CanucktAI
HomeFrameworksAIDA
AI & DigitalFederal — Canada (pending)In force Pending Royal Assent — expected 2026

AIDA

Artificial Intelligence and Data Act (Bill C-27, Part 3)

Canada's first federal AI regulation law

Run AIDA assessment ← All frameworks
Overview

AIDA is Part 3 of Bill C-27 and will be Canada's first comprehensive AI law. It targets high-impact AI systems and requires impact assessments, bias mitigation, transparency obligations, and human oversight. Organizations that develop or deploy AI systems that make consequential decisions about people must assess and manage risks before deployment.

Authority
AI and Data Commissioner (new office, pending)
Jurisdiction
Federal — Canada (pending)
Effective date
Pending Royal Assent — expected 2026
Applicability

Who must comply with AIDA?

Organizations that 'make available' or use 'high-impact AI systems' in Canada. This includes AI tools used in hiring, credit scoring, healthcare diagnostics, criminal justice, and content recommendation — sectors to be defined by regulation.

Compliance scope
Your organization collects personal information
You operate in the applicable jurisdiction
Commercial activities are involved
You use or disclose personal data

Not sure if AIDA applies? Run a free assessment →

Requirements

Key obligations under AIDA

Impact Assessment

Conduct and document an AI impact assessment before deploying a high-impact AI system. Assess risks related to bias, harm, and rights.

Bias Mitigation

Identify and implement measures to mitigate biased output that could harm individuals based on protected characteristics.

General Measures

Implement governance measures to manage risks of harm or bias throughout the AI lifecycle — from design to decommissioning.

Transparency Notices

Inform individuals when they interact with a high-impact AI system and how it affects decisions about them.

Record Keeping

Keep records of your impact assessments, risk management measures, and incident reports. The AI Commissioner can inspect.

Incident Reporting

Report material harm caused by a high-impact AI system to the Commissioner and affected individuals.

Enforcement

Penalties & enforcement

Maximum penalty
$25M CAD or 5% of global revenue
Enforced by: AI and Data Commissioner / Minister of Innovation
Notable case

AIDA penalties mirror CPPA — both at $25M — signalling Canada's intent to align AI and privacy enforcement

How Canuckt keeps you penalty-free:
AI system inventory tool to identify which of your AI tools may qualify as "high-impact" under AIDA criteria
AI impact assessment template aligned with AIDA requirements and OECD AI risk framework
Bias testing documentation framework for demonstrating mitigation measures to the AI Commissioner
AIDA + CPPA combined readiness assessment — the two laws are designed to work together
Related

Frameworks that often overlap with AIDA

Privacy
CPPA / Bill C-27

Canada's GDPR-equivalent — the biggest privacy law reform in 20 years

Privacy
PIPEDA

Canada's federal private-sector privacy law

Privacy
Law 25

Quebec's sweeping privacy reform — Canada's strictest

Run a free AIDA gap assessment

Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with AIDA — in under 3 hours. Free forever.

Start free assessment
No credit card
Results in hours
Canadian data residency
AIDA / Bill C-27 AI Law Compliance Guide for Canada | Canuckt | Canuckt AI