Question Period Note: Digital sovereignty

About

Reference number:
SSC-2026-QP-0902
Date received:
Feb 9, 2026
Organization:
Shared Services Canada
Name of Minister:
Lightbound, Joël (Hon.)
Title of Minister:
Minister of Government Transformation, Public Works and Procurement

Issue/Question:

Digital sovereignty refers to the Government of Canada’s ability to exercise autonomy over its digital assets and services, ensuring it can manage and protect its digital systems, data and information regardless of where technologies are developed, hosted, or supported. This protects national security, supports economic competitiveness and enables the Government of Canada to operate independently while reducing the risks of foreign interference in the digital age.

It includes:
• Data sovereignty: Ensuring data complies with national laws and remains under the jurisdiction and control of the country
• Operational sovereignty: Retaining control over how digital services are deployed and preventing reliance on, or interference from, foreign entities
• Technological sovereignty: Maintaining the ability to make independent decisions about technology without being overly dependent on monopolistic or foreign controlled vendors

Suggested Response:

Key facts

• Under the Directive on Service and Digital, departments and agencies are expected to prioritize computing facilities in Canada—or on Government of Canada premises abroad—for storing or handling sensitive electronic information, such as Protected B, C or classified data. This helps keep important data secure and under Canadian control.

• Under the Policy on Privacy Protection, departments and agencies must protect personal information properly, reduce privacy risks and remain open and accountable, even when it is processed or stored by third-party companies.

• The Treasury Board Secretariat’s paper Digital Sovereignty: A Framework to improve digital readiness of the Government of Canada examines the challenges related to jurisdictional complexity, reliance on global suppliers, evolving cyber security risks, and internal capacity. It underscores the need for interoperability across the Government of Canada and with trusted international partners. The framework discusses legal issues, supply chain, and technical controls that reinforce Canada’s authority over government systems.

• Shared Services Canada applies the Buy Canadian Policy in procurements to strengthen Canada’s economic resilience and industrial capacity. The policy supports domestic businesses and workers by prioritizing Canadian suppliers, materials and content wherever feasible.

• Data protection obligations are embedded in contracts with service providers through standardized security clauses, access restrictions and incident reporting requirements.

Key messages

• Digital sovereignty is a critical priority for the Government of Canada to protect essential data, reduce risks of foreign interference and strengthen domestic information technology capabilities and Shared Services Canada has been actively working to strengthen information technology diversification by reducing vendor concentration and influence in strategic areas, while promoting Canadian-made solutions.

• Shared Services Canada will also develop a sovereign made-in-Canada artificial intelligence platform that can be deployed across the government, in partnership with leading Canadian artificial intelligence companies, and enable greater access to sovereign artificial intelligence compute.

• Shared Services Canada is investing in Canadian technology capabilities and strengthening policies to protect critical infrastructure.

• Shared Services Canada has launched a procurement process to establish Sovereign Canadian Cloud capabilities for the Government of Canada through a process that prioritizes Canadian-owned and controlled cloud service providers. These efforts will secure Canadian capacity as part of the Government of Canada cloud ecosystem.

If pressed on protections
• The Government of Canada applies a range of technical safeguards to protect data, maintain service reliability and ensure continued operation of its systems. These include secure system design; encryption to protect information in storage and in transit; access and identity management; and continuous monitoring to detect and respond to incidents.

If pressed on how Shared Services Canada strengthens digital sovereignty

• Shared Services Canada works with Canadian telecommunications companies to provide the Government of Canada with a fast, reliable network that operates on Canadian-owned assets and routes traffic within Canada. This helps keep sensitive government data secure and under Canadian control.

• Shared Services Canada uses state-of-the-art enterprise infrastructure and multiple layers of defence, including cutting-edge sensors designed to identify and eradicate cyber threats.

• Shared Services Canada delivers hybrid hosting models to meet the Government of Canada’s needs for security, scalability and sovereignty. Hosting models range from fully Government of Canada-owned data centres (maximum sovereignty) to public cloud services (lower control, higher scalability).

• Shared Services Canada’s enterprise data centres are located within Canada and operate on Canadian-owned assets. This helps keep important data secure and under Canadian control.

Background:

Due to the global dominance of U.S.-based technology vendors and the comparatively small size of Canada’s information technology (IT) sector, targeted interventions are essential to scale Canadian capabilities. Cloud computing, in particular, is dominated by Amazon Web Services, Google Cloud and Microsoft Azure, posing challenges to operational and technological sovereignty.

Advanced cyber threat actors are increasingly using supply chains to bypass traditional security defences by introducing vulnerabilities. Since 2012, Shared Services Canada (SSC) has mitigated this risk through Supply Chain Integrity (SCI) procurement reviews for equipment, software and services. These assessments help departments and agencies to identify and potentially mitigate security vulnerabilities before they impact operations.

The Government of Canada (GC) has made strategic investments in Canadian IT firms, including a March 2025 announcement by Innovation, Science and Economic Development Canada (ISED) of up to $240 million in funding for Toronto-based Cohere Inc. This investment marks Cohere as the first recipient of the artificial intelligence (AI) Compute Challenge, part of the $2 billion Canadian Sovereign AI Compute Strategy. In August 2025, the GC signed a memorandum of understanding with Cohere to explore opportunities for deploying AI technologies across the GC to enhance operations within the public service and to build out Canada’s commercial capabilities in using and exporting AI.

Additional Information:

None