Kanada KI-Governance 2026: AIDA ist tot, Quebec Law 25 führt an

What happened to AIDA

Canada's federal AI legislation had a difficult end. Bill C-27 — which packaged together the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (AIDA) — was introduced in June 2022, passed second reading in April 2023, and was in committee review when Prime Minister Trudeau's January 2025 resignation led to Parliament's prorogation. The bill died on the order paper.

Following a federal election in spring 2025, the new government made clear that AIDA will not return in its original form. Industry Minister Evan Solomon confirmed in June 2025 that the AIDA framework as drafted is off the table. Some elements may inform future legislation, but there is no timeline for a new comprehensive federal AI law in Canada.

What Canada actually has

PIPEDA (federal): The Personal Information Protection and Electronic Documents Act, now 25 years old, remains the federal baseline for privacy in the private sector. PIPEDA applies to personal information collected, used, or disclosed in the course of commercial activities. It includes provisions on consent, purpose limitation, and access rights that apply to AI-driven data processing — but it lacks specific AI obligations and was designed before modern AI existed.

Quebec Law 25: Quebec's Act to modernize legislative provisions respecting the protection of personal information is now fully in force following a three-year phased rollout completing September 2024. Law 25 is significantly more stringent than PIPEDA and includes specific provisions relevant to AI: organisations must notify individuals when a decision is made exclusively through automated processing and affecting them; privacy impact assessments (PIAs) are required before implementing new technology projects involving personal information; and the Commission d'accès à l'information has active enforcement powers. For organisations with Quebec operations, Law 25 is the operative compliance framework.

Canadian AI Safety Institute (CAISI): Established in late 2024 as part of Canada's international engagement with AI safety, CAISI has an advisory and research mandate similar to the UK AI Safety Institute. It has no enforcement powers and does not create compliance obligations for organisations.

Treasury Board and federal agency guidance: The federal Treasury Board Secretariat has issued directives on AI use in government that create requirements for federal agencies and government contractors. These are not economy-wide regulations but signal government AI governance expectations.

The practical compliance landscape

Without a federal AI law, Canadian organisations face a patchwork: PIPEDA for federal privacy baseline; Quebec Law 25 for Quebec operations; sector-specific regulation from OSFI (financial services), Health Canada, and others; and the EU AI Act for any operations touching EU customers. The absence of federal AI legislation does not mean AI is unregulated — it means the regulation comes from existing law applied to AI contexts, which requires careful analysis rather than AI-specific compliance.

Organisations building AI governance programs for Canada should use Quebec Law 25's AI-relevant requirements as the compliance floor for the country, and PIPEDA's consent and purpose limitation requirements as the federal baseline. Add EU AI Act compliance for EU-facing activities. This combination provides comprehensive coverage for most Canadian AI governance situations while the federal legislative framework remains unsettled.