The proposed bill, H.B. No. 2025-2026, aims to establish a cybersecurity program for political subdivisions in Ohio by enacting section 9.64 of the Revised Code. This section defines key terms such as "cybersecurity incident," "political subdivision," and "ransomware incident," and outlines the responsibilities of political subdivisions in the event of a ransomware incident, including the requirement for legislative authority approval before paying any ransom. Additionally, the bill mandates that political subdivisions adopt a cybersecurity program that aligns with best practices, including identifying critical functions and risks, establishing communication channels for incident response, and providing cybersecurity training for employees.

Furthermore, the bill requires political subdivisions to notify the executive director of the division of homeland security and the auditor of state following a cybersecurity or ransomware incident within specified timeframes. It also stipulates that records related to the cybersecurity program and incident reports are not considered public records, thereby ensuring confidentiality. The bill emphasizes the importance of safeguarding data and information technology resources to maintain the integrity and availability of governmental operations.