AI Safety

SCITUS Framework Bridges Canada's Fragmented AI Regulations with 57 Controls

After Bill C-27's demise, a new framework unifies Canada's patchwork AI rules.

Deep Dive

Canadian organizations deploying AI face a fragmented regulatory landscape after the death of Bill C-27 (AIDA) in January 2025 and the June 2026 confirmation that the federal government will pursue targeted instruments instead of omnibus legislation. Provincial regulations in Ontario, Quebec, Alberta, Manitoba, and British Columbia diverge further, leaving no unified guidance. Global frameworks like NIST AI RMF 1.0, the EU AI Act, and ISO/IEC 42001 offer direction but lack systematic methods for multi-jurisdictional adaptation.

Mohammad Etemad's SCITUS (Systematic Canadian Integration for Trustworthy and Unified Standards) framework fills this gap. It adapts NIST AI RMF 1.0 by enhancing 7 trustworthy-AI characteristics for Canadian requirements, embedding 4 core governance functions, and introducing a novel multi-jurisdictional compliance mapping methodology. The versioned control catalog evolved from 31 controls (v1.0, June 2025) to 57 controls (v2.0, July 2026), responding to Canada's first regulatory findings on generative-AI training data and the documented 2026 agentic-AI threat landscape. SCITUS demonstrates applicability across federal government, provincial healthcare, and the private sector, arguing that systematic adaptation offers significant advantages over jurisdiction-by-jurisdiction compliance and provides a replicable model for other federal systems.

Key Points
  • SCITUS v2.0 (July 2026) expands its control catalog from 31 to 57 controls, tracking regulatory developments on generative-AI training data and agentic-AI threats.
  • The framework addresses both federal requirements (Treasury Board Directive on Automated Decision-Making) and provincial regulations in Ontario, Quebec, Alberta, Manitoba, and British Columbia.
  • It adapts NIST AI RMF 1.0's four core governance functions and seven trustworthy-AI characteristics, adding a multi-jurisdictional compliance mapping methodology.

Why It Matters

SCITUS gives Canadian AI deployers a single compliance framework, reducing legal uncertainty and enabling innovation across provinces.

📬 Get the top 10 AI stories daily