I understand that certain businesses can be designated as owners or operators of critical cyber systems covered by the bill. However, others will fall into a grey zone, meaning it will be unclear if they own or operate this type of infrastructure. According to the way Bill C‑26 is drafted, will it be enough to push some undesignated businesses into complying independently and voluntarily with the cybersecurity directions outlined in the bill?
If applicable, is there any opportunity for smaller businesses that fall into a grey zone to take advantage of the essence of Bill C‑26? Again, it brings us back to the labour shortage issue; if ever there’s a kind of appetite for this, is there a plan to be able to respond?