That's why we worked on the directive on automated decision-making systems at Treasury Board Secretariat. That's the purview of management systems that Treasury Board is responsible and accountable for. Should that be raised to an act level, similar to where we see PIPEDA and a Privacy Act that governs how public sector services work? Yes.
One thing I would like to see is alignment of requirements between AIDA and the directive, or a subsequent type of policy that would come out from TBS recognizing that automated decision-making systems aren't the only types of AI.
One of the things that it doesn't address, or things that are out of scope, is national security systems, as you mentioned, so I do think that additional provisions would need to be made for that.