Bill C-26

Part 1 amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system. It also establishes an administrative monetary penalty scheme to promote compliance with orders and regulations made by the Governor in Council and the Minister of Industry to secure the Canadian telecommunications system as well as rules for judicial review of those orders and regulations.
This Part also makes a consequential amendment to the Canada Evidence Act .
Part 2 enacts the Critical Cyber Systems Protection Act to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are delivered or operated as part of a work, undertaking or business that is within the legislative authority of Parliament. It also, among other things,
(a) authorizes the Governor in Council to designate any service or system as a vital service or vital system;
(b) authorizes the Governor in Council to establish classes of operators in respect of a vital service or vital system;
(c) requires designated operators to, among other things, establish and implement cyber security programs, mitigate supply-chain and third-party risks, report cyber security incidents and comply with cyber security directions;
(d) provides for the exchange of information between relevant parties; and
(e) authorizes the enforcement of the obligations under the Act and imposes consequences for non-compliance.
This Part also makes consequential amendments to certain Acts.