Directive on Automated Decision-Making

1. Effective date

  • 1.1

    This directive takes effect on , with compliance required by no later than .

  • 1.2

    This directive applies to all automated decision systems developed or procured after . However,

    • 1.2.1

      existing systems developed or procured prior to will have until to fully transition to the requirements in subsections 6.2.3, 6.3.1, 6.3.4, 6.3.5 and 6.3.6 in this directive;

    • 1.2.2

      new systems developed or procured after will have until to meet the requirements in this directive.

  • 1.3

    This directive will be reviewed every two years, and as determined by the Chief Information Officer of Canada.

2. Authorities

3. Definitions

  • 3.1

    Definitions to be used in the interpretation of this directive are listed in Appendix A.

4. Objectives and expected results

  • 4.1

    The objective of this directive is to ensure that automated decision systems are deployed in a manner that reduces risks to clients, federal institutions and Canadian society, and leads to more efficient, accurate, consistent and interpretable decisions made pursuant to Canadian law.

  • 4.2

    The expected results of this directive are as follows:

    • 4.2.1

      Decisions made by federal institutions are data-driven, responsible and comply with procedural fairness and due process requirements.

    • 4.2.2

      Impacts of algorithms on administrative decisions are assessed and negative outcomes are reduced, when encountered.

    • 4.2.3

      Data and information on the use of automated decision systems in federal institutions are made available to the public, where appropriate.

5. Scope

  • 5.1

    This directive applies to any system, tool, or statistical model used to make an administrative decision or a related assessment about a client.

  • 5.2

    This directive applies only to automated decision systems in production and excludes systems operating in test environments.

6. Requirements

The Assistant Deputy Minister responsible for the program using the automated decision system, or any other person named by the Deputy Head, is responsible for:

6.1 Algorithmic Impact Assessment

  • 6.1.1

    Completing and releasing the final results of an Algorithmic Impact Assessment prior to the production of any automated decision system.

  • 6.1.2

    Applying the relevant requirements prescribed in Appendix C as determined by the Algorithmic Impact Assessment.

  • 6.1.3

    Reviewing and updating the Algorithmic Impact Assessment on a scheduled basis, including when the functionality or scope of the automated decision system changes.

  • 6.1.4

    Releasing the final results of the Algorithmic Impact Assessment in an accessible format via Government of Canada websites and any other services designated by the Treasury Board of Canada Secretariat pursuant to the Directive on Open Government.

6.2 Transparency

Providing notice before decisions

  • 6.2.1

    Providing notice through all service delivery channels in use that the decision rendered will be undertaken in whole or in part by an automated decision system, as prescribed in Appendix C.

  • 6.2.2

    Providing notices prominently and in plain language, pursuant to the Canada.ca Content Style Guide.

Providing explanations after decisions

  • 6.2.3

    Providing a meaningful explanation to affected individuals of how and why the decision was made, as prescribed in Appendix C.

Access to components

  • 6.2.4

    Determining the appropriate licence for software components, including consideration of open source software in accordance with the measures specified in the Government of Canada Enterprise Architecture Framework.

  • 6.2.5

    If using a proprietary licence, ensuring that:

    • 6.2.5.1

      All released versions of proprietary software components used for automated decision systems are delivered to, and safeguarded by, the department.

    • 6.2.5.2

      The Government of Canada retains the right to access and test automated decision systems, including all released versions of proprietary software components, in case it is necessary for a specific audit, investigation, inspection, examination, enforcement action, or judicial proceeding, subject to safeguards against unauthorized disclosure.

    • 6.2.5.3

      As part of this access, the Government of Canada retains the right to authorize external parties to review and audit these components as necessary.

Release of source code

  • 6.2.6

    Releasing custom source code owned by the Government of Canada in accordance with the measures specified in the Government of Canada Enterprise Architecture Framework, unless:

    • 6.2.6.1

      the source code is processing data classified as Secret, Top Secret or Protected C; or

    • 6.2.6.2

      disclosure would otherwise be exempted or excluded under the Access to Information Act, if the Access to Information Act were to apply.

  • 6.2.7

    Determining the appropriate access restrictions to the released source code.

Documenting decisions

  • 6.2.8

    Documenting the decisions of automated decision systems in accordance with the Directive on Service and Digital, and in support of the monitoring (6.3.2), data governance (6.3.4) and reporting requirements (6.5.1).

6.3 Quality assurance

Testing and monitoring outcomes

  • 6.3.1

    Before launching into production, developing processes so that the data and information used by the automated decision system, as well as the system’s underlying model, are tested for unintended biases and other factors that may unfairly impact the outcomes.

  • 6.3.2

    Developing processes to monitor the outcomes of the automated decision system to safeguard against unintentional outcomes and to verify compliance with institutional and program legislation, as well as this directive, on a scheduled basis.

Data quality

  • 6.3.3

    Validating that the data collected for, and used by, the automated decision system is relevant, accurate, up-to-date, and in accordance with the Policy on Service and Digital and the Privacy Act.

Data governance

Peer review

  • 6.3.5

    Consulting the appropriate qualified experts to review the automated decision system and publishing the complete review or a plain language summary of the findings prior to the system’s production, as prescribed in Appendix C.

Gender-based Analysis Plus

  • 6.3.6

    Completing a Gender-based Analysis Plus during the development or modification of the automated decision system, as prescribed in Appendix C.

Employee training

  • 6.3.7

    Providing adequate employee training in the design, function, and implementation of the automated decision system to be able to review, explain and oversee its operations, as prescribed in Appendix C.

IT and business continuity management

  • 6.3.8

    Establishing strategies, plans and/or measures to support IT and business continuity management, as prescribed in Appendix C and in accordance with the Directive on Security Management.

Security

  • 6.3.9

    Conducting risk assessments during the development of the automated decision system and establishing appropriate safeguards, in accordance with the Policy on Government Security.

Legal

  • 6.3.10

    Consulting with the institution’s legal services from the concept stage of an automation project to ensure that the use of the automated decision system is compliant with applicable legal requirements.

Ensuring human intervention

  • 6.3.11

    Ensuring that the automated decision system allows for human intervention, when appropriate, as prescribed in Appendix C.

  • 6.3.12

    Obtaining the appropriate level of approvals prior to the production of an automated decision system, as prescribed in Appendix C.

6.4 Recourse

  • 6.4.1

    Providing clients with any applicable recourse options that are available to them to challenge the administrative decision.

6.5 Reporting

  • 6.5.1

    Publishing information on the effectiveness and efficiency of the automated decision system in meeting program objectives on a website or service designated by the Treasury Board of Canada Secretariat.

7. Consequences

  • 7.1

    Consequences of non-compliance with this directive can include any measure allowed by the Financial Administration Act that the Treasury Board would determine as appropriate and acceptable in the circumstances.

  • 7.2

    For an outline of the consequences of non‑compliance, refer to the Framework for the Management of Compliance, Appendix C: Consequences for Institutions and Appendix D: Consequences for Individuals.

8. Roles and responsibilities of Treasury Board of Canada Secretariat

Subject to the necessary delegations, the Chief Information Officer of Canada is responsible for:

  • 8.1

    Providing government-wide guidance on the use of automated decision systems.

  • 8.2

    Developing and maintaining the Algorithmic Impact Assessment and any supporting documentation.

  • 8.3

    Communicating and engaging government-wide and with partners in other jurisdictions and sectors to develop common strategies, approaches, and processes to support the responsible use of automated decision systems.

9. Application

  • 9.1

    This directive applies to all institutions subject to the Policy on Service and Digital, unless excluded by specific acts, regulations or Orders-in-Council;

    • 9.1.1

      Agents of Parliament are excluded from this directive, including the:

      • Office of the Auditor General of Canada,
      • Office of the Chief Electoral Officer,
      • Office of the Commissioner of Lobbying of Canada,
      • Office of the Commissioner of Official Languages,
      • Office of the Information Commissioner of Canada,
      • Office of the Privacy Commissioner of Canada, and
      • Office of the Public Sector Integrity Commissioner of Canada.
  • 9.2

    Agencies, Crown Corporations, or Agents of Parliament may enter into Specific Agreements with the Treasury Board of Canada Secretariat to adopt the requirements of this directive and apply them to their organization, as required.

10. References

11. Enquiries


Appendix A - Definitions

administrative decision
Any decision that is made by an authorized official of an institution as identified in section 9 of this directive pursuant to powers conferred by an Act of Parliament or an order made pursuant to a prerogative of the Crown that affects legal rights, privileges or interests.
algorithmic impact assessment
A framework to help institutions better understand and reduce the risks associated with automated decision systems and to provide the appropriate governance, oversight and reporting/audit requirements that best match the type of application being designed.
artificial intelligence
Information technology that performs tasks that would ordinarily require biological brainpower to accomplish, such as making sense of spoken language, learning behaviours or solving problems.
automated decision system
Any technology that either assists or replaces the judgment of human decision-makers. These systems draw from fields like statistics, linguistics and computer science, and use techniques such as rules-based systems, regression, predictive analytics, machine learning, deep learning, and neural nets.
procedural fairness
A guiding principle of governmental and quasi-judicial decision-making. The degree of procedural fairness that the law requires for any given decision-making process increases or decreases with the significance of that decision and its impact on rights and interests.
source code
A computer program in its original, human-readable programming language, before translation into object code usually by a compiler or an interpreter. It consists of algorithms and computer instructions, and may include a developer’s comments.
test environment
An environment containing hardware, instrumentation, simulators, software tools, and other support elements needed to conduct a test.

Appendix B - Impact Assessment Levels

LevelDescription
I

The decision will likely have little to no impact on:

  • the rights of individuals or communities;
  • the equality, dignity, privacy, and autonomy of individuals;
  • the health or well-being of individuals or communities;
  • the economic interests of individuals, entities, or communities;
  • the ongoing sustainability of an ecosystem.

Level I decisions will often lead to impacts that are reversible and brief.

II

The decision will likely have moderate impacts on:

  • the rights of individuals or communities;
  • the equality, dignity, privacy, and autonomy of individuals;
  • the health or well-being of individuals or communities;
  • the economic interests of individuals, entities, or communities;
  • the ongoing sustainability of an ecosystem.

Level II decisions will often lead to impacts that are likely reversible and short-term.

III

The decision will likely have high impacts on:

  • the rights of individuals or communities;
  • the equality, dignity, privacy, and autonomy of individuals;
  • the health or well-being of individuals or communities;
  • the economic interests of individuals, entities, or communities;
  • the ongoing sustainability of an ecosystem.

Level III decisions will often lead to impacts that can be difficult to reverse and are ongoing.

IV

The decision will likely have very high impacts on:

  • the rights of individuals or communities;
  • the equality, dignity, privacy, and autonomy of individuals;
  • the health or well-being of individuals or communities;
  • the economic interests of individuals, entities, or communities;
  • the ongoing sustainability of an ecosystem.

Level IV decisions will often lead to impacts that are irreversible and perpetual.

Appendix C - Impact Level Requirements

RequirementLevel ILevel IILevel IIILevel IV
Peer review
(section 6.3.5)

None

Consult at least one of the following experts and publish the complete review or a plain language summary of the findings on a Government of Canada website:

Qualified expert from a federal, provincial, territorial or municipal government institution

Qualified members of faculty of a post-secondary institution

Qualified researchers from a relevant non-governmental organization

Contracted third-party vendor with a relevant specialization

A data and automation advisory board specified by Treasury Board of Canada Secretariat

OR:

Publish specifications of the automated decision system in a peer-reviewed journal. Where access to the published review is restricted, ensure that a plain language summary of the findings is openly available.

Consult at least two of the following experts and publish the complete review or a plain language summary of the findings on a Government of Canada website:

Qualified experts from the National Research Council of Canada, Statistics Canada, or the Communications Security Establishment

Qualified members of faculty of a post-secondary institution

Qualified researchers from a relevant non-governmental organization

Contracted third-party vendor with a relevant specialization

A data and automation advisory board specified by Treasury Board of Canada Secretariat

OR:

Publish specifications of the automated decision system in a peer-reviewed journal. Where access to the published review is restricted, ensure that a plain language summary of the findings is openly available.

Gender-based Analysis Plus
(section 6.3.6)

None

Ensure that the Gender-based Analysis Plus addresses the following issues:

  • impacts of the automation project (including the system, data and decision) on gender and/or other identity factors;
  • planned or existing measures to address risks identified through the Gender-based Analysis Plus.
Notice
(sections 6.2.1–6.2.2)

None

Plain language notice posted through all service delivery channels in use (Internet, in person, mail or telephone).

Plain language notice posted through all service delivery channels in use (Internet, in person, mail or telephone). In addition, publish documentation on relevant websites about the automated decision system, in plain language, describing:

  • how the components work;
  • how it supports the administrative decision;
  • results of any reviews or audits; and
  • a description of the training data, or a link to the anonymized training data if this data is publicly available.
Human-in-the-loop for decisions
(section 6.3.11)

Decisions may be rendered without direct human involvement.

Decisions cannot be made without having specific human intervention points during the decision-making process; and

The final decision must be made by a human.

Explanation
(section 6.3.2)

In addition to any applicable legal requirement, ensure that a meaningful explanation is published for common decision results. The explanation must provide a general description of:

  • the role of the system in the decision-making process;
  • input data, its source and method of collection;
  • the criteria used to evaluate input data and the operations applied to process it;
  • the output produced by the system and any relevant information needed to interpret it in the context of the administrative decision;
    and
  • the principal factors behind a decision.

Explanations must also inform clients of relevant recourse options, where appropriate.

Descriptions must be made available in plain language through the Algorithmic Impact Assessment and discoverable via a departmental website.

In addition to any applicable legal requirement, ensure that a meaningful explanation is provided to the client with any decision that results in the denial of a benefit or service, or involves a regulatory action. The explanation must inform the client in plain language of:

  • the role of the system in the decision-making process;
  • the training and client data, their source, and method of collection, as applicable;
  • the criteria used to evaluate client data and the operations applied to process it;
  • the output produced by the system and any relevant information needed to interpret it in the context of the administrative decision; and
  • a justification of the administrative decision, including the principal factors that led to it.

Explanations must also inform clients of relevant recourse options, where appropriate.

A general description of these elements must also be made available through the Algorithmic Impact Assessment and discoverable via a departmental website.

Training
(section 6.3.7)

None

Documentation on the design and functionality of the system.

Documentation on the design and functionality of the system.

Training courses must be completed.

Documentation on the design and functionality of the system.

Recurring training courses.

A means to verify that training has been completed.

IT and business continuity management
(section 6.3.8)

None

Ensure that system recovery strategies, business continuity plans, and other relevant security controls are established in coordination with designated officials should the automated decision system be unavailable.

Approval for the system to operate
(section 6.3.12)

None

None

Deputy Head

Treasury Board

© Her Majesty the Queen in Right of Canada, represented by the President of the Treasury Board, 2019,
ISBN: