Public Safety Committee on Feb. 24th, 2026

Thank you, Mr. Chair.

That's what Bill C‑8 is all about. There are, of course, gaps in the current version of the Telecommunications Act. Bill C‑8 would add a new purpose to clause 7: clauses that cover all CRTC and Innovation, Science and Economic Development Canada, or ISED, action to protect the telecommunications system. Yes, there are gaps in the current act. That's why our government has tabled Bill C‑8.

The minister and the Governor in Council would have powers. The bill sees ISED as the primary regulatory authority for exercising powers. However, those powers need to exist, and they don't currently exist. The powers of the Telecommunications Act can only be expanded through Bill C‑8's comprehensive amendments. There would then be an opportunity to impose mandatory regulations to protect the telecommunications network and the data on those networks. So that's the context in which the protection exists.

The amendment in question proposes to change the CRTC's minor regulatory power over a type of licence. That's why I mentioned the CRTC, and that's the context of the amendment. First, in terms of principles, the measures in Bill C‑8 give the Governor in Council and the Minister of Industry new powers to impose obligations on telecommunications service providers to protect their networks. That's a very important thing to consider, in terms of high-risk equipment, for example.

The regulations would apply to telecommunications service providers in Canada. The control measures are there for supply chains. For example, Bell could be prohibited from buying a type of equipment or providing a type of service. The obligation applies to providers in Canada. However, it would be possible to control supply chains overall, regardless of the location, when it comes to purchasing Canadian or foreign equipment, or a service being provided abroad.

There are criteria like that. The committee has given us more control over our ability to have guardrails, which is reasonable. The framework exists in that context. So there would be an opportunity to act if the threat was credible, if there was credible information. That situation exists. Regardless of the regulatory environment, credible information is needed to impose a regulation on the industry.

I thank the member for his question.

Yes, there are a few options in clauses 15.1 or 15.2 to control or limit this type of harmful activity if there is credible information that the Canadian telecommunications system is at risk.

The powers under part 1 of Bill C-8 would give the government the ability to implement regulatory controls on telecommunications service providers and the management of their infrastructure and services, and those can absolutely be pre-emptive.

I keep going to high-risk vendor equipment, because that's a tangible example that people are familiar with. If there's credible information that a foreign equipment provider has risks associated with their equipment, proposed section 15.1 gives the government the ability to tell Bell, Rogers, Telus, whomever, that they can't buy that equipment from that vendor, full stop, under any circumstances.

It doesn't matter where the equipment is made. It can be made in another country, but the obligation applies. It's more effective if the obligation applies to the corporation that's running the infrastructure in Canada, because they're under our jurisdiction. We can control them via these powers. We would say, “You cannot use that equipment,” or we might have other mitigation measures that say, “Only with these mitigation controls could you use that equipment.”

The same thing applies to the provision of services, and the text refers to services as well. Outsourcing is a purchase of a service from a foreign company, and so the same context would apply.

Agreed.

This amendment would amend the administrative monetary penalty authority with respect to individuals and would add the word “knowingly”. Basically, ISED or the minister would have to prove intent before being able to fine an individual.

This is an extraordinarily high bar to clear in a regulatory context. We are not investigatory in the way a law enforcement body is. Forcing us to engage in that type of investigation is not something that we are seeking to do. This would likely render the AMPs power basically unusable, because the burden to try to demonstrate intent would be so high.

There are already provisions that limit our ability to use the monetary penalty power in this case. There are criteria such as the track record of the individual involved, the ability to pay and those types of things. It's already a much, much lower limit than the AMPs power for corporations, and there's a requirement that any AMP must be to promote compliance and not punish. If this was adopted to promote compliance, the main authority we'd have would be the offence power, which is a very heavy power, such as going after jail time or something like that. The point of a monetary penalty is to have an intermediate step that is not so drastic as that.

I can continue. If you have questions about how we've used AMPs to date, we don't use them often. There have been only two instances of individuals, and we have 160,000 licences.

I'll stop there.