At consideration in the House of Commons of amendments made by the Senate, as of Dec. 5, 2024 (This bill did not become law.)
Summary
This is from the published bill. The Library of Parliament has also written a full legislative summary of the bill.
Part 1 amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system. It also establishes an administrative monetary penalty scheme to promote compliance with orders and regulations made by the Governor in Council and the Minister of Industry to secure the Canadian telecommunications system as well as rules for judicial review of those orders and regulations. This Part also makes a consequential amendment to the Canada Evidence Act . Part 2 enacts the Critical Cyber Systems Protection Act to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are delivered or operated as part of a work, undertaking or business that is within the legislative authority of Parliament. It also, among other things, (a) authorizes the Governor in Council to designate any service or system as a vital service or vital system; (b) authorizes the Governor in Council to establish classes of operators in respect of a vital service or vital system; (c) requires designated operators to, among other things, establish and implement cyber security programs, mitigate supply-chain and third-party risks, report cyber security incidents and comply with cyber security directions; (d) provides for the exchange of information between relevant parties; and (e) authorizes the enforcement of the obligations under the Act and imposes consequences for non-compliance. This Part also makes consequential amendments to certain Acts.
Elsewhere
All sorts of information on this bill is available at LEGISinfo, an excellent resource from Parliament. You can also read the full text of the bill.
Bill numbers are reused for different bills each new session. Perhaps you were looking for one of these other C-26s:
C-26 (2016)Law
An Act to amend the Canada Pension Plan, the Canada Pension Plan Investment Board Act and the Income Tax Act
C-26 (2014)Law
Tougher Penalties for Child Predators Act
C-26 (2011)Law
Citizen's Arrest and Self-defence Act
Votes
March 27, 2023Passed 2nd reading of Bill C-26, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts
This is a computer-generated summary of the speeches below.
Usually it’s accurate, but every now and then it’ll contain inaccuracies or total fabrications.
Bill C-26 addresses cybersecurity by amending the Telecommunications Act to prioritize security within the Canadian telecommunications system and creating a new Critical Cyber Systems Protection Act. It grants the government power to direct telecommunications service providers and compels designated operators in key sectors to establish cybersecurity programs and report incidents. The bill aims to protect critical infrastructure from cyber-attacks, while concerns have been raised regarding privacy rights, business impacts, and the breadth of the government's new powers.
Liberal
Supports cybersecurity bill C-26: Liberal members of parliament voiced strong support for Bill C-26, emphasizing that cybersecurity is national security. They highlighted the need for both public and private sectors to enhance their defenses against malicious cyber activities and cyber-attacks, ensuring the protection of critical infrastructure and the safety of Canadians.
Two main objectives: The bill aims to amend the Telecommunications Act to include security as a policy objective, aligning the telecommunications sector with other critical infrastructure sectors. Additionally, it introduces the Critical Cyber Systems Protection Act (CCSPA), requiring designated operators in finance, telecommunications, energy, and transportation to protect their critical cyber systems through cybersecurity programs, risk mitigation, incident reporting, and compliance with cybersecurity directives.
Commitment and investment: The Liberal party underlined their ongoing commitment to investing in cybersecurity and demonstrated the government's dedication to increasing the cybersecurity baseline across Canada, ensuring national security and public safety for all Canadians. The members cited significant investments to date, which include a national cybersecurity strategy, the creation of the Canadian Centre for Cyber Security, and increased RCMP enforcement capacity.
Focus on 5G security: Members highlighted the importance of addressing security vulnerabilities associated with the rollout of 5G technology. The bill aims to prohibit the use of products and services from high-risk suppliers in Canadian telecommunications systems, aligning with actions taken by allies to safeguard telecommunications infrastructure from potential threats.
Conservative
Supports moving to committee: While highlighting concerns around privacy and the impact on businesses, Conservatives will support sending the bill to committee to hear from experts and propose amendments.
Significant government overreach: The Conservatives express concern about the broad and sweeping powers granted to the Minister of Industry, allowing them to direct telecommunications service providers to do or refrain from doing anything, potentially without financial compensation for losses, and to exchange confidential information with various government agencies.
Privacy and civil liberties: There are concerns about the bill granting sweeping new powers to the government, potentially intruding on the private lives of Canadians, undermining privacy, and lacking sufficient accountability and oversight mechanisms to prevent abuse.
Red tape and business impacts: The Conservative Party also raises concerns about the potential for high red tape, the lack of incentives for companies to share best practices, and the absence of a balanced approach that considers both the sticks (penalties) and carrots (incentives) for compliance.
Accountability and transparency: There are worries about the lack of transparency in the bill, with concerns that the government could make secret orders without public knowledge, potentially eroding trust in the government due to past instances of hidden information and lack of accountability.
Need for cybersecurity framework: While identifying gaps and areas for improvement, members acknowledge the need for a new cybersecurity bill and framework to address foreign state-backed interference and the broader challenges in cyberspace.
Government's track record questioned: Conservative speakers express distrust in the government's ability to handle cybersecurity effectively, pointing to past delays and inaction, such as the Huawei decision, and raising concerns about the government's general competence and trustworthiness.
NDP
Needs improvement: The NDP agrees that the bill should go to committee, as it is not ready to pass. It lacks detail and accountability mechanisms, and explicitly exempts itself from existing accountability measures.
Sweeping powers: The bill grants broad powers to the Minister of Industry and the Minister of Public Safety, including the authority to issue orders to telecommunications service providers and establish classes of operators responsible for cybersecurity programs, but lacks sufficient oversight and safeguards.
Balancing security and rights: The NDP wants to see protections for vulnerable groups from cyberattacks, but not with unchecked ministerial powers and without public oversight. The NDP emphasizes the importance of balancing cybersecurity measures with appropriate safeguards to prevent abuse and misuse, ensuring proportionality, and respecting privacy and other rights.
Behind on protections: The NDP recognizes the importance of cybersecurity and acknowledges that Canada is behind in its protections and needs to develop stronger frameworks and guidelines. They call for leveraging cybersecurity expertise to assist allies like Ukraine in combating international cyber threats.
Bloc
Supports the bill: The Bloc Québécois generally supports Bill C-26, viewing it as a potentially positive step towards adopting a cybersecurity framework and addressing vulnerabilities, especially in light of increasing cyber threats and foreign interference. They will vote in favour of sending the bill to a parliamentary committee to hear from experts.
Need for clarification: Members emphasize the need to clarify the bill's potential impact on Quebec, particularly regarding interprovincial power lines (like those managed by Hydro-Québec) and other non-federal infrastructures. The Bloc also wants to ensure that the regulation-making powers granted by the bill are justified and do not bypass Parliament unnecessarily.
Proactive vs. Reactive: Several speakers voiced concern that Ottawa is too often in reaction mode regarding cybersecurity threats. They point to long delays in addressing issues like the Huawei 5G network threat and ongoing cyber-attacks on infrastructure like Hydro-Québec.
Strengthening trust: Members believe the bill should aim to ensure that citizens can trust the mechanisms protecting them in cybernetics and cyberspace. They argued this trust is built through education, insight, and addressing the vagueness of Canadian foreign policy, and that the bill needs to strengthen trust to protect collective security.
