Bill 194, which introduces cybersecurity and artificial intelligence (AI) requirements in Ontario’s public sector, received Royal Assent on November 25, 2024. Now that this is the law, the question turns to compliance. How should public sector institutions move forward with Bill 194 compliance in mind? In this article, we explain how institutions can prepare to comply with this law.
Bill 194, the Strengthening Cyber Security and Building Trust in the Public Sector Act was tabled by the Ontario government in May 2024. It amends Ontario’s Freedom of Information and Protection of Privacy Act (“FIPPA”) and introduces a new legislation called the Enhancing Digital Security and Trust Act, 2024 (the “EDSTA”). At a high level, the Bill establishes new requirements regarding cybersecurity and artificial intelligence in Ontario’s public sector, expands the powers of the Information and Privacy Commissioner of Ontario (“IPC”), and enhances privacy protections including protections for minors.
Many of the provisions of Bill 194 are not yet in force. The EDSTA and most of the FIPPA amendments will come into force at a future date proclaimed by the Lieutenant Governor.