Bill C-26: New Canadian critical infrastructure cyber security law

On June 14, the House of Commons introduced Bill C-26, which includes the newly drafted Critical Cyber Systems Protection Act (CCSPA) or in French, the Loi sur la protection des cybersystèmes essentiels (LPCSE). The CCSPA has been designed to “address longstanding gaps”1 in the federal government’s ability to protect systems and services of national importance and establishes a broad regulatory framework enabling the federal government to:

  • define and strengthen baseline cyber security for systems and services of critical national importance;
  • require certain organizations to develop and implement certain cyber security programs (CSPs);
  • ensure that cyber incidents impacting vital systems and services are reported;
  • issue binding Cyber Security Directions (CSDs); and
  • encourage compliance through the introduction of administrative monetary penalties (AMPs).

This content has been updated on May 2, 2024 at 13 h 01 min.