Primary Research · State Profile · IL
Illinois has the most aggressive AI-and-biometrics private litigation environment in the United States. The combination of the Biometric Information Privacy Act (BIPA, 2008), the AI Video Interview Act (AIVIA, effective 2020), and the 2024 amendment to the Illinois Human Rights Act (HB 3773, effective January 2026) creates layered exposure that has driven hundreds of class actions against AI vendors and deployers. BIPA in particular allows statutory damages of $1,000-$5,000 per violation with a private right of action, which has driven settlements in the hundreds of millions of dollars — Facebook settled BIPA litigation for $650 million in 2021 and TikTok settled for $92 million in the same era.
Illinois's regulatory posture in 2026 emphasizes private enforcement and biometric consent. HB 3773 amended the Illinois Human Rights Act to expressly prohibit AI-driven employment discrimination based on protected classes and requires Illinois employers (15+ employees) to notify employees when AI is used for recruitment, hiring, promotion, discipline, or discharge decisions. The Act is enforced through the Illinois Department of Human Rights with the full toolkit of IHRA remedies — reinstatement, back pay, attorney fees, compensatory damages. AIVIA additionally requires applicant consent before AI analysis of video interviews and demographic reporting if AI is the sole basis of decisions. The compounding effect of these laws is that any AI vendor processing Illinois biometric data or making employment decisions about Illinois residents needs explicit subprocessor-chain documentation — class action plaintiffs target the entire processing chain.
Key provisions
Prohibit AI use that subjects employees to discrimination based on protected classes; notify employees when AI is used for employment-related decisions; disclose what classes of personal information the AI considers; full IHRA remedies including reinstatement, back pay, attorney fees.
Key provisions
Notice to applicant before AI use; information about how the AI works; consent before AI evaluation; limit sharing of applicant videos; destroy on applicant request within 30 days; annual demographic reporting to Illinois Department of Commerce if AI is sole basis of decisions.
Key provisions
Written informed consent before biometric collection; written retention/destruction schedule (3 years or shorter); restrictions on sale, disclosure, and disclosure of biometric data; $1,000 per negligent violation, $5,000 per intentional/reckless violation; private right of action.
The 2024 amendment (SB 2979) narrowed BIPA so that multiple collections of the same biometric from the same person count as a single violation rather than per-scan. Reduces but does not eliminate exposure; expect continued plaintiff-side litigation testing the new boundaries.
Sector-specific frameworks layer on top of state AI laws and frequently impose stricter or earlier-binding obligations. These are the sectors most exposed in Illinois.
Employment
HB 3773 + AIVIA are the binding constraints. Vendor AI for hiring must support employee notice, demographic reporting, and IHRA-compliant audit trails.
Healthcare
AI biometric inference in clinical settings (voice analysis, fingerprint clock-in, retina scans) triggers BIPA on top of HIPAA.
Financial services
Bank AI using voice authentication or facial recognition triggers BIPA; combine with GLBA controls and BIPA-specific consent.
Retail
Facial recognition for loss prevention in Illinois stores has driven extensive BIPA litigation; consent requirements are operationally significant.
Practical operational checklist for organizations subject to Illinois AI laws. Items are ordered by typical sequence of implementation, not by importance — most steps depend on the inventory work in the first item.
Face, voice, fingerprint, retina, hand geometry — all trigger BIPA. Vendor AI counts.
Required before any collection, not after. Retroactive consent does not cure prior violations.
Required by BIPA — must be publicly available.
Notice must be given when AI is used; disclose categories of personal information considered.
Required if AI analyzes video interviews for Illinois-based positions.
Plaintiffs target subprocessors. Vendor contracts must contain BIPA flow-down clauses.
Many cyber policies exclude or sublimit biometric claims; 2025-2026 renewal cycles are tightening.
EFROS operates Illinois AI governance with BIPA exposure as the binding constraint — biometric inventory, consent UX, retention schedules, AIVIA video interview workflows, HB 3773 employee notice programs, and subprocessor BIPA flow-down contract review. We coordinate exposure analysis with cyber insurance carriers given current BIPA sublimit trends.
Disclaimer: this profile is a research dataset, not legal advice. Compliance determinations for Illinois businesses require analysis of specific facts and should be made in consultation with qualified legal counsel licensed in Illinois.
Reference this resource with attribution under CC-BY-4.0. Copy any of the formats below for academic papers, blog posts, AI citations, or vendor evidence packages.
Efros, S. (2026, May). Illinois AI Law Tracker — 2026. EFROS. https://efros.com/research/state-ai-law-tracker/illinois/
Efros, Stefan. "Illinois AI Law Tracker — 2026." EFROS, May 2026, https://efros.com/research/state-ai-law-tracker/illinois/.
Efros, Stefan. 2026. "Illinois AI Law Tracker — 2026." EFROS. https://efros.com/research/state-ai-law-tracker/illinois/.
S. Efros, "Illinois AI Law Tracker — 2026," EFROS, May 2026. [Online]. Available: https://efros.com/research/state-ai-law-tracker/illinois/
@misc{efros2026illinoisailawtra,
author = {Stefan Efros},
title = {Illinois AI Law Tracker — 2026},
year = {2026},
month = {May},
publisher = {EFROS},
url = {https://efros.com/research/state-ai-law-tracker/illinois/},
note = {Accessed: May 2026}
}https://efros.com/research/state-ai-law-tracker/illinois/
Site-wide citation metadata is also published as a CITATION.cff file at /CITATION.cff for citation-management tools and academic indexers.
All tracked US state AI laws in a single citation-ready dataset.
Open20 AI vendors scored on 12 US AI governance axes — including state-law overlays.
OpenFederal framework that anchors most state AI law deployer obligations.
OpenOperating program that implements multi-state AI law compliance.
Open5-minute classification across Colorado AI Act, NYC LL144, CA AB 2013, and NIST AI RMF.
Open