Canada Artificial Intelligence and Data Act (AIDA) — Bill C-27 Draft
The Artificial Intelligence and Data Act (AIDA), forming Part 3 of Bill C-27, is Canada's forthcoming AI statute. It imposes assessment, mitigation, monitoring, and recordkeeping duties on persons responsible for high-impact AI systems. Ledgix evidences each duty with a signed AIDA-typed Impact Assessment, bias-audit data, and the operational ledger.
Status: Full — every control resolves to an artifact Ledgix produces today following the Phase 4 impact-assessment and Phase 2 incident module shipping.
Scope
AIDA applies to persons responsible for high-impact AI systems made available in Canada. It requires (a) assessment of whether a system is high-impact, (b) measures to identify and mitigate risks of harm or biased output, (c) ongoing monitoring of those measures, and (d) recordkeeping describing the mitigation measures and all decisions made subject to the Act.
Controls covered
| Field | Type | Required | Description |
|---|---|---|---|
| AIDA-S8 | impact_assessments / events_jsonl / policy_snapshots | Assess whether an AI system is high-impact | Per-system AI Impact Assessment (ia_type=aia_canada) capturing risk categories, data categories, and residual risk. |
| AIDA-S9 | impact_assessments / bias_audits / events_jsonl / policy_snapshots | Measures to identify and mitigate risks of harm or biased output | Mitigation steps on each AIA, supported by bias audits and per-event denial reasons. |
| AIDA-S10 | impact_assessments / incidents / checkpoint_chain / events_jsonl | Monitoring compliance with mitigation measures | next_review_at field enforces periodic monitoring; incidents capture mitigation failures. |
| AIDA-S11 | impact_assessments / policy_snapshots / framework_mapping | Recordkeeping about mitigation measures | Every AIA plus signed assessment_json, the signed ledger, and immutable policy snapshots. |
Evidence types referenced
- impact_assessments — signed AIDA AIA records classifying high-impact determinations.
- bias_audits — statistical evidence that bias mitigation is effective.
- events_jsonl — per-decision ledger trail for compliance audit.
- policy_snapshots — policies articulating impact classes and mitigation posture.
- incidents — records where mitigation measures were breached or ineffective.
- checkpoint_chain — continuous operational record supporting compliance monitoring.
- framework_mapping — the mapping document itself is a required record.
Known gaps (if any)
None — every control resolves to an artifact Ledgix produces today. Tenants that have not yet authored AIAs can generate starter drafts from operational data via the admin console's AIA workflow.
Audit pack workflow
Export an evidence ZIP for this framework from the admin console's Evidence Exports panel by selecting Canada Artificial Intelligence and Data Act (AIDA) — Bill C-27 Draft and a time window. Each control's evidence_locators[] in the included framework_mapping.json points to the corresponding file in the ZIP.
References
- Framework mapping JSON:
vault/internal/compliance/frameworks/canada_aida.json - Canonical source: Bill C-27 — Digital Charter Implementation Act, 2022 — Parliament of Canada