Canada’s new AI strategy and OPC Annual Report: What organizations need to know

On June 4, 2026, two significant developments landed for Canadian organizations navigating AI and privacy. Prime Minister Carney launched AI for All, Canada’s new national artificial intelligence strategy, and the Office of the Privacy Commissioner of Canada (OPC) tabled its 2025–2026 annual report, Championing Privacy in the Age of AI.

Read together, these announcements signal that AI adoption and privacy enforcement are both accelerating – and that organizations should be preparing now.

The AI for All strategy targets an additional $200 billion in economic growth and 250,000 new AI-related jobs over the next five years, with a goal of increasing AI adoption from roughly 12% to 60% by 2034.

The strategy is built on three pillars: building trust, creating opportunities and reinforcing Canadian sovereignty.

From a privacy and compliance standpoint, the most immediately relevant commitments include:

The government has also committed to tabling new consumer privacy legislation and expanding the capabilities of the Canadian AI Safety Institute with $50 million in funding. The strategy also contemplates a “Canada Trusted AI Certification” program to identify trustworthy AI products in the marketplace.

OPC Annual Report: Privacy enforcement is intensifying

The same day, Privacy Commissioner Philippe Dufresne tabled his annual report highlighting the OPC’s increasingly active enforcement posture, particularly around AI and children’s privacy.

The report also follows closely on the heels of the OPC’s landmark joint investigation into OpenAI’s ChatGPT, released on May 6, 2026, which found that OpenAI’s initial training of ChatGPT was not compliant with Canadian privacy laws and resulted in a series of significant recommendations around consent, transparency and data minimisation for AI model training.

View the full annual report and related news release.

Organizations should review their current AI governance frameworks and privacy compliance programmes in light of these developments. In particular, we recommend monitoring the introduction of the promised privacy and online safety legislation, reviewing internal AI use policies to ensure alignment with the principles set out in the ChatGPT investigation findings, and assessing breach response and data-handling practices against the OPC’s current expectations. These developments underscore that responsible AI adoption and robust privacy compliance are not competing objectives – they are increasingly inseparable.

Contact one of the authors or a member of our AI and Emerging Technology team for more information or support for your organization.

Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.