The proposed bill, H.B. No. 2025-2026, aims to establish a cybersecurity program for political subdivisions in Ohio by enacting section 9.64 of the Revised Code. This section defines key terms such as "cybersecurity incident," "political subdivision," and "ransomware incident," and outlines the responsibilities of political subdivisions in the event of a ransomware incident, including the requirement for legislative authority approval before complying with ransom demands. Additionally, the bill mandates that political subdivisions adopt a cybersecurity program that aligns with best practices, including identifying critical functions and risks, establishing communication channels for incident response, and providing cybersecurity training for employees.

Furthermore, the bill requires political subdivisions to notify the executive director of the division of homeland security and the auditor of state following a cybersecurity or ransomware incident within specified timeframes. It also stipulates that records related to the cybersecurity program and incident reports are not considered public records, thereby ensuring confidentiality. Additionally, any records related to cybersecurity-related software and services are classified as security records, further protecting sensitive information from public disclosure.