Canada introduces cyber security certification for defence suppliers

Canada has launched a certification programme setting baseline cyber security requirements for companies involved in defence contracts.
Canada introduces cyber security certification for defence suppliers

The Government of Canada has introduced the first level of its Canadian Program for Cyber Security Certification, establishing baseline cybersecurity requirements for suppliers participating in defence procurement.

The certification will be implemented in phases starting in summer 2026 and will be required at the stage when contracts are awarded.

The programme is part of broader efforts to strengthen the security of defence supply chains, particularly in response to cyber threats targeting contractors and sensitive data. It introduces standard criteria to help organisations identify, assess, and manage cyber risks.

The approach allows for gradual adoption, including adjustments for small and medium-sized enterprises. It also aligns with international frameworks, including interoperability with United States standards, to support cross-border cooperation.

By defining minimum requirements, the certification framework sets a common reference point for cybersecurity practices among defence suppliers. Additional certification levels are expected to be introduced in the future.

Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.

Civil Society Alliances for Digital Empowerment (CADE) 2024. All rights reserved.

This website is co-funded by the European Union. Its contents are the sole responsibility of CADE and do not necessarily reflect the views of the European Union.

Web accessibility | Privacy policy

Go to Top