Ontario’s New Cybersecurity and AI Governance Act: What Public Sector Entities Need to Know

https://www.privacyrules.com/wp-content/uploads/2025/06/daryan-shamkhali-pEXWdTPXsuA-unsplash-scaled.jpg

Ontario is making bold legislative moves to enhance digital trust and security within its public sector. The proposed Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024 marks a significant shift toward greater accountability, particularly around the use of artificial intelligence and automated decision-making.

In their latest publication, McMillan LLP unpacks the proposed legislation and offers a practical analysis of what this means for public sector institutions, service providers, and policymakers alike.

📌 Highlights from the Proposed Ontario Cybersecurity and AI Act:

  • Mandatory Cybersecurity Standards
    The Act would empower the government to set minimum cybersecurity requirements for public sector organizations, including data security, incident response, and third-party management.

  • Governance of AI Systems
    A key feature is the introduction of rules around AI and automated decision-making. Public sector organizations will be required to maintain transparency and fairness when using AI tools that affect individuals.

  • Data Inventory Requirements
    Organizations will need to keep up-to-date inventories of the data they hold and use, especially when it intersects with automated decision-making systems.

  • Provincial Leadership in Trustworthy Tech
    If passed, Ontario will join global jurisdictions prioritizing ethical AI and responsible data governance.

To understand the scope of these developments and their implications across the public and private sectors, we encourage you to read the full article from McMillan LLP:
👉 Read the full article here

For more details or legal guidance tailored to your organization, reach out to McMillan LLP directly—or contact us via PrivacyRules and we’ll be happy to connect you with the right experts.