OH HB392

Prohibits state agencies and political subdivisions from restricting any person's lawful use, development, deployment, or possession of computational resources (including AI, machine learning, quantum computing, and cryptography) unless narrowly tailored to a compelling governmental interest

Defines compelling governmental interests as: ensuring critical infrastructure operation, addressing fraud and deceptive practices, protecting minors from harmful AI-generated content like deepfakes, and preventing public nuisances from data center infrastructure

Requires entities operating AI systems that control critical infrastructure facilities to implement risk management policies conforming to the NIST AI Risk Management Framework, ISO/IEC 4200 standards, and applicable federal regulations

Exempts AI systems from the risk management requirement if they perform only nonexecutive/procedural tasks, implement only human-made decisions, or function exclusively as cybersecurity tools

Preserves existing intellectual property rights including patent, trademark, copyright, and trade secret protections