manner that clearly calls attention; written disclosures must match the user’s language and be presented with font/color considerations at parity with user messages.
- Enforcement: authorizes the Attorney General or State’s Attorneys to pursue actions for patterns or practices, with a 7-day advance notice and an opportunity to cure; violations trigger CFDBP Act remedies.
- Remedies and damages: violations can be pursued under the CFDBP Act, with available damages and related remedies.
---BREAK---BREAK---See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency
|
| | Reports: | 1-2026 General Tracking Report, 9-Accountants Coalition, 9.1-Information Technology & Data Protection |
| |
| SB318 | BUSINESS-TECH (SEN. STEVE STADELMAN; REP. NABEELA SYED) Senate Floor Amendment No. 1 - Replaces everything after the enacting clause. Creates the Prohibition on Bots Purchasing Tickets Act. Provides that a person shall not use or create a bot or employ any other method to: (1) purchase tickets in excess of posted limits for an online ticket sale; (2) use multiple Internet protocol addresses, multiple purchaser accounts, or multiple email addresses to purchase tickets in excess of the posted limit for any single online ticket sale; or (3) circumvent or disable an electronic queue, waiting period, pre-sale code, or other sales volume limitation system associated with an online ticket sale. Provides for enforcement by the Attorney General. Amends the Ticket Sale and Resale Act. Prohibits a ticket resale marketplace or ticket reseller from making any false representation that is likely to mislead a reasonable consumer into believing that the marketplace or reseller is affiliated with, endorsed by, or acting on behalf of an artist, team, event venue, or event organizer. Provides that an operator of a venue or ticket issuer shall disclose the number of tickets for an event that are withheld from sale any time it offers tickets for that event for sale. Provides that a violation of the provisions constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Amends the Consumer Fraud and Deceptive Business Practices Act to make conforming changes.
Senate Floor Amendment No. 2 - Provides that a person who violates provisions prohibiting forms of automated online ticket purchasing (rather than a person who knowingly violates the provisions) shall be liable for a civil penalty of not more than $2,000 for each violation. Removes provisions amending the Consumer Fraud and Deceptive Business Practices Act. Makes other changes.
House Committee Amendment No. 1 - Replaces everything after the enacting clause. Reinserts the provisions of the engrossed bill with the following changes. Provides that an owner or operator of a place of entertainment that sells tickets to events, and any agent who conducts or facilitates those sales, shall report any violation (rather than known violation) to the Attorney General within a reasonable period of time after discovery of the violation. Provides that a violation of the Prohibition on Bots Purchasing Tickets Act constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Amends the Consumer Fraud and Deceptive Business Practices Act to make a conforming change. Removes provisions amending the Ticket Sale and Resale Act.
House Floor Amendment No. 1 - Provides that specified prohibitions apply to a person using or creating one or more bots (rather than a bot). Provides that an owner or operator of an event facility (rather than a place of entertainment) that sells tickets to events shall report any known violation to the Attorney General. Defines "event facility". |
| | Current Status: | 5/31/2026 - Passed Both Houses
|
| | Recent Status: | 5/31/2026 - Senate Concurs
5/31/2026 - House Floor Amendment No. 4 Senate Concurs 056-000-000
|
| | State Bill Page: | SB318 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-BOT Ticket Purchase Prohibition SUMMARY-VACANT ---BREAK---BREAK--- See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency |
| | Reports: | 1-2026 General Tracking Report, 9-Accountants Coalition, 9.1-Information Technology & Data Protection |
| |
| SB340 | CIVIL LAW-TECH (SEN. LAURA MURPHY; REP. ABDELNASSER RASHID) Senate Floor Amendment No. 2 - Replaces everything after the enacting clause. Creates the Illinois Consumer Data Privacy Act. Specifies that the Act applies to legal entities that conduct business in Illinois or produce products or services that are targeted to Illinois residents and that either (i) collect or process, during a calendar year, personal data of 100,000 or more consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction, or (ii) derive more than 25% of their gross revenues from the sale of personal data and process or collect personal data of 25,000 or more consumers. Describes classes of persons that are exempt from the Act. Outlines the responsibilities of data controllers and data processors. Sets forth various consumer personal data rights, including, but not limited to (i) the right to confirm whether or not a controller is processing personal data concerning the consumer and to access the personal data the controller is processing, (ii) the right to correct inaccurate personal data concerning the consumer, (iii) the right to delete personal data concerning the consumer, (iv) the right to opt out of the processing of personal data concerning the consumer for specified purposes, or (v) the right, under certain circumstances, to question the result of profiling. Requires a controller to allow a consumer to opt out of any processing of the consumer's personal data for enumerated purposes. Contains provisions concerning the processing of deidentified data or pseudonymous data, responsibilities of controllers, requirements for small businesses, data privacy policies, data privacy and protection assessments, enforcement of the Act by the Attorney General and State's attorneys, and other matters. Limits the concurrent exercise of home rule powers. Amends the Consumer Fraud and Deceptive Business Practices Act. Specifies that a violation of the Act constitutes an unlawful practice under the Act. Amends the Freedom of Information Act to exempt from disclosure data privacy and protection assessments made available to the Attorney General and State's Attorneys under the Act. Makes other changes. Effective January 1, 2027.
Senate Floor Amendment No. 3 - Provides that notwithstanding any other provision of this Act, if a processor processes data under a binding contract that sets forth the processing instructions and limits the actions the processor may take with respect to the data it processes on behalf of the controller, the processor is not liable for the controller's actions that led to a violation of this Act.
Senate Floor Amendment No. 4 - Excludes a nonprofit organization that is established to detect and prevent fraudulent acts in connection with insurance from the Act. In provisions amending the Consumer Fraud and Deceptive Business Practices Act, excludes private rights of action to enforce violations of the Illinois Consumer Data Privacy Act. |
| | Current Status: | 5/30/2026 - Added as Co-Sponsor Sen. Mary Edly-Allen
|
| | Recent Status: | 5/29/2026 - Added as Co-Sponsor Sen. Sally J. Turner
5/29/2026 - House Executive |
| | State Bill Page: | SB340 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-Illinois Consumer Data Privacy Act - SUMMARY-Applies to businesses handling large volumes of consumer data (100,000 or more consumer per year) and would create consumer rights related to accessing deleting and opting out of the sale or processing of personal data.
- Business community worked to prevent private rights of action
- Enforcement mechanisms part of the Consumer Fraud and Protection Act by the AG
- Problematic portions of the bill include how sensitive data is treated and the strictly necessary standard applied for collection and processing in additoin to a consent requirement.
---BREAK---BREAK--- See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency
|
| | Reports: | 1-2026 General Tracking Report, 9-Accountants Coalition, 9.1-Information Technology & Data Protection |
| |
| SB343 | CIVIL LAW-TECH (SEN. NAPOLEON HARRIS, III; REP. MARCUS EVANS, JR.) Senate Floor Amendment No. 1 - Replaces everything after the enacting clause. Amends the Illinois Antitrust Act. Makes it a violation of the Act to make any contract with or engage in any combination or conspiracy with any other person who is, or but for a prior agreement would be, a competitor of such person for the purpose or with the effect of (1) fixing, controlling, or maintaining rental pricing, fees, or any other rental term for residential rental units in the State; or (2) engaging in price coordination for residential rental units in the State, including through the sale, licensure, or provision of any service or product that involves price coordination of residential rental units. Makes it a violation of the Act to engage in price coordination or use, subscribe to, or contract with a service that involves price coordination for residential rental units in the State, including through the sale, licensure, or provision of any other service or product that involves price coordination of residential rental units. Defines terms. |
| | Current Status: | 6/1/2026 - 3/5 Vote Required
|
| | Recent Status: | 6/1/2026 - Passed Both Houses
6/1/2026 - Senate Concurs
|
| | State Bill Page: | SB343 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-Pricing Coordination systems for residential and rental units SUMMARY-Amends the Anti-Trust Act to prohibit use of pricing coordination. ---BREAK---BREAK--- See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency
|
| | Reports: | 1-2026 General Tracking Report, 9-Accountants Coalition, 9.1-Information Technology & Data Protection |
| |
| SB415 | EDUCATION-TECH (SEN. KARINA VILLA; REP. EDGAR GONZÁLEZ, JR.) Senate Floor Amendment No. 1 - Replaces everything after the enacting clause. Amends the School Code. Prohibits, except for legitimate instructional purposes, as determined by a school district, a school district from purchasing or otherwise acquiring biometric systems to use on students. Provides that this prohibition does not apply to a school district that purchases or acquires a biometric system but disables the biometric capabilities of that system so it cannot be used on students or has no reasonable knowledge that the software the school district purchased or otherwise acquired has biometric capabilities. Requires, by the 2027-2028 school year, a school district to ensure that the biometric systems it uses are used only for legitimate instructional purposes. Makes other and conforming changes.
Senate Floor Amendment No. 2 - Provides that, by the 2027-2028 school year, a school district shall ensure that the biometric systems it uses are used only for legitimate instructional purposes, as determined by the school district. Provides that, within the context of the legitimate instructional purposes, the use of biometric information shall be solely for identification or fraud prevention. Provides that biometric systems incorporated into school-issued electronic devices for identification or fraud prevention constitute a legitimate instructional purpose. Provides that certain provisions regarding the use of biometric information for purposes other than legitimate instructional purposes shall not affect any existing contractual obligation under a contract entered into before January 1, 2027 between a school district and any entity for the purpose of obtaining, collecting, processing, storing, transmitting, displaying, or otherwise handling biometric information, as long as the contract is not extended or rolled over if the contract may be extended or rolled over. Provides that a school district that has entered into a contract with an entity for the purpose of obtaining, collecting, processing, storing, transmitting, displaying, or otherwise handling biometric information before January 1, 2027 shall provide a written notice, by the 2027-2028 school year, to the individual having legal custody of the student or to the student if he or she has reached the age of 18 of the existing option to discontinue the use of the student's biometric information. Provides that any provision of a contract between an entity and a school district for the purpose of obtaining, collecting, processing, storing, transmitting, displaying, or otherwise handling biometric information entered into on or after January 1, 2027 that conflicts with the provisions concerning student biometric information is void. If a school district collects biometric information from students for legitimate instructional purposes, requires the school district to adopt a policy that requires, within the context of the legitimate instructional purposes, the use of biometric information solely for identification or fraud prevention (rather than a policy that requires the use of biometric information solely for identification or fraud prevention). |
| | Current Status: | 5/29/2026 - House Executive |
| | Recent Status: | 5/28/2026 - House Executive5/27/2026 - House Executive |
| | State Bill Page: | SB415 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-Biometric Systems of students SUMMARY-restricts school districts use of biometric systems involving students. Prohibits acquisition of biometrics systems of students except for instructional purposes. ---BREAK---BREAK--- See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency
|
| | Reports: | 9.1-Information Technology & Data Protection |
| |
| SB416 | EDUCATION-TECH (SEN. ROBERT MARTWICK; REP. MAURICE WEST, II) Senate Floor Amendment No. 1 - Replaces everything after the enacting clause. Creates the Student Educational Technology Rights Act. Provides that, by the 2026-2027 school year, the school board of each school district shall adopt a policy that, at a minimum: (1) prohibits teachers from using an artificial intelligence tool to assign a numerical score or a grade for any task that requires professional judgment; and (2) requires that any artificial intelligence model used in relation to students or student work be approved by the school board. Effective immediately.
Senate Floor Amendment No. 2 - Replaces everything after the enacting clause. Reinserts the contents of the bill as amended by Senate Amendment No. 1, with the following changes. Requires the policy to be adopted by the 2027-2028 (rather than the 2026-2027) school year. Provides that the policy shall require the school district to provide a list of approved artificial intelligence models to all schools at the start of each school year and promptly after any revisions to the list. Provides that nothing in the Act may be construed to conflict with a school district's obligations under federal law. Effective immediately. |
| | Current Status: | 5/29/2026 - Added as Co-Sponsor Sen. Sally J. Turner
|
| | Recent Status: | 5/29/2026 - House Executive5/28/2026 - House Executive |
| | State Bill Page: | SB416 |
| | Notes: | ARTIFICIAL INTELLIGENCE REGULATION-Student Technology Educational Rights SUMMARY-requires school districts to adopt policies prohibiting teachers from using AI tools for grading where task of professional judgment is involved. ---BREAK---BREAK--- See Senate Democratic Legislative AI Package of 8 Bills targeting Safety, Privacy and Consumer Transparency
|
| | Reports: | 9.1-Information Technology & Data Protection |
| |
| SB2875 | CONSUMER DATA PRIVACY (SEN. LAURA MURPHY) Creates the Illinois Consumer Data Privacy Act. Applies to legal entities that conduct business in Illinois or produce products or services that are targeted to Illinois residents and that satisfy one or more of the following thresholds: during a calendar year, controls or processes personal data of 100,000 consumers or more, excluding personal data controlled or processed solely for the purpose of completing a payment transaction; or derives over 25% of gross revenue from the sale of personal data and processes or controls personal data of 25,000 consumers or more. "Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person but does not include deidentified data or publicly available information. Requires a controller who, alone or jointly with others, to consider the purposes and means of the processing of personal data in protecting the security of consumers while processing personal data and in notifying consumers of a breach of the security of the system. Authorizes rights to consumers under the Act to include, but not be limited to, the right to access their personal data, obtain a list of third parties to whom their data has been disclosed, request corrections to inaccurate data, and question the profiling of their information. Creates an appeal process for a consumer to gather more information on the actions of a covered entity. Exempts the State, a political subdivision of the State, and units of local government, a federally recognized Indian tribe, nonprofits established to prevent insurance fraud, and data already covered by federal law. Authorizes the Attorney General to enforce the Act. Makes definitions. Makes other changes. Limits the concurrent exercise of home rule powers. Contains a severability provision. |
| | Current Status: | 5/22/2026 - Senate Committee Amendment No. 1 Rule 3-9(a) / Re-referred to Assignments
|
| | Recent Status: | 5/22/2026 - Rule 3-9(a) / Re-referred to Assignments
5/15/2026 - Rule 2-10 Committee/3rd Reading Deadline Established As May 22, 2026
|
| | State Bill Page: | SB2875 |
| | Notes: | CONSUMER DATA PRIVACY BILL-Exemption for SROs in Derivative Markets- A/O 6 March 26-Sponor filed an amendment addressing SRO's and derivative markets
- A/O 3 March 26-Letter to the sponsor acknowledging exemptions for self-regulatory organizations in the securities markets.
- Parallel HB 5221
- There should be parity for the derivative markets and specify exemption for SRO's under the federal Commodity Exchange
Suggested language for Section 12 12(b)(6)(C) maintained by, or maintained to comply with the rules or orders of, a self-regulatory organization as defined by the United States Code, Title 15, Section 78c(a)(26)or of a registered futures association so designated pursuant to the United States Code, Title 7, Section 21.
|
| | Reports: | 1-2026 General Tracking Report, 9.1-Information Technology & Data Protection |
| |
| SB4016 | HYPERSCALE DATA CENTERS (SEN. RAM VILLIVALAM) Amends the Environmental Protection Act, Energy Efficient Building Act, Illinois Power Agency Act, Public Utilities Act, and related statutes to establish comprehensive environmental, water, and energy regulations for hyperscale data centers. In the Environmental Protection Act, requires cumulative impact assessments, public notice, and community benefits agreements for data centers; prohibits nondisclosure agreements; and creates the Data Center Community Intervenor Compensation Fund and Hyperscale Data Center Public Benefits and Affordability Fund funded by annual fees based on peak demand. Mandates water resource planning, quarterly water usage reporting, water scarcity plans, and Water Impact Permits with public hearings and renewal every 5 years. Requires compliance with stringent energy codes and annual energy and water reporting to the Illinois Commerce Commission. Expands renewable energy procurement programs, establishes a hyperscale data center self-direct program, and strengthens equity, transparency, and labor standards in clean energy initiatives. Creates the Residential Automated Solar Permitting Platform Act to require municipalities and counties to adopt a residential automated solar permitting platform on or before July 1, 2027, and authorizes persons to file a civil action against a municipality or county in violation. |
| | Current Status: | 5/30/2026 - Added as Co-Sponsor Sen. Julie A. Morrison
|
| | Recent Status: | 5/28/2026 - Added as Co-Sponsor Sen. Adriane Johnson
5/22/2026 - Rule 3-9(a) / Re-referred to Assignments
|
| | State Bill Page: | SB4016 |
| | Notes: | DATA CENTER REGULATION-The Power Act- Establishes power and water usage demand standards for hyperscale data centers.
|
| | Reports: | 1-2026 General Tracking Report, 9.1-Information Technology & Data Protection |
| |