On June 4, 2026, the Government of Canada released “AI for All”, its long-anticipated national artificial intelligence (“AI”) strategy (the “Strategy”). The Strategy both advances substantial economic initiatives and provides important signals regarding the government’s approach to AI management. It does not introduce comprehensive AI legislation in Canada, and confirms that such legislation is, for now, not contemplated. The previously tabled Artificial Intelligence and Data Act (“AIDA”) is unlikely to be revived under this Strategy. For businesses that have been waiting for a rulebook before investing in AI governance, that wait just got longer.

But “no rules yet” is not the same as “nothing to do.” The Strategy outlines a framework for potential future laws and regulations to address discrete AI risks, including privacy, online harms, and misinformation. One such legislative amendment that we can expect to be forthcoming is the long-awaited modernization of the Personal Information Protection and Electronic Documents Act (“PIPEDA”).

On June 15, 2026, Bill C-36 was introduced, which would enact the Protecting Privacy and Consumer Data Act (“PPCDA”). We will soon publish a comprehensive article on PPCDA/Bill C-36 and what it would mean for Canadian businesses in more detail, but some of the core updates include increased obligations surrounding privacy management frameworks, demonstrating compliance, Canadian data sovereignty and specific requirements imposed on service providers, as well as the ability for the regulator to impose significant fines. Bill C-36 also includes guidance on the use of anonymized information and to what extent businesses may use personal information without consent and on “legitimate interests.”

Businesses that begin preparing for these expected updates now, such as by mapping data flows and documenting AI decision processes, will be better positioned to move quickly once new laws and regulations are finalized.

A lighter touch than the EU, closer to the U.S. model

The Strategy does not follow the model of the EU’s comprehensive risk-based framework under the EU AI Act and aligns more closely with the U.S. approach of relying on industry standards and targeted measures in higher-risk areas. While the Strategy is not prescriptive regarding AI-specific regulations, it signals that the government will target regulations aimed at mitigating specific risks in order to enable the ultimate goal, which is safe and trustworthy AI for all. Canadian businesses developing and implementing AI will need to monitor the development of the laws and regulations in this area and, for now, rely on principle-based approaches to manage risks in areas such as automated decision-making, bias, cybersecurity, intellectual property rights, and transparency.

The six pillars:

The Strategy is structured around six pillars aimed at building trust, expanding economic opportunity, and safeguarding Canadian sovereignty. This is a business-first AI agenda.

While the Strategy and each of the pillars establish important priorities for future AI policies and support mechanisms, they do not provide clarity on specific present rules, regulations, or compliance expectations for businesses. Canadian businesses should monitor future AI legislative developments and, in the interim, continue applying principle-based approaches to manage risk with the help of legal counsel.

As summarized below, Pillar 1 focuses on targeted regulatory and legislative initiatives, while Pillars 2–6 address economic and capacity-building priorities:

Pillar 1, “Protecting Canadians and Safeguarding Democracy”, positions trust as the Strategy’s “north star” and outlines anticipated legislative and regulatory initiatives to achieve improved AI safety and reliability:

  1. Privacy and data governance: Bill C-36 has been introduced to modernize PIPEDA, recognizing a fundamental right to privacy, safeguarding children’s information, and enhancing and clarifying requirements as well as enforcement pertaining to data privacy. Businesses should prepare to audit AI-related data practices accordingly.
  2. Online harms, misinformation, and democratic integrity: New tools and laws to address deepfakes, ensure chatbot safety, hold those responsible for online harms accountable, and protect against AI-enabled misinformation and foreign interference in democratic processes. This includes introducing Bill C-34, An Act to enact the Digital Safety Act and the Digital Safety Commission of Canada Act and to make consequential amendments to other Acts. Both the Digital Safety Act and PCCDA would be overseen by the Canadian Digital Safety and Data Protection Commission, a new regulator created by the Bill. Organizations deploying customer-facing AI or content systems should monitor these developments.
  3. Transparency and standardization: Investment in transparency capabilities, including watermarking AI-generated content, to help users understand when they are interacting with AI; and development of a Canada Trusted AI Certification program, along with funding to support the private standardization ecosystem and shape global AI standards in collaboration with international partners. Early engagement may help businesses demonstrate compliance leadership.
  4. Cybersecurity: Acceleration of research and government partnerships with law enforcement, intelligence agencies, frontier AI companies, and international partners to advance Canadian cybersecurity technologies and protect critical systems from cyberattacks. Technology providers may find contracting opportunities in this space.

Pillar 2, “Empowering Canadians”, focuses on AI literacy, workforce readiness, and inclusive participation to support informed and responsible AI use. Examples include, a National AI Literacy Initiative offering entry-level AI training accessible to all Canadians, as well as investments in post-secondary AI programs and work-integrated learning opportunities, employers may benefit from government-subsidized training to address AI skills gaps.

Pillar 3, “Powering Shared Prosperity”, is centered on closing the AI adoption gap, particularly among small and medium-sized enterprises (“SMEs”). The Strategy proposes targeted supports, including funding, incentives, and advisory services, to encourage practical deployment of AI solutions across key sectors such as agriculture, manufacturing, healthcare, and natural resources. SMEs should monitor ISED and regional agency announcements for AI adoption grants.

Pillar 4, “Building the Canadian Sovereign AI Foundation”, addresses infrastructure needs, including compute capacity, data centre development, and energy resources. Government-held data is identified as a strategic national asset requiring secure data platforms built upon common standards and strong privacy protections. The Strategy commits to accelerating data centre construction, streamlining permitting, and ensuring clean energy access. A “build-partner-buy” approach is emphasized to develop domestic capabilities while maintaining access to global innovation.

Pillar 5, “Building and Scaling Canadian AI Champions”, aims to strengthen commercialization pathways and retain high-growth AI companies within Canada. The Strategy emphasizes strategic investments, government procurement commitments, and expanded venture capital access to support Canadian AI firms from development through to global scale. These measures are intended to address concerns about Canadian AI companies relocating or being acquired by foreign entities. Canadian AI companies should track BDC and EDC financing programs.

Pillar 6, “Building Trusted Partnerships and Global Alliances”, focuses on international collaboration, including participation in multilateral AI governance forums and the promotion of open-source AI development. The Strategy positions Canada as a trusted partner in navigating a shifting global technology landscape, emphasizing secure supply chains, allied technology partnerships, and improved Canadian industry resilience against geopolitical disruptions. Companies with cross-border AI operations should monitor how these partnerships may affect sourcing and data transfer arrangements.

International perspectives: Comparing Canada’s AI regulatory framework to EU and U.S. approaches

The Strategy identifies Europe as an important strategic partner for advancing AI initiatives that support the tenets of trust, safety, and the protection of privacy as a fundamental right. These are core AI policy objectives of the EU. However, the Canadian approach diverges from the EU’s risk-based framework, which categorizes AI systems and assigns corresponding legal requirements. Instead, the Strategy relies on existing legal frameworks, implements fewer formal compliance obligations, and provides less prescriptive guidance than the EU model for safe and responsible AI development and deployment.

Notably, the Strategy’s emphasis on innovation, commercialization, industry standards, and certification mechanisms aligns more closely with the approach of the U.S., which also has not adopted a comprehensive national-level AI regulatory regime.

For Canadian businesses, unlike in the EU (which has implemented prescriptive regulatory regimes), compliance in Canada will continue to depend on interpreting the Strategy’s goals and high-level principles, in the absence of detailed codified rules.

Conclusion

Canadian businesses should focus on implementing practices and policies to promote safe and trustworthy AI systems while leveraging existing legal frameworks. Even in areas where new legislation or regulation is anticipated, at this point the Strategy provides businesses with only a high-level framework and indications of a potential future policy direction. Therefore, the Strategy does not introduce a fundamental shift or significant new compliance obligations for Canadian businesses in the near term. Rather, it provides considerations regarding the intended progress for AI deployment and adoption in Canada that businesses can employ in their internal policy and procedure development process.

Practically, businesses should:

  1. monitor Bill C-36, which introduces new data privacy and governance requirements relevant to AI systems;
  2. assess existing AI deployments against emerging transparency and standardization expectations, including the forthcoming Canada Trusted AI Certification program;
  3. consider how Pillar 4 infrastructure initiatives, including data centre expansion and compute capacity investments, may create new partnership or procurement opportunities; and
  4. continue applying principle-based risk management frameworks (covering bias, automated decision-making, cybersecurity, and IP) until more prescriptive guidance is issued.

Lawyers from Miller Thomson’s Artificial Intelligence Group have experience advising on AI governance frameworks and can support businesses in evaluating these areas.