As Introduced

136th General Assembly

Regular Session H. B. No. 392

2025-2026

Representatives Fischer, Demetriou


To enact section 9.89 of the Revised Code to limit further regulation of certain computational systems, require risk management policies for AI-controlled critical infrastructure, and to name this act the Ohio Right to Compute Act.

BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF OHIO:

Section 1. That section 9.89 of the Revised Code be enacted to read as follows:

Sec. 9.89. (A) As used in this section:

(1) "Compelling governmental interest" means a governmental interest of the highest order that cannot be achieved without burdening the lawful use of computational resources, including all of the following:

(a) Ensuring the continued and reliable operation of critical infrastructure facilities;

(b) Addressing deceptive practices and fraud;

(c) Protecting minors and vulnerable populations from harmful content generated by artificial intelligence systems, such as images or video or audio recordings that replicate the likeness of an individual, commonly known as "deepfakes," that are generated or published without the individual's consent;

(d) Preventing and remediating public nuisances associated with physical data center infrastructure.

(2) "Computational resource" means any system, software, network, device, or infrastructure capable of processing, storing, transmitting, manipulating, or disseminating data or information, including hardware, software, algorithms, cryptography, artificial intelligence systems, machine learning systems, quantum computing tools, and any similar technologies.

(3) "Artificial intelligence system" means any system that utilizes machine learning or similar technologies to infer from inputs how to produce outputs that affect or influence physical or virtual environments, including content generation, decisions, recommendations, or predictions.

(4) "Critical infrastructure facility" has the same meaning as in section 2911.21 of the Revised Code.

(5) "State agency" means every organized body, office, or agency established by the laws of the state for the exercise of any function of state government. "State agency" does not include the general assembly.

(6) "Political subdivision" means any body corporate and politic that is responsible for governmental activities only in a geographic area smaller than the state.

(B) No political subdivision or state agency shall enact, adopted, enforce, or maintain any law, rule, regulation, permit requirement, or other administrative practice that restricts or prohibits any person's lawful use, development, deployment, or possession of a computational resource unless the restriction is narrowly tailored to achieve a compelling governmental interest.

(C)(1) Any person or other entity that implements or operates an artificial intelligence system that in whole or in part controls a critical infrastructure facility shall, before or within a reasonable period after the deployment of the system, implement a risk management policy that conforms to all of the following:

(a) The latest version of the artificial intelligence risk management framework developed by the national institute of standards and technology under the United States department of commerce;

(b) The international organization for standardization and international electrotechnical commission 4200 standard or any other nationally or internationally recognized artificial intelligence risk management standard or framework not referred to in this section;

(c) All applicable federal regulations.

(2) The requirement to implement a risk management policy under division (C)(1) of this section does not apply if the artificial intelligence system is capable of completing only nonexecutive tasks of a procedural or preparatory nature or implementing only those decisions previously made by a human decision maker, or if the artificial intelligence system is exclusively an antivirus, antimalware, or cybersecurity tool.

(D) This section shall not be construed to abridge, alter, diminish, or conflict with any legal rights and remedies related to intellectual property, including patent, trademark, copyright, and trade secret protections.

Section 2. This act shall be known as the Ohio Right to Compute Act.