Every generation confronts its pivotal moment. Sometimes it’s shaped as a man walking on the moon, or a railroad getting blasted through the Rockies, or planes flying into buildings in New York. For the current era, this moment is anchored in computational infrastructure rather than physical buildings. And for Canada this is a national security threat of seismic proportions. Our sovereignty has an overwhelming reliance on US-based hyperscale cloud providers, specifically Amazon Web Services (AWS), Google Cloud and Microsoft Azure.
Canada’s most sensitive data from government, finance, justice and health is legally subject to U.S. extraterritorial laws, particularly the Clarifying Lawful Overseas Use of Data (CLOUD) Act and the Patriot Act, even when that data is physically stored on servers within Canadian borders. There’s a policy paralysis in Canada, compounded by legislative gridlock (such as the failure of the Artificial Intelligence and Data Act, or AIDA, to pass through Parliament). This is why Canada requires immediate and decisive action to build out sovereign, domestic computational capacity.
From pipelines to packet switches, this is the new look of sovereignty
Canada isn’t used to thinking it terms of digital data. The nation was built on natural resources and physical control over infrastructure. National railways tied Confederation together and pipelines created the wealth to which Canadians have grown accustomed. But the 21st Century is a different era and it demands we look at our own nation through the lens of these times. The entire economy and organization of the nation relies on cloud infrastructure, and that requires computational power.
Canada’s cloud landscape is heavily consolidated under the three big U.S. hyperscalers: AWS, Azure and Google. AWS leads the public cloud services market in Canada with a 30 percent share (Q2 2025), followed by Azure at 20 percent.
Microsoft Azure holds particularly strong leverage in the Canadian enterprise sector. Almost all Canadian organizations use Microsoft’s tools, from Active Directory to Exchange to Office Suite. They have for decades. This is an established ecosystem that makes it a natural progression from MS365 to an Azure Tenant or Active Directory subscription. The vast majority of systems administrators are familiar with tools like PowerShell. It’s a seamless technological integration, but it represents a profound acceptance of foreign control over Canada’s economy.
Governments at all levels are some of the most widespread adopters of U.S. cloud services. AWS is the largest provider of cloud services to the federal and provincial governments in Canada.
The mirage of Canadian control
Some of the blame comes down to the confusion between data residency and data jurisdiction. Many Canadian institutions often stipulate their data must be physically stored on cloud servers located in Canada, such as the AWS Canada Region. This satisfies simplified data residency criteria.
But the truth is far more severe. The physical location of cloud data is irrelevant. The cloud infrastructure, the underlying code and the corporate entities controlling the access keys are U.S.-owned, and the data is subject to U.S. law. It doesn’t matter where the physical servers are located.
The primary legal instrument challenging Canadian data sovereignty is the U.S. CLOUD Act, passed in 2018. The Act permits U.S. law and intelligence to compel U.S.-based technology companies to disclose customer information to authorities, even if the data is stored outside of the United States.
This is a direct conflict of laws. Canadian privacy laws, such as the Personal Information Protection and Electronic Documents Act, and the Canadan Charter of Rights and Freedoms, require a court warrant for access to personal data. Canada’s courts have explicitly rejected the U.S. Third Party Doctrine which holds that entities can consent to data disclosures on behalf of their customers. The CLOUD Act effectively steamrolls Canada’s legal frameworks around data security.
Any administration hostile to Canadian sovereignty (as we see currently in the White House) could cripple Canada’s government and economy, simply through executive order.
The policy paralysis in Canada is real
This threat to Canada’s existence is enabled by a profound lack of legislative backbone in Ottawa. The clearest example is the failure of AIDA. This was intended to establish rules for high-impact AI, but the bill died in Parliament. The failure leaves Canadian businesses with no clear regulatory environment (as discussed earlier), forcing them to seek stability where it exists: the massive U.S. hyperscalers. When domestic policy fails, foreign infrastructure beckons.
To be fair, AIDA was flawed from the beginning. It lacked specificity, and some of its provisions were heavily criticized by labour organizations, rights watchdogs, and even Amnesty International. The Assembly of First Nations were particularly vociferous in their condemnation of the act. Its death when Parliament prorogued was probably a good death.
The new federal government seems to be thinking the right way. Prime-Minister Mark Carney has called digital sovereignty the “most pressing policy and democratic issue of our time,” and referred to the situation as a “crisis moment.” Still, the government has yet to introduce any legislation to tackle the issue, and the nation continues to depend on U.S. hyperscale cloud services.
The path to digital independence
Reclaiming sovereignty requires more than talk. The solution must be a digital infrasctructure act built on two strategic pillars: a legal shield and an economic lever.
The counter-CLOUD statute: This must legislate that Canadian courts, not late-night U.S. rants on Truth Social, govern all data stored within Canada.
The procurement mandate: Ottawa must use its massive spending power to finally cultivate domestic capacity by mandating that federal contracts for compute workloads prioritize Canadian-owned and operated cloud providers.
Canada must support its current cloud providers and provide the necessary legislative and financial incentives to increase compute capacity. Thankfully there are Canadian cloud companies already operating.
Sync.com is one of the largest. This Toronto-based company has a significant user base and keeps all data right here in Canada.
ThinkOn.com is a cloud/IaaS and is one of the only Canadian approved Cloud Service Providers by the federal government.
Leonovus.com offers secure data management that shreds and encrypts data across multiple clouds to eliminate single points of foreign jurisdiction.
Canada cannot afford to remain a passive tenant. Sovereignty is a practical state of control, but until we legislate and build the infrastructure, we will continue to outsource our independence to Amazon and Google.
Canada’s tech news
Minister of Artificial Intelligence and Digital Innovation Evan Solomon announced the creation of a task force about AI strategy. The explicit goal is to secure Canada’s AI sovereignty and develop the nation’s AI strategy.
Vooban, an AI leader based out of Montreal, announced the creation of Vooban Labs, focused on developing autonomous AI agents that can interpret data and act autonomously. The firm also announced Vooban Cyber to provide cybersecurity for AI models.
Canada’s second largest airline, WestJet, confirmed passenger information was stolen in a cyberattack that occurred back in June, 2025. The airline is working with the Canadian Centre for Cyber Security and federal government to address the issue.
