Answer — AI Governance
Does Canada have a federal AI law?
No. AIDA died on the Order Paper in January 2025 and was not reintroduced; Bill C-36 is at first reading only. But the absence of a federal statute is not an absence of obligations: Law 25 is in force in Québec, and the AMF and OSFI guidelines take effect May 1, 2027.
What happened to the federal bill?
Canada has no federal AI statute in force. The Artificial Intelligence and Data Act (AIDA, the AI part of Bill C-27) died on the Order Paper when Parliament was prorogued on January 6, 2025, and was not reintroduced. In June 2026, two federal moves clarified the direction: ISED’s national strategy “AI for All” (June 4, 2026), which targets specific risks rather than establishing a horizontal statute, and Bill C-36 (tabled June 15, 2026), which is at first reading only. In the meantime, PIPEDA remains the federal law that applies to personal information in the private sector.
Does no statute mean no obligations?
No — and that is what the question misses. In Canada, the AI framework that is in force or already carries a date comes from sectoral regulators and provincial law:
- Law 25 (Québec) is fully in force. Among other things, it has bound municipalities directly since September 22, 2023 — governance policies for personal information, a designated person in charge, privacy impact assessments (ÉFVP) — under the oversight of the Commission d’accès à l’information.
- The AMF’s guideline on the use of artificial intelligence has been final since April 2026 and comes into force May 1, 2027 for Québec-authorized insurers, financial services cooperatives, trust companies, and authorized deposit institutions. The binding text is French.
- OSFI Guideline E-23 on model risk management, final since September 2025, takes effect the same day — May 1, 2027 — for federally regulated financial institutions, with a definition of “model” that explicitly includes AI and machine learning.
Waiting for “the Canadian AI law” before acting therefore means watching the wrong calendar. The dates that matter are already set, and they do not come from Parliament.
What does this mean in practice?
One thing, but a structural one: the expectations in force are assessed on evidence, not intent. A guideline speaks in expectations (“should”); a statute, in requirements. In both cases the examiner looks at the same object — a maintained inventory, rated risks, gaps found and then closed, and contemporaneous records that demonstrate all of it. And contemporaneous evidence has one simple property: it cannot be backdated. An organization that starts its history in 2026 will arrive at its first examination with years of records behind it; one that waits for a federal statute will arrive with documents written for the occasion.
That is the role Agentica plays: continuously mapping every AI agent in your business environment and recording it in a tamper-proof history, from which the extracts each framework expects — Law 25, the AMF guideline, E-23 — are generated on demand, each in its own regulator’s vocabulary.