The proposed bill, H.B. No. 2025-2026, aims to establish a cybersecurity program for political subdivisions in Ohio by enacting section 9.64 of the Revised Code. This section defines key terms such as "cybersecurity incident," "political subdivision," and "ransomware incident," and outlines the responsibilities of political subdivisions in the event of a ransomware incident, including the requirement for legislative authority approval before complying with ransom demands. Additionally, the bill mandates that political subdivisions adopt a cybersecurity program that aligns with best practices, including identifying critical functions and risks, establishing communication channels for incident response, and providing cybersecurity training for employees.

Furthermore, the bill requires political subdivisions to notify the executive director of the division of homeland security and the auditor of state following a cybersecurity or ransomware incident within specified timeframes. It also stipulates that records related to the cybersecurity program and incident reports are not considered public records, thereby enhancing the confidentiality of sensitive information. The legislation emphasizes the importance of safeguarding data and information technology resources to ensure the integrity and availability of governmental operations.