Directive on Automated Decision-Making

The Government of Canada is increasingly looking to utilize artificial intelligence to make, or assist in making, administrative decisions to improve service delivery. The Government is committed to doing so in a manner that is compatible with core administrative law principles such as transparency, accountability, legality, and procedural fairness. Understanding that this technology is changing rapidly, this Directive will continue to evolve to ensure that it remains relevant.
Date modified: 2019-02-05

More information

Topic:

Print-friendly XML

1. Purpose

  • 1.1

    This Directive takes effect on , with compliance required by no later than .

  • 1.2

    This Directive applies to any Automated Decision System developed or procured after .

  • 1.3

    This Directive will have an automatic review process planned every 6 months after the date it comes into effect.

2. Authorities

  • 2.1

    This Directive is issued under the authority of section 7 of the Financial Administration Act, and under section 6.4.9 of the Policy on Management of Information Technology;

  • 2.2

    This Directive supports the Policy on Information Management, the Policy on Service, the Policy on Privacy Protection, and the Policy on Government Security.

3. Definitions

  • 3.1

    Definitions to be used in the interpretation of this Directive are listed in Appendix A.

4. Objectives and Expected Results

  • 4.1

    The objective of this Directive is to ensure that Automated Decision Systems are deployed in a manner that reduces risks to Canadians and federal institutions, and leads to more efficient, accurate, consistent, and interpretable decisions made pursuant to Canadian law.

  • 4.2

    The expected results of this Directive are as follows:

    • 4.2.1

      Decisions made by federal government departments are data-driven, responsible, and complies with procedural fairness and due process requirements.

    • 4.2.2

      Impacts of algorithms on administrative decisions are assessed and negative outcomes are reduced, when encountered.

    • 4.2.3

      Data and information on the use of Automated Decision Systems in federal institutions are made available to the public, where appropriate.

5. Scope

  • 5.1

    This Directive applies only to systems that provide external services as defined in the Policy on Service.

  • 5.2

    This Directive applies to any system, tool, or statistical models used to recommend or make an administrative decision about a client.

  • 5.3

    This Directive applies only to systems in production, and excludes Automated Decision Systems operating in test environments.

  • 5.4

    As per the Policy on the Management of Information Technology, this Directive does not apply to any National Security Systems.

6. Requirements

The Assistant Deputy Minister responsible for the program using the Automated Decision System, or any other person named by the Deputy Head, is responsible for:

  • 6.1

    Algorithmic Impact Assessment

    • 6.1.1

      Completing an Algorithmic Impact Assessment prior to the production of any Automated Decision System.

    • 6.1.2

      Applying the relevant requirements prescribed in Appendix C as determined by the Algorithmic Impact Assessment.

    • 6.1.3

      Updating the Algorithmic Impact Assessment when system functionality or the scope of the Automated Decision System changes.

    • 6.1.4

      Releasing the final results of Algorithmic Impact Assessments in an accessible format via Government of Canada websites and any other services designated by the Treasury Board of Canada Secretariat pursuant to the Directive on Open Government.

  • 6.2

    Transparency

    Providing Notice Before Decisions

    • 6.2.1

      Providing notice on relevant websites that the decision rendered will be undertaken in whole or in part by an Automated Decision System as prescribed in Appendix C.

    • 6.2.2

      Providing notices prominently and in plain language, pursuant to the Canada.ca Content Style Guide.

    Providing Explanations After Decisions

    • 6.2.3

      Providing a meaningful explanation to affected individuals of how and why the decision was made as prescribed in Appendix C.

    Access to components

    • 6.2.4

      Determining the appropriate license for software components as per the requirements specified in section in C.2.3.8 of the Directive on Management of Information Technology.

    • 6.2.5

      If using a proprietary license, ensuring that:

      • 6.2.5.1

        All released versions of proprietary software components used for Automated Decision Systems are delivered to, and safeguarded by, the department.

      • 6.2.5.2

        The Government of Canada retains the right to access and test the Automated Decision System, including all released versions of proprietary software components, in case it is necessary for a specific audit, investigation, inspection, examination, enforcement action, or judicial proceeding, subject to safeguards against unauthorized disclosure.

      • 6.2.5.3

        As part of this access, the Government of Canada retains the right to authorize external parties to review and audit these components as necessary.

    Release of Source Code

    • 6.2.6

      Releasing custom source code owned by the Government of Canada as per the requirements specified in section C.2.3.8 of the Directive on Management of Information Technology, unless:

      • 6.2.6.1

        The source code is processing data classified SECRET, TOP SECRET or PROTECTED C;

      • 6.2.6.2

        Disclosure would otherwise be exempted or excluded under the Access to Information Act, or

      • 6.2.6.3

        An exemption is provided by the Chief Information Officer of Canada.

    • 6.2.7

      Determining the appropriate access restrictions to the released source code.

  • 6.3

    Quality Assurance

    Testing and Monitoring Outcomes

    • 6.3.1

      Before launching into production, developing processes so that the data and information used by the Automated Decision Systems are tested for unintended data biases and other factors that may unfairly impact the outcomes.

    • 6.3.2

      Developing processes to monitor the outcomes of Automated Decision Systems to safeguard against unintentional outcomes and to verify compliance with institutional and program legislation, as well as this Directive, on a scheduled basis.

    Data Quality

    • 6.3.3

      Validating that the data collected for, and used by, the Automated Decision System is relevant, accurate, up-to-date, and in accordance with the Policy on Information Management and the Privacy Act.

    Peer Review

    • 6.3.4

      Consulting the appropriate qualified expert to review the Automated Decision System, as prescribed in Appendix C.

    Employee Training

    • 6.3.5

      Providing adequate employee training in the design, function, and implementation of the Automated Decision System to be able to review, explain and oversee its operations, as prescribed in Appendix C.

    Contingency

    • 6.3.6

      Establishing contingency systems and/or processes as per Appendix C.

    Security

    • 6.3.7

      Conducting risk assessments during the development cycle of the system and establish appropriate safeguards to be applied, as per the Policy on Government Security.

    Legal

    • 6.3.8

      Consulting with the institution’s legal services, to ensure that the use of the Automated Decision System is compliant with applicable legal requirements.

    Ensuring human intervention

    • 6.3.9

      Ensuring that an Automated Decision System allows for human intervention, when appropriate, as per Appendix C.

    • 6.3.10

      Obtaining the appropriate level of approvals prior to the production of an Automated Decision System as per Appendix C.

  • 6.4

    Recourse

    • 6.4.1

      Providing clients with any applicable recourse options that are available to them to challenge the administrative decision.

  • 6.5

    Reporting

    • 6.5.1

      Publishing information on the effectiveness and efficiency of the Automated Decision Systems in meeting program objectives on a website or service designated by the Treasury Board of Canada.

7. Consequences

  • 7.1

    Consequences of non-compliance with this policy can include any measure allowed by the Financial Administration Act that the Treasury Board would determine as appropriate and acceptable in the circumstances.

  • 7.2

    For an outline of the consequences of non‑compliance, refer to the Framework for the Management of Compliance, Appendix C: Consequences for Institutions and Appendix D: Consequences for Individuals.

8. Roles and Responsibilities of Treasury Board of Canada Secretariat

Subject to the necessary delegations, the Chief Information Officer of Canada is responsible for:

  • 8.1

    Providing government-wide guidance on the use of Automated Decision Systems.

  • 8.2

    Granting exceptions under any of these provisions, in consultation with the Enterprise Architecture Review Board prior to making a decision.

  • 8.3

    Developing and maintaining the Algorithmic Impact Assessment and any supporting documentation.

  • 8.4

    Communicating and engaging government-wide and with partners in other jurisdictions and sectors to develop common strategies, approaches, and processes to support the responsible use of Automated Decision Systems.

9. Application

  • 9.1

    This Directive applies to all institutions referenced in the Policy on the Management of Information Technology, unless excluded by specific acts, regulations or Orders-in-Council;

    • 9.1.1

      Agents of Parliament are excluded from this Directive, including the:

      • Office of the Auditor General,
      • Office of the Chief Electoral Officer,
      • Office of the Commissioner of Lobbying of Canada,
      • Office of the Commissioner of Official Languages,
      • Office of the Information Commissioner of Canada,
      • Office of the Privacy Commissioner of Canada, and
      • Office of the Public Sector Integrity Commissioner of Canada.
  • 9.2

    Agencies, Crown Corporations, or Agents of Parliament may enter into Specific Agreements with the Treasury Board of Canada Secretariat to adopt the requirements of this Directive and apply them to their organization, as required.

10. References

11. Enquiries

For information on this policy instrument, please contact the Treasury Board of Canada Secretariat Public Enquiries.


Appendix A - Definitions

Administrative Decision
Any decision that is made by an authorized official of an institution as identified in section 9 of this Directive pursuant to powers conferred by an Act of Parliament or an order made pursuant to a prerogative of the Crown that affects legal rights, privileges or interests.
Algorithmic Impact Assessment
A framework to help institutions better understand and reduce the risks associated with Automated Decision Systems and to provide the appropriate governance, oversight and reporting/audit requirements that best match the type of application being designed.
Artificial Intelligence
Information technology that performs tasks that would ordinarily require biological brainpower to accomplish, such as making sense of spoken language, learning behaviours, or solving problems.
Automated Decision System
Includes any technology that either assists or replaces the judgement of human decision-makers. These systems draw from fields like statistics, linguistics, and computer science, and use techniques such as rules-based systems, regression, predictive analytics, machine learning, deep learning, and neural nets.
Procedural Fairness
Procedural fairness is a guiding principle of governmental and quasi-judicial decision-making. The degree of procedural fairness that the law requires for any given decision-making process increases or decreases with the significance of that decision and its impact on rights and interests.
Source Code
Computer program in its original programming language, human readable, before translation into object code usually by a compiler or an interpreter. It consists of algorithms, computer instructions and may include developer's comments.
Test Environment
An environment containing hardware, instrumentation, simulators, software tools, and other support elements needed to conduct a test.

Appendix B - Impact Assessment Levels

Level Description
I

The decision will likely have little to no impact on:

  • the rights of individuals or communities,
  • the health or well-being of individuals or communities,
  • the economic interests of individuals, entities, or communities,
  • the ongoing sustainability of an ecosystem.

Level I decisions will often lead to impacts that are reversible and brief.

II

The decision will likely have moderate impacts on:

  • the rights of individuals or communities,
  • the health or well-being of individuals or communities,
  • the economic interests of individuals, entities, or communities,
  • the ongoing sustainability of an ecosystem.

Level II decisions will often lead to impacts that are likely reversible and short-term.

III

The decision will likely have high impacts on:

  • the rights of individuals or communities,
  • the health or well-being of individuals or communities,
  • the economic interests of individuals, entities, or communities,
  • the ongoing sustainability of an ecosystem.

Level III decisions will often lead to impacts that can be difficult to reverse, and are ongoing.

IV

The decision will likely have very high impacts on:

  • the rights of individuals or communities,
  • the health or well-being of individuals or communities,
  • the economic interests of individuals, entities, or communities,
  • the ongoing sustainability of an ecosystem.

Level IV decisions will often lead to impacts that are irreversible, and are perpetual.

Appendix C - Impact Level Requirements

Requirement Level I Level II Level III Level IV
Peer Review

None

At least one of:

Qualified expert from a federal, provincial, territorial or municipal government institution

Qualified members of faculty of a post-secondary institution

Qualified researchers from a relevant non- governmental organization

Contracted third-party vendor with a related specialization

Publishing specifications of the Automated Decision System in a peer-reviewed journal

A data and automation advisory board specified by Treasury Board Secretariat

At least two of:

Qualified experts from the National Research Council of Canada,  Statistics Canada, or the Communications Security Establishment

Qualified members of faculty of a post-secondary institution

Qualified researchers from a relevant non- governmental organization

Contracted third-party vendor with a related specialization

A data and automation advisory board specified by Treasury Board Secretariat

OR:

Publishing specifications of the Automated Decision System in a peer-reviewed journal

Notice

None

Plain language notice posted on the program or service website.

Publish documentation on relevant websites about the automated decision system, in plain language, describing:

  • How the components work;
  • How it supports the administrative decision; and
  • Results of any reviews or audits; and
  • A description of the training data, or a link to the anonymized training data if this data is publicly available.
Human-in-the-loop for decisions

Decisions may be rendered without direct human involvement.

Decisions cannot be made without having specific human intervention points during the decision-making process; and the final decision must be made by a human

Explanation Requirement

In addition to any applicable legislative requirement, ensuring that a meaningful explanation is provided for common decision results. This can include providing the explanation via a Frequently Asked Questions section on a website.

In addition to any applicable legislative requirement, ensuring that a meaningful explanation is provided upon request for any decision that resulted in the denial of a benefit, a service, or other regulatory action.

In addition to any applicable legislative requirement, ensuring that a meaningful explanation is provided with any decision that resulted in the denial of a benefit, a service, or other regulatory action.

Testing

Before going into production, develop the appropriate processes to ensure that training data is tested for unintended data biases and other factors that may unfairly impact the outcomes.

Ensure that data being used by the Automated Decision System is routinely tested to ensure that it is still relevant, accurate, and up-to-date.

Monitoring

Monitor the outcomes of Automated Decision Systems on an ongoing basis to safeguard against unintentional outcomes and to ensure compliance with institutional and program legislation, as well as this Directive

Training

None

Documentation on the design and functionality of the system

Documentation on the design and functionality of the system.

Training courses must be completed.

Documentation on the design and functionality of the system.

Re-occurring training courses.

A means to verify that training has been completed.

Contingency Planning

None

Ensure that contingency plans and/or backup systems are available should the Automated Decision System be unavailable.

Approval for the system to operate

None

None

Deputy Head

Treasury Board

© Her Majesty the Queen in Right of Canada, represented by the President of the Treasury Board, 2019,
ISBN:

Date modified: