London Ontario AI Procurement Bylaw Guide

Technology and Data Ontario 3 Minutes Read · published February 12, 2026 Flag of Ontario

In London, Ontario, city staff procurement of artificial intelligence (AI) tools must follow the citys procurement rules, privacy obligations, and IT approvals. This guide explains where to start, which departments enforce the rules, and practical steps for requesting, approving, and monitoring AI tools used in municipal operations. It draws on the City of Londons public procurement information and the citys bylaws governing purchases and contracts, and points to official contacts for procurement, IT security, and privacy compliance. Use this guide to prepare procurement requests, document risk assessments, and understand enforcement and appeal pathways.

Overview of Applicable Rules

Procurement of software, cloud services, and AI-driven tools is governed by the City of London procurement policies and purchasing bylaw. Procurement requests for AI should include vendor transparency, data handling, privacy impact assessments, and IT security sign-off. The citys procurement page provides official procedure summaries and contacts for contracting and vendor registration City of London Procurement[1]. The purchasing bylaw is the controlling instrument for procurement approvals and thresholds Purchasing Bylaw[2].

Key Compliance Requirements

  • Include a procurement justification and business case that specifies the AI use, data inputs, and expected outputs.
  • Conduct a privacy impact assessment (PIA) or data protection assessment where personal information is processed.
  • Obtain IT security review and approvals for any hosted or cloud AI services before contracting.
  • Follow required procurement thresholds, competitive processes, or sole-source justifications as set out in the purchasing bylaw.
Start early: procurement, privacy and IT reviews often add weeks to a project timeline.

Penalties & Enforcement

Enforcement of procurement rules and the purchasing bylaw is carried out by the City of Londons Procurement division and the municipal office responsible for bylaw administration. Specific monetary fines and penalty amounts for non-compliance with procurement procedures are not specified on the cited page; see the purchasing bylaw and procurement contacts for case-specific remedies City of London Procurement[1] Purchasing Bylaw[2].

  • Escalation: first, internal corrective directions; repeat or continuing non-compliance may lead to contract termination or suspension of procurement privileges (not specified on the cited page).
  • Non-monetary sanctions: orders to stop work, contract cancellation, suspension of vendor registration, and referral to council or legal action (not specified on the cited page).
  • Enforcer and complaint pathway: Procurement division and City Clerks office; use official procurement contact pages to report non-compliance.
  • Appeals and review: administrative review or council-level review where provided; time limits for appeals are not specified on the cited page.

Applications & Forms

The city publishes procurement forms and vendor information on its procurement pages. Specific AI procurement templates, vendor registration forms, or privacy impact assessment templates are not specified on the cited procurement page; contact Procurement and IT Security for current forms and submission instructions City of London Procurement[1].

Practical Steps for City Staff

  • Prepare a business case that defines purpose, stakeholders, data types, and retention.
  • Complete a privacy impact assessment if personal information will be used.
  • Submit IT security and vendor risk review requests to Information Technology Services.
  • Follow the purchasing bylaw thresholds for competitive procurement or sole-source approval.
Document decisions and retain approvals in procurement records for audit trails.

FAQ

Who enforces procurement rules for AI tools?
The City of Londons Procurement division enforces procurement procedures, with oversight from the City Clerk and IT Security for technical and privacy aspects.
Are there fines for procuring AI tools without approvals?
Monetary fines specific to procurement non-compliance are not specified on the cited city procurement pages; enforcement typically focuses on corrective orders, contract remedies, or suspension of vendor privileges.
Where do I get the privacy impact assessment form?
Contact IT Security and Procurement for the current PIA template and submission instructions; the procurement page provides contact details.

How-To

  1. Draft a concise business case describing the AI tool, objectives, and data involved.
  2. Consult with Privacy and Legal to determine if a privacy impact assessment is required.
  3. Submit an IT security review request to Information Technology Services.
  4. Work with Procurement to determine the correct procurement route and prepare tender or sole-source documentation.
  5. Secure council or delegated authority approvals if required by the purchasing bylaw.
  6. Execute contract with explicit data-handling, audit, and termination clauses.

Key Takeaways

  • Plan procurement early to allow privacy and IT reviews.
  • Record approvals and PIAs to support compliance and audits.
  • Use official Procurement and IT contacts before purchasing AI tools.

Help and Support / Resources

  1. [1] City of London Procurement
  2. [2] Purchasing Bylaw

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data