Thank you for the question.
The amendments will reinforce the policy intent of these sections, which was to create a strict liability offence for contravening the act as well as to ensure the applicability of a due diligence defence.
In strict liability, the defendant is liable for the offences, regardless of intent. For example, in drug possession cases, it is assumed someone found in possession of drugs has committed this offence, and they are responsible to prove their innocence.
In the case of the CCSPA, for example, you could say a designated operator failed to establish a cybersecurity program within the 90 days designated under the act. This is a punishable offence.
It's currently written that the Crown must demonstrate that the designated operator did not meet this requirement. Instead, and what was originally intended, is that the amendment would assume the offence occurred, and the designated operator would then have the opportunity to prove otherwise in a judicial review process by showing they tried to comply. This is otherwise known as the due diligence defence.