AI Impact Assessment Request - Québec Bylaw

Technology and Data Quebec 3 Minutes Read · published February 12, 2026 Flag of Quebec

In Québec, Quebec, municipal teams increasingly require checks before deploying new AI tools that process citizen data or affect services. This guide explains the typical municipal request process, who reviews assessments, where to find controlling bylaws and provincial authority, and practical next steps for city staff, vendors and community stakeholders. Use the links below to consult official municipal regulations and provincial law for formal authority and to confirm any local forms or deadlines.[1][2]

Scope & When to Request

Request an AI impact assessment when a new or substantially changed tool will collect, use, disclose or make decisions about personal data, automate operational decisions, or affect public services. Typical triggers include pilot deployments, procurement of third-party AI systems, or when the tool will make decisions affecting housing, permits, licensing or enforcement.

Begin early in procurement to avoid deployment delays.

Who Reviews and Approves

  • Department: Service des technologies de l'information or equivalent IT governance office.
  • Privacy review: By-law Enforcement or Privacy Officer for personal information impact assessments.
  • Final approver: Chief Administrative Officer or delegated director depending on procurement thresholds.

Penalties & Enforcement

Municipal bylaws or procurement rules may impose remedies where deployments violate local rules or privacy obligations. Specific monetary fines, escalation rules and statutory sanction amounts are not specified on the cited municipal pages; consult the municipal regulation and provincial statutory authority for penalties and enforcement measures.[1]

  • Fines: not specified on the cited page; see the municipal regulations for any bylaw fines and provincial statutes for administrative penalties.[1]
  • Escalation: first, repeat and continuing offence rules are not specified on the cited page.
  • Non-monetary sanctions: orders to cease use, remedial compliance measures, suspension of contracts or seizure of systems may be applied under municipal authority or contract terms.
  • Enforcer: By-law Enforcement and the municipal Privacy Officer; complaints and inspections are handled by those offices.
  • Appeals: appeal routes are typically to municipal decision-review bodies or judicial review; specific time limits are not specified on the cited page.
Check both municipal regulations and provincial statutes for enforceable penalty amounts and appeal deadlines.

Applications & Forms

No standardized AI impact assessment form is posted on the cited municipal pages; municipalities may use internal intake forms or procurement templates—contact IT governance or procurement to obtain the correct application.[1]

Practical Steps to Request an Assessment

  • Prepare a summary of the tool, data flows, purposes, and affected services.
  • Submit documentation to Service des technologies de l'information and the municipal Privacy Officer per the department intake process.
  • Include vendor privacy notices, data processing agreements and technical architecture diagrams.
  • If required, request a pilot authorization with mitigation measures and monitoring plans.
Document decisions and retain assessment records for audits and procurement compliance.

FAQ

Who must request an AI impact assessment?
Any department proposing a new AI tool that processes personal data or affects public services should request an assessment from IT governance and the Privacy Officer.
Is there a standard municipal form?
No standard public form is posted on the cited municipal pages; contact the Service des technologies de l'information or procurement to obtain the intake template.[1]
What if a vendor refuses to provide documentation?
Refusal can block procurement or trigger contract sanctions; escalate to procurement and legal counsel for remedies under contract or bylaw rules.

How-To

  1. Compile project summary, data map, vendor agreements and risk mitigations.
  2. Contact Service des technologies de l'information to request intake instructions and submit documents.
  3. Complete any required privacy impact assessment with the municipal Privacy Officer and address recommended controls.
  4. Obtain written approval or conditions of use before procurement or deployment; document appeals if necessary.

Key Takeaways

  • Start assessment early in procurement to avoid delays.
  • Retain assessment records for audits and compliance.
  • Contact IT governance and the Privacy Officer for intake procedures.

Help and Support / Resources

  1. [1] Ville de Québec - Règlements municipaux
  2. [2] Publications du gouvernement du Québec - Législation municipale

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data