TheArtOfService
Back to Frameworks

Canada Artificial Intelligence and Data Act (AIDA)

Self-Assess
Canada
v2022 (proposed - not yet enacted)
15 domains
33 controls

The Artificial Intelligence and Data Act (AIDA), proposed as Part 3 of Bill C‑27 (Digital Charter Implementation Act), is a pending Canadian federal law that would establish a risk‑based regulatory framework for high‑impact artificial intelligence systems. The Act would impose obligations on providers and operators of high‑impact AI systems, including conducting risk assessments, implementing monitoring and mitigation measures, maintaining detailed documentation, and providing transparency notices to affected individuals. It defines “high‑impact” AI based on criteria such as the system’s scope, level of autonomy, and potential for significant harm. The Act also includes provisions for exemptions, enforcement powers for the Minister of Innovation, Science and Industry, and alignment with existing privacy legislation. As of now, AIDA remains a proposed statute and has not yet been enacted.

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (15)

Accountability and Governance

3 controls
Controls in the Accountability and Governance domain of Canada Artificial Intelligence and Data Act (AIDA)3 controls
CodeTitle
AIDA-11Incident Reporting
AIDA-12Record Keeping
AIDA-13Risk Mitigation Measures

Assurance

1 controls
Controls in the Assurance domain of Canada Artificial Intelligence and Data Act (AIDA)1 controls
CodeTitle
AIDA-19Audit and Assurance

Data

1 controls
Controls in the Data domain of Canada Artificial Intelligence and Data Act (AIDA)1 controls
CodeTitle
AIDA-5Data Governance

Deployment and Operations

3 controls
Controls in the Deployment and Operations domain of Canada Artificial Intelligence and Data Act (AIDA)3 controls
CodeTitle
AIDA-10Monitoring and Drift Detection
AIDA-8Human Oversight
AIDA-9Robustness and Validation

Design and Development Requirements

4 controls
Controls in the Design and Development Requirements domain of Canada Artificial Intelligence and Data Act (AIDA)4 controls
CodeTitle
AIDA-4Bias and Discrimination Mitigation
AIDA-5Data Governance
AIDA-6Transparency to Users
AIDA-7Public Reporting

Fairness

2 controls
Controls in the Fairness domain of Canada Artificial Intelligence and Data Act (AIDA)2 controls
CodeTitle
AIDA-17User Redress
AIDA-4Bias and Discrimination Mitigation

Governance

4 controls
Controls in the Governance domain of Canada Artificial Intelligence and Data Act (AIDA)4 controls
CodeTitle
AIDA-1Scope and High-Impact Systems
AIDA-12Record Keeping
AIDA-18Training and Competence
AIDA-2Accountability Framework

High-Impact AI System Classification

3 controls
Controls in the High-Impact AI System Classification domain of Canada Artificial Intelligence and Data Act (AIDA)3 controls
CodeTitle
AIDA-1Scope and High-Impact Systems
AIDA-2Accountability Framework
AIDA-3Harm Assessment

Incident Response

1 controls
Controls in the Incident Response domain of Canada Artificial Intelligence and Data Act (AIDA)1 controls
CodeTitle
AIDA-11Incident Reporting

Operations

4 controls
Controls in the Operations domain of Canada Artificial Intelligence and Data Act (AIDA)4 controls
CodeTitle
AIDA-10Monitoring and Drift Detection
AIDA-16Generative AI Specific Measures
AIDA-20Cessation of High-Risk Use
AIDA-8Human Oversight

Quality

1 controls
Controls in the Quality domain of Canada Artificial Intelligence and Data Act (AIDA)1 controls
CodeTitle
AIDA-9Robustness and Validation

Risk

2 controls
Controls in the Risk domain of Canada Artificial Intelligence and Data Act (AIDA)2 controls
CodeTitle
AIDA-13Risk Mitigation Measures
AIDA-3Harm Assessment

Security

1 controls
Controls in the Security domain of Canada Artificial Intelligence and Data Act (AIDA)1 controls
CodeTitle
AIDA-15Security of AI Systems

Third-Party

1 controls
Controls in the Third-Party domain of Canada Artificial Intelligence and Data Act (AIDA)1 controls
CodeTitle
AIDA-14Third-Party AI Components

Transparency

2 controls
Controls in the Transparency domain of Canada Artificial Intelligence and Data Act (AIDA)2 controls
CodeTitle
AIDA-6Transparency to Users
AIDA-7Public Reporting

Your Compliance Coverage

If you comply with Canada Artificial Intelligence and Data Act (AIDA), you already cover:

NIST AI Risk Management Framework (AI RMF 1.0)

85%

17 controls mapped

Compare →

NIST AI 600-1: Generative AI Profile

60%

12 controls mapped

Compare →

OECD AI Principles

55%

11 controls mapped

Compare →

+ 38 more: OECD Recommendation on Artificial Intelligence (2024 Update) (25%), Vermont Artificial Intelligence and Consumer Data Act (AICDA) (20%)

See all 41 mapped frameworks ↓

Maps to 41 other frameworks

20 total controls
NIST AI Risk Management Framework (AI RMF 1.0)
17 source controls mapped|20 target controls covered
85%
NIST AI 600-1: Generative AI Profile
12 source controls mapped|14 target controls covered
60%
OECD AI Principles
11 source controls mapped|11 target controls covered
55%
OECD Recommendation on Artificial Intelligence (2024 Update)
5 source controls mapped|5 target controls covered
25%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
4 source controls mapped|3 target controls covered
20%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
4 source controls mapped|5 target controls covered
20%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
4 source controls mapped|7 target controls covered
20%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
3 source controls mapped|2 target controls covered
15%
ISO/IEC 29134:2023
3 source controls mapped|3 target controls covered
15%
ISO/IEC 27014:2020
3 source controls mapped|2 target controls covered
15%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
3 source controls mapped|2 target controls covered
15%
ISO/IEC 27400:2022
2 source controls mapped|3 target controls covered
10%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
2 source controls mapped|4 target controls covered
10%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
2 source controls mapped|2 target controls covered
10%
ISO/IEC 38500:2024 - Governance of IT
2 source controls mapped|2 target controls covered
10%
GLI-33 - Gaming Laboratories International Event Wagering Systems
2 source controls mapped|2 target controls covered
10%
TISAX - Trusted Information Security Assessment Exchange
2 source controls mapped|2 target controls covered
10%
Telecommunications Sector Security Reforms (TSSR)
2 source controls mapped|2 target controls covered
10%
Protective Security Policy Framework (PSPF) Release 2024
2 source controls mapped|2 target controls covered
10%
SQF Code Edition 9 - Safe Quality Food
2 source controls mapped|2 target controls covered
10%
ASIS SPC.1-2009 - Organizational Resilience Standard
2 source controls mapped|1 target controls covered
10%
ISO/IEC 29147:2018
2 source controls mapped|1 target controls covered
10%
ISO/IEC 27031:2011
2 source controls mapped|1 target controls covered
10%
ISO/IEC 27006:2024
1 source controls mapped|1 target controls covered
5%
WCO Authorised Economic Operator (AEO) Framework
1 source controls mapped|1 target controls covered
5%
Netherlands GDPR Implementation Act (UAVG - Uitvoeringswet AVG, 2018)
1 source controls mapped|1 target controls covered
5%
Poland Act on Personal Data Protection (Ustawa o ochronie danych osobowych, 2018)
1 source controls mapped|1 target controls covered
5%
Latvia Personal Data Processing Law (Fizisko personu datu apstrades likums, 2018)
1 source controls mapped|1 target controls covered
5%
Finland Data Protection Act (Tietosuojalaki, 1050/2018)
1 source controls mapped|1 target controls covered
5%
Russia Federal Law on Personal Data (152-FZ)
1 source controls mapped|3 target controls covered
5%
ISO/IEC 29100:2024
1 source controls mapped|3 target controls covered
5%
India Account Aggregator Framework (RBI)
1 source controls mapped|1 target controls covered
5%
OWASP Top 10:2025
1 source controls mapped|1 target controls covered
5%
NIST SP 800-171
1 source controls mapped|1 target controls covered
5%
ISO/IEC 27011:2024
1 source controls mapped|1 target controls covered
5%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|1 target controls covered
5%
IEC 60601-1 - Medical Electrical Equipment Safety
1 source controls mapped|3 target controls covered
5%
Aged Care Quality Standards (Australia)
1 source controls mapped|1 target controls covered
5%
Singapore Government Instruction Manual on ICT&SS Management (IM8)
1 source controls mapped|1 target controls covered
5%
TNFD Recommendations
1 source controls mapped|1 target controls covered
5%
AASB S2 Climate-related Disclosures
1 source controls mapped|1 target controls covered
5%
Compare Canada Artificial Intelligence and Data Act (AIDA) with NIST AI Risk Management Framework (AI RMF 1.0)

Frequently Asked Questions

What is Canada Artificial Intelligence and Data Act (AIDA)?

Canada Artificial Intelligence and Data Act (AIDA) is a compliance framework from Canada with 15 domains and 33 controls. The Artificial Intelligence and Data Act (AIDA), proposed as Part 3 of Bill C‑27 (Digital Charter Implementation Act), is a pending Canadian federal law that would establish a risk‑based regulatory framework for high‑impact artificial intelligence systems. The Act would impose obligations on providers and operators of high‑impact AI systems, including conducting risk assessments, implementing monitoring and mitigation measures, maintaining detailed documentation, and providing transparency notices to affected individuals. It defines “high‑impact” AI based on criteria such as the system’s scope, level of autonomy, and potential for significant harm. The Act also includes provisions for exemptions, enforcement powers for the Minister of Innovation, Science and Industry, and alignment with existing privacy legislation. As of now, AIDA remains a proposed statute and has not yet been enacted. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Canada Artificial Intelligence and Data Act (AIDA) have?

Canada Artificial Intelligence and Data Act (AIDA) has 33 controls organised across 15 domains. The largest domains are Design and Development Requirements (4 controls), Governance (4 controls), Operations (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Canada Artificial Intelligence and Data Act (AIDA) map to?

Canada Artificial Intelligence and Data Act (AIDA) maps to 41 other compliance frameworks. The top mapping partners are NIST AI Risk Management Framework (AI RMF 1.0) (85% coverage), NIST AI 600-1: Generative AI Profile (60% coverage), OECD AI Principles (55% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Canada Artificial Intelligence and Data Act (AIDA) compliance?

Start your Canada Artificial Intelligence and Data Act (AIDA) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Canada Artificial Intelligence and Data Act (AIDA) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 33 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required