
Over 42,000 CRA Accounts Breached: What to Know
More than 42,000 Canadian taxpayer accounts have been breached since 2020. Learn more about the data breach class-action lawsuit involving CRA accounts.
May 20, 2026 - Blog
Authored By Packetlabs

As digital platforms become increasingly central to everyday life, governments around the world are introducing legislation aimed at addressing online harms, protecting children, increasing platform accountability, and regulating emerging technologies such as artificial intelligence.
In June 2026, the Government of Canada introduced Bill C-34, the Safe Social Media Act, which would establish a new federal online safety framework through the creation of the Digital Safety Act and the Digital Safety Commission of Canada Act. If enacted, the legislation would create one of Canada's most significant regulatory frameworks governing social media platforms, online services, and certain AI chatbot providers.
For organizations operating digital platforms, social networks, online communities, content-sharing services, and AI-driven applications, the proposed legislation could introduce substantial new compliance obligations, reporting requirements, and enforcement risks.
This guide explains what Bill C-34 is, how the proposed Digital Safety Act works, who may be affected, and what businesses should do to prepare.
Bill C-34, introduced on June 10, 2026, is known as the Safe Social Media Act. The legislation would establish a new federal framework aimed at reducing online harms, protecting children, increasing transparency, and holding digital platforms accountable for managing harmful content.
The legislation proposes two major new laws:
The Digital Safety Act
The Digital Safety Commission of Canada Act
Together, these laws would create both a regulatory framework and a new regulator responsible for overseeing compliance.
The proposed legislation builds upon earlier online harms initiatives, including Bill C-63, while introducing a revised approach focused on platform obligations, child protection, transparency, and digital safety governance.
The government has cited growing concerns regarding:
Child exploitation online
Cyberbullying
Non-consensual intimate image sharing
Online hate content
Violent extremist material
Self-harm promotion
AI-generated harmful content
Platform accountability
As online services continue to evolve, policymakers have argued that existing laws do not adequately address modern digital risks. The proposed legislation seeks to establish clearer responsibilities for operators of online platforms and digital services.
The Digital Safety Act is broader than many organizations initially assume.
The legislation would apply to certain "regulated services," which may include:
Social media platforms
User-generated content platforms
Public chatbot services
Online communities
Certain content-sharing services
Other online services designated through future regulations
Importantly, some AI-powered chatbot services could also fall within the scope of the legislation.
This means compliance considerations may extend beyond traditional social media companies.
The proposed legislation identifies several categories of harmful content that regulated services would be expected to address.
These include:
Intimate content shared without consent
Content that sexually victimizes children
Content that revictimizes survivors
Content that encourages self-harm among children
Online bullying targeting children
Content that foments hatred
Content that incites violence
Terrorist or violent extremist content
Platform operators may be required to implement measures designed to mitigate risks associated with these categories.
One of the central obligations proposed by the legislation is a broad duty requiring operators to take reasonable measures to reduce risks associated with harmful content.
Organizations may need to:
Assess platform risks
Implement mitigation measures
Monitor emerging threats
Review content moderation practices
Maintain appropriate governance structures
The emphasis is on proactive risk management rather than simply reacting after incidents occur.
Regulated services would be required to develop and maintain Digital Safety Plans.
These plans may need to outline:
Risk assessment methodologies
Harm reduction strategies
Content management processes
Child protection measures
Reporting mechanisms
Governance controls
Organizations would likely need to regularly review and update these plans as platforms evolve.
A major focus of Bill C-34 is protecting children online.
The legislation contemplates requirements related to:
Child safety design features
Age assurance mechanisms
Content protections
Risk mitigation measures
Some provisions may require services to incorporate child-focused safeguards directly into platform design and operation.
The proposed legislation includes obligations to make certain categories of content inaccessible in Canada within prescribed timelines.
Particular attention is given to:
Child sexual exploitation material
Non-consensual intimate content
Content causing revictimization
Organizations may need to implement processes capable of responding rapidly to complaints and regulatory directives.
One of the most significant aspects of Bill C-34 is the creation of a new federal regulator.
The proposed Digital Safety Commission of Canada would be responsible for:
Monitoring compliance
Investigating complaints
Conducting inspections
Issuing orders
Enforcing obligations
Imposing penalties
The Commission would become the primary oversight body for Canada's new digital safety framework.
The proposed regulator would have substantial enforcement authority.
Potential powers include:
Requiring information from operators
Conducting investigations
Issuing compliance orders
Reviewing safety practices
Assessing penalties
Organizations subject to the legislation should expect significantly greater regulatory scrutiny than currently exists under many online content frameworks.
Bill C-34 proposes significant administrative monetary penalties for non-compliance.
Reports indicate penalties could reach:
Up to $10 million
Or up to 3% of global revenue in certain circumstances
These potential penalties place digital safety compliance among the most significant regulatory risks facing online platform operators in Canada.
Although often discussed as online harms legislation, the Digital Safety Act has important cybersecurity implications.
Organizations may need stronger:
Security monitoring
Incident response procedures
User reporting systems
Data governance controls
Platform monitoring capabilities
Risk management programs
Cybersecurity teams will likely play a critical role in supporting compliance efforts.
One of the most notable features of Bill C-34 is its inclusion of certain AI chatbot services.
AI operators may face obligations related to:
Harmful content mitigation
User safety measures
Child protection safeguards
Risk assessments
Transparency requirements
This reflects a broader international trend toward increased oversight of generative AI platforms.
Organizations should also consider privacy implications.
Requirements involving:
Age verification
Age estimation
User identity validation
Content monitoring
may intersect with privacy obligations under existing and proposed Canadian privacy laws.
Businesses may need to balance:
User privacy
Data minimization
Safety requirements
Regulatory compliance
Careful legal and privacy review will likely be necessary.
Organizations sometimes confuse the Digital Safety Act with privacy legislation such as PIPEDA or the proposed Protecting Privacy and Consumer Data Act (PPCDA).
The two frameworks serve different purposes.
Privacy Legislation | Digital Safety Act |
Governs personal information handling | Governs online harms and platform safety |
Focuses on privacy rights | Focuses on harmful content and user protection |
Regulates data collection and use | Regulates platform responsibilities |
Enforced through privacy regulators | Enforced through Digital Safety Commission |
Addresses personal information protection | Addresses online safety risks |
Organizations operating online services may ultimately need to comply with both frameworks simultaneously.
Although Bill C-34 remains a proposed law and has not yet been enacted, organizations should begin assessing potential impacts.
Recommended steps include:
Evaluate how users interact with your services and identify potential online harm risks.
Assess whether existing moderation procedures would support future compliance obligations.
Determine whether current safeguards adequately protect younger users.
Organizations deploying AI systems should evaluate how chatbot functionality may fit within future regulatory requirements.
Document policies, procedures, reporting processes, and oversight mechanisms.
The bill may evolve as it progresses through Parliament.
Organizations should remain informed regarding amendments and implementation timelines.
Bill C-34 has already generated significant public discussion.
Supporters argue the legislation:
Improves child safety
Enhances platform accountability
Addresses harmful online content
Establishes clearer regulatory oversight
Critics have raised concerns regarding:
Freedom of expression
Age verification requirements
Privacy implications
Regulatory authority
Platform compliance burdens
These debates are likely to continue as the legislation moves through the parliamentary process. (McCarthy Tétrault)
The Digital Safety Act reflects a broader trend toward increased regulation of digital platforms worldwide.
Similar initiatives can be seen in:
The European Union's Digital Services Act
Australia's online safety legislation
Various U.S. state-level online safety initiatives
Canadian organizations should expect continued regulatory attention on:
Online harms
Artificial intelligence
Child protection
Platform accountability
Digital governance
Digital safety compliance is increasingly becoming a strategic business requirement rather than solely a legal issue.
Bill C-34 represents one of Canada's most significant proposed digital regulatory frameworks to date. Through the proposed Digital Safety Act and Digital Safety Commission of Canada, the legislation would establish new responsibilities for social media platforms, online services, and certain AI chatbot providers while introducing substantial enforcement powers and financial penalties.
While the legislation remains under consideration and may change during the legislative process, organizations should begin evaluating how the proposed requirements could affect their operations, governance structures, cybersecurity programs, content moderation practices, and AI deployments.
Businesses that proactively assess risks, strengthen digital safety controls, and build compliance readiness today will be better positioned to navigate Canada's evolving online safety landscape as regulatory expectations continue to expand.