An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts
Bill C-26 was the federal government's first attempt at a comprehensive cybersecurity statute for critical-infrastructure sectors after the 2021 Colonial Pipeline ransomware attack and the 2022 Rogers nationwide outage made the issue politically urgent. It would have given the Minister of Industry sweeping power to order telecom carriers to drop equipment from named vendors (read: Huawei), and to set binding cybersecurity baselines for federally regulated sectors. Stalled in 44-1 over Privacy Commissioner concerns about the breadth of ministerial powers and the absence of judicial oversight. Reintroduced in 45-1 with narrower triggers.
Status
Quick learn
Required telecoms, banks, pipeline operators, and other critical-infrastructure companies to report cyberattacks to the federal government and to follow federally set cybersecurity standards. Stalled in 44-1 over privacy concerns about the new ministerial powers, then reintroduced in 45-1 with narrower scope.
Issues this bill touches
- National Security
Cyber security and Telecommunications Act amendments.
Legislative history
- First reading
First reading in the House of Commons.
View source - Second reading
Second reading in the House of Commons.
View source - Third reading
Third reading in the House of Commons.
View source - First reading
First reading in the Senate.
View source - Second reading
Second reading in the Senate.
View source - Third reading
Third reading in the Senate.
View source
Official source
Read full text on Parliament of Canada