The bill amends Section 564.3 of the Oklahoma Statutes to update the security standards required for dealer management system providers. It introduces the requirement for these providers to condition access to protected dealer data on compliance with "commercially reasonable data security standards." Additionally, it mandates that authorized integrators must obtain express written authorization from dealers before accessing or transmitting protected dealer data. The bill also clarifies that certain entities, such as manufacturers and governmental bodies, are excluded from the definitions of authorized integrators and dealer management system providers.

Furthermore, the bill prohibits dealer management system providers from imposing restrictions that limit a dealer's or authorized integrator's ability to access, share, or use protected dealer data. Any contractual terms that conflict with these provisions are deemed void and unenforceable. The bill also outlines liability protections for dealers, dealer management system providers, and authorized integrators concerning unauthorized access to protected dealer data, ensuring that they are not held liable for actions taken by others in relation to data security. The effective date for this act is set for November 1, 2025.