Read the full stored bill text
hb392_01_RH
As Reported by the House Technology and Innovation Committee
136th
General Assembly
Regular
Session
Am. H. B. No. 392
2025-2026
Representatives Fischer, Demetriou
Cosponsor: Representative Mathews, T.
To
enact section 9.89 of the Revised Code
to
limit further regulation of certain computational systems, require
risk management policies for AI-controlled critical infrastructure,
and to name this act the Ohio Right to Compute Act.
BE
IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF OHIO:
Section
1.
That
section 9.89 of the Revised Code be enacted to read as follows:
Sec.
9.89.
(A)
As used in this section:
(1)
"Compelling governmental interest" means a governmental
interest of the highest order
in
protecting the public
that
cannot be achieved without burdening the lawful use of computational
resources, including all of the following:
(a)
Ensuring the continued and reliable operation of critical
infrastructure facilities;
(b)
Addressing deceptive practices and fraud;
(c)
Protecting minors and vulnerable populations from harmful content
generated by artificial intelligence systems, such as images or video
or audio recordings that replicate the likeness of an individual,
commonly known as "deepfakes," that are generated or
published without the individual's consent;
(d)
Remediating
public
nuisances associated with
computational
resource
infrastructure
;
(e)
Governing acceptable uses of artificial intelligence systems by
employees of the political subdivision or state agency
.
(2)
"Computational resource" means any system, software,
network, device, or infrastructure capable of processing, storing,
transmitting, manipulating, or disseminating data or information,
including hardware, software, algorithms, cryptography, artificial
intelligence systems, machine learning systems, quantum computing
tools, and any similar technologies.
(3)
"Artificial intelligence system" means any system that
utilizes machine learning or similar technologies to infer from
inputs how to produce outputs that affect or influence physical or
virtual environments, including content generation, decisions,
recommendations, or predictions.
(4)
"Critical infrastructure facility" has the same meaning as
in section 2911.21 of the Revised Code.
(5)
"State agency" means every organized body, office, or
agency established by the laws of the state for the exercise of any
function of state government. "State agency" does not
include the general assembly.
(6)
"Political subdivision" means any body corporate and
politic that is responsible for governmental activities only in a
geographic area smaller than the state.
(B)
No political subdivision or state agency shall enact, adopted,
enforce, or maintain any law, rule, regulation, permit requirement,
or other administrative practice that restricts or prohibits any
person's lawful use, development, deployment, or possession of a
computational resource unless the restriction is narrowly tailored to
achieve a compelling governmental interest.
(C)(1)
Any person or other entity that implements or operates an artificial
intelligence system that in whole or in part controls a critical
infrastructure facility shall, before or within a reasonable period
after the deployment of the system, implement a risk management
policy that conforms to all
applicable
federal regulations and either
of
the following:
(a)
The latest version of the artificial intelligence risk management
framework developed by the national institute of standards and
technology under the United States department of commerce;
(b)
The international organization for standardization and international
electrotechnical commission 4200 standard or any other nationally or
internationally recognized artificial intelligence risk management
standard or framework not referred to in this section.
(2)
The requirement to implement a risk management policy under division
(C)(1) of this section does not apply if the artificial intelligence
system is capable of completing only nonexecutive tasks of a
procedural or preparatory nature or implementing only those decisions
previously made by a human decision maker, or if the artificial
intelligence system is exclusively an antivirus, antimalware, or
cybersecurity tool.
(D)
This section shall not be construed to abridge, alter, diminish, or
conflict with any legal rights and remedies related to intellectual
property, including patent, trademark, copyright, and trade secret
protections.
Section
2.
This
act shall be known as the Ohio Right to Compute Act.