An Act respecting Cybersecurity of Critical Cyber Systems (44-1, original)
Bill C-26 was the federal government's first attempt at a comprehensive cybersecurity statute for critical-infrastructure sectors after the 2021 Colonial Pipeline ransomware attack and the 2022 Rogers nationwide outage made the issue politically urgent. It would have given the Minister of Industry sweeping power to order telecom carriers to drop equipment from named vendors (read: Huawei), and to set binding cybersecurity baselines for federally regulated sectors. Stalled in 44-1 over Privacy Commissioner concerns about the breadth of ministerial powers and the absence of judicial oversight. Reintroduced in 45-1 with narrower triggers.
Status
Quick learn
Required telecoms, banks, pipeline operators, and other critical-infrastructure companies to report cyberattacks to the federal government and to follow federally set cybersecurity standards. Stalled in 44-1 over privacy concerns about the new ministerial powers, then reintroduced in 45-1 with narrower scope.
Issues this bill touches
- National Security
Earlier defeated cybersecurity bill (44-1 original).
Legislative history
- Introduced
Tabled in the originating chamber by the sponsor.
View source - Defeated
Defeated on a vote; no further legislative action.
View source
Official source
Read full text on Parliament of Canada