The bill proposes the enactment of section 9.64 of the Revised Code, which mandates that political subdivisions in Ohio adopt a comprehensive cybersecurity program. This program is designed to safeguard the data and information technology resources of these subdivisions, ensuring their availability, confidentiality, and integrity. The legislation defines key terms such as "cybersecurity incident," "political subdivision," and "ransomware incident," and outlines the responsibilities of political subdivisions in the event of a ransomware incident, including the requirement for legislative authority approval before complying with ransom demands.

Additionally, the bill stipulates that the legislative authority of each political subdivision must develop a cybersecurity program that aligns with best practices, including identifying critical functions and risks, establishing threat detection mechanisms, and implementing employee training requirements. Following any cybersecurity incident, subdivisions are required to notify the executive director of the division of homeland security and the auditor of state within specified timeframes. Furthermore, records related to the cybersecurity program and incident reports are classified as non-public records, thereby ensuring confidentiality.