Skip Navigation

Canada’s Digital Safety Act: A Revamped Framework for Online Safety

By Mallory Gallant, John Lenz, Ellie Marshall, Wendy Mee and Sunny Handa
June 15, 2026
Overview
More information

On June 10, 2026, the federal government introduced Bill C-34, the Safe Social Media Act. If passed, Bill C-34 would establish a federal digital safety regime by enacting the Digital Safety Act (Act) and create the Digital Safety Commission of Canada (Commission) through the Digital Safety Commission of Canada Act (the DSCCA). The Commission would be responsible for overseeing and enforcing the Act.

The Act builds on the federal government’s past attempts to establish a comprehensive regulatory framework to address online harms in Canada. While there are many key differences from its predecessor, Bill C-63, it revives several key proposals, including addressing the same seven categories of harmful content:

  1. Intimate content communicated without consent
  2. Content related to child sexual exploitation and child bullying
  3. Content that induces a child to harm themselves
  4. Content used to bully a child
  5. Content that foments hatred
  6. Content inciting violence
  7. Terrorism or violent extremism content

Application of the Digital Services Act

The scope of the Act is much broader than the Safe Social Media Act title would suggest. The Act would apply to operators of “regulated services,” which include regulated social media services, regulated chatbot services and regulated online services. The terms “social media service,” “chatbot service” and “online service” are defined by the Act. However, whether any such service is “regulated” will be prescribed by future regulation

Duties Under the Digital Safety Act

The Act would impose various duties on operators of regulated services.

Duties Common to All Operators

All operators of regulated services would be subject to a duty to protect children. This includes integrating design features to be established by regulation. Additionally, operators that have reasonable grounds to suspect their service provides access to pornographic content must implement adequate age-verification or age-estimation measures to reduce children’s exposure and other measures to mitigate the risk of children’s exposure to pornographic content set out in regulations.

Regulated operators would also be required to retain all records necessary to determine whether they are complying with their obligations under the Act.

Duties of Social Media Operators

Operators of regulated social media services (SM Operators) would be subject to additional duties, including the following:

  • Duty to protect children. SM Operators must implement adequate age-verification or age-estimation measures to prevent children under the age of 16 from having an account. For these measures to be considered adequate, the Commission must be satisfied that the measures (1) are effective, (2) do not involve the collection or use of personal information other than for age-verification or age-estimation purposes, (3) provide for the destruction of personal information that is collected for age-verification or age-estimation purposes once the verification or estimation is completed, (4) provide for the protection of personal information that is collected for age-verification or age-estimation purposes until that information is destroyed, and (5) comply with any other requirement specified in regulations. The Commission could, in accordance with regulations, exempt operators from this prohibition if it is satisfied that the operator provides adequate safeguards for the protection of children.
    • This proposal raises significant privacy and data protection questions, including:
      • Age-verification challenges: Determining whether a user is under 16 requires the collection of children’s personal information, which is considered sensitive.
      • Risk of over-collection: Platforms may need to implement intrusive age-verification tools, which may conflict with data minimization principles.
  • Duty to act responsibly. SM Operators must (1) mitigate the risk that users are exposed to harmful content, (2) provide users tools to be able to block other users, (3) provide tools to flag and process harmful content, (4) label synthetic content that meets criteria prescribed by regulations, (5) label content that the operator reasonably believes was artificially amplified by bots or automated accounts, (6) make user guidelines available on the social media service that outline the standard of conduct applicable to users with respect to harmful conduct and describe the measures the operator implements regarding harmful conduct on the service, and (7) make a resource person available to receive concerns from users.
  • Duty to be transparent. SM Operators must submit a digital safety plan to the Commission and publish it on the service. The plan must include the elements prescribed by the Act for social media services.
  • Duty to make certain content inaccessible. Where the SM Operator identifies content that sexually victimizes a child or revictimizes a survivor, or intimate content communicated without consent, it must make the content inaccessible within 24 hours.

Duties of Chatbot Operators

Operators of regulated chatbot services (CB Operators) would be subject to the following duties:

  • Duty to act responsibly. Similarly to SM Operators, CB Operators must (1) mitigate the risk that users are exposed to harmful content, (2) provide users tools to be able to block other users, (3) provide tools to flag and process harmful content, (4) make user guidelines available on the chatbot service that outline the measures the operator implements to mitigate the risk that the service will communicate harmful content and how it addresses situations where a user expresses on the service suicidal ideation, self-harm or an intention to commit an act that could cause death or harm to an individual, and (5) make a resource person available to receive concerns from users.
    • They must also, among other things, implement measures to intervene where a user expresses suicidal ideation, self-harm, or an intention to commit an act that could cause death or serious bodily harm to themselves or an individual, as well as measures to mitigate the risk that the service will engage in specific categories of harmful behaviour.
  • Duty to be transparent: CB Operators must submit a digital safety plan to the Commission and publish it on the service. The plan must include the elements prescribed by the Act for chatbot services.

Duties of Online Service Operators

Operators of regulated online services (OS Operators) would be required to submit a digital safety plan to the Commission and publish it on the service. The plan must include the elements prescribed by the Act for online services.

Creation of the Digital Safety Commission

The newly created Commission would be granted significant oversight and enforcement powers and responsibilities, including:

  • Monitoring and auditing compliance, including investigatory powers
  • Issuing compliance orders and directing platforms to implement corrective measures
  • Ordering the removal of or making inaccessible certain harmful content
  • Administering a submission and complaints process for users
  • Imposing administrative monetary penalties for non-compliance, with maximum penalties reaching the greater of C$10-million or 3% of global revenue (which, while significant, are lower than those contemplated under Bill C-63)

The Act also includes offence provisions and corresponding fines for non-compliance. These fines are not to be more than 5% of the operator’s gross global revenue in the preceding financial year or C$20-million, whichever is greater on indictment; or on summary conviction, not to be more than 4% of the operator’s gross global revenue in the preceding financial year or C$15-million, whichever is greater.

Key Takeaways for Organizations

If Bill C-34 is passed as currently drafted, organizations operating online services, including those providing platforms with user-generated content or AI-driven interactions, should anticipate:

  • Increased expectation of safety-by-design features and risk mitigation measures
  • A new regulator with significant oversight and enforcement authority
  • Continued uncertainty pending future regulations, which will define critical elements of the regime, including more specificity on which online services are in scope

Before it becomes law, the Bill must complete two additional readings in the House of Commons and three in the Senate. If passed, the rights and obligations in the Act will come into force only upon an order from the Governor in Council.

The Bill represents a significant step in Canada’s ongoing efforts to regulate digital harms and supports the federal government’s “AI for All Strategy.” However, many key elements of the regulatory framework, including the precise scope of regulated services, the mechanics of age verification and the detailed obligations for operators, will be determined through yet-to-be-drafted regulation.

For more information, please contact the authors or any other member of our Communications, Technology or Privacy & Data Protection groups.

Related Insights

Blakes Competitive Edge™: June 2026 Update
Newsletters
Canadian Cybersecurity Trends Study – Sixth Edition
Reports
Duel of the Forums – Court Declines Receivership Application in Favour of Existing Arbitration Process
Bulletins

Learn how the Alberta Court distinguished Petrowest and upheld arbitration over receivership.
More insights

Blakes and Blakes Business Class communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. We would be pleased to provide additional details or advice about specific situations if desired.

For permission to republish this content, please contact the Blakes Client Relations & Marketing Department at [email protected].
© 2026 Blake, Cassels & Graydon LLP

Ask Our Lawyers

Practices

Sectors

Save as PDF