Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NL·EN
Analysis

Canada and AIDA: the federal AI approach after Bill C-27 stalled

Adopted 2026-06-22 · ≈ 2 min read · Dirk Baaijen

Canada sought a federal AI law through the Artificial Intelligence and Data Act (AIDA), part of Bill C-27. That bill died in early 2025 when Parliament was prorogued. What remains is a voluntary code of conduct and existing law — not a binding AI act like the EU's.

Short answer: Canada tried to enact a federal AI law, the Artificial Intelligence and Data Act (AIDA), as part of Bill C-27. When the federal Parliament was prorogued in early 2025, the entire bill lapsed. Canada therefore currently has no binding federal AI law like the EU AI Act; what remains is a voluntary code of conduct plus existing privacy, competition and liability law.

What AIDA would have governed

AIDA was meant to regulate "high-impact" AI systems: those posing significant risk to health, safety or fundamental rights. The proposal required managers and providers to assess, mitigate and document risks, be transparent about use, and accept a new regulator (an AI and Data Commissioner). The concrete meaning of "high-impact" was left to later implementing regulations — and a key criticism was precisely that the act deferred too much to future rulemaking.

Why it stalled

Bill C-27 bundled three things: a new privacy act, a tribunal and AIDA. The bill sat in committee for years. In January 2025 the government prorogued Parliament, causing all unpassed legislation, including C-27, to lapse. A new government would have to start over. There is no enacted successor at present.

What applies now

Lacking a statute, Canada relies on a voluntary code of conduct for advanced generative AI systems, to which leading firms have committed. Existing rules also apply: federal and provincial privacy law, consumer protection, competition law and liability law. The difference from the EU is fundamental: where the AI Act imposes binding obligations up front, Canada relies for now on self-regulation and generic law.

Place on the world map

Canada's path illustrates how fragile legislative momentum is. The country was early with a national AI strategy and a strong research ecosystem, but stalled on the political route to binding rules — unlike South Korea, which did get its AI Basic Act through parliament. Compared with Singapore, which deliberately favours voluntary frameworks, Canada has ended up in a similar position by necessity: governance without a binding AI law. See also our comparison of international AI governance.

What this means

  • Do not treat AIDA as a compliance anchor: the proposal is not in force and may return in amended form.
  • Follow existing law: privacy, consumer and liability rules are Canada's binding layer for now.
  • Build on the shared grammar: governance based on the EU's risk-based structure and the NIST framework leaves you prepared should Canada later adopt a binding law.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): the binding, risk-based EU AI law used as the comparison anchor against Canada's stalled proposal.
  2. https://ised-isde.canada.ca/site/innovation-better-canada/en/artificial-intelligence-and-data-act-aida-companion-document
    Government of Canada (ISED): companion document to AIDA, part of the now-lapsed Bill C-27.

Share on LinkedIn

Read next

A

Vietnam becomes the first Southeast Asian state to adopt a standalone AI law

On 1 March 2026 Vietnam's Law on Artificial Intelligence (134/2025/QH15) took effect — the first standalone, horizontal AI law in Southeast Asia. It borrows the EU's risk-based structure but binds from day one, while keeping an innovation-promotion layer of its own.

A

California's AI Transparency Act: provenance, watermarking and a free detection tool for generative AI

California's AI Transparency Act (SB 942, amended by AB 853) takes effect on 2 August 2026, aligned with the EU AI Act. Large generative-AI providers must offer a free detection tool, embedded provenance metadata and an optional visible label; platform duties follow in 2027–2028.

A

California's CCPA rules on automated decisionmaking technology: the privacy route to AI accountability

California's privacy regulator finalised binding CCPA rules on automated decisionmaking technology (ADMT), risk assessments and cybersecurity audits. In force since 1 January 2026, they reach AI-driven decisions through privacy law, not an AI act, with phased duties from 2027.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.