top of page
  • Writer's pictureDeborah

On June 14, Bill C-26, An Act Respecting Cyber Security (ARCS) introduced the Critical Cyber Systems Protection Act (CCSPA) to help organizations, including federally regulated entities in the private sector, better prepare, prevent, and respond to cyber incidents.


A critical cyber security system is defined as a ‘system that, if its confidentiality, integrity or availability were compromised, could affect the continuity or security of a vital service or vital system’.


A vital service or system includes banking systems and clearing and settlement systems.


If it becomes law, the CCSPA will require designated operators to comply with the following:

  • Implement a cyber security program taking into consideration the identification and management of cyber security risks, the protection of their critical cyber security systems, the detection of cyber incidents and the minimization of the impact of cyber security incidents.

  • Mitigate the supply-chain and third-party risks as soon as any cyber security risk associated has been identified.

  • Immediately report a cyber security incident to the Communications Security Establishment and notify the appropriate regulator.

  • Prohibition to disclose confidential information except under certain conditions (e.g. disclosure required by law, consent to its disclosure, disclosure necessary to the protection of vital services, vital systems or critical cyber systems… ).

  • Record keeping of any steps taken to implement the cyber security program; of every cyber security incident reported, any steps taken to mitigate any supply-chain or third-party risks…

Designated operator is defined as ‘a person, partnership or unincorporated organization that belongs to any class of operators’.


The Bill has only passed first reading in the House of Commons.


Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page