Bill C-8 (formerly C-26), An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts

Section 7 of the Telecommunications Act is amended by striking out “and” at the end of paragraph (h), by adding “and” at the end of paragraph (i) and by adding the following after paragraph (i):

(j) to promote the security of the Canadian telecommunications system.

The Act is amended by adding the following after section 15:

Security of Canadian telecommunications system – Order in Council

15.‍1 (1) If, in the opinion of the Governor in Council, it is necessary to do so to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption, the Governor in Council may, by order,

15.‍1 (1) If the Governor in Council believes on reasonable grounds that it is necessary to do so to secure the Canadian telecommunications system against any threat, including that of interference, manipulation, disruption or degradation, the Governor in Council may, by order and after consultation with the persons the Governor in Council considers appropriate,

(a) prohibit a telecommunications service provider from using all products and services provided by a specified person in, or in relation to, its telecommunications network or telecommunications facilities, or any part of those networks or facilities; or

(b) direct a telecommunications service provider to remove all products provided by a specified person from its telecommunications networks or telecommunications facilities, or any part of those networks or facilities.

Scope and substance

(2) The provisions of the order must, in scope and substance, be reasonable in relation to the gravity of the threat, including that of interference, manipulation, disruption or degradation.

Non-disclosure

(3) The order may also include a provision prohibiting the disclosure of its existence, or some or all of its contents, by any person.

Factors

(4) Before making the order, the Governor in Council must consider

(a) its operational impact on the affected telecommunications service providers;

(b) its financial impact on the affected telecommunications service providers;

(c) its effect on the provision of telecommunications services in Canada; and

(d) any other factor that the Governor in Council considers relevant.

Prepublication

(5) The Governor in Council may cause a draft order to be published in the Canada Gazette.

Publication

(6) Any order made under subsection (1) must be published in the Canada Gazette within 90 days after the day on which it is made, unless the Governor in Council directs otherwise in the order.

Security of Canadian telecommunications system – Minister’s order

15.‍2 (1) If, in the Minister’s opinion, it is necessary to do so to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption, the Minister may, by order and after consultation with the Minister of Public Safety and Emergency Preparedness,

15.‍2 (1) If there are reasonable grounds to believe that it is necessary to do so to secure the Canadian telecommunications system against any threat, including that of interference, manipulation, disruption or degradation, the Minister may, by order and after consultation with the Minister of Public Safety and Emergency Preparedness and with the persons the Minister considers appropriate,

(a) prohibit a telecommunications service provider from providing any service to any specified person, including a telecommunications service provider; and

(b) direct a telecommunications service provider to suspend providing for a specified period any service to any specified person, including a telecommunications service provider.

Order

(2) The Minister may, by order, direct a telecommunications service provider to do anything or refrain from doing anything — other than a thing specified in subsection (1) or 15.‍1(1) — that is specified in the order and that is, in the Minister’s opinion, necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption. In the order, the Minister may, among other things,

(2) If the Minister believes on reasonable grounds that it is necessary to do so to secure the Canadian telecommunications system against any threat, including that of interference, manipulation, disruption or degradation, the Minister may, by order,

(a) prohibit a telecommunications service provider from using any specified product or service in, or in relation to, its telecommunications network or telecommunications facilities, or any part of those networks or facilities;

(b) direct a telecommunications service provider to remove any specified product from its telecommunications networks or telecommunications facilities, or any part of those networks or facilities;

(c) impose conditions on a telecommunications service provider’s use of any product or service, or any product or service provided by a specified person, including a telecommunications service provider;

(d) impose conditions on a telecommunications service provider’s provision of services to a specified person, including a telecommunications service provider;

(e) prohibit a telecommunications service provider from entering into a service agreement for any product or service used in, or in relation to, its telecommunications network or telecommunications facilities, or any part of those networks or facilities;

(f) require that a telecommunications service provider terminate a service agreement referred to in paragraph (e);

(g) prohibit a telecommunications service provider from upgrading any specified product or service;

(h) require that a telecommunications service provider’s telecommunications networks or telecommunications facilities as well as its procurement plans for those networks or facilities, be subject to specified review processes;

(i) require that a telecommunications service provider develop a security plan in relation to its telecommunications services, telecommunications networks or telecommunications facilities;

(j) require that assessments be conducted to identify any vulnerability in a telecommunications service provider’s telecommunications services, telecommunications networks or telecommunications facilities or its security plan referred to in paragraph (i);

(k) require that a telecommunications service provider take steps to mitigate any vulnerability in its telecommunications services, telecommunications networks or telecommunications facilities or its security plan referred to in paragraph (i); or

(l) require that a telecommunications service provider implement specified standards in relation to its telecommunications services, telecommunications networks or telecommunications facilities;

(m) direct a telecommunications service provider to do a specified thing or refrain from doing a specified thing, other than a thing specified in subsection (1) or 15.‍1(1); or

(n) require that a telecommunications service provider use a backup system for telecommunications facilities.

Scope and substance

(3) The provisions of an order made under subsection (1) or (2) must, in scope and substance, be reasonable in relation to the gravity of the threat, including that of interference, manipulation, disruption or degradation.

For greater certainty

(4) For greater certainty, despite subsection (2), the Minister is not permitted to order a telecommunications service provider to intercept a private communication or a radio-based telephone communication, as those terms are defined in section 183 of the Criminal Code.

Non-disclosure

(5) An order made under subsection (1) or (2) may also include a provision prohibiting the disclosure of its existence, or some or all of its contents, by any person.

Factors

(6) Before making an order under subsection (1) or (2), the Minister must consider

(a) its operational impact on the affected telecommunications service providers;

(b) its financial impact on the affected telecommunications service providers;

(c) its effect on the provision of telecommunications services in Canada; and

(d) any other factor that the Minister considers relevant.

Prepublication

(7) The Minister may cause a draft order to be published in the Canada Gazette.

Publication

(8) Any order made under subsection (1) or (2) must be published in the Canada Gazette within 90 days after the day on which it is made, unless the Minister directs otherwise in the order.

Report on orders

15.‍21 (1) The Minister shall cause to be tabled in each House of Parliament, within three months after the end of each fiscal year or, if either House is not then sitting, on any of the first 15 days of the next sitting of that House, a report on the orders made under subsection 15.‍1(1) and subsections 15.‍2(1) and (2).

Contents of report

(2) The Minister shall include in the report, for the fiscal year covered by the report, the following information:

(a) the number of orders made and the nature of the orders;

(b) the number of orders that were revoked;

(c) the number of times during the previous fiscal year that, under subsection 15.‍2(6), an order prevailed over a decision of the Commission made under this Act;

(d) the number of applications made to the Federal Court seeking to prohibit disclosure of an order, and the number of applications granted;

(c) the number of telecommunications service providers affected by an order;

(d) a description of compliance of telecommunications service providers that partially complied with an order;

(e) a description of compliance of telecommunications service providers that fully complied with an order; and

(f) an explanation of the necessity, proportionality, reasonableness and utility of the orders.

Contents of report: conflicts

(3) The report shall state the number of times that an order prevailed over a decision of the Commission made under this Act during previous fiscal year.

Obligation to notify

15.‍22 The Minister must, within 90 days after an order that includes a provision prohibiting the disclosure of its existence, or some or all of its contents, is made under section 15.1 or 15.2, notify the National Security and Intelligence Committee of Parliamentarians and the National Security and Intelligence Review Agency of the making of the order.

Statutory Instruments Act

(3) The Statutory Instruments Act does not apply to an order made under section 15.‍1 or 15.‍2.

Provision of information

15.‍4 The Minister may require any person to provide to the Minister or any person designated by the Minister, within any time and subject to any conditions that the Minister may specify, any information that the Minister believes on reasonable grounds is relevant for the purpose of making, amending or revoking an order under section 15.‍1 or 15.‍2 or a regulation under paragraph 15.‍8(1)‍(a), or of verifying compliance or preventing non-compliance with such an order or regulation.

Confidential information – designation

15.‍5 (1) A person who provides any of the following information under section 15.‍4 may designate it as confidential:

(a) information that is a trade secret;

(b) financial, commercial, scientific or technical information that is confidential and that is treated consistently in a confidential manner by the person who provided it;

(c) information the disclosure of which could reasonably be expected to

    (i) result in material financial loss or gain to any person,

    (ii) prejudice the competitive position of any person, or

    (iii) affect contractual or other negotiations of any person; or

(d) personal information and de-identified information

Definitions

(2) The following definitions apply in paragraph (1)‍(d).

de-identify means to modify personal information so that an individual cannot be directly identified from it, though a risk of the individual being identified remains.‍ (dépersonnaliser)

personal information has the same meaning as in section 3 of the Privacy Act.‍ (renseignements personnels)

Prohibition

(3) Subject to subsection (4), no person shall knowingly disclose or knowingly permit to be disclosed any information that is designated as confidential.

Exception

(4) Information that is designated as confidential may be disclosed, or be permitted to be disclosed, if

(a) the disclosure is authorized or required by law;

(b) the person who designated the information as confidential consents to its disclosure; or

(c) the disclosure is necessary, in the Minister’s opinion, to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.

Exchange of information

15.‍6 (1) Despite section 15.‍5, to the extent that is necessary for any purpose related to the making, amending or revoking of an order under section 15.‍1 or 15.‍2 or a regulation under paragraph 15.‍8(1)‍(a) — or to verifying compliance or preventing non-compliance with such an order or regulation — the following persons and entities may collect information from and disclose information to each other, including confidential information:

(a) the Minister;

(b) the Minister of Public Safety and Emergency Preparedness;

(c) the Minister of Foreign Affairs;

(d) the Minister of National Defence;

(e) the Chief of the Defence Staff;

(f) the Chief or an employee of the Communications Security Establishment;

(g) the Director or an employee of the Canadian Security Intelligence Service;

(h) the Chairperson or an employee of the Commission;

(i) a person designated under section 15.‍4; and

(j) any other prescribed person or entity.

Confidential information

(2) Any confidential information that is collected under subsection (1) must be treated as confidential.

Disclosure of information

15.‍7 (1) Any information collected or obtained under this Act, other than information designated as confidential under subsection 15.‍5(1), may be disclosed by the Minister under an agreement, a memorandum of understanding or an arrangement in writing between the Government of Canada and the government of a province or of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, if the Minister believes that the information may be relevant to securing the Canadian telecommunications system or the telecommunications system of a foreign state, including against the threat of interference, manipulation or disruption.

Restriction – use

(2) If the agreement, memorandum of understanding or arrangement allows for the sharing of information that may be relevant to an investigation or proceeding in respect of a contravention of this Act, an order made under section 15.1 or 15.2 or a regulation made under paragraph 15.‍8(1)‍(a) — or a law of a foreign state that addresses conduct that is substantially similar to conduct that would be in contravention of this Act, of an order made under section 15.‍1 or 15.‍2 or of a regulation made under paragraph 15.‍8(1)‍(a) — the agreement, memorandum of understanding or arrangement must restrict the use of that information to purposes relevant to contraventions of the laws of a foreign state that have consequences that would not be considered penal under Canadian law.

Privacy Act not affected

15.‍71 For greater certainty, nothing in sections 15.‍1, 15.‍2 and 15.‍4 to 15.‍7 affects the provisions of the Privacy Act.

Regulations

15.‍8(1) The Governor in Council may make regulations

(a) containing any provision that may be contained in an order made under section 15.‍2; and

(b) prescribing persons and entities for the purposes of paragraph 15.‍6(j).

Annual report

15.‍81 (1) The Minister must, within three months after the end of each fiscal year, prepare a report respecting any orders referred to in sections 15.‍1 and 15.‍2 that were made during that fiscal year and must cause the report to be laid before each House of Parliament within the first 15 days on which that House is sitting after the report is completed.

Contents

(2) The report must include the number of orders that were made in that fiscal year.

Contents of report: conflicts

(3) The report must also state the number of times that an order prevailed over a decision of the Commission made under this Act during the previous fiscal year.

[ Note: Bill C-70 (An act respecting countering foreign interference), which received royal assent in June 2024, would have repealed the green text below by establishing a new regime for “secure administrative review proceedings” under the Canada Evidence Act (ss.38.21 to 38.45). These deletions are reflected in C-8. ]

Judicial review – rules

15.‍9 (1) The following rules apply to judicial review proceedings in respect of an order made under section 15.‍1 or 15.‍2 or a regulation made under paragraph 15.‍8(1)‍(a):

(a) at any time during a proceeding, the judge must, at the Minister’s request, hear submissions on evidence or other information in the absence of the public and of the applicant and their counsel if, in the judge’s opinion, the disclosure of the evidence or other information could be injurious to international relations, national defence or national security or endanger the safety of any person;

(b) the judge must ensure the confidentiality of the evidence and other information provided by the Minister if, in the judge’s opinion, its disclosure would be injurious to international relations, national defence or national security or endanger the safety of any person;

(c) throughout the proceeding, the judge must ensure that the applicant is provided with a summary of the evidence and other information available to the judge that enables the applicant to be reasonably informed of the Government of Canada’s case but that does not include anything that, in the judge’s opinion, would be injurious to international relations, national defence or national security or endanger the safety of any person if disclosed;

(d) the judge must provide the applicant and the Minister with an opportunity to be heard;

(e) the decision of the judge may be based on evidence or other information available to the judge even if a summary of that evidence or other information has not been provided to the applicant;

(a) if the judge determines that evidence or other information provided by the Minister is not relevant or if the Minister withdraws the evidence or other information, the decision of the judge must not be based on that evidence or other information and the judge must return it to the Minister; and

(b) the judge must ensure the confidentiality of all evidence and other information that the Minister withdraws.

Preamble

Whereas the Government of Canada has a fundamental responsibility to protect Canada’s national security and the safety of Canadians;

Whereas the Government of Canada acknowledges that because some cyber systems are critically important to vital services and vital systems their disruption could have serious consequences for national security or public safety;

Whereas the Government of Canada, through its national cyber security strategy, is committed to enhancing the security and resilience of the critical cyber systems of the federally regulated private sector and to exercising leadership in cyber security to foster collaboration across Canada, with the provinces and territories and around the world;

And Whereas the Government of Canada is committed to working with various stakeholders, including the federally regulated private sector, to help protect those systems and to encourage information sharing among the stakeholders;

And whereas the Government of Canada acknowledges the necessity to protect the privacy of Canadians with respect to their personal information in accordance with the Privacy Act;

[…]

Definitions

2 The following definitions apply in this Act.

[…]

confidential information means any information obtained under this Act in respect of a critical cyber system that

(a) concerns a vulnerability of any designated operator’s critical cyber system or the methods used to protect that system and that is consistently treated as confidential by the designated operator;

(b) if disclosed could reasonably be expected to result in material financial loss or gain to, or could reasonably be expected to prejudice the competitive position of, a designated operator; or

(c) if disclosed could reasonably be expected to interfere with contractual or other negotiations of a designated operator. (renseignements confidentiels)

Guidance from Communications Security Establishment

16 An appropriate regulator may provide to the Communications Security Establishment any information, including any confidential information, respecting a designated operator’s cyber security program or any steps taken under section 15, for the purpose of requesting advice, guidance or services from the Communications Security Establishment in accordance with the mandate of the Communications Security Establishment, in respect of the exercise of the appropriate regulator’s powers or the performance of its duties and functions under this Act.

Report – cyber security incident

17 A designated operator must, immediately within a period prescribed by the regulations, not to exceed 72 hours, report a cyber security incident in respect of any of its critical cyber systems to the Communications Security Establishment in accordance with the regulations, for the purpose of enabling the Communications Security Establishment to exercise its powers or perform its duties and functions.

Notify

18 Immediately after reporting a cyber security incident, the designated operator must

(a) notify the appropriate regulator, in the form and manner prescribed by the regulations that the report was made; and

(b) on request, give a copy of the report to the appropriate regulator.

Communications Security Establishment – provision of incident report

19 The Communications Security Establishment must, without delay, at the request of a regulator, give that regulator a copy of any incident report or any portion of it that relates to a designated operator in respect of which that regulator is the appropriate regulator, for the purpose of verifying compliance or preventing non-compliance with any provision of this Act or the regulations.

Direction

20 (1) The Governor in Council may, by order, direct any designated operator or class of operators to comply with any measure set out in the direction for the purpose of protecting a critical cyber system, if the Governor in Council believes on reasonable grounds that it is necessary to make the order for that purpose.

Amend or revoke

(2) The Governor in Council may, by order, amend or revoke a direction in whole or in part.

Factors

(3) Before making an order under subsection (1), the Governor in Council must consider

(a) its operational impacts on affected designated operators;

(b) its impact on public safety of Canadians;

(c) its financial impacts on affected designated operators;

(d) its impact on the delivery of vital services and vital systems to consumers; and

(e) any other factor that the Governor in Council considers to be relevant.

Compliance with direction

(4) Every designated operator that is subject to a direction must comply with it.

Notification by Minister

(5) The Minister must, within 90 days after an order is made under subsection (1), notify the National Security and Intelligence Committee of Parliamentarians and the National Security and Intelligence Review Agency of the making of the order.

For greater certainty

(6) For greater certainty, despite subsection (1), the Governor in Council is not permitted to order any designated operator or class of operators to intercept a private communication or a radio-based telephone communication, as those terms are defined in section 183 of the Criminal Code.

Contents of direction

21 (1) A direction made under section 20 must set out

(a) the name of the designated operator or the class of operators in respect of which the direction applies;

(b) the measures to be taken by the designated operator along with any conditions; and

(c) the period within which those measures are to be taken.

Condition

(2) In addition to any conditions referred to in paragraph (1)‍(b), the Governor in Council may impose other conditions in a direction.

Exemption from Statutory Instruments Act

22 (1) An order made under section 20 is exempt from the application of sections 3, 5 and 11 of the Statutory Instruments Act.

Exchange of information

23 (1) To the extent necessary, for any purpose related to the making, amending or revoking of a cyber security direction in respect of a designated operator, the following persons or entities may collect information from and disclose information, including confidential information, to each other:

(a) the Minister;

(b) the responsible minister;

(c) the appropriate regulator;

(d) the Minister of Foreign Affairs;

(e) the Minister of National Defence;

(f) the Chief of the Defence Staff;

(g) the Chief or an employee of the Communications Security Establishment;

(h) the Director or an employee of the Canadian Security Intelligence Service; and

(i) any other person or entity that is prescribed by the regulations.

Confidential information

(2) Any confidential information, within the meaning of this Act or any other Act of Parliament that applies to or is administered by a person or entity referred to in subsection (1), that is collected or disclosed under that subsection must be treated as confidential.

[ Note: Ss. 23(3) and (4) were added by SECU but deleted by the House on third reading. A motion at SECU to add parallel retention requirements to the Critical Cyber Systems Protection Act was defeated. ]

Retention period

(3) Any information collected or obtained under subsection (1) must be retained only for as long as is necessary to make, amend or revoke an order under section 20, or to verify compliance or prevent non-compliance with such an order.

Designated operators to be informed

(4) A designated operator, or class of operators, to which the information relates must be informed of the retention period.

Prohibition against disclosure

24 Every designated operator that is subject to a cyber security direction is prohibited from disclosing, or allowing to be disclosed, the fact that a cyber security direction was issued and the content of that direction, except in accordance with section 25.

Disclosure – when allowed

25 (1) A designated operator that is subject to a cyber security direction may disclose the fact that the direction was issued and its content only to the extent necessary to comply with the direction.

Prohibition – further disclosure

(2) A person must not, without the authorization of the designated operator, disclose or allow the disclosure of any information obtained by them under subsection (1).

Prohibition

26 (1) Subject to subsection (2), a person must not knowingly disclose confidential information or allow it to be disclosed to any agency, body or other person or allow any other agency, body or other person to have access to the information, except if

(a) the disclosure is required by law;

(b) the information to be disclosed is publicly available;

(c) the designated operator to which the information relates consents to its disclosure;

(d) the disclosure is necessary for any purpose related to the protection of vital services, vital systems or critical cyber systems;

(e) the disclosure is made in accordance with any provision of this Act; or

(f) the disclosure is made in accordance with the Security of Canada Information Disclosure Act.

Right to disclose information preserved

(2) Nothing in this section precludes a person from disclosing confidential information to a law enforcement agency or the Canadian Security Intelligence Service if the disclosure of the information is otherwise lawful.

Confidential information

(3) Any confidential information that is disclosed or allowed to be accessed under subsection (1) must be treated as confidential.

Agreements and arrangements – exchange of information

27 (1) Subject to subsection (2), the Minister, a responsible minister or a regulator may enter into an agreement or arrangement, in writing, with the government of a province or of a foreign state, or with an international organization established by the governments of foreign states, for the exchange of information, other than confidential information, relating to the protection of critical cyber systems

(a) between the Minister, the responsible minister or the regulator, as the case may be, and any institution or agency of that government; or

(b) between the Minister, the responsible minister or the regulator, as the case may be, and the international organization.

Confidential information – government of province

(2) Confidential information may be disclosed to any institution or agency of the government of the province only if

(a) it is disclosed under the agreement or arrangement; and

(b) the Minister, the responsible minister or the regulator, as the case may be, is satisfied that the information will be treated in a confidential manner and not be further disclosed without their express consent.

Exchange of information by appropriate regulator

28 (1) For any purpose related to this Act If it is necessary for the protection of vital services, vital systems or critical cyber systems, the appropriate regulator for a class of operators may provide the Minister or the responsible minister with any information, including any confidential information, that is related to the exercise of the appropriate regulator’s powers or the performance of its duties and functions under this Act or the regulations. However, if for the same reason the Minister or the responsible minister makes a request for the information, the appropriate regulator must provide the information so requested.

Confidential information

(2) Any confidential information, within the meaning of this Act or any other Act of Parliament that applies to or is administered by the appropriate regulator, that is provided under subsection (1) must be treated as confidential.

Request for information

29 For the purpose of verifying compliance or preventing non-compliance with any provision of this Act or the regulations, a regulator may request that a person, partnership or unincorporated organization provide it with any information, and the person, partnership or unincorporated organization, as the case may be, must provide the requested information within the time and in the manner set out in the request.

Note: sections 32 to 87 set out regulatory inspection and requirement powers for designated inspectors who would be authorized to enter and conduct inspections in places to which the requirements of the Act apply, namely: the Minister of Industry, the Minister of Transport, the Superintendent of Financial Institutions, the Bank of Canada, the Canadian Energy Regulator, and the Canadian Nuclear Safety Commission. As the Department of Justice’s Charter statement points out, these inspection and requirement powers would be available for the regulatory purpose of verifying compliance and preventing non-compliance with the Act but not for the purpose of advancing a penal investigation. The statement therefore concludes that the proposed powers are similar to regulatory inspection powers that have been upheld in other contexts.

Regulations

135 (1) The Governor in Council may make regulations for carrying out the purposes and provisions of this Act, including regulations

(a) respecting cyber security programs;

(b) respecting any condition and criteria respecting internal audits;

(c) respecting the form, and manner and period for reporting any cyber security incidents referred to in section 17 and the types of incidents that must be reported;

(d) respecting the period within which a notification referred to under subsection 14(1) is to be provided;

(e) respecting the management of records referred to in section 30, including the collection, use, retention, disclosure and disposal of those records;

(f) designating any provision of this Act or of the regulations made under this Act for the purposes of section 90;

(g) classifying each violation as a minor violation, a serious violation or a very serious violation;

(h) fixing the maximum penalty in respect of each violation;

(i) defining, for the purposes of this Act, any word or expression that is used in this Act but is not defined; and

(j) prescribing anything that is to be prescribed under this Act.

Consistency with regulatory regimes

(2) In making regulations under subsection (1), the Governor in Council may seek to ensure consistency with existing regulatory regimes, such as those established by provincial regulatory agencies.

[ Note: Bill C-70 (An act respecting countering foreign interference), which received royal assent in June 2024, would have repealed the green text below by establishing a new regime for “secure administrative review proceedings” under the Canada Evidence Act (ss.38.21 to 38.45). These deletions are reflected in C-8. ]

Judicial review – rules

145 (1) The following rules apply to judicial review proceedings in respect of the issuance of a cyber security direction under section 20:

(a) at any time during a proceeding, the judge must, at the Minister’s request, hear submissions on evidence or other information in the absence of the public and of the applicant and their counsel if, in the judge’s opinion, the disclosure of the evidence or other information could be injurious to international relations, national defence or national security or endanger the safety of any person;

(b) the judge must ensure the confidentiality of the evidence and other information provided by the Minister if, in the judge’s opinion, its disclosure would be injurious to international relations, national defence or national security or endanger the safety of any person;

(c) throughout the proceeding, the judge must ensure that the applicant is provided with a summary of the evidence and other information available to the judge that enables the applicant to be reasonably informed of the Government of Canada’s case but that does not include anything that, in the judge’s opinion, would be injurious to international relations, national defence or national security or endanger the safety of any person if disclosed;

(d) the judge must provide the applicant and the Minister with an opportunity to be heard;

(e) the decision of the judge may be based on evidence or other information available to the judge even if a summary of that evidence or other information has not been provided to the applicant;

(a) if the judge determines that evidence or other information provided by the Minister is not relevant or if the Minister withdraws the evidence or other information, the decision of the judge must not be based on that evidence or other information and the judge must return it to the Minister; and

(b) the judge must ensure the confidentiality of all evidence and other information that the Minister withdraws.

Report to Parliament

147 (1) The Minister must, within three months after the end of each fiscal year, prepare a report on the administration of this Act for that fiscal year and cause a copy of the report to be laid before each House of Parliament on any of the first 15 sitting days of that House after the report is completed.

Contents

(2) The report must include, for the fiscal year covered by the report, the following information in relation to orders made under subsection 20(1):

(a) the number of orders made under subsection 20(1) and the nature of the directions set out in those orders;

(b) the number of directions revoked under subsection 20(2);

(c) the number of designated operators that were subject to a direction;

(d) description of compliance of designated operators that partially complied with a direction;

(e) description of compliance of designated operators that fully complied with a direction; and

(f) an explanation of the necessity, proportionality, reasonableness and utility of the directions.

Contents

(3) The report must contain information on, among other things,

(a) the number of directions issued under subsection 20(1) in the immediately preceding fiscal year;

(b) the number of designated operators that were issued directions under subsection 20(1) in the immediately preceding fiscal year; and

(c) any other information relating to the immediately preceding fiscal year that the Minister considers relevant, if that information is not likely to be about an identifiable designated operator or other person.