How to set up practical AI governance using Canada’s voluntary code and existing privacy law.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
With no federal AI law in force, responsible AI in Canada is something you set up yourself — using existing privacy law and the federal voluntary code as your guide. Here is a practical approach.
What to govern
Cover the basics: which AI is used and for what, how personal data is handled (PIPEDA, Law 25), human oversight of consequential decisions, and a record of what your AI systems do. The federal voluntary code on generative AI (accountability, safety, fairness, transparency, human oversight) is a sensible reference.
Keep it proportionate
Match governance to risk: light-touch for low-stakes drafting, stronger controls for AI that affects people (credit, hiring, service), where Quebec Law 25’s automated-decision rules apply.
Practical setup
Write a short policy, keep an inventory of AI uses, log important AI decisions, and assign an owner. osFoundry’s managed cloud pins data to US, EU or Japan — it does not currently offer a Canadian managed region. For data that must stay in Canada, the honest path is self-hosting osFoundry (BYO Cloud) inside a Canadian cloud region such as AWS Canada (Montréal/Calgary), Azure (Toronto/Quebec City) or Google Cloud (Montréal), or running models locally on-device. Audit logs and explainability features support this.
Where dgm fits
dgm is an independent integration partner that helps Canadian businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.