Ontario’s New Enhancing Digital Security and Trust Act (Bill 194): What This Means for OECM Customers

July 3, 2026

The Government of Ontario has introduced new cybersecurity and privacy requirements through the Enhancing Digital Security and Trust Act, 2024 (Bill 194), which came into effect on July 1, 2026. The Act establishes a comprehensive legislative framework focused on cybersecurity, digital trust, and the responsible management of digital information. Its objective is to strengthen cybersecurity practices across the public sector and enhance the protection of sensitive information held by public entities. 

To support compliance with Bill 194, OECM has incorporated additional provisions into its Master Agreements, including: 

  • Enhanced Data Protection Requirements – Additional language requiring suppliers to execute agreements necessary for the protection of customer data, confidential information, and personal information where required by the customer.  
  • Enhanced Breach Notification Requirements – Additional obligations requiring suppliers to immediately notify customers of any actual or suspected breach or loss of confidential information involving third-party cloud-based or data hosting service providers.  
  • New Bill 194 Compliance Provision – A dedicated clause confirming that suppliers will provide reasonable assistance to customers in meeting any obligations arising under the Enhancing Digital Security and Trust Act, 2024 and related regulations.  

OECM recognizes that cybersecurity continues to be a growing priority for public sector organizations. To support customers in meeting the Cybersecurity Maturity Assessment requirement under Bill 194, OECM offers a Vulnerability Assessment and Penetration Testing Services agreement. 

This agreement provides access to qualified suppliers that can assist organizations with conducting Cybersecurity Maturity Assessments, identifying vulnerabilities, evaluating cybersecurity controls, and strengthening their overall cybersecurity posture and digital resilience. 

Ongoing Commitment to Compliance 

OECM remains committed to monitoring legislative and regulatory developments and ensuring that its agreements and procurement processes continue to align with evolving provincial requirements. 

All future OECM agreements will incorporate applicable cybersecurity, privacy, and legislative requirements to support customers in meeting their compliance obligations. 

OECM will continue to align its agreements, sourcing processes, and supporting tools to enable customers to effectively meet evolving cybersecurity and privacy requirements. 

Questions? 

OECM’s dedicated Customer Support team is available to assist with questions related to Bill 194, cybersecurity-related agreements, or your procurement planning needs. 

We are here to help you navigate these changes with confidence and continue to deliver value across your organization. 

Email: customersupport@oecm.ca  
Phone: 1-844-OECM-900 (1-844-632-6900) 

We use cookies on this website to improve functionality and performance, to analyze traffic to the website and to enable social media features. To learn more please see our Privacy Policy for details.