The proposed legislation is well aligned with the CER's oversight mandate. We already have a fairly robust regulatory framework in place that requires companies to identify and anticipate threats and risks to their systems, processes and operations and to have programs in place that prevent and mitigate those events. We also have in place inspection officers with the ability to issue non-compliance inspection officer orders and, where necessary, administrative monetary penalties.
You can see that the elements of the proposed legislation closely mirror what we currently have in place. In addition to that, it enhances reporting and information sharing, which I think can only lead to a much stronger oversight of cyber-threats within our industry.