Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Canada: Cybersecurity bill introduced in House of Commons

Government Bill C-26 for an Act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other Acts was introduced, on 14 June 2022, to the House of Commons of Canada, and passed its first reading on the same date. In particular, the bill is divided into two parts, with the first focusing on amendments to the Telecommunications Act 1993 ('Telecommunications Act'), and the second focusing on enacting the Critical Cyber Systems Protection Act.

Specifically, the first part of the bill would amend, among other things, the Telecommunications Act by adding security as a policy objective, and providing the Government with the legal authority to mandate action to secure Canada's telecommunications system. The bill would also establish an administrative monetary penalty scheme to promote compliance with orders and regulations made to secure the Canadian telecommunications system, as well as rules for judicial review of those orders and regulations.

The second part of the bill would enact the Critical Cyber Systems Protection Act which would provide a framework for the protection of the critical cyber systems of services and systems vital to national security or public safety. Additionally, this part of the bill would, among other things:

  • authorise the Governor in Council to: 
    • designate any service or system as a vital service or system; and
    • establish classes of operators in respect of a vital service or system;
  • require designated operators to: 
    • establish and implement cybersecurity programs; 
    • mitigate supply-chain and third-party risks; 
    • report cybersecurity incidents; and
    • comply with cybersecurity directions;
  • provide for the exchange of information between relevant parties; and
  • authorise the enforcement of obligations under the Critical Cyber Systems Protection Act and impose consequences for non-compliance.

This bill will apply to designated operators of federally regulated services and systems in four priority sectors: finance, energy, telecommunications, and transport, which currently includes telecommunication services, nuclear energy systems, and banking systems.

You can read the press release here, as well as read the bill and track its progress here.

UPDATE (30 March 2023)

Bill passes second reading in House of Commons and proceeds to Committee

The bill passed, on 27 March 2023, its second reading in the House of Commons, and was thereafter referred, on the same date, to the Standing Committee on Public Safety and National Security.

You can read the bill here and track its progress here.