Purpose

1 To regulate international and interprovincial trade and commerce in AI systems by establishing common requirements applicable across Canada for the design, development and use of those systems; and

2 To prohibit certain conduct in relation to AI systems that may result in serious harm to individuals or harm to their interests

Scope

The AIDA will apply to persons carrying out a "regulated activity." A regulated activity includes, in the course of international or interprovincial trade and commerce:

a. processing or making available for use any data relating to human activities for the purpose of designing, developing or using an artificial intelligence system;

b. designing, developing or making available for use an artificial intelligence system or managing its operations

Requirements

(Persons may have responsibilities under more than one of the five categories below)

Persons who carry on regulated activities:

  • Establish measures with respect to the manner in which data is anonymized
  • Establish measures with respect to the management of anonymized data
  • Keep prescribed records

Persons responsible for AI systems:

  • Assess whether a system is high-impact*

Persons responsible for high-impact AI systems:

  • Establish (and moderate compliance with) measures to identify, assess and mitigate risks of harm and bias

Persons who make available for use a high-impact system must publish on a website:

  • The system's intended use
  • Content the system intends to generate
  • Mitigating measures
  • Other prescribed information

Persons who manage the operation of a high-impact system must publish on a website:

  • How the system is used
  • Types of content generated
  • Mitigation measures
  • Other prescribed information

Enforcement mechanisms

Powers of the Minister responsible for administering the AIDA include:

  • Order-making powers
  • Ability to disclose information, including to designated analysts, the Privacy Commissioner, the Commissioner of Competition, the Canada Radio-television and Telecommunications Commission, and other prescribed entities.
  • Publish, on a publicly available website, information (less confidential business information) about a contravention
  • Publish, on a publicly available website, information (less confidential business information) about an AI system that the minster has reasonable grounds to believe presents a serious risk of imminent harm or is essential to prevent the harm

Penalties associated with AIDA

Contraventions of the AIDA may generally result in:

  • Administrative monetary penalties (AMPs) of as much as 3 per cent of global revenue or C$10 million

Commission of offences under sections 38 or 39 of the AIDA may result in:

  • Administrative monetary penalties (AMPs) of as much as 5 per cent of global revenue or C$25 million
  • Imprisonment of individuals

Contact us

Our global cyber security and data protection team take a proactive approach to safeguarding your world. Let us help you stay one step ahead in this evolving landscape. Contact a member of our team to begin a conversation.

*NOTE: "high-impact system" is not defined in the AIDA, and will be defined later by regulation