PIPEDA
Personal Information Protection and Electronic Documents Act. Federal lawful basis for processing personal information; accountability principle requires meaningful audit trail for every decision involving personal data.
Canada
Runtime authority for Canadian sovereign AI.
When a provincial privacy commissioner asks who acted under whose authority, when Health Canada wants the SaMD pre-market + post-market evidence, when OSFI wants the model-risk control trail — KYE Protocol™ answers from a record sealed at the moment of action. Replayable from the publishing tenant's JWKS alone. No vendor dependency in the audit path.
Canadian frameworks mapped to KYE™
Per-requirement bijection — not a slide deck.
PHIPA (Ontario) + provincial equivalents
Personal Health Information Protection Act (Ontario) + HIA (Alberta) + PHIA (Manitoba/Nova Scotia) + provincial PIPA variants. Custodian-based authority model maps cleanly to KYE™ delegation chain + Purpose Permission™ binding.
Health Canada SaMD
Software as a Medical Device (SaMD) Pre-Market Guidance + Post-Market Surveillance. Signed Evidence Packs™ per inference give Health Canada the contemporaneous record the post-market regime depends on.
HC AI/ML Action Plan 2023
Health Canada's AI/ML-enabled medical device action plan. Specifies pre-market transparency, post-market monitoring, and the Predetermined Change Control Plan (PCCP) equivalent for Canadian SaMD. KYE™ binds the runtime decision to the declared change-control envelope.
OSFI · FINTRAC
Office of the Superintendent of Financial Institutions (federal bank supervision) + Financial Transactions and Reports Analysis Centre (AML/CTF). Banking-grade audit chain + delegated-action records map to OSFI Guideline B-13 (technology & cyber risk) and FINTRAC's risk-based AML obligations.
Canada AI & Data Act (AIDA) tracker
Tracking the proposed AI & Data Act and the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems. KYE™ records keep the high-impact-system audit trail contemporaneous — ready for whichever final regulator powers ship.
Canadian-sovereign deployment
Canadian data, Canadian keys, Canadian control.
- Data residency — deploy to Canadian-region edge runtime resources; per-tenant configurable; structured datastore + object store pinned to Canada.
- Customer KMS — signing keys live in the customer's HSM or sovereign-cloud KMS; KYE™ never has access to the private key material.
- Open verifier — provincial privacy commissioners, OSFI examiners, Health Canada inspectors and the Office of the Privacy Commissioner of Canada (OPC) can replay an Evidence Pack™ using only the publisher's JWKS. No vendor dependency in the audit path.
- Bilingual surfaces — English / French regulator-facing artefacts roadmap (V1.1).
- Apache 2.0 schemas + vocabulary — the contracts the customer relies on are open. The patent-track runtime construction is paid; the proof formats are not.
Canadian pilot · 6 weeks
KYE Canadian Health Readiness Pilot™.
Provincial health authorities, Canada Health Infoway, CIHI, Canadian hospitals and Canadian SaMD vendors deploying AI in clinical workflows: 6-week shadow-mode engagement producing PIPEDA + PHIPA control mapping per assertion, signed Evidence Packs™ per decision, Health Canada SaMD coverage attestation, and a provincial-privacy-commissioner-ready executive summary.
Independent — no government affiliation. KYE Protocol™ is an independent protocol and is not affiliated with, endorsed by, or part of any government, regulator, or official “Sovereign AI” programme. References to regulators and frameworks describe the requirements KYE™ helps you evidence — not any official relationship.