Introduction
Cybersecurity is an important aspect of the ever-changing technological landscape. According to (National Cyber Threat Assessment 2025-2026, 2024), Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to hacktivists, that are targeting our critical infrastructure and endangering our national security. These cyber threat actors are evolving their tradecraft, adopting new technologies, and collaborating in an attempt to improve and amplify their malicious activities”(p. 7). Therefore, it is an undeniable factor in the growth and future advancements of the Canadian public. 

Under Canada’s constitution, Section 91 oversees federal government powers over national defense, banking, and telecommunications, while Section 92 gives provinces control over critical infrastructure such as health, energy, and water. But cyber attacks cross these boundaries and cause widespread impact on national security. The Wanna Cry ransomware is a popular example, halting hospital facilities across over 150 countries, causing billions of dollars worth of damage worldwide (Chen & Bridges, 2017). This paper proposes an amendment to the Canadian Constitution to federalize and set a cooperative guideline for critical infrastructure, subject to reasonable limitations demonstrably justifiable in a free and democratic society as prescribed by the law. 

Cyberattacks and Critical Infrastructure
Attacks on critical infrastructure like hospitals, energy, and power grids affect the economic stability and demand a national constitutional response. Health organisations, for example, make attractive targets for ransomware. Patient care disruption, media coverage, and available financial resources increase pressure on the victims, and most often than not, outdated technology and improper digital sanitization are the main cause of it.  A recent cyberattack on the Eastern Health System of Newfoundland and Labrador (Figure 1) in 2022 entailed delayed appointments, SARS-CoV-2 tests, and compromised more than 200,000 files of patients dating back to 1996. Other similar incidents include a ransomware attack on LifeLabs, where 15 million patient records were potentially compromised, and a data breach on the Better Outcomes Registry & Network (BORN) Ontario, where a vulnerability compromised the personal health information of 3.4 million newborns and people seeking pregnancy care between 2010 and 2023  (Harish et al., 2023). Therefore, Cyberattacks pose a national threat to the sovereignty and security and transcend provincial boundaries.

Fragmented Standards In Provincial Cyber Law
Canadians deserve equal protection, regardless of the province they live in. Currently, provincial cyber policies vary drastically.  A citizen in one province might be offered varied digital protection as compared to a citizen in a different province. Most provinces enact the PIPEDA Personal Information Protection and Electronic Documents Act, which regulates private-sector organizations, like businesses, on using customer information for commercial purposes, and although British Columbia, Alberta, and Quebec have similar legislation, they do not act on PIPEDA directly (Marrocco et al., 2019). Another notable example is Bill 64, now known as Law 25, in Quebec, which modernizes privacy legislation and aligns with the EU’s General Data Protection Regulations (GDPR), ensuring a better digital protection standard for the residents of Quebec.  

Cooperative Federalism and Reform
Lastly, constitutionalization can strengthen the overall cooperative federalism between provinces. “Canada’s regime is also closer to the ad hoc approach in that it consists of a patchwork of legislative responses to particular issues rather than a comprehensive data security law (ibid.)” (Mussington et al., 2018). Although it is effective in repelling foreign state actors and cyber criminals, an attack can cross boundaries in milliseconds.  At present, security, on the other hand, is inter-jurisdictional, whether it may be across telecommunications,  pipelines, or hospitals. That is why it is necessary to mandate coordination and set minimum cybersecurity standards between provinces federally, while also offering flexibility to tailor protections and implement stringent measures locally. This will provide a clear cooperative framework that enhances modern federalism and national resilience. 

From a governance perspective, this amendment would advance Canada’s position in cybersecurity on a global scale. Furthermore, it future-proofs Canada’s sovereignty and upholds cooperative federalism. Ultimately, this amendment is not about centralization; it is about bringing together and coordinating a sense of responsibility for a better tomorrow for the Canadian public.