Building Sovereign AI: A Framework for Canada's Public Sector and Critical Infrastructure Leaders

By Laith Sarhan

October 15, 2025

This article is an extension of the ideas I presented during my lunch remarks at the 2025 Vancouver International Security Summit (VISS). The conversation around building sovereign AI capabilities for Canada's public and critical infrastructure sectors is more urgent than ever, and this post offers a tangible governance framework for the leaders driving that mission.

The global race for AI leadership is on. While many focus on computing power and algorithms, Canada's true, untapped advantage lies in our vast, high-quality public and private datasets. This is the fuel for the next generation of innovation in public services, economic growth, and national security.

Yet, this strategic asset remains largely locked away, paralyzed by legitimate fears of privacy violations, security breaches, and ethical missteps. Public trust is low, and the risk of failure is high.

A proactive governance framework doesn't inhibit innovation, however, it enables it. For Canada's public sector and critical infrastructure leaders, building a sovereign AI capability isn't just a technical challenge but primarily a governance one. This article provides a three-step framework to do it right.

Step 1: Turning Data Liability into Your Greatest Asset

It's not about having data; it's about having usable data. Before you can build, you must prepare the ground. This means legally and ethically engineering your datasets so they are safe and ready for AI and machine learning applications.

Go Beyond Anonymization: Under Canadian law, there are major differences between pseudonymized datasets, truly anonymized datasets, and de-identified datasets. True anonymization is the gold standard for unlocking sensitive health, transit, or civic data for broad research and model training, as it often removes the data from the scope of privacy law entirely. Aligning your technical teams on these definitions can substantially accelerate responsible and confident innovation.
Develop Data Trusts and Sandboxes: Create legally defined "sandboxes" where validated partners and researchers can access de-identified datasets for specific, public-benefit projects. This controlled environment allows for innovation without risking the integrity or security of the core dataset. Building data sharing frameworks that envision broader access and use can help reduce friction for secondary uses as they come up.
Rethink Consent for the AI Era: The traditional model of specific, informed consent is brittle and often impractical for the dynamic nature of AI. The modern, more defensible approach focuses on two pillars:
- Reasonable Expectations: In accordance with new direction from the Federal Court of Appeal, aligning data use with what individuals would reasonably expect when they provided their information. This has been an unspoken cornerstone of Canadian privacy law and, as individual expectations re: data use are crystallizing over time, is paramount for maintaining public trust.
- Demonstrable Accountability: Shifting the burden from individual consent to organizational accountability. This means being able to demonstrate that your systems are fair, secure, and used for their stated purpose, regardless of the consent obtained.

Step 2: Vetting Your AI Supply Chain

Most public sector AI will be procured, not built in-house. Remember: you're not just buying software; you're inheriting a supply chain of risk. It's important to understand the different layers of your AI supply chain, from the foundational model to the end-user application, and to contractually define ownership and risk at each stage.

When you assess a vendor, differentiate between:

Primary Providers (Foundation Models): These are the base layers, like large language models. The key risks here are the provenance of their training data and inherent model biases that you will inherit.
Secondary Providers (AI-Driven SaaS): These vendors build applications on top of primary models, often incorporating complex data pipelines like Retrieval-Augmented Generation (RAG) or vector embeddings. The risks here multiply, involving how your data is processed, enriched, and secured at every step.

6 Key Questions to Ask Your Next AI Vendor:

"Where will our data live, and who can access it?" This covers data residency, security safeguards, and cross-border data flows.
"How was your model trained, and can you demonstrate bias mitigation?" This is essential for primary providers and helps you understand the risks you're inheriting.
"Can you explain how your application makes its decisions?" You need to push back against the "black box" excuse to meet your own transparency and accountability obligations.
"Who owns the outputs? The insights, reports, or new models generated using our data?" This is a critical IP question. Define ownership clearly in your contract to avoid giving away valuable derivative assets.
"What are our rights if we terminate the service? Can our data and the outputs be securely and verifiably deleted?" Ensure you have a clear exit path that doesn't lock you in or leave your data behind.
"Who is legally liable when the AI makes a harmful error?" Your contract must clearly allocate risk and provide indemnification for failures that are not your fault. Building on the AI Impact Assessment (as mentioned below), be sure to include specific indemnities for risks that may be foreseeable based on the use-case and/or model.

Step 3: Preparing for When, Not If, Things Go Wrong

Good governance shines brightest in a crisis. The final piece is establishing clear lines of human accountability before an AI system is deployed. This requires planning for a new class of novel, AI-specific incidents.

Appoint an "AI Accountable Executive": Just as you have a Chief Privacy Officer, a designated senior leader must be formally responsible for the performance, ethics, and impact of the organization's AI systems. This individual should be cross-functionally fluent and must be in touch with wide swaths of the organization.
Mandate AI Impact Assessments (AIA): Before any high-risk AI system goes live, a mandatory internal review must be conducted to proactively identify and mitigate risks related to bias, discrimination, and security. The federal government's own AIA is a useful starting point.
Create an "AI Incident Response Plan": A standard data breach plan is insufficient. This specialized playbook must address unique AI threats and failures, including:
- Adversarial Attacks & Model Poisoning: A plan for malicious attempts to corrupt your training data or trick the model into producing harmful outputs.
- Algorithmic Bias Discovery: A process for identifying, escalating, and remediating systemic biases that are discovered after deployment.
- Cascading System Failure: A playbook for when an AI error causes significant, widespread operational disruption or public harm.

Conclusion: From Governance to Advantage

Building sovereign AI is a deliberate act of strategic governance, not just technological development. The initial three steps above provide a clear path forward.

By embedding legal and ethical principles into our AI lifecycle from the start, we can turn a source of national anxiety into a source of enduring national advantage, building AI systems that are not only powerful but also trustworthy.

Navigating the intersection of AI, data law, and public trust is complex. If your organization is starting this journey, I offer a complimentary 30-minute strategic call to discuss your specific challenges.