Law360 Canada (July 2, 2026, 3:22 PM EDT) --
 |
| Karen Durell |
 |
| Kirk Emery |
 |
| David Krebs |
 |
| David K. Bailey |
By introducing “AI for All,” Canada has signalled a choice for AI oversight: it will not legislate comprehensively, and it will not follow the EU. Released on June 4, 2026, the federal government’s “AI for All” strategy confirms that the previously tabled
Artificial Intelligence and Data Act is not being revived and that no equivalent is coming in the near term. What Canada is building instead is a framework — one that signals direction without specifying rules.
That choice has a logic to it. It preserves innovation headroom, avoids locking in standards that may not survive contact with fast-moving technology, and gives Canadian businesses flexibility that their EU counterparts do not have. It does not waive the compliance burden for businesses: in the absence of codified rules, organizations deploying AI must interpret the strategy’s principles, monitor legislative developments across multiple fronts, and build governance infrastructure without a clear template to follow.
The strategy’s six pillars are the foundation that businesses can use to address that challenge. Understanding what each pillar signals, and what it does not yet require, is the starting point for any business trying to manage AI risk in Canada today.
A lighter touch than the EU, closer to the U.S. model
The strategy does not follow the model of the EU’s comprehensive risk-based framework under the
EU AI Act and aligns more closely with the U.S. approach of relying on industry standards and targeted measures in higher-risk areas. While the strategy is not prescriptive regarding AI-specific regulations, it signals that the government will target regulations aimed at mitigating specific risks in order to enable the ultimate goal, which is safe and trustworthy AI for all. Canadian businesses developing and implementing AI will need to monitor the development of the laws and regulations in this area and, for now, rely on principle-based approaches to manage risks in areas such as automated decision-making, bias, cybersecurity, intellectual property rights and transparency.
The six pillars
The strategy is structured around six pillars aimed at building trust, expanding economic opportunity and safeguarding Canadian sovereignty. This is a business-first AI agenda.
wassam siddique: ISTOCKPHOTO.COM
While the strategy and each of the pillars establish important priorities for future AI policies and support mechanisms, they do not provide clarity on specific present rules, regulations or compliance expectations for businesses. Canadian businesses should monitor future AI legislative developments and, in the interim, continue applying principle-based approaches to manage risk with the help of legal counsel.
As summarized below, Pillar 1 focuses on targeted regulatory and legislative initiatives, while Pillars 2-6 address economic and capacity-building priorities:
Pillar 1, “Protecting Canadians and Safeguarding Democracy,” positions trust as the strategy’s “north star” and outlines anticipated legislative and regulatory initiatives to achieve improved AI safety and reliability:
1. Privacy and data governance: PIPEDA modernization is coming, with an emphasis on a fundamental right to privacy, safeguarding children’s information and strengthening people’s control over their personal data. Businesses should prepare to audit AI-related data practices accordingly.
2. Online harms, misinformation and democratic integrity: New tools and laws to address deepfakes, ensure chatbot safety, hold those responsible for online harms accountable, and protect against AI-enabled misinformation and foreign interference in democratic processes. Organizations deploying customer-facing AI or content systems should monitor these developments.
3. Transparency and standardization: Investment in transparency capabilities, including watermarking AI-generated content, to help users understand when they are interacting with AI; and development of a Canada Trusted AI Certification program, along with funding to support the private standardization ecosystem and shape global AI standards in collaboration with international partners. Early engagement may help businesses demonstrate compliance leadership.
4. Cybersecurity: Acceleration of research and government partnerships with law enforcement, intelligence agencies, frontier AI companies and international partners to advance Canadian cybersecurity technologies and protect critical systems from cyberattacks. Technology providers may find contracting opportunities in this space.
Pillar 2, “Empowering Canadians,” focuses on AI literacy, workforce readiness and inclusive participation to support informed and responsible AI use. Examples include a National AI Literacy Initiative offering entry-level AI training accessible to all Canadians, as well as investments in post-secondary AI programs and work-integrated learning opportunities. Employers may benefit from government-subsidized training to address AI skills gaps.
Pillar 3, “Powering Shared Prosperity,” is centred on closing the AI adoption gap, particularly among small and medium-sized enterprises (SMEs). The strategy proposes targeted supports, including funding, incentives and advisory services, to encourage practical deployment of AI solutions across key sectors such as agriculture, manufacturing, health care and natural resources. SMEs should monitor ISED and regional agency announcements for AI adoption grants.
Pillar 4, “Building the Canadian Sovereign AI Foundation,” addresses infrastructure needs, including compute capacity, data centre development and energy resources. Government-held data is identified as a strategic national asset requiring secure data platforms built upon common standards and strong privacy protections. The strategy commits to accelerating data centre construction, streamlining permitting and ensuring clean energy access. A “build-partner-buy” approach is emphasized to develop domestic capabilities while maintaining access to global innovation.
Pillar 5, “Building and Scaling Canadian AI Champions,” aims to strengthen commercialization pathways and retain high-growth AI companies within Canada. The strategy emphasizes strategic investments, government procurement commitments, and expanded venture capital access to support Canadian AI firms from development through to global scale. These measures are intended to address concerns about Canadian AI companies relocating or being acquired by foreign entities. Canadian AI companies should track BDC and EDC financing programs.
Pillar 6, “Building Trusted Partnerships and Global Alliances,” focuses on international collaboration, including participation in multilateral AI governance forums and the promotion of open-source AI development. The strategy positions Canada as a trusted partner in navigating a shifting global technology landscape, emphasizing secure supply chains, allied technology partnerships and improved Canadian industry resilience against geopolitical disruptions. Companies with cross-border AI operations should monitor how these partnerships may affect sourcing and data transfer arrangements.
International perspectives: Comparing Canada’s AI regulatory framework to EU and U.S. approaches
The strategy identifies Europe as an important strategic partner for advancing AI initiatives that support the tenets of trust, safety and the protection of privacy as a fundamental right. These are core AI policy objectives of the EU. However, the Canadian approach diverges from the EU’s risk-based framework, which categorizes AI systems and assigns corresponding legal requirements. Instead, the strategy relies on existing legal frameworks, implements fewer formal compliance obligations, and provides less prescriptive guidance than the EU model for safe and responsible AI development and deployment.
Notably, the strategy’s emphasis on innovation, commercialization, industry standards and certification mechanisms aligns more closely with the approach of the U.S., which also has not adopted a comprehensive national-level AI regulatory regime.
For Canadian businesses, unlike in the EU (which has implemented prescriptive regulatory regimes), compliance in Canada will continue to depend on interpreting the strategy’s goals and high-level principles, in the absence of detailed codified rules.
Conclusion
The “AI for All” strategy does not introduce a compliance crisis. It introduces a compliance vacuum.
Canada’s decision to apply a non-rules-based model acknowledges that AI development is neither a straight line nor static. Canadian businesses can look to the principle-based guidance as a foundation but need to remain cognizant that rules will likely eventually arrive that may require a pivot of a business’s AI policies and processes.
The businesses best positioned for AI adoption and development will be the ones that used the absence of rules as an impetus to build governance infrastructure, document their risk management rationale, and keep apprised of the certification and standardization processes the strategy signals are coming as they are rolled out. The window for that kind of proactive positioning is open now. It will not stay open indefinitely.
Karen Durell is a partner and national lead, technology at Miller Thomson. She is a seasoned IP and technology lawyer, as well as a trademark and patent agent. Dr. Durell excels in guiding organizations on IP rights, as well as technology and privacy issues, for emerging to established businesses. She expertly handles IP procurement, audits, strategy, contracts and due diligence all with a focus on IP, technology, privacy and anti-spam issues. Her background in technology and law ensures tailored legal strategies for innovators and businesses across various industries.
Kirk Emery is a partner at Miller Thomson LLP whose practice focuses on mergers and acquisitions, equity and debt financings, corporate governance, supply and service agreements and general corporate matters. He is well regarded for his legal and business judgment and practical approach to optimizing client outcomes.
David Krebs is a partner at Miller Thomson LLP and practises in the area of technology, privacy and cybersecurity. He is the national co-leader of the firm’s privacy and cybersecurity practice and has over 15 years of experience advising clients in the areas of privacy compliance, cybersecurity and commercial transactions.
David K. Bailey is an associate at Miller Thomson who helps both emerging and established businesses with a broad range of IP matters. He has extensive experience counselling clients on IP strategy in support of technology transactions and product development, conducting due diligence to identify and manage risk, and negotiating technology licence agreements. David’s practice also includes patent preparation, prosecution and worldwide portfolio management.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the author’s firm, its clients, LexisNexis Canada, Law360 Canada or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
Interested in writing for us? To learn more about how you can add your voice to Law360 Canada, contact Analysis Editor Richard Skinulis at Richard.Skinulis@lexisnexis.ca or call 437-828-6772.