
Canada’s proposed legislative overhaul, introduced through Bills C-34 and C-36, is drawing immediate attention from U.S. lawyers who advise firms with any digital presence that reaches north of the border.
Bill C-34 aims to regulate online content and AI services
On June 10, 2026, the Canadian Parliament received Bill C-34, formally the Digital Safety Act and the Digital Safety Commission of Canada Act. The measure would place social media platforms, AI chatbot providers, and other online services that Canadians can access under a new federal framework. The bill revives a prior attempt, Bill C‑63, which failed to pass in 2024.
Related: Selling gift cards may trigger money transfer laws
The proposed Digital Safety Act (DSA) targets seven categories of harmful material, including non‑consensual intimate images, child sexual abuse content and propaganda that encourages violence or terrorism. Operators would be required to adopt design features that protect minors, such as age‑verification tools and stricter default age limits—generally sixteen years unless a company can demonstrate robust safeguards.
Four core duties would accompany the DSA. First, a duty to protect children obliges services to limit exposure to pornographic material and keep detailed compliance records. Second, a duty to act responsibly requires platforms to label synthetic media and provide user‑generated reporting tools. For AI chatbots, the DSA also requires operators to reduce users’ exposure to harmful content.
Related: U.S. Companies Navigate Germany Market Entry Structures
Bill C-36 modernizes privacy protections
Five days after the introduction of Bill C‑34, the Minister of Artificial Intelligence and Digital Innovation tabled Bill C‑36, the Protecting Privacy and Consumer Data Act. The legislation would replace key parts of the Personal Information Protection and Electronic Documents Act (PIPEDA) and represents the most significant privacy reform in Canada since the early 2000s.
Bill C‑36 frames privacy as a fundamental right and expands individual control over personal data. It introduces rights to access, correct, delete and transfer information, each backed by a structured compliance process. Companies would need to maintain documented privacy programs, policies and complaint mechanisms, creating auditable structures that regulators can inspect on demand.
Related: Medspa Industry Faces New Regulatory Challenges
For U.S. counsel, the most notable aspect is that both bills have only cleared first reading in the House of Commons and must still pass through the Senate before receiving Royal Assent. Stakeholders are encouraged to monitor the legislative process and prepare for potential compliance requirements well before the statutes become law.
Compliance will be essential.