Law 25 Compliance Checklist: 12 Steps Every Quebec Business Must Complete (2026)

2026-03-15 · Alexandre Sauvageau

Law 25 Quebec: 12-step compliance checklist for businesses. Privacy Officer, PIAs, 72h breach notification, AI tool audits & fines up to $25M explained.

All three phases of Quebec's Loi 25 are now in force. Here is the exact 12-step checklist every business must complete to avoid fines up to $25M — from designating a Privacy Officer to auditing your AI tools.

Who does Loi 25 apply to — and what are the real penalties?

The 12-step Loi 25 compliance checklist

The 3 most common Loi 25 compliance mistakes Quebec businesses make

How AI email tools create Loi 25 obligations — and how to audit them

Loi 25 compliance is not a one-time project — it's an ongoing operational commitment. The 12 steps above cover the full scope of obligations now in force. But compliance isn't just about avoiding fines. Quebec's privacy law is the most rights-respecting framework in North America. Organizations that implement it properly build trust with clients, reduce breach exposure, and future-proof their data practices against even stricter regulation coming at the federal level (Bill C-27). Start with the three highest-impact steps: designate your Privacy Officer today, audit every third-party tool that touches personal data, and publish an accurate privacy policy. Everything else follows from those foundations.