Federal, Provincial, Municipal, and What Makes Sovereignty Operational

By Jen Evans, Principal, Pattern Pulse AI; co-founder, Tech Reset Canada; publisher, B2BNN

Paper 8 in the “Whose AI Runs the Government?” series.

The sovereignty argument across Paper 1 through Paper 7 has operated primarily within federal jurisdiction. The dependency triggers, the cost categories, the trade-law architecture, and the threat architecture all describe federal exposure to foreign-controlled AI infrastructure. The grid case in Paper 7 is the sharpest expression of the cost. The CUSMA review opening July 1, 2026 is the venue where the federal position must be formed.

The procurement decisions that determine whether the federal position can be operationalized are not made within federal jurisdiction. They are made by provinces because they have constitutional authority over property and civil rights, by provincial utility commissions, by provincial health authorities, by provincial education systems, and by the municipalities provinces have created and govern under provincial legislation. The federal government cannot direct any of these procurement decisions. The federal government can manage them through trade-law obligations Canada has enacted, condition them through federal spending power, or pursue voluntary coordination through intergovernmental cooperation. The constraint on operationalizing the federal position is coordination across constitutional jurisdictions that retain authority within their own spheres.

This is the unsolved structural problem beneath the sovereignty discussion. The CUSMA review will require a federal position. The federal position will require provincial cooperation that the constitutional architecture does not produce automatically. The provincial cooperation will require provincial direction of the municipalities that operate under provincial legislation. The provincial direction will require workforce frameworks, bargained within each jurisdiction, that can implement at the speed the capability curve requires. None of these elements currently coordinates with the others on AI as a recognized policy domain. The Ontario March 2026 provincewide medical records announcement is the live case at the procurement layer. The federal IT agreement that expired December 2025 is the live case at the federal workforce layer. The pattern is action without coordination architecture.

The Constitutional Architecture

The Constitution Act, 1867 distributes legislative authority between two orders of government. Section 91 enumerates federal jurisdiction. Section 92 enumerates provincial jurisdiction. Both orders are sovereign within their own enumerated heads. The federal government is not a parent government to provinces. Provinces are not subordinate jurisdictions reporting to a federal centre. The two orders coordinate through intergovernmental processes when they choose to coordinate. They can also operate without coordinating, which is what currently happens on AI.

Federal jurisdiction relevant to AI sovereignty includes international trade agreements, cross-border critical infrastructure, federally regulated industries, the national security predicate, and the cyber security framework now coming into force under Bill C-8. The federal government also has direct procurement authority over its own departments, agencies, and Crown corporations, which is a substantial AI procurement footprint in itself. Federal influence on provincial decisions runs through three constitutional levers: trade-law obligations Canada has bound itself to and that bind provinces as a matter of treaty implementation, federal spending power exercised through transfer payments and shared-cost programs, and voluntary intergovernmental coordination. These are the levers federal AI sovereignty actually has. There are no others.

Provincial jurisdiction relevant to AI sovereignty is broader in operational scope than federal jurisdiction. Provinces have authority over property and civil rights, local works and undertakings, the regulation of utilities, health care delivery, education, transit beyond cross-border, and most of the procurement that touches citizens daily. Provincial procurement decisions for grid AI, hospital AI, transit AI, and education AI are made under provincial constitutional authority. The federal government cannot direct these decisions. The federal government can negotiate with provinces about them, condition transfer payments related to them, or argue that trade-law obligations require certain procurement standards. Direct authority belongs to the provinces.

Municipalities are not a third order of government. The Constitution Act, 1867 does not mention or contemplate municipalities. Municipalities are creatures of the provinces, established under provincial legislation, exercising authority delegated by the province, and subject to provincial direction. Provinces can amalgamate municipalities, dissolve them, restructure their authority, or direct their operations. Municipal procurement of AI for property assessment, permit processing, transit operations, and public safety dispatch is authorized under provincial legislation and operates within provincial regulatory frameworks. Provincial direction of municipal AI procurement is a within-jurisdiction matter exercised under provincial constitutional authority. The federal government has no direct authority over municipal procurement and no direct relationship with municipalities except where it chooses to fund them.

The constitutional architecture has consequences for the coordination problem. Federal-provincial coordination is cooperation between co-sovereigns with no superordinate authority and no automatic mechanism for alignment. Provincial-municipal direction is hierarchical within provincial jurisdiction and can be exercised by legislation, regulation, ministerial directive, or transfer payment conditions. The coordination problem at the federal-provincial layer is fundamentally a political problem of voluntary cooperation. The coordination problem at the provincial-municipal layer is fundamentally an administrative problem within provincial authority. Conflating the two produces analytical confusion about which problem is being solved by which mechanism.

The institutional architecture for federal-provincial coordination on AI does not currently exist. The Council of the Federation has not addressed AI sovereignty as a coordinated agenda item. Provincial CIO offices and provincial procurement authorities operate in separate channels from federal departments. The closest existing model is the NERC reliability standards framework for the integrated grid, which works because Canadian provinces and US states delegated standards development to a coordinating body voluntarily after the 2003 Northeast blackout forced the question. NERC is the existence proof for co-sovereign coordination on critical infrastructure standards. The AI sovereignty equivalent does not have its precipitating event yet, except for the proliferation window from Paper 7, which is precipitating in slow motion rather than in cascade.

What Municipalities Actually Get From This

The federal sovereignty argument and the provincial procurement frameworks set the architectural conditions. Operations at the municipal scale are where the value of sovereign AI infrastructure becomes operationally visible to citizens. Small and mid-sized municipalities operating under provincial legislation are where AI at sufficient capability changes what governance does, and the change is the strongest available argument for why provincial direction of municipal AI is worth doing well.

Operational complexity at the small municipal scale is bounded. A municipality of roughly 100,000 people, operating under provincial legislation that defines its authority, manages property assessment, tax collection, water and wastewater operations, local transit, road maintenance, snow operations, permits, building inspections, public safety dispatch, election administration, and the labour relations governing the workforce that implements all of it. The variables are tractable. The feedback loops are tight. The data exists. The operational reality is documented. AI at the maturity level the Sovereign AI Maturity Model from Paper 1 calls Level 4 is theoretically, if not yet practically, capable of running these operations as integrated systems rather than as siloed departmental functions. The capability is still largely, but not entirely, speculative. The structure around a deployment is the gap.

The value at the municipal scale is structural. Property assessment that adjusts continuously to market conditions and small business impact rather than on multi-year reassessment cycles. Tax structures that account for population shifts and economic conditions in real time rather than at budget cycles. Permit processing that resolves at the speed the data supports rather than at the speed the queue allows. Snow and road operations that route by conditions rather than by static schedules. Election administration that operates on verified data rather than on patched processes. Workforce scheduling that aligns to actual demand rather than to administrative defaults. The cost savings are real. The efficiency improvements are real. The structural change is that operational decisions become data-driven at the scale where citizens encounter government, and the political work of council becomes more clearly political because the operational variability is no longer the thing being argued over.

The argument is not that AI replaces municipal democracy. Council sets priorities. That is political work and should remain political. Priorities change with elections, with economic conditions, with community needs, and the role of council is to make those changes responsively and accountably. The data architecture is what informs council’s priority-setting and verifies whether the priorities council sets are being executed. AI at sufficient capability makes the data architecture functional in a way that strengthens both the political work of council and the accountability work of citizens. Better politics and better operations, both at once.

The provincial role here is decisive and underappreciated. Provinces determine through legislation and regulation what data municipalities collect, what they retain, what they disclose, what they can share with each other, and what procurement standards govern the technology that processes any of it. A province that wants its municipalities to deploy sovereign AI infrastructure on transparent data architecture can require it through provincial legislation. A province that wants its municipalities to deploy foreign-vendor AI on opaque data architecture can permit it through the same legislative authority. The structural lever for transparent municipal AI infrastructure is provincial. The federal government cannot reach into a province to direct municipal data architecture. The province can direct it directly.

The Transparency Precondition

The transparency framework is what the value case depends on. AI at maturity level 4 operating on transparent data produces operational governance that council can direct and citizens can verify. AI at the same capability operating on opaque or restricted data produces operational governance that runs faster than the accountability framework can keep up with. The Ontario provincial trajectory since 2022 has moved consistently in the direction of reduced transparency for municipal operations. Strong Mayor legislation concentrates municipal authority. Bill 23 and related housing legislation removed consultation and documentation requirements. The Greenbelt accountability process exposed the absence of decision documentation at the provincial level. Recent provincial moves on municipal record-keeping and freedom of information obligations have been in the direction of less transparency.

The provincial action on municipal transparency is constitutionally unproblematic. Provinces have the authority to direct municipal record-keeping under their legislative authority over municipalities. The question is not whether the province can do this but whether the province should, given the consequences for sovereign AI infrastructure deployed at the municipal scale. Provincial transparency restrictions and municipal AI sovereignty operate in tension. A province that restricts municipal data disclosure is restricting the data architecture that sovereign AI infrastructure would operate on. A province that wants robust municipal AI sovereignty has to maintain or strengthen the transparency framework that makes operational data accountable to the public.

Sovereign AI infrastructure deployed by municipalities requires transparent data architecture as a precondition. The AI sovereignty argument and the municipal transparency argument are the same argument viewed from different angles. Both ask which constitutional authority should govern the data and decisions affecting the people who actually live with the consequences. Foreign-vendor AI deployed on opaque municipal data under provincial transparency restrictions produces a triple stack of obscurity. Citizens cannot see the data, cannot see the decisions, and cannot see who has access to either. Sovereign AI deployed on transparent municipal data under provincial frameworks that protect transparency produces the inverse: data citizens can see, decisions citizens can verify, and a clear accountability chain through municipal council to provincial legislature.

The Analytical Coordination Problem

Transparency makes the data visible. Coordination on what the data means is the next requirement, and it is where AI deployment in governance is currently producing fragmentation that maturity frameworks are designed to resolve.

The pattern is visible at the board level in the private sector. Daniel Kube, CEO of ServicePath, surfaced it in conversation with me in a recent podcast about boards and AI deployment. Executives all bring their own AI-generated analyses to board discussions. Each analysis draws on different data sources, applies different framing assumptions, and optimizes for different questions. Board discussions become contests between AI outputs rather than shared analysis informing collective judgment. The board cannot exercise the judgment it is constituted to exercise because the data and framing beneath the judgment is itself contested. The question is not which AI is better. The question is whether the board has agreed on what data inputs matter, what framings are valid, and what cross-references between sources produce reliable analysis. The answer at most boards is that they have not.

The same pattern at the government level produces a structurally identical problem and a constitutionally complicated one. Council members operating on different data, departments operating on different analytical frameworks, jurisdictions operating on different metrics, and AI tools optimized for different questions produce a governance environment where the data and framing are contested before any policy question is reached. The political work council is supposed to do becomes secondary to the data interpretation work that has not been done. Federal-provincial disagreements that should be about priorities become disagreements about what the data shows, which is a less tractable disagreement because there is no shared analytical foundation to resolve it on. Provincial-municipal disagreements take the same shape, with the additional dimension that the province has authority to impose its analytical framework on its municipalities and the federal government has no equivalent authority over the province.

The Sovereign AI Maturity Model from Paper 1 identified the architectural answer at Level 4 and above. Maturity at the highest level is the cross-pollination of data sources that influence each other, analytical frameworks that have been collaboratively developed and validated, and decision support infrastructure that produces shared analysis rather than competing analyses. The architectural requirement is collaboration on what data inputs matter, agreement on what framings are valid, and integration of sources rather than isolation of sources. The cross-pollination is what produces analytical reliability at maturity. The isolation is what produces fragmentation at lower maturity levels.

For governance specifically, the implication is that AI deployment without analytical coordination produces faster fragmentation rather than better decisions. Sovereign AI infrastructure operating across federal and provincial jurisdictions, and within provincial direction of municipal operations, requires analytical frameworks that have been coordinated where coordination is possible and aligned by provincial direction where direction is possible. The constitutional architecture means coordination at the federal-provincial layer is voluntary cooperation, while alignment at the provincial-municipal layer can be directed. Both have to happen for the analytical coordination to be operationally real.

The coordination work is governance work and constitutional work, not technical work. The decision about what data inputs matter for property assessment, what framings are valid for transit demand modeling, what cross-references between sources produce reliable analysis for emergency response, is decision-making that has to happen before AI deployment rather than after. Provinces deploying AI without doing the coordination work with each other produce fragmentation across provincial AI deployments. Municipalities deploying AI without provincial direction produce fragmentation within provinces. The federal government deploying AI in its own jurisdiction without coordination with provinces produces fragmentation between federal and provincial systems that interact at every level of operations. Coordination is the precondition for the maturity-level value. Transparency is the precondition for coordination. Most municipalities currently do a poor job of gathering data about the things they do. The promise of greater efficiency may improve this. The architecture is layered as a matter of analysis, even though governments are not layered as a matter of constitutional authority.

Workforce Frameworks and the Speed of Implementation

The transparency framework is the precondition. Analytical coordination is the architecture. Workforce frameworks are what implement both, and the bargaining cycles that govern public sector workforces are what determine the speed at which implementation can actually happen. The coordination question reaches its operational test at the labour relations layer, which itself operates under a constitutional architecture where the federal Parliament has jurisdiction over federal employees and provincial legislatures have jurisdiction over almost everyone else.

Federal IT workers are represented primarily by the Professional Institute of the Public Service of Canada and the Public Service Alliance of Canada. PIPSC is currently negotiating AI clauses for roughly 20,000 federal IT workers. The federal IT collective agreement expired December 2025 and is being negotiated under conditions that include the federal AI strategy still being delayed nine months past its original timeline. Whatever the federal government brings to the CUSMA review on AI sovereignty has to be implementable through a workforce that is currently negotiating the terms under which AI gets deployed in federal jurisdiction. Federal contingency architecture, federated learning aggregation, sovereign compute migration, and OS-layer IP protection all require federal IT workers whose collective agreement is open. The federal position on AI sovereignty cannot be operationalized faster than the bargaining table allows.

Provincial public sector unions bargain within provincial jurisdiction under provincial labour relations frameworks. Ontario, Quebec, British Columbia, and Alberta provincial IT workers are covered under different agreements with different expiration dates and different existing AI language. Health sector unions, education sector unions, and utility sector unions each operate under separate frameworks with separate bargaining cycles. Provincial procurement decisions for grid AI, health AI, transit AI, and water AI engage workforces whose collective agreements may or may not include language on AI deployment, training, redeployment, or workforce protection. A province that announces AI deployment without bargained agreement on the workforce implications is announcing a deployment it cannot necessarily execute at the announced speed. The Ontario March 2026 provincewide medical records announcement is the live case. The province has authority to direct the deployment under its constitutional jurisdiction over health care. The province has not, on public information, engaged the workforce frameworks that would implement provincewide medical records in the bargaining cycles that the announcement implies. The deployment authority and the deployment capacity are not aligned.

Municipal collective agreements operate within provincial labour relations frameworks. CUPE represents most municipal workers across Canada through locals that bargain individually with municipal employers. CUPE national has published guidance on AI in the workplace, but coverage at the local level is patchy and contested. Toronto, Vancouver, Montreal, Calgary, Edmonton, and other large cities have varying levels of AI clause coverage in agreements with their inside workers, outside workers, transit operators, library staff, and emergency services personnel. The municipal scale is where the bargaining variability is highest and provincial direction is most decisive. A municipality of 100,000 people deploying AI for property assessment, permit processing, transit operations, and public safety dispatch is engaging at least four different bargaining units operating under at least four different agreements with at least four different positions on AI deployment, all within a provincial labour relations framework that the province has authority to modify.

Collective bargaining is not a delay mechanism for AI sovereignty. It is the implementation mechanism. Collective agreements are the institutional architecture that translates procurement decisions into operational reality. A grid utility that procures Mythos-class defensive AI but has not bargained the workforce terms for its operation is procuring a capability it cannot deploy. A municipality that announces AI-driven permit processing but has not bargained the workforce implications with the union representing permit clerks is announcing a capability it cannot operationalize. The bargaining table is where AI sovereignty becomes implementable or remains aspirational. The proliferation window from Paper 7 closes faster than most public sector bargaining cycles.

The transparency framework connects to the bargaining framework in a way that has not been fully appreciated. Public sector collective agreements include transparency provisions, grievance processes that depend on documented decisions, and bargaining frameworks that operate on data the public sector employer is required to provide. Provincial reductions in transparency affect not just citizens but the workforce’s capacity to bargain and grieve. The Ontario provincial reductions in municipal record-keeping requirements thin the data architecture that municipal unions rely on for grievance documentation, workload analysis, and bargaining preparation. The transparency restrictions affect the bargaining capacity of the workforce that is supposed to implement any AI sovereignty framework. The same provincial action that weakens citizen accountability weakens workforce bargaining position, which weakens implementation capacity, which weakens the operational reality of any AI sovereignty framework that gets formed at the federal layer or the provincial layer. This is a single causal chain, exercised through provincial constitutional authority over municipalities, that has consequences across federal, provincial, and municipal scales of AI deployment.

The analytical coordination work connects to bargaining through training and redeployment provisions. AI deployment that changes what work looks like requires training frameworks for the existing workforce, redeployment paths for work that gets restructured, and protection mechanisms for workers whose roles are most affected. These are bargained provisions within each constitutional jurisdiction. Coordination across federal and provincial bargaining tables is voluntary cooperation between co-sovereigns. Coordination across provincial and municipal bargaining within a province operates within provincial labour relations authority. Without coordination at the bargaining layer, each jurisdiction negotiates separately, each agreement produces different standards, and the workforce implementing AI sovereignty operates under fragmented protections that mirror the fragmented procurement standards above them. The heterogeneity that adversaries map at the procurement layer extends into the workforce layer with the same defensive consequences.

Public sector unions are not opponents of AI sovereignty. Most have published positions in favour of public sector capability, sovereign infrastructure, and workforce-led implementation rather than vendor-led implementation. The CUPE national guidance on AI, the PIPSC bargaining position on AI clauses, and the various provincial union positions are broadly aligned with the sovereignty argument the series has been making. The constraint is not labour opposition. The constraint is the absence of coordination architecture that lets the labour position align with the procurement position and the federal trade-law position. The workforce is ready to implement. The coordination architecture that would let implementation happen at the speed the proliferation window requires does not yet exist in the constitutional framework that governs how it would have to be built.

Heterogeneity as Attack Surface

The threat architecture from Paper 7 established that Canadian critical infrastructure is exposed to Mythos-class adversaries within a proliferation window measured in roughly 24 months. The defensive case rested on sovereign compute, contingency architecture, and the integration of edge intelligence with sovereign aggregation. The architectural argument now extends to include the procurement layer, the analytical coordination layer, and the workforce layer. Each adds a dimension of heterogeneity that adversaries can map and exploit.

Procurement heterogeneity is the first dimension. Provinces making different procurement decisions for different AI tools running on different compute infrastructure under different contractual terms produce a defensive surface where each provincial deployment presents a different attack profile. An adversary with a working exploit chain against one configuration has to do less work to develop chains against adjacent configurations than the original development required. Heterogeneity in procurement does not produce defensive diversity. It produces correlated vulnerability with variable exploit costs.

Analytical heterogeneity is the second dimension. Different jurisdictions operating on different data definitions, different analytical frameworks, and different decision support tools produce a governance environment where shared situational awareness during an incident is structurally difficult. An attack that affects multiple jurisdictions simultaneously requires coordinated response. Coordinated response requires shared analytical foundations. The fragmented analytical layer the series has now described produces a defensive posture where jurisdictions cannot share a common operating picture during an incident because they do not share one outside of incidents.

Workforce heterogeneity is the third dimension. Different bargaining frameworks producing different training standards, different redeployment provisions, and different workforce protection mechanisms produce a workforce where implementation speed varies by jurisdiction in ways that adversaries can map. An adversary modeling Canadian critical infrastructure response capability sees the procurement variability, the analytical variability, and the workforce variability beneath both. The workforce that implements defensive response is the workforce whose collective agreements determine what response looks like and how fast it can happen.

The combined defensive surface is what adversaries actually map. Procurement heterogeneity, analytical heterogeneity, and workforce heterogeneity together produce an attack profile where the seams between jurisdictions are the highest-value targets. The 2003 Northeast blackout originated in Ohio and propagated to Ontario, Québec, and the US Northeast in minutes. The cascade crossed jurisdictional seams at the speed the integrated grid permits. The AI-driven attack scenario operates at higher speed across more seams. The defensive case for coordination is that coordination removes the seams adversaries currently rely on, while preserving the constitutional authority each jurisdiction retains within its own sphere.

Coordination is not consolidation. Provinces retain procurement authority. Municipalities operate under provincial direction within provincial constitutional jurisdiction. Bargaining units retain authority to negotiate the terms of work. Federal jurisdiction over trade and national security remains federal. Coordination is the architecture that aligns standards across constitutional jurisdictions while preserving authority within each jurisdiction. NERC is the existing example of how the alignment can work. Provinces and states retain operational authority over their portions of the integrated grid. The reliability standards are coordinated across jurisdictions because cascading failure does not respect jurisdictional boundaries. The AI sovereignty equivalent has the same structural requirement and does not yet have the architecture.

What the Coordination Architecture Has to Do

The diagnosis is widely shared among people who would have to build the architecture: the coordination readiness does not exist. The diagnosis is correct. The diagnosis is also the starting point rather than the conclusion. The coordination architecture has to be built from the readiness state that actually exists, which is fragmented, under-resourced, and operating without a precipitating event that has forced the question. The proliferation window from Paper 7 is the precipitating event. The architecture has to be designed for the readiness state that exists rather than the readiness state that would be ideal.

The NERC reliability standards framework is the closest existing model and the right starting point for the design. NERC operates because the 2003 Northeast blackout forced the coordination question across constitutional jurisdictions that did not previously coordinate at the operational layer. Canadian provinces and US states retained operational authority over their portions of the integrated grid. They delegated standards development to NERC voluntarily because the cascade had demonstrated that no single jurisdiction could secure the integrated system on its own. The architecture that emerged has five elements that the AI sovereignty coordination architecture would need to replicate at the AI layer.

The first element is mandatory standards with delegated authority. NERC reliability standards are mandatory for users, owners, and operators of the bulk power system. The standards are developed through a stakeholder process that includes utilities, regulators, and technical experts across jurisdictions. The Federal Energy Regulatory Commission in the United States and the relevant provincial regulators in Canada delegate authority to NERC for standards development while retaining authority for enforcement within their jurisdictions. The AI sovereignty equivalent would require federal and provincial agreement on a standards body, a stakeholder process that includes federal departments, provincial procurement authorities, public sector unions, technical experts, and municipal operators on whose deployments the standards would land, and delegated authority for AI standards development with retained authority for enforcement at each jurisdictional level. The constitutional architecture allows this because each jurisdiction is delegating from its own constitutional authority rather than ceding authority to a superordinate body that does not exist.

The second element is compliance monitoring with audit capacity. NERC operates a compliance monitoring program that audits utilities against the reliability standards, identifies gaps, and produces remediation requirements. The monitoring is technical, continuous, and resourced. The AI sovereignty equivalent would require a compliance monitoring function that audits federal departments, provincial procurement, municipal procurement under provincial direction, and the implementation of bargained workforce frameworks against the coordinated standards. The monitoring has to operate at the tempo the proliferation window requires, which is faster than annual reporting cycles.

The third element is incident reporting with mandatory disclosure. NERC requires utilities to report reliability events through a structured framework that produces shared situational awareness across the integrated grid. The reporting is mandatory, the disclosure is timely, and the resulting analytical foundation supports both improved standards and coordinated response. The AI sovereignty equivalent would require mandatory incident reporting for AI deployment failures, security events affecting AI infrastructure, and capability degradation events that affect critical infrastructure operations. The reporting framework has to operate across federal jurisdiction, provincial jurisdictions, and municipal operations under provincial direction, with consistent definitions, consistent thresholds, and consistent disclosure timelines.

The fourth element is workforce coordination through shared training and certification. The grid sector operates shared training programs, certification requirements, and continuing education frameworks that produce a workforce with consistent baseline capability across jurisdictions. The framework was developed through coordination among utilities, unions, regulators, and educational institutions. The AI sovereignty equivalent would require shared training standards for the public sector workforce implementing AI sovereignty frameworks, certification requirements for roles that operate sovereign AI infrastructure, and coordination across the bargaining units that govern training and redeployment provisions in collective agreements within each constitutional jurisdiction. The workforce coordination is what makes the procurement coordination operationally meaningful.

The fifth element is analytical coordination through shared definitions and integrated data architecture. The grid sector operates on shared definitions of reliability events, integrated data architecture for grid telemetry, and analytical frameworks that produce common operating pictures across jurisdictions. The architecture supports both routine operations and incident response. The AI sovereignty equivalent would require shared definitions for what AI sovereignty means at each layer of the analysis, integrated data architecture that supports cross-jurisdictional analysis without consolidating data under single jurisdictional control, and analytical frameworks that produce common operating pictures for AI deployment status, capability evolution, and threat exposure. The Kube point about contested data and framing is what this element addresses. Shared analytical foundations are not optional features of mature governance. They are the operational layer that makes coordinated response possible.

The five elements together describe an architecture that does not currently exist for AI in Canada. The architecture is buildable. The components are well understood. The political and institutional work to build it is substantial and the timeline is constrained by the proliferation window rather than by ordinary policy cycles. The architecture has to be designed for the readiness state that exists, which means the early stages have to produce visible value at low coordination cost while building toward the full architecture over the time the threat window permits.

The early-stage coordination work is feasible within the existing constitutional architecture. A federal-provincial AI sovereignty registry, established through the Council of the Federation or an existing intergovernmental forum, would produce the inventory layer the rest of the architecture builds on. A coordinated incident reporting framework, developed through existing public sector cyber security relationships, would produce the situational awareness layer. A workforce coordination table, established through the existing federal-provincial-territorial labour ministers’ framework, would produce the bargaining alignment layer. A standards development process, anchored in the existing federal cyber security framework under Bill C-8 with provincial and municipal participation, would produce the standards layer. None of these components requires new institutional architecture or constitutional change. They require existing intergovernmental relationships to take up AI sovereignty as a coordinated file. Provincial direction of municipal participation in any of these mechanisms is a within-province administrative matter.

The coordination architecture is therefore not waiting on institutional design. It is waiting on agenda. The Council of the Federation, the federal-provincial-territorial cyber security forums, the labour ministers’ framework, and the existing federal-provincial procurement coordination mechanisms can all take up AI sovereignty within their existing scope. The architecture gets built when AI sovereignty becomes an item on those agendas. The CUSMA review is the precipitating venue that forces the federal agenda question. The proliferation window is the precipitating threat that forces the timeline question. Both pressures point in the same direction.

Handoff to the Trade-Law Architecture

The coordination architecture established here is the precondition for the federal position the CUSMA review requires. A federal position on AI sovereignty that does not include coordination with provinces is a position that cannot be implemented at the scale where most Canadian AI procurement decisions are actually made. The trade-law instruments operate within federal jurisdiction. The procurement decisions operate within federal jurisdiction, provincial jurisdictions, and municipal operations under provincial direction. Federal trade-law obligations bind provinces as a matter of treaty implementation, which is one of the constitutional levers federal AI sovereignty actually has. The coordination architecture is what connects the leverage to the implementation.

Paper 9 takes up the trade-law architecture under which the federal position has to be formed. CUSMA Articles 19.11, 19.12, 19.16, and 32.2 constrain what the federal government can do without invoking the national security exception. The grid case from Paper 7 is the strongest available predicate for invoking that exception. The coordination architecture from this paper is what makes the federal position implementable across the procurement and workforce frameworks where the position actually has to land. The two papers describe two halves of the same operational requirement. Neither half works without the other.

The first decision point for both halves is July 1, 2026. The runway for refining the architecture and the position is the ten-year extended review window if CUSMA is not renewed at the six-year mark, or the next sixteen years under existing trade-law architecture if it is. The coordination architecture has to begin building now. The federal position has to be formed by July. The procurement decisions Canadian utilities, hospitals, transit systems, and municipalities are making this quarter are setting the defaults that the coordination architecture and the federal position will operate within. The architecture has to catch up with the procurement that has already been operating without it.

The diagnosis from people who would have to build the architecture applies to the entire problem: the readiness does not exist. The diagnosis is correct. The architecture has to be built from where readiness actually is, at the speed the threat window requires, through the existing intergovernmental relationships that can take up AI sovereignty within their existing scope. The not-ready state is the starting point. The coordination architecture is what readiness looks like once it has been built. The work is the work.