01-30_GENERALS_Fall25_PT - Flipbook - Page 13
INNOVATION
MAJOR CYBERSECURITY
CHANGES ON THE HORIZON
Critical infrastructure operators face new compliance obligations under Bill C-8, while U.S.
regulations create cross-border considerations
By ANTHONY CURCURUTO, CEO, CentreCoreAI
C
ANADIAN ORGANIZATIONS OPERATING CRITICAL
INFRASTRUCTURE are facing a
significant shift in cybersecurity
governance as Bill C-8 advances
through Parliament. Introduced
in June 2025, this legislation
establishes mandatory cybersecurity
obligations for operators in federally
regulated sectors, marking Canada's
most comprehensive cybersecurity
reform to date.
Bill C-8: Canada's Critical Cyber Systems
Protection Act
Bill C-8 revives the framework originally
proposed under Bill C-26, which died
on the order paper when Parliament
was prorogued in January 2025. The
legislation creates the Critical Cyber Systems Protection Act (CCSPA) and amends
the Telecommunications Act to address
vulnerabilities in Canada's critical infrastructure.
The Act applies to "designated
operators" providing vital services and
systems, including telecommunications,
banking and 昀椀nancial clearing systems,
interprovincial energy transmission,
nuclear facilities, and federally regulated
transportation networks. These sectors
have been identi昀椀ed for their essential
role in preserving national security and
public safety.
Key Compliance Requirements
Organizations designated under the
CCSPA face stringent obligations. Within
THEGENERALS.NET
FALL 2025 • the generals 13
