WeVote

Bill

Bill

SB 203

Require political subdivisions to adopt a cybersecurity program

136th Legislature (2025-2026) Introduced by Tim Schaffer

Ohio political subdivisions must establish cybersecurity programs to protect local government digital systems and citizen data from cyber threats.

Referred to committee
0
WeVote Research Nonpartisan
Bill Summary · SB 203

Legislative bill overview

SB 203 mandates that Ohio's political subdivisions (cities, counties, townships, etc.) establish and maintain formal cybersecurity programs. The bill sets baseline requirements for how local governments must protect their digital infrastructure and data systems from cyber threats.

Why is this important

Local governments manage critical services—from water systems to voting infrastructure to property records—that residents depend on daily. Cyberattacks on municipalities have increased significantly, with hackers targeting everything from payroll systems to emergency services. Standardized cybersecurity requirements help prevent breaches that could disrupt services, compromise citizen data, or result in costly ransomware payments.

Potential points of contention

  • Implementation costs: Smaller municipalities with limited budgets may struggle to afford cybersecurity infrastructure, staffing, and ongoing training that compliance requires
  • Unfunded mandate concerns: The bill may impose requirements without state funding to help subdivisions meet them, placing financial burden on local taxpayers
  • Prescriptive vs. flexible standards: Unclear whether the bill allows tailored approaches based on municipality size/resources, or imposes one-size-fits-all requirements that don't fit all communities
  • Enforcement mechanism: Ambiguous penalties or enforcement procedures could lead to inconsistent compliance or legal disputes

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.