Public Act 0538 104TH GENERAL ASSEMBLY

 


 
Public Act 104-0538
 
SB0315 EnrolledLRB104 06438 SPS 16474 b

    AN ACT concerning business.
 
    Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
 
    Section 1. Short title. This Act may be cited as the
Artificial Intelligence Safety Measures Act.
 
    Section 5. Definitions. As used in this Act:
    "Affiliate" means a person controlling, controlled by, or
under common control with a specified person, directly or
indirectly, through one or more intermediaries.
    "Agency" means the Illinois Emergency Management Agency
and Office of Homeland Security.
    "Artificial intelligence" or "AI" has the meaning ascribed
to the term "artificial intelligence" in Section 5 of the
Digital Voice and Likeness Protection Act. "Artificial
intelligence" or "AI" includes generative artificial
intelligence.
    "Catastrophic risk" means a foreseeable and material risk
that a frontier developer's development, storage, use, or
deployment of a frontier model will materially contribute to
the death of, or serious injury to, more than 50 people or more
than $1,000,000,000 in damage to, or loss of, property arising
from a single incident involving a frontier model doing any of
the following:
        (1) providing expert-level assistance in the creation
    or release of a chemical, biological, radiological, or
    nuclear weapon;
        (2) engaging in conduct with no meaningful human
    oversight, intervention, or supervision that is either a
    cyberattack or, if the conduct had been committed by a
    human, would constitute the crime of murder, assault,
    extortion, or theft, including theft by false pretense; or
        (3) evading the control of its frontier developer or
    user.
    "Catastrophic risk" does not include a foreseeable and
material risk from any of the following:
        (1) information that a frontier model outputs if the
    information is otherwise publicly accessible in a
    substantially similar form from a source other than a
    foundation model;
        (2) lawful activity of the federal government; or
        (3) harm caused by a frontier model in combination
    with other software if the frontier model did not
    materially contribute to the harm.
    "Covered employee" means an employee responsible for
assessing, managing, or addressing the risk of critical safety
incidents.
    "Critical safety incident" means any of the following:
        (1) unauthorized access to, modification of, or
    exfiltration of, the model weights of a frontier model
    that results in death or bodily injury;
        (2) harm resulting from the materialization of a
    catastrophic risk;
        (3) loss of control of a frontier model causing death
    or bodily injury; or
        (4) a frontier model that uses deceptive techniques
    against the frontier developer to subvert the controls or
    monitoring of its frontier developer outside of the
    context of an evaluation designed to elicit this behavior
    and in a manner that demonstrates materially increased
    catastrophic risk.
    "Deploy" means to make a frontier model available to a
third party for use, modification, copying, or combination
with other software. "Deploy" does not include making a
frontier model available to a third party for the primary
purpose of researching, developing, or evaluating the frontier
model.
    "Foundation model" means an artificial intelligence model
that is all of the following:
        (1) trained on a broad data set;
        (2) designed for generality of output; and
        (3) adaptable to a wide range of distinctive tasks.
    "Frontier AI framework" means documented technical and
organizational protocols to manage, assess, and mitigate
catastrophic risks.
    "Frontier developer" means a person who trains, or
initiates the training of, a frontier model using computing
power that meets the technical specifications set forth in the
definition of "frontier model".
    "Frontier model" means a foundation model that was trained
using a quantity of computing power greater than 1026 integer
or floating-point operations. The quantity of computing power
described in this definition shall include computing for the
original training run and for any subsequent fine-tuning,
reinforcement learning, or other material modifications the
developer applies to a preceding foundation model.
    "Large frontier developer" means a frontier developer
that, together with its affiliates, collectively had annual
gross revenues in excess of $500,000,000 in the preceding
calendar year.
    "Model weight" means a numerical parameter in a frontier
model that is adjusted through training and that helps
determine how inputs are transformed into outputs.
    "Person" means an individual, proprietorship, firm,
partnership, joint venture, syndicate, business, trust,
company, corporation, limited liability company, association,
committee, or any other nongovernmental organization or group
of persons acting in concert.
    "Property" means tangible or intangible property.
 
    Section 10. Frontier AI framework.
    (a) Beginning January 1, 2028, a large frontier developer
shall write, implement, comply with, and clearly and
conspicuously publish on its website a frontier AI framework
that applies to the large frontier developer's frontier models
and describes how the large frontier developer approaches all
of the following:
        (1) incorporating national standards, international
    standards, and industry-consensus best practices into its
    frontier AI framework;
        (2) defining and assessing thresholds used by the
    large frontier developer to identify and assess whether a
    frontier model has capabilities that could pose a
    catastrophic risk, which may include multiple-tiered
    thresholds;
        (3) applying mitigations to address the potential for
    catastrophic risks based on the results of assessments
    undertaken pursuant to paragraph (2);
        (4) reviewing assessments and adequacy of mitigations
    as part of the decision to deploy a frontier model or use
    it extensively internally;
        (5) using third parties to assess the potential for
    catastrophic risks and the effectiveness of mitigations of
    catastrophic risks;
        (6) revisiting and updating the frontier AI framework,
    including any criteria that trigger updates and how the
    large frontier developer determines when its frontier
    models are substantially modified enough to require
    disclosures pursuant to subsection (c);
        (7) cybersecurity practices to secure unreleased model
    weights from unauthorized modification or transfer by
    internal or external parties;
        (8) identifying and responding to critical safety
    incidents;
        (9) instituting internal governance practices to
    ensure implementation of these processes; and
        (10) assessing and managing catastrophic risk
    resulting from the internal use of its frontier models,
    including risks resulting from a frontier model
    circumventing oversight mechanisms.
    (b)(1) A large frontier developer shall review and, as
appropriate, update its frontier AI framework at least once
per year.
    (2) If a large frontier developer makes a material
modification to its frontier AI framework, the large frontier
developer shall clearly and conspicuously publish on its
website the modified frontier AI framework and a justification
for that modification within 30 days.
    (c)(1) Before, or concurrently with, deploying a new
frontier model or a substantially modified version of an
existing frontier model, a frontier developer shall clearly
and conspicuously publish on its website a transparency report
containing all of the following:
            (A) the website of the frontier developer;
            (B) a mechanism that enables a natural person to
        communicate with the frontier developer;
            (C) the release date of the frontier model;
            (D) the languages supported by the frontier model;
            (E) the modalities of output supported by the
        frontier model;
            (F) the intended uses of the frontier model; and
            (G) any generally applicable restrictions or
        conditions on uses of the frontier model.
    (2) Before, or concurrently with, deploying a new frontier
model or a substantially modified version of an existing
frontier model, a large frontier developer shall include in
the transparency report required by paragraph (1) of this
subsection (c) summaries of all of the following:
            (A) assessments of catastrophic risks from the
        frontier model conducted pursuant to the large
        frontier developer's frontier AI framework;
            (B) the results of the assessments under
        subparagraph (A);
            (C) the extent to which third-party evaluators
        were involved; and
            (D) other steps taken to fulfill the requirements
        of the frontier AI framework with respect to the
        frontier model.
    (3) All summaries required under paragraph (2) shall be
provided in a machine-readable format to facilitate
verification of model claims.
    (4) A frontier developer that publishes the information
described in paragraph (1) or (2) as part of a larger document,
including a system card or model card, shall be deemed in
compliance with the applicable paragraph.
    (5) A frontier developer is encouraged, but not required,
to make disclosures described in this subsection (c) that are
consistent with, or superior to, industry best practices.
    (d) Beginning on January 1, 2028 or 90 days after a
developer first qualifies as a large frontier developer,
whichever is later, a large frontier developer shall annually
retain a third party to perform an independent audit of
compliance with the requirements of this Section. The third
party shall conduct audits consistent with generally accepted
auditing standards and best practices and shall possess
demonstrated competence to perform the audit, including
experience employing or contracting with individuals who
possess technical expertise in the safety of frontier models.
A large frontier developer shall not retain a third party if
either the large frontier developer or the third party has a
financial interest in the other party. A large frontier
developer may compensate a third party for its services but
shall not condition any payment or the amount of any payment on
the results of the third party's audit.
        (1) The third party shall be granted access to all
    materials reasonably necessary to comply with the third
    party's obligations under this subsection (d), including,
    but not limited to, all unredacted versions of materials
    published pursuant to this Act. To protect the frontier
    developer's trade secrets and confidential business
    information, cybersecurity, national security of the
    United States, or public safety, a large frontier
    developer may impose security protocols on the third
    party, including, but not limited to, restrictions on note
    taking, copying, retaining, or removing materials;
    requirements for on-premise review; and confidentiality
    requirements.
        (2) The third party shall produce a report that
    includes all of the following:
            (A) a description of whether the large frontier
        developer has substantially complied with the
        requirements of this Section;
            (B) if applicable, a description of material
        deviations from the requirements of this Section, an
        explanation of any deviation and its rationale, and
        any recommendations for how the developer can improve
        its policies and processes for ensuring compliance
        with the requirements of this Section;
            (C) a detailed assessment of the large frontier
        developer's internal controls, including its
        designation and empowerment of senior personnel
        responsible for such implementation by the large
        frontier developer, its employees, and its
        contractors;
            (D) a list of the personnel involved in the audit;
            (E) the third party's procedures for managing
        conflicts of interest and any conflicts of interest of
        any personnel involved in the audit;
            (F) the methodology of the audit and the nature of
        the information reviewed by the third party to conduct
        the audit; and
            (G) the signature of the lead auditor certifying
        the results of the audit.
        (3) The large frontier developer shall retain an
    unredacted copy of the report for as long as a frontier
    model is deployed plus 5 years.
        (4)(A) No later than 30 days after receiving the audit
    report, the large frontier developer shall conspicuously
    publish on its website a high-level summary of the audit
    findings and a copy of the third party's report with
    appropriate redactions and transmit a copy of the redacted
    report to the Agency and the Attorney General.
        (B) The large frontier developer shall grant the
    Agency and the Attorney General access to the third
    party's report, with redactions, upon request, subject to
    the redactions permitted under subsection (g).
    (e) A large frontier developer shall transmit to the
Agency a summary of any assessment of catastrophic risk
resulting from internal use of its frontier models every 3
months or pursuant to another reasonable schedule specified by
the large frontier developer and communicated in writing to
the Agency and the Attorney General with written updates, as
appropriate and agreed upon by the Agency.
    (f)(1) A frontier developer shall not make a materially
false or misleading statement about catastrophic risk from its
frontier models or its management of catastrophic risk.
    A large frontier developer shall not make a materially
false or misleading statement about its implementation of, or
compliance with, its frontier AI framework.
    (2) This subsection (f) does not apply to a statement that
was made in good faith and was reasonable under the
circumstances.
    (g)(1) When a frontier developer publishes documents to
comply with this Section, the frontier developer may make
redactions to those documents that are necessary to protect
the frontier developer's trade secrets, the frontier
developer's cybersecurity, public safety, or the national
security of the United States or to comply with any federal or
State law.
    (2) If a frontier developer redacts information in a
document pursuant to this subsection (g), the frontier
developer shall describe the character and justification of
the redaction in any published version of the document to the
extent permitted by the concerns that justify redaction and
shall retain the unredacted information for 5 years.
 
    Section 15. Reporting critical safety incidents.
    (a) The Agency, in consultation with the Attorney General,
shall establish a mechanism to be used by a frontier developer
or a member of the public to report a critical safety incident
that includes all of the following:
        (1) the date of the critical safety incident;
        (2) the reasons the incident qualifies as a critical
    safety incident;
        (3) a short and plain statement describing the
    critical safety incident; and
        (4) whether the incident was associated with internal
    use of a frontier model.
    (b)(1) The Agency, in consultation with the Attorney
General, shall establish a mechanism to be used by a large
frontier developer to confidentially submit summaries of any
assessments of the potential for catastrophic risk resulting
from internal use of its frontier models.
    (2) The Agency and the Attorney General shall take all
necessary precautions to limit access to any reports related
to internal use of frontier models to only personnel with a
specific need to know the information and to protect the
reports from unauthorized access.
    (c) A frontier developer shall report any critical safety
incident pertaining to one or more of its frontier models to
the Agency and the Attorney General within 72 hours of the
frontier developer learning facts sufficient to establish a
reasonable belief that a critical safety incident has
occurred. The disclosure shall include: (i) the date of the
critical safety incident; (ii) the reasons the incident
qualifies as a critical safety incident as defined in this
Act; and (iii) a short and plain statement describing the
critical safety incident. If a frontier developer discovers
that a critical safety incident poses an imminent risk of
death or serious physical injury, the frontier developer shall
disclose that incident within 24 hours to an authority,
including any law enforcement agency or public safety agency
with jurisdiction, that is appropriate based on the nature of
that incident and as required by law. A frontier developer
that discovers information about a critical safety incident
after filing the initial report required by this subsection
(c) may file an amended report. A frontier developer is
encouraged, but not required, to report critical safety
incidents pertaining to foundation models that are not
frontier models.
    (d) The Agency and the Attorney General shall review
critical safety incident reports submitted by frontier
developers and may review reports submitted by members of the
public.
    (e) The Attorney General or the Agency may transmit
reports of critical safety incidents to the General Assembly,
the Governor, the federal government, or appropriate State
agencies. The Attorney General and the Agency shall strongly
consider any risks related to trade secrets, public safety,
cybersecurity of a frontier developer, or national security
when transmitting reports.
    (f) The following records are exempt from disclosure under
the Freedom of Information Act:
        (1) any report of a critical safety incident submitted
    to the Agency or the Attorney General;
        (2) any report of an assessment of catastrophic risk
    from internal use under subsection (e) of Section 10;
        (3) any unredacted version of the third party audit
    report produced under subsection (d) of Section 10 in the
    possession of the Agency or the Attorney General;
        (4) any materials, work papers, notes, or derivative
    documents prepared by a third party in connection with an
    audit under subsection (d) of Section 10, to the extent
    such materials come into the possession of the Agency or
    the Attorney General; and
        (5) any covered employee report made under Section 30.
    (g)(1) By January 1, 2029, and by each January 1
thereafter, the Agency, in consultation with the Attorney
General, shall produce a report that includes the following:
        (A) anonymized and aggregated information about
    critical safety incidents that have been reviewed by the
    Agency or the Attorney General since the preceding report;
        (B) information that the Agency deems relevant to
    frontier model safety;
        (C) recommended updates to this Act, if any; and
        (D) any developments relevant to the purposes of this
    Act.
    (2) The Agency and the Attorney General shall not include
information in a report that would compromise the trade
secrets or cybersecurity of a frontier developer, public
safety, or the national security of the United States or that
would be prohibited by any federal or State law.
    (3) The Agency, in consultation with the Attorney General,
shall transmit the report under this subsection (g) to the
General Assembly and to the Governor.
 
    Section 17. Interoperability.
    (a) The Agency, in consultation with the Attorney General,
shall designate on its website a declaration process and one
or more federal laws, regulations, or guidance documents that
meet all of the following conditions for the purposes of
subsection (b):
        (1) the law, regulation, or guidance document imposes
    or states standards or requirements for critical safety
    incident reporting that are substantially equivalent to,
    or stricter than, those required by this Act;
        (2) the law, regulation, or guidance document
    described in paragraph (1) does not need to require
    critical safety incident reporting to the State of
    Illinois;
        (3) the law, regulation, or guidance document is
    intended to assess, detect, or mitigate the catastrophic
    risk in ways that are substantially equivalent to this
    Act; and
        (4) the law, regulation, or guidance document requires
    the large frontier developer to undergo independent
    third-party audits of its assessment of catastrophic risks
    and critical safety incident reporting with requirements
    that are substantially equivalent to, or stricter than,
    those required by this Act.
    (b)(1) A frontier developer that intends to comply with
this Act by complying with the requirements of, or meeting the
standards stated by, a federal law, regulation, or guidance
document designated in subsection (a) shall declare its intent
to do so to the Agency by following the process outlined on the
Agency's website.
    (2) After a frontier developer has declared its intent
pursuant to paragraph (1), both of the following apply:
        (A) the frontier developer shall be deemed in
    compliance with this Act to the extent that the frontier
    developer meets the standards of, or complies with the
    requirements imposed or stated by, the designated federal
    law, regulation, or guidance document until the frontier
    developer declares the revocation of that intent to the
    Agency in the manner provided for on the Agency's website;
    and
        (B) the failure by a frontier developer to meet the
    standards of, or comply with the requirements stated by,
    the federal law, regulation, or guidance document
    designated pursuant to subsection (a) shall constitute a
    violation of this Act.
    (c) The Agency shall issue updated guidance documents on
its website if the requirements of subsection (a) are no
longer met.
 
    Section 18. Large frontier developer disclosure.
    (a) Except as otherwise provided in this Section,
beginning January 1, 2027, no large frontier developer may
develop, deploy, or operate a frontier model, in whole or in
part in this State, without having a current disclosure
statement filed with the Agency and paying the required fee.
    (b) The disclosure statement shall be filed in the form
and the manner prescribed by the Agency on the Agency's
website and shall contain all the information required by the
Agency. It shall be renewed annually, whenever ownership of
the frontier model is transferred or whenever there is a
material change to the information reported in the previously
filed disclosure statement, whichever occurs earlier.
    (c) The disclosure statement shall identify:
        (1) the identity of the large frontier developer and
    all names under which such large frontier developer
    conducts business;
        (2) the address of the principal place of business and
    the address of each office the large frontier developer
    maintains in this State;
        (3) in the event the large frontier developer or the
    ultimate parent of the large frontier developer is a
    privately or closely held company, a list of all persons
    or entities that beneficially own a 5% or greater interest
    in the large frontier developer at the time the disclosure
    statement is filed and a list of persons who formerly
    beneficially owned a 5% or greater interest in the owner
    or its predecessors in the preceding 5 years; in the event
    the owner or the ultimate parent is a publicly traded
    company, the owner shall file a list of all persons or
    entities that beneficially own a 50% or greater interest
    in the large frontier developer at the time of disclosure;
    and
        (4) the name and contact information of a point of
    contact, secondary contact, and tertiary contact for the
    large frontier developer; the point of contact shall be
    responsible for receiving inquiries relating to this Act
    from the Agency or other governmental entities.
    (d) The Agency shall charge and collect fees from large
frontier developers for the expenses of administering this
Act, which shall be nonrefundable unless otherwise indicated.
Each large frontier developer shall pay to the Agency its pro
rata share of the cost of administration of this Act, as
estimated by the Agency, for the current year and any deficit
actually incurred in the administration of the Act in prior
years.
    (e) If any person develops, deploys, or operates a large
frontier model in this State without a current disclosure
filed with the Agency as required by this Section, submits
false information in its disclosure or fails to timely pay any
assessment required by this Act, in addition to any other
penalty or liability that may be imposed under this Act, the
Agency may, after notice and hearing, levy civil penalties,
fees, and costs as follows:
        (1) a civil penalty of $1,000 for each day the person
    fails to file a disclosure as required by this Section or
    fails to correct false information; and
        (2) an amount equal to the assessments owed.
    (f) The Agency shall maintain and publish a list of large
frontier developers who have filed disclosure statements;
however, the publication shall not include the contact
information set forth in subsection (c).
 
    Section 20. Whistleblower protections.
    (a) A frontier developer shall not make, adopt, enforce,
or enter into a rule, regulation, policy, or contract that
prevents a covered employee from disclosing, or retaliates
against a covered employee for disclosing, information to the
Agency, Attorney General, a federal authority, a person with
authority over the covered employee, or another covered
employee who has authority to investigate, discover, or
correct the reported issue, if the covered employee has
reasonable cause to believe that the information discloses
that:
        (1) the frontier developer's activities pose a
    specific and substantial danger to the public health or
    safety resulting from a catastrophic risk; or
        (2) the frontier developer has violated this Act.
    (b) A frontier developer shall not enter into a contract
that prevents a covered employee from making a disclosure
protected under the Whistleblower Act.
    (c) A covered employee may use the Attorney General's
Workplace Rights Hotline to make reports described in
subsection (a).
    (d) A frontier developer shall provide a clear notice to
all covered employees of their rights and responsibilities
under this Section, including by doing either of the
following:
        (1) at all times posting and displaying within any
    workplace maintained by the frontier developer a notice to
    all covered employees of their rights under this Section,
    ensuring that any new covered employee receives equivalent
    notice, and ensuring that any covered employee who works
    remotely periodically receives an equivalent notice; or
        (2) at least once each year, providing written notice
    to each covered employee of the covered employee's rights
    under this Section and ensuring that the notice is
    received and acknowledged by all of those covered
    employees.
    (e)(1) A large frontier developer shall provide a
reasonable internal process through which a covered employee
may anonymously disclose information to the large frontier
developer if the covered employee believes in good faith that
the information indicates that the large frontier developer's
activities present a specific and substantial danger to the
public health or safety resulting from a catastrophic risk or
that the large frontier developer violated this Act, including
a monthly update to the person who made the disclosure
regarding the status of the large frontier developer's
investigation of the disclosure and the actions taken by the
large frontier developer in response to the disclosure.
    (2)(A) Except as provided in subparagraph (B), the
disclosures and responses of the process required by this
subsection (e) shall be shared with officers and directors of
the large frontier developer at least once each quarter.
    (B) If a covered employee has alleged wrongdoing by an
officer or director of the large frontier developer in a
disclosure or response, subparagraph (A) shall not apply with
respect to that officer or director.
    (f) This Section does not impair or limit the
applicability of the Whistleblower Act, including with respect
to the rights of employees who are not covered employees to
report violations of this Act.
 
    Section 25. Civil penalty.
    (a) A large frontier developer that fails to publish or
transmit a compliant document required to be published or
transmitted under this Act, makes a statement in violation of
subsection (f) of Section 10, fails to have a third party
perform an independent audit of compliance as required by
subsection (d) of Section 10, fails to report a critical
safety incident as required by Section 15, or fails to comply
with its own frontier AI framework shall be subject to a civil
penalty in an amount dependent upon the severity of the
violation that does not exceed $1,000,000 for the first
violation. For a subsequent violation, the civil penalty may
not exceed $3,000,000 per violation.
    (b) A civil penalty described in this Section shall be
recovered in a civil action brought exclusively by the
Attorney General. Any civil penalties collected from the
enforcement of this Act shall be deposited into the Attorney
General Court Ordered and Voluntary Compliance Payment
Projects Fund.
    (c) The loss of value of equity does not count as damage to
or loss of property for the purposes of this Act.
    (d) Nothing in this Act shall be construed to establish a
private right of action associated with violations of this
Act.
 
    Section 30. Duties and obligations. The duties and
obligations imposed by this Act are cumulative with any other
duties or obligations imposed under other law and shall not be
construed to relieve any party from any duties or obligations
imposed under other law and do not limit any rights or remedies
under existing law.
 
    Section 35. Home rule. The regulation of artificial
intelligence frontier models is an exclusive power and
function of the State. This Section is a denial and limitation
of home rule powers and functions under subsection (h) of
Section 6 of Article VII of the Illinois Constitution.
 
    Section 80. The Freedom of Information Act is amended by
changing Section 7.5 as follows:
 
    (5 ILCS 140/7.5)
    (Text of Section before amendment by P.A. 104-441 and
104-457)
    Sec. 7.5. Statutory exemptions. To the extent provided for
by the statutes referenced below, the following shall be
exempt from inspection and copying:
        (a) All information determined to be confidential
    under Section 4002 of the Technology Advancement and
    Development Act.
        (b) Library circulation and order records identifying
    library users with specific materials under the Library
    Records Confidentiality Act.
        (c) Applications, related documents, and medical
    records received by the Experimental Organ Transplantation
    Procedures Board and any and all documents or other
    records prepared by the Experimental Organ Transplantation
    Procedures Board or its staff relating to applications it
    has received.
        (d) Information and records held by the Department of
    Public Health and its authorized representatives relating
    to known or suspected cases of sexually transmitted
    infection or any information the disclosure of which is
    restricted under the Illinois Sexually Transmitted
    Infection Control Act.
        (e) Information the disclosure of which is exempted
    under Section 30 of the Radon Industry Licensing Act.
        (f) Firm performance evaluations under Section 55 of
    the Architectural, Engineering, and Land Surveying
    Qualifications Based Selection Act.
        (g) Information the disclosure of which is restricted
    and exempted under Section 50 of the Illinois Prepaid
    Tuition Act.
        (h) Information the disclosure of which is exempted
    under the State Officials and Employees Ethics Act, and
    records of any lawfully created State or local inspector
    general's office that would be exempt if created or
    obtained by an Executive Inspector General's office under
    that Act.
        (i) Information contained in a local emergency energy
    plan submitted to a municipality in accordance with a
    local emergency energy plan ordinance that is adopted
    under Section 11-21.5-5 of the Illinois Municipal Code.
        (j) Information and data concerning the distribution
    of surcharge moneys collected and remitted by carriers
    under the Emergency Telephone System Act.
        (k) Law enforcement officer identification information
    or driver identification information compiled by a law
    enforcement agency or the Department of Transportation
    under Section 11-212 of the Illinois Vehicle Code.
        (l) Records and information provided to a residential
    health care facility resident sexual assault and death
    review team or the Executive Council under the Abuse
    Prevention Review Team Act.
        (m) Information provided to the predatory lending
    database created pursuant to Article 3 of the Residential
    Real Property Disclosure Act, except to the extent
    authorized under that Article.
        (n) Defense budgets and petitions for certification of
    compensation and expenses for court appointed trial
    counsel as provided under Sections 10 and 15 of the
    Capital Crimes Litigation Act (repealed). This subsection
    (n) shall apply until the conclusion of the trial of the
    case, even if the prosecution chooses not to pursue the
    death penalty prior to trial or sentencing.
        (o) Information that is prohibited from being
    disclosed under Section 4 of the Illinois Health and
    Hazardous Substances Registry Act.
        (p) Security portions of system safety program plans,
    investigation reports, surveys, schedules, lists, data, or
    information compiled, collected, or prepared by or for the
    Department of Transportation under Sections 2705-300 and
    2705-616 of the Department of Transportation Law of the
    Civil Administrative Code of Illinois, the Regional
    Transportation Authority under Section 2.11 of the
    Regional Transportation Authority Act, or the St. Clair
    County Transit District under the Bi-State Transit Safety
    Act (repealed).
        (q) Information prohibited from being disclosed by the
    Personnel Record Review Act.
        (r) Information prohibited from being disclosed by the
    Illinois School Student Records Act.
        (s) Information the disclosure of which is restricted
    under Section 5-108 of the Public Utilities Act.
        (t) (Blank).
        (u) Records and information provided to an independent
    team of experts under the Developmental Disability and
    Mental Health Safety Act (also known as Brian's Law).
        (v) Names and information of people who have applied
    for or received Firearm Owner's Identification Cards under
    the Firearm Owners Identification Card Act or applied for
    or received a concealed carry license under the Firearm
    Concealed Carry Act, unless otherwise authorized by the
    Firearm Concealed Carry Act; and databases under the
    Firearm Concealed Carry Act, records of the Concealed
    Carry Licensing Review Board under the Firearm Concealed
    Carry Act, and law enforcement agency objections under the
    Firearm Concealed Carry Act.
        (v-5) Records of the Firearm Owner's Identification
    Card Review Board that are exempted from disclosure under
    Section 10 of the Firearm Owners Identification Card Act.
        (w) Personally identifiable information which is
    exempted from disclosure under subsection (g) of Section
    19.1 of the Toll Highway Act.
        (x) Information which is exempted from disclosure
    under Section 5-1014.3 of the Counties Code or Section
    8-11-21 of the Illinois Municipal Code.
        (y) Confidential information under the Adult
    Protective Services Act and its predecessor enabling
    statute, the Elder Abuse and Neglect Act, including
    information about the identity and administrative finding
    against any caregiver of a verified and substantiated
    decision of abuse, neglect, or financial exploitation of
    an eligible adult maintained in the Registry established
    under Section 7.5 of the Adult Protective Services Act.
        (z) Records and information provided to a fatality
    review team or the Illinois Fatality Review Team Advisory
    Council under Section 15 of the Adult Protective Services
    Act.
        (aa) Information which is exempted from disclosure
    under Section 2.37 of the Wildlife Code.
        (bb) Information which is or was prohibited from
    disclosure by the Juvenile Court Act of 1987.
        (cc) Recordings made under the Law Enforcement
    Officer-Worn Body Camera Act, except to the extent
    authorized under that Act.
        (dd) Information that is prohibited from being
    disclosed under Section 45 of the Condominium and Common
    Interest Community Ombudsperson Act.
        (ee) Information that is exempted from disclosure
    under Section 30.1 of the Pharmacy Practice Act.
        (ff) Information that is exempted from disclosure
    under the Revised Uniform Unclaimed Property Act.
        (gg) Information that is prohibited from being
    disclosed under Section 7-603.5 of the Illinois Vehicle
    Code.
        (hh) Records that are exempt from disclosure under
    Section 1A-16.7 of the Election Code.
        (ii) Information which is exempted from disclosure
    under Section 2505-800 of the Department of Revenue Law of
    the Civil Administrative Code of Illinois.
        (jj) Information and reports that are required to be
    submitted to the Department of Labor by registering day
    and temporary labor service agencies but are exempt from
    disclosure under subsection (a-1) of Section 45 of the Day
    and Temporary Labor Services Act.
        (kk) Information prohibited from disclosure under the
    Seizure and Forfeiture Reporting Act.
        (ll) Information the disclosure of which is restricted
    and exempted under Section 5-30.8 of the Illinois Public
    Aid Code.
        (mm) Records that are exempt from disclosure under
    Section 4.2 of the Crime Victims Compensation Act.
        (nn) Information that is exempt from disclosure under
    Section 70 of the Higher Education Student Assistance Act.
        (oo) Communications, notes, records, and reports
    arising out of a peer support counseling session
    prohibited from disclosure under the First Responders
    Suicide Prevention Act.
        (pp) Names and all identifying information relating to
    an employee of an emergency services provider or law
    enforcement agency under the First Responders Suicide
    Prevention Act.
        (qq) Information and records held by the Department of
    Public Health and its authorized representatives collected
    under the Reproductive Health Act.
        (rr) Information that is exempt from disclosure under
    the Cannabis Regulation and Tax Act.
        (ss) Data reported by an employer to the Department of
    Human Rights pursuant to Section 2-108 of the Illinois
    Human Rights Act.
        (tt) Recordings made under the Children's Advocacy
    Center Act, except to the extent authorized under that
    Act.
        (uu) Information that is exempt from disclosure under
    Section 50 of the Sexual Assault Evidence Submission Act.
        (vv) Information that is exempt from disclosure under
    subsections (f) and (j) of Section 5-36 of the Illinois
    Public Aid Code.
        (ww) Information that is exempt from disclosure under
    Section 16.8 of the State Treasurer Act.
        (xx) Information that is exempt from disclosure or
    information that shall not be made public under the
    Illinois Insurance Code.
        (yy) Information prohibited from being disclosed under
    the Illinois Educational Labor Relations Act.
        (zz) Information prohibited from being disclosed under
    the Illinois Public Labor Relations Act.
        (aaa) Information prohibited from being disclosed
    under Section 1-167 of the Illinois Pension Code.
        (bbb) Information that is prohibited from disclosure
    by the Illinois Police Training Act and the Illinois State
    Police Act.
        (ccc) Records exempt from disclosure under Section
    2605-304 of the Illinois State Police Law of the Civil
    Administrative Code of Illinois.
        (ddd) Information prohibited from being disclosed
    under Section 35 of the Address Confidentiality for
    Victims of Domestic Violence, Sexual Assault, Human
    Trafficking, or Stalking Act.
        (eee) Information prohibited from being disclosed
    under subsection (b) of Section 75 of the Domestic
    Violence Fatality Review Act.
        (fff) Images from cameras under the Expressway Camera
    Act and all automated license plate reader (ALPR)
    information used and collected by the Illinois State
    Police. "ALPR information" means information gathered by
    an ALPR or created from the analysis of data generated by
    an ALPR. This subsection (fff) is inoperative on and after
    July 1, 2028.
        (ggg) Information prohibited from disclosure under
    paragraph (3) of subsection (a) of Section 14 of the Nurse
    Agency Licensing Act.
        (hhh) Information submitted to the Illinois State
    Police in an affidavit or application for an assault
    weapon endorsement, assault weapon attachment endorsement,
    .50 caliber rifle endorsement, or .50 caliber cartridge
    endorsement under the Firearm Owners Identification Card
    Act.
        (iii) Data exempt from disclosure under Section 50 of
    the School Safety Drill Act.
        (jjj) Information exempt from disclosure under Section
    30 of the Insurance Data Security Law.
        (kkk) Confidential business information prohibited
    from disclosure under Section 45 of the Paint Stewardship
    Act.
        (lll) Data exempt from disclosure under Section
    2-3.196 of the School Code.
        (mmm) Information prohibited from being disclosed
    under subsection (e) of Section 1-129 of the Illinois
    Power Agency Act.
        (nnn) Materials received by the Department of Commerce
    and Economic Opportunity that are confidential under the
    Music and Musicians Tax Credit and Jobs Act.
        (ooo) Data or information provided pursuant to Section
    20 of the Statewide Recycling Needs and Assessment Act.
        (ppp) Information that is exempt from disclosure under
    Section 28-11 of the Lawful Health Care Activity Act.
        (qqq) Information that is exempt from disclosure under
    Section 7-101 of the Illinois Human Rights Act.
        (rrr) Information prohibited from being disclosed
    under Section 4-2 of the Uniform Money Transmission
    Modernization Act.
        (sss) Information exempt from disclosure under Section
    40 of the Student-Athlete Endorsement Rights Act.
        (ttt) Audio recordings made under Section 30 of the
    Illinois State Police Act, except to the extent authorized
    under that Section.
        (uuu) Information prohibited from being disclosed
    under Section 30-5 of the Digital Assets Regulation Act.
        (vvv) Information exempt from disclosure under
    subsection (f) of Section 15 of the Artificial
    Intelligence Safety Measures Act.
(Source: P.A. 103-8, eff. 6-7-23; 103-34, eff. 6-9-23;
103-142, eff. 1-1-24; 103-372, eff. 1-1-24; 103-472, eff.
8-1-24; 103-508, eff. 8-4-23; 103-580, eff. 12-8-23; 103-592,
eff. 6-7-24; 103-605, eff. 7-1-24; 103-636, eff. 7-1-24;
103-724, eff. 1-1-25; 103-786, eff. 8-7-24; 103-859, eff.
8-9-24; 103-991, eff. 8-9-24; 103-1049, eff. 8-9-24; 103-1081,
eff. 3-21-25; 104-10, eff. 6-16-25; 104-18, eff. 6-30-25;
104-417, eff. 8-15-25; 104-428, eff. 8-18-25; revised
9-10-25.)
 
    (Text of Section after amendment by P.A. 104-457 but
before 104-441)
    Sec. 7.5. Statutory exemptions. To the extent provided for
by the statutes referenced below, the following shall be
exempt from inspection and copying:
        (a) All information determined to be confidential
    under Section 4002 of the Technology Advancement and
    Development Act.
        (b) Library circulation and order records identifying
    library users with specific materials under the Library
    Records Confidentiality Act.
        (c) Applications, related documents, and medical
    records received by the Experimental Organ Transplantation
    Procedures Board and any and all documents or other
    records prepared by the Experimental Organ Transplantation
    Procedures Board or its staff relating to applications it
    has received.
        (d) Information and records held by the Department of
    Public Health and its authorized representatives relating
    to known or suspected cases of sexually transmitted
    infection or any information the disclosure of which is
    restricted under the Illinois Sexually Transmitted
    Infection Control Act.
        (e) Information the disclosure of which is exempted
    under Section 30 of the Radon Industry Licensing Act.
        (f) Firm performance evaluations under Section 55 of
    the Architectural, Engineering, and Land Surveying
    Qualifications Based Selection Act.
        (g) Information the disclosure of which is restricted
    and exempted under Section 50 of the Illinois Prepaid
    Tuition Act.
        (h) Information the disclosure of which is exempted
    under the State Officials and Employees Ethics Act, and
    records of any lawfully created State or local inspector
    general's office that would be exempt if created or
    obtained by an Executive Inspector General's office under
    that Act.
        (i) Information contained in a local emergency energy
    plan submitted to a municipality in accordance with a
    local emergency energy plan ordinance that is adopted
    under Section 11-21.5-5 of the Illinois Municipal Code.
        (j) Information and data concerning the distribution
    of surcharge moneys collected and remitted by carriers
    under the Emergency Telephone System Act.
        (k) Law enforcement officer identification information
    or driver identification information compiled by a law
    enforcement agency or the Department of Transportation
    under Section 11-212 of the Illinois Vehicle Code.
        (l) Records and information provided to a residential
    health care facility resident sexual assault and death
    review team or the Executive Council under the Abuse
    Prevention Review Team Act.
        (m) Information provided to the predatory lending
    database created pursuant to Article 3 of the Residential
    Real Property Disclosure Act, except to the extent
    authorized under that Article.
        (n) Defense budgets and petitions for certification of
    compensation and expenses for court appointed trial
    counsel as provided under Sections 10 and 15 of the
    Capital Crimes Litigation Act (repealed). This subsection
    (n) shall apply until the conclusion of the trial of the
    case, even if the prosecution chooses not to pursue the
    death penalty prior to trial or sentencing.
        (o) Information that is prohibited from being
    disclosed under Section 4 of the Illinois Health and
    Hazardous Substances Registry Act.
        (p) Security portions of system safety program plans,
    investigation reports, surveys, schedules, lists, data, or
    information compiled, collected, or prepared by or for the
    Department of Transportation under Sections 2705-300 and
    2705-616 of the Department of Transportation Law of the
    Civil Administrative Code of Illinois, the Northern
    Illinois Transit Authority under Section 2.11 of the
    Northern Illinois Transit Authority Act, or the St. Clair
    County Transit District under the Bi-State Transit Safety
    Act (repealed).
        (q) Information prohibited from being disclosed by the
    Personnel Record Review Act.
        (r) Information prohibited from being disclosed by the
    Illinois School Student Records Act.
        (s) Information the disclosure of which is restricted
    under Section 5-108 of the Public Utilities Act.
        (t) (Blank).
        (u) Records and information provided to an independent
    team of experts under the Developmental Disability and
    Mental Health Safety Act (also known as Brian's Law).
        (v) Names and information of people who have applied
    for or received Firearm Owner's Identification Cards under
    the Firearm Owners Identification Card Act or applied for
    or received a concealed carry license under the Firearm
    Concealed Carry Act, unless otherwise authorized by the
    Firearm Concealed Carry Act; and databases under the
    Firearm Concealed Carry Act, records of the Concealed
    Carry Licensing Review Board under the Firearm Concealed
    Carry Act, and law enforcement agency objections under the
    Firearm Concealed Carry Act.
        (v-5) Records of the Firearm Owner's Identification
    Card Review Board that are exempted from disclosure under
    Section 10 of the Firearm Owners Identification Card Act.
        (w) Personally identifiable information which is
    exempted from disclosure under subsection (g) of Section
    19.1 of the Toll Highway Act.
        (x) Information which is exempted from disclosure
    under Section 5-1014.3 of the Counties Code or Section
    8-11-21 of the Illinois Municipal Code.
        (y) Confidential information under the Adult
    Protective Services Act and its predecessor enabling
    statute, the Elder Abuse and Neglect Act, including
    information about the identity and administrative finding
    against any caregiver of a verified and substantiated
    decision of abuse, neglect, or financial exploitation of
    an eligible adult maintained in the Registry established
    under Section 7.5 of the Adult Protective Services Act.
        (z) Records and information provided to a fatality
    review team or the Illinois Fatality Review Team Advisory
    Council under Section 15 of the Adult Protective Services
    Act.
        (aa) Information which is exempted from disclosure
    under Section 2.37 of the Wildlife Code.
        (bb) Information which is or was prohibited from
    disclosure by the Juvenile Court Act of 1987.
        (cc) Recordings made under the Law Enforcement
    Officer-Worn Body Camera Act, except to the extent
    authorized under that Act.
        (dd) Information that is prohibited from being
    disclosed under Section 45 of the Condominium and Common
    Interest Community Ombudsperson Act.
        (ee) Information that is exempted from disclosure
    under Section 30.1 of the Pharmacy Practice Act.
        (ff) Information that is exempted from disclosure
    under the Revised Uniform Unclaimed Property Act.
        (gg) Information that is prohibited from being
    disclosed under Section 7-603.5 of the Illinois Vehicle
    Code.
        (hh) Records that are exempt from disclosure under
    Section 1A-16.7 of the Election Code.
        (ii) Information which is exempted from disclosure
    under Section 2505-800 of the Department of Revenue Law of
    the Civil Administrative Code of Illinois.
        (jj) Information and reports that are required to be
    submitted to the Department of Labor by registering day
    and temporary labor service agencies but are exempt from
    disclosure under subsection (a-1) of Section 45 of the Day
    and Temporary Labor Services Act.
        (kk) Information prohibited from disclosure under the
    Seizure and Forfeiture Reporting Act.
        (ll) Information the disclosure of which is restricted
    and exempted under Section 5-30.8 of the Illinois Public
    Aid Code.
        (mm) Records that are exempt from disclosure under
    Section 4.2 of the Crime Victims Compensation Act.
        (nn) Information that is exempt from disclosure under
    Section 70 of the Higher Education Student Assistance Act.
        (oo) Communications, notes, records, and reports
    arising out of a peer support counseling session
    prohibited from disclosure under the First Responders
    Suicide Prevention Act.
        (pp) Names and all identifying information relating to
    an employee of an emergency services provider or law
    enforcement agency under the First Responders Suicide
    Prevention Act.
        (qq) Information and records held by the Department of
    Public Health and its authorized representatives collected
    under the Reproductive Health Act.
        (rr) Information that is exempt from disclosure under
    the Cannabis Regulation and Tax Act.
        (ss) Data reported by an employer to the Department of
    Human Rights pursuant to Section 2-108 of the Illinois
    Human Rights Act.
        (tt) Recordings made under the Children's Advocacy
    Center Act, except to the extent authorized under that
    Act.
        (uu) Information that is exempt from disclosure under
    Section 50 of the Sexual Assault Evidence Submission Act.
        (vv) Information that is exempt from disclosure under
    subsections (f) and (j) of Section 5-36 of the Illinois
    Public Aid Code.
        (ww) Information that is exempt from disclosure under
    Section 16.8 of the State Treasurer Act.
        (xx) Information that is exempt from disclosure or
    information that shall not be made public under the
    Illinois Insurance Code.
        (yy) Information prohibited from being disclosed under
    the Illinois Educational Labor Relations Act.
        (zz) Information prohibited from being disclosed under
    the Illinois Public Labor Relations Act.
        (aaa) Information prohibited from being disclosed
    under Section 1-167 of the Illinois Pension Code.
        (bbb) Information that is prohibited from disclosure
    by the Illinois Police Training Act and the Illinois State
    Police Act.
        (ccc) Records exempt from disclosure under Section
    2605-304 of the Illinois State Police Law of the Civil
    Administrative Code of Illinois.
        (ddd) Information prohibited from being disclosed
    under Section 35 of the Address Confidentiality for
    Victims of Domestic Violence, Sexual Assault, Human
    Trafficking, or Stalking Act.
        (eee) Information prohibited from being disclosed
    under subsection (b) of Section 75 of the Domestic
    Violence Fatality Review Act.
        (fff) Images from cameras under the Expressway Camera
    Act and all automated license plate reader (ALPR)
    information used and collected by the Illinois State
    Police. "ALPR information" means information gathered by
    an ALPR or created from the analysis of data generated by
    an ALPR. This subsection (fff) is inoperative on and after
    July 1, 2028.
        (ggg) Information prohibited from disclosure under
    paragraph (3) of subsection (a) of Section 14 of the Nurse
    Agency Licensing Act.
        (hhh) Information submitted to the Illinois State
    Police in an affidavit or application for an assault
    weapon endorsement, assault weapon attachment endorsement,
    .50 caliber rifle endorsement, or .50 caliber cartridge
    endorsement under the Firearm Owners Identification Card
    Act.
        (iii) Data exempt from disclosure under Section 50 of
    the School Safety Drill Act.
        (jjj) Information exempt from disclosure under Section
    30 of the Insurance Data Security Law.
        (kkk) Confidential business information prohibited
    from disclosure under Section 45 of the Paint Stewardship
    Act.
        (lll) Data exempt from disclosure under Section
    2-3.196 of the School Code.
        (mmm) Information prohibited from being disclosed
    under subsection (e) of Section 1-129 of the Illinois
    Power Agency Act.
        (nnn) Materials received by the Department of Commerce
    and Economic Opportunity that are confidential under the
    Music and Musicians Tax Credit and Jobs Act.
        (ooo) Data or information provided pursuant to Section
    20 of the Statewide Recycling Needs and Assessment Act.
        (ppp) Information that is exempt from disclosure under
    Section 28-11 of the Lawful Health Care Activity Act.
        (qqq) Information that is exempt from disclosure under
    Section 7-101 of the Illinois Human Rights Act.
        (rrr) Information prohibited from being disclosed
    under Section 4-2 of the Uniform Money Transmission
    Modernization Act.
        (sss) Information exempt from disclosure under Section
    40 of the Student-Athlete Endorsement Rights Act.
        (ttt) Audio recordings made under Section 30 of the
    Illinois State Police Act, except to the extent authorized
    under that Section.
        (uuu) Information prohibited from being disclosed
    under Section 30-5 of the Digital Assets Regulation Act.
        (vvv) Information exempt from disclosure under
    subsection (f) of Section 15 of the Artificial
    Intelligence Safety Measures Act.
(Source: P.A. 103-8, eff. 6-7-23; 103-34, eff. 6-9-23;
103-142, eff. 1-1-24; 103-372, eff. 1-1-24; 103-472, eff.
8-1-24; 103-508, eff. 8-4-23; 103-580, eff. 12-8-23; 103-592,
eff. 6-7-24; 103-605, eff. 7-1-24; 103-636, eff. 7-1-24;
103-724, eff. 1-1-25; 103-786, eff. 8-7-24; 103-859, eff.
8-9-24; 103-991, eff. 8-9-24; 103-1049, eff. 8-9-24; 103-1081,
eff. 3-21-25; 104-10, eff. 6-16-25; 104-18, eff. 6-30-25;
104-417, eff. 8-15-25; 104-428, eff. 8-18-25; 104-457, eff.
6-1-26; revised 1-7-26.)
 
    (Text of Section after amendment by P.A. 104-441)
    Sec. 7.5. Statutory exemptions. To the extent provided for
by the statutes referenced below, the following shall be
exempt from inspection and copying:
        (a) All information determined to be confidential
    under Section 4002 of the Technology Advancement and
    Development Act.
        (b) Library circulation and order records identifying
    library users with specific materials under the Library
    Records Confidentiality Act.
        (c) Applications, related documents, and medical
    records received by the Experimental Organ Transplantation
    Procedures Board and any and all documents or other
    records prepared by the Experimental Organ Transplantation
    Procedures Board or its staff relating to applications it
    has received.
        (d) Information and records held by the Department of
    Public Health and its authorized representatives relating
    to known or suspected cases of sexually transmitted
    infection or any information the disclosure of which is
    restricted under the Illinois Sexually Transmitted
    Infection Control Act.
        (e) Information the disclosure of which is exempted
    under Section 30 of the Radon Industry Licensing Act.
        (f) Firm performance evaluations under Section 55 of
    the Architectural, Engineering, and Land Surveying
    Qualifications Based Selection Act.
        (g) Information the disclosure of which is restricted
    and exempted under Section 50 of the Illinois Prepaid
    Tuition Act.
        (h) Information the disclosure of which is exempted
    under the State Officials and Employees Ethics Act, and
    records of any lawfully created State or local inspector
    general's office that would be exempt if created or
    obtained by an Executive Inspector General's office under
    that Act.
        (i) Information contained in a local emergency energy
    plan submitted to a municipality in accordance with a
    local emergency energy plan ordinance that is adopted
    under Section 11-21.5-5 of the Illinois Municipal Code.
        (j) Information and data concerning the distribution
    of surcharge moneys collected and remitted by carriers
    under the Emergency Telephone System Act.
        (k) Law enforcement officer identification information
    or driver identification information compiled by a law
    enforcement agency or the Department of Transportation
    under Section 11-212 of the Illinois Vehicle Code.
        (l) Records and information provided to a residential
    health care facility resident sexual assault and death
    review team or the Executive Council under the Abuse
    Prevention Review Team Act.
        (m) Information provided to the predatory lending
    database created pursuant to Article 3 of the Residential
    Real Property Disclosure Act, except to the extent
    authorized under that Article.
        (n) Defense budgets and petitions for certification of
    compensation and expenses for court appointed trial
    counsel as provided under Sections 10 and 15 of the
    Capital Crimes Litigation Act (repealed). This subsection
    (n) shall apply until the conclusion of the trial of the
    case, even if the prosecution chooses not to pursue the
    death penalty prior to trial or sentencing.
        (o) Information that is prohibited from being
    disclosed under Section 4 of the Illinois Health and
    Hazardous Substances Registry Act.
        (p) Security portions of system safety program plans,
    investigation reports, surveys, schedules, lists, data, or
    information compiled, collected, or prepared by or for the
    Department of Transportation under Sections 2705-300 and
    2705-616 of the Department of Transportation Law of the
    Civil Administrative Code of Illinois, the Northern
    Illinois Transit Authority under Section 2.11 of the
    Northern Illinois Transit Authority Act, or the St. Clair
    County Transit District under the Bi-State Transit Safety
    Act (repealed).
        (q) Information prohibited from being disclosed by the
    Personnel Record Review Act.
        (r) Information prohibited from being disclosed by the
    Illinois School Student Records Act.
        (s) Information the disclosure of which is restricted
    under Section 5-108 of the Public Utilities Act.
        (t) (Blank).
        (u) Records and information provided to an independent
    team of experts under the Developmental Disability and
    Mental Health Safety Act (also known as Brian's Law).
        (v) Names and information of people who have applied
    for or received Firearm Owner's Identification Cards under
    the Firearm Owners Identification Card Act or applied for
    or received a concealed carry license under the Firearm
    Concealed Carry Act, unless otherwise authorized by the
    Firearm Concealed Carry Act; and databases under the
    Firearm Concealed Carry Act, records of the Concealed
    Carry Licensing Review Board under the Firearm Concealed
    Carry Act, and law enforcement agency objections under the
    Firearm Concealed Carry Act.
        (v-5) Records of the Firearm Owner's Identification
    Card Review Board that are exempted from disclosure under
    Section 10 of the Firearm Owners Identification Card Act.
        (w) Personally identifiable information which is
    exempted from disclosure under subsection (g) of Section
    19.1 of the Toll Highway Act.
        (x) Information which is exempted from disclosure
    under Section 5-1014.3 of the Counties Code or Section
    8-11-21 of the Illinois Municipal Code.
        (y) Confidential information under the Adult
    Protective Services Act and its predecessor enabling
    statute, the Elder Abuse and Neglect Act, including
    information about the identity and administrative finding
    against any caregiver of a verified and substantiated
    decision of abuse, neglect, or financial exploitation of
    an eligible adult maintained in the Registry established
    under Section 7.5 of the Adult Protective Services Act.
        (z) Records and information provided to a fatality
    review team or the Illinois Fatality Review Team Advisory
    Council under Section 15 of the Adult Protective Services
    Act.
        (aa) Information which is exempted from disclosure
    under Section 2.37 of the Wildlife Code.
        (bb) Information which is or was prohibited from
    disclosure by the Juvenile Court Act of 1987.
        (cc) Recordings made under the Law Enforcement
    Officer-Worn Body Camera Act, except to the extent
    authorized under that Act.
        (dd) Information that is prohibited from being
    disclosed under Section 45 of the Condominium and Common
    Interest Community Ombudsperson Act.
        (ee) Information that is exempted from disclosure
    under Section 30.1 of the Pharmacy Practice Act.
        (ff) Information that is exempted from disclosure
    under the Revised Uniform Unclaimed Property Act.
        (gg) Information that is prohibited from being
    disclosed under Section 7-603.5 of the Illinois Vehicle
    Code.
        (hh) Records that are exempt from disclosure under
    Section 1A-16.7 of the Election Code.
        (ii) Information which is exempted from disclosure
    under Section 2505-800 of the Department of Revenue Law of
    the Civil Administrative Code of Illinois.
        (jj) Information and reports that are required to be
    submitted to the Department of Labor by registering day
    and temporary labor service agencies but are exempt from
    disclosure under subsection (a-1) of Section 45 of the Day
    and Temporary Labor Services Act.
        (kk) Information prohibited from disclosure under the
    Seizure and Forfeiture Reporting Act.
        (ll) Information the disclosure of which is restricted
    and exempted under Section 5-30.8 of the Illinois Public
    Aid Code.
        (mm) Records that are exempt from disclosure under
    Section 4.2 of the Crime Victims Compensation Act.
        (nn) Information that is exempt from disclosure under
    Section 70 of the Higher Education Student Assistance Act.
        (oo) Communications, notes, records, and reports
    arising out of a peer support counseling session
    prohibited from disclosure under the First Responders
    Suicide Prevention Act.
        (pp) Names and all identifying information relating to
    an employee of an emergency services provider or law
    enforcement agency under the First Responders Suicide
    Prevention Act.
        (qq) Information and records held by the Department of
    Public Health and its authorized representatives collected
    under the Reproductive Health Act.
        (rr) Information that is exempt from disclosure under
    the Cannabis Regulation and Tax Act.
        (ss) Data reported by an employer to the Department of
    Human Rights pursuant to Section 2-108 of the Illinois
    Human Rights Act.
        (tt) Recordings made under the Children's Advocacy
    Center Act, except to the extent authorized under that
    Act.
        (uu) Information that is exempt from disclosure under
    Section 50 of the Sexual Assault Evidence Submission Act.
        (vv) Information that is exempt from disclosure under
    subsections (f) and (j) of Section 5-36 of the Illinois
    Public Aid Code.
        (ww) Information that is exempt from disclosure under
    Section 16.8 of the State Treasurer Act.
        (xx) Information that is exempt from disclosure or
    information that shall not be made public under the
    Illinois Insurance Code.
        (yy) Information prohibited from being disclosed under
    the Illinois Educational Labor Relations Act.
        (zz) Information prohibited from being disclosed under
    the Illinois Public Labor Relations Act.
        (aaa) Information prohibited from being disclosed
    under Section 1-167 of the Illinois Pension Code.
        (bbb) Information that is prohibited from disclosure
    by the Illinois Police Training Act and the Illinois State
    Police Act.
        (ccc) Records exempt from disclosure under Section
    2605-304 of the Illinois State Police Law of the Civil
    Administrative Code of Illinois.
        (ddd) Information prohibited from being disclosed
    under Section 35 of the Address Confidentiality for
    Victims of Domestic Violence, Sexual Assault, Human
    Trafficking, or Stalking Act.
        (eee) Information prohibited from being disclosed
    under subsection (b) of Section 75 of the Domestic
    Violence Fatality Review Act.
        (fff) Images from cameras under the Expressway Camera
    Act and all automated license plate reader (ALPR)
    information used and collected by the Illinois State
    Police. "ALPR information" means information gathered by
    an ALPR or created from the analysis of data generated by
    an ALPR. This subsection (fff) is inoperative on and after
    July 1, 2028.
        (ggg) Information prohibited from disclosure under
    paragraph (3) of subsection (a) of Section 14 of the Nurse
    Agency Licensing Act.
        (hhh) Information submitted to the Illinois State
    Police in an affidavit or application for an assault
    weapon endorsement, assault weapon attachment endorsement,
    .50 caliber rifle endorsement, or .50 caliber cartridge
    endorsement under the Firearm Owners Identification Card
    Act.
        (iii) Data exempt from disclosure under Section 50 of
    the School Safety Drill Act.
        (jjj) Information exempt from disclosure under Section
    30 of the Insurance Data Security Law.
        (kkk) Confidential business information prohibited
    from disclosure under Section 45 of the Paint Stewardship
    Act.
        (lll) Data exempt from disclosure under Section
    2-3.196 of the School Code.
        (mmm) Information prohibited from being disclosed
    under subsection (e) of Section 1-129 of the Illinois
    Power Agency Act.
        (nnn) Materials received by the Department of Commerce
    and Economic Opportunity that are confidential under the
    Music and Musicians Tax Credit and Jobs Act.
        (ooo) Data or information provided pursuant to Section
    20 of the Statewide Recycling Needs and Assessment Act.
        (ppp) Information that is exempt from disclosure under
    Section 28-11 of the Lawful Health Care Activity Act.
        (qqq) Information that is exempt from disclosure under
    Section 7-101 of the Illinois Human Rights Act.
        (rrr) Information prohibited from being disclosed
    under Section 4-2 of the Uniform Money Transmission
    Modernization Act.
        (sss) Information exempt from disclosure under Section
    40 of the Student-Athlete Endorsement Rights Act.
        (ttt) Audio recordings made under Section 30 of the
    Illinois State Police Act, except to the extent authorized
    under that Section.
        (uuu) Information prohibited from being disclosed
    under Section 30-5 of the Digital Assets Regulation Act.
        (vvv) (uuu) Information exempt from disclosure under
    Section 70 of the End-of-Life Options for Terminally Ill
    Patients Act.
        (www) Information exempt from disclosure under
    subsection (f) of Section 15 of the Artificial
    Intelligence Safety Measures Act.
(Source: P.A. 103-8, eff. 6-7-23; 103-34, eff. 6-9-23;
103-142, eff. 1-1-24; 103-372, eff. 1-1-24; 103-472, eff.
8-1-24; 103-508, eff. 8-4-23; 103-580, eff. 12-8-23; 103-592,
eff. 6-7-24; 103-605, eff. 7-1-24; 103-636, eff. 7-1-24;
103-724, eff. 1-1-25; 103-786, eff. 8-7-24; 103-859, eff.
8-9-24; 103-991, eff. 8-9-24; 103-1049, eff. 8-9-24; 103-1081,
eff. 3-21-25; 104-10, eff. 6-16-25; 104-18, eff. 6-30-25;
104-417, eff. 8-15-25; 104-428, eff. 8-18-25; 104-441, eff.
9-12-26; 104-457, eff. 6-1-26; revised 1-7-26.)
 
    Section 90. The Whistleblower Act is amended by changing
Section 15 as follows:
 
    (740 ILCS 174/15)
    Sec. 15. Retaliation for certain disclosures prohibited.
    (a) An employer may not take retaliatory action against an
employee who discloses or threatens to disclose to a public
body conducting an investigation, or in a court, an
administrative hearing, or any other proceeding initiated by a
public body, information related to an activity, policy, or
practice of the employer, where the employee has a good faith
belief that the activity, policy, or practice (i) violates a
State or federal law, rule, or regulation or (ii) poses a
substantial and specific danger to employees, public health,
or safety.
    (b) An employer may not take retaliatory action against an
employee for disclosing or threatening to disclose information
to a government or law enforcement agency information related
to an activity, policy, or practice of the employer, where the
employee has a good faith belief that the activity, policy, or
practice of the employer (i) violates a State or federal law,
rule, or regulation or (ii) poses a substantial and specific
danger to employees, public health, or safety.
    (c) An employer may not take retaliatory action against an
employee for disclosing or threatening to disclose to any
supervisor, principal officer, board member, or supervisor in
an organization that has a contractual relationship with the
employer who makes the employer aware of the disclosure,
information related to an activity, policy, or practice of the
employer if the employee has a good faith belief that the
activity, policy, or practice (i) violates a State or federal
law, rule, or regulation or (ii) poses a substantial and
specific danger to employees, public health, or safety.
    (d) An employer may not take retaliatory action against an
employee for disclosing or threatening to disclose in good
faith any violation of Section 5-10 of the Illinois Bivens
Act.
    (e) An employer may not take retaliatory action against an
employee for disclosing or threatening to disclose in good
faith any violation of the Artificial Intelligence Safety
Measures Act.
(Source: P.A. 103-867, eff. 1-1-25; 104-417, eff. 8-15-25;
104-440, eff. 12-9-25.)
 
    Section 95. No acceleration or delay. Where this Act makes
changes in a statute that is represented in this Act by text
that is not yet or no longer in effect (for example, a Section
represented by multiple versions), the use of that text does
not accelerate or delay the taking effect of (i) the changes
made by this Act or (ii) provisions derived from any other
Public Act.
 
    Section 97. Severability. The provisions of this Act are
severable under Section 1.31 of the Statute on Statutes.
 
    Section 99. Effective date. This Act takes effect January
1, 2027.