🔴Illinois HB 3773IN EFFECTUp to ~$70K/violation|🔴Texas TRAIGA (HB 149)IN EFFECTAG-enforced|🔴Utah AI Policy ActIN EFFECT$2,500/violation|⚠️Colorado AI Act (SB 205)Jan 1, 2027AG-enforced|⚠️California SB 942Aug 2, 2026$5K/day|⚠️EU AI Act Art. 50Aug 2, 2026€35M or 7% revenue|⚠️New York RAISE ActJan 1, 2027AG civil penalties|🔴Illinois HB 3773IN EFFECTUp to ~$70K/violation|🔴Texas TRAIGA (HB 149)IN EFFECTAG-enforced|🔴Utah AI Policy ActIN EFFECT$2,500/violation|⚠️Colorado AI Act (SB 205)Jan 1, 2027AG-enforced|⚠️California SB 942Aug 2, 2026$5K/day|⚠️EU AI Act Art. 50Aug 2, 2026€35M or 7% revenue|⚠️New York RAISE ActJan 1, 2027AG civil penalties|
No federal AI Act (AIDA lapsed)
Flag of Canada

AI Act Compliance in Canada

Contrary to common reporting, Canada has no enacted federal AI statute — Bill C-27, which contained the Artificial Intelligence and Data Act (AIDA), died when Parliament was prorogued in January 2025 and has no successor as of 2026. AI is governed indirectly through PIPEDA (federal privacy law), the Treasury Board Directive on Automated Decision-Making (which requires federal agencies to run algorithmic impact assessments), and provincial laws such as Quebec's Law 25, which requires disclosure of automated decisions, an explanation of the logic, and a right to human review.

By · Founder
Published Reviewed
Map showing the location of Canada in the world
Canada on the world map
⚠️ Maximum penalty: No federal AI-specific penalty; Quebec Law 25 up to CAD $25M or 4% of global turnover
Deadline: Federal AI bill lapsed; Treasury Board Directive legacy-system compliance by June 24, 2026

The EU AI Act enters into force on August 2, 2026, creating a unified regulatory framework for artificial intelligence across all 27 EU member states and the European Economic Area. Unlike the patchwork of US state laws, the EU AI Act is a single directive with direct applicability — companies serving EU customers cannot negotiate compliance state-by-state. The regulatory environment is layered: existing data-protection obligations under GDPR remain in force and interact with new AI-specific requirements. The EU AI Act imposes transparency, documentation, and risk-assessment obligations regardless of where the company is incorporated, making it effectively extra-territorial for any business with EU users, customers, or employees.

The EU AI Act uses a risk-based compliance framework that escalates with system impact. The framework identifies four risk tiers: prohibited AI systems (facial recognition in law enforcement, social credit scoring, subliminal manipulation); high-risk systems (hiring, benefits determination, law enforcement, biometric identification, facial emotion recognition); limited-risk systems (chatbots and transparent AI); and minimal-risk systems (game AI, spam filters). High-risk systems require pre-deployment impact assessments, bias and fairness testing, documented risk mitigation, human oversight mechanisms, and transparency to end users. Limited-risk systems require transparency disclosures. The tiered approach means compliance effort scales with AI risk — but almost any business AI system will land in the high-risk or limited-risk category, triggering active obligations.

Penalties for non-compliance are severe: up to €35 million or 7% of global annual turnover, whichever is higher. Fines accumulate per violation, and per-decision violations (e.g., a non-compliant AI system used in 1,000 hiring decisions) can multiply exposure. Unlike US state laws where compliance is sector-specific, the EU AI Act applies uniformly across all industries — healthcare, finance, government, retail, recruitment, all face the same framework. Some member states have enacted opt-out rights for citizens, allowing individuals to request human-only decisions in high-risk contexts. The financial and operational stakes make EU AI Act compliance a separate, high-priority workstream from US state-law compliance.

Compliance with the EU AI Act is not a forward-looking exercise — August 2, 2026 is the enforcement start date. Businesses should treat this deadline the same way they treated GDPR's May 25, 2018 enforcement date: as a hard cutoff after which non-compliance creates daily exposure. National data-protection authorities and AI-specific regulators (newly established in many member states) will begin accepting complaints and conducting audits immediately upon enforcement. The most effective compliance strategy is to conduct an immediate AI inventory, prioritize high-risk systems for pre-deployment assessment, complete bias and fairness testing, and establish documentation and human-review processes before August 2. Attempting remediation after enforcement has begun creates longer periods of documented non-compliance and higher penalty exposure.

Applicable laws

📜 PIPEDA — Personal Information Protection and Electronic Documents Act
📜 Treasury Board Directive on Automated Decision-Making
📜 Quebec Law 25 (Loi 25)
📜 Bill C-27 / AIDA — lapsed at prorogation, Jan 2025
● Live

Recent AI law developments in Canada

Updated July 13, 2026

Recent news coverage of AI regulation and policy in Canada. Headlines are aggregated automatically; follow each link for the full story.

AI Law NewsFlag of Canada
aljazeera.com
July 10, 2026
Canada Bill C - 36 tackles AI privacy . Is it enough ? | Privacy News

Coverage from aljazeera.com on AI legislation and regulation relevant to Canada.

aljazeera.com·
AI Law NewsFlag of Canada
lethbridgeherald.com
June 21, 2026
AI safety advocates say bill a good first step on regulation , but more needed

Coverage from lethbridgeherald.com on AI legislation and regulation relevant to Canada.

lethbridgeherald.com·
AI Law NewsFlag of Canada
winnipegfreepress.com
June 21, 2026
AI safety advocates say bill a good first step on regulation , but more needed – Winnipeg Free Press

Coverage from winnipegfreepress.com on AI legislation and regulation relevant to Canada.

winnipegfreepress.com·
AI Law NewsFlag of Canada
stcatharinesstandard.ca
June 20, 2026
Here what you need to know about Ottawa new policies on social media and AI

Coverage from stcatharinesstandard.ca on AI legislation and regulation relevant to Canada.

stcatharinesstandard.ca·
AI Law NewsFlag of Canada
niagarafallsreview.ca
June 12, 2026
Privacy commissioner says Grok deepfakes violated Canadian privacy law

Coverage from niagarafallsreview.ca on AI legislation and regulation relevant to Canada.

niagarafallsreview.ca·
Checklist
Fines
Requirements
Guide
Deadline

US-based? Check your state laws too

If you're a US company serving Canada customers, you need to comply with both your state's AI laws and the EU AI Act.

CaliforniaIllinoisColoradoNew YorkCheck my state →

High-risk industries under EU AI Act

🏥 Healthcare
🏦 Finance
👔 HR & Hiring
🛡️ Insurance
⚖️ Legal
🎓 Education

Other EU countries

Germany (EU)
France (EU)
Netherlands (EU)
Spain (EU)
Italy (EU)
Sweden (EU)
Poland (EU)
Belgium (EU)
Editorial standards

Anchored to the primary government source (statute, bill text, or agency rule) and verified directly against it · Last verified Jun 16, 2026. See our methodology.

Primary sources · Canada