Your AI Agent Runs on US Servers: What Law 25 Requires
By Xavier PeichDoes your AI agent send personal information outside Quebec? Article 17 of Law 25 applies. Here are the three obligations and how to meet them in practice.
The vast majority of AI agents deployed in 2026 send personal information to a model running on servers in the United States. OpenAI, Anthropic, and Google operate their main models on US infrastructure. That is an infrastructure reality, not a configuration setting you can switch off somewhere. If your agent takes a customer order, reads an email, or accesses an employee file to generate a response, that data crosses a border.
Is that illegal? Not automatically. But it is regulated, and the requirements are specific. This is exactly the kind of detail your AI solution provider should know before writing a single line of code. If they cannot answer you clearly on this, you already have your answer about their competence.
This article is the technical companion to the general Law 25 guide for Quebec SMBs. That guide covered four obligations at a high level. Here, we dig into the most treacherous one.
The short answer, for those in a hurry
Article 17 of the Act modernizing P-39.1 (the Act respecting the protection of personal information in the private sector, commonly called "Law 25") requires any Quebec business to conduct a PIA (privacy impact assessment) before communicating personal information outside Quebec. The transfer is permitted provided the assessment demonstrates adequate protection, taking into account the legal regime of the destination province or country and the contractual measures in place. The communication must be covered by a written agreement. These obligations apply even when data goes to Ontario rather than the United States: the threshold is "outside Quebec", not "outside Canada". Since most major AI models run on US servers by default, an agent that sends a client file to one of them triggers article 17. The transfer must be assessed, documented, and data collection kept to the strict minimum necessary. Compliant solutions exist today.
The "outside Quebec" threshold trap
This is where almost everyone gets it wrong. You often hear "our data stays in Canada, we're fine." Not necessarily.
Law 25 does not draw the line at Canada. It draws the line at Quebec. The moment personal information leaves the province, regardless of where it goes (Toronto, Seattle, Dublin), the article 17 obligation activates. A data warehouse in Ontario triggers the same requirements as a server in San Francisco.
Why does this detail change everything for AI agents? Because the language models used in production are not hosted in Quebec. When your agent sends a request to GPT or to Claude via OpenAI's or Anthropic's public APIs (application programming interfaces), that request travels to data centers located outside Quebec. The personal information in the request, a customer number, the content of an email, a name on an order, has just crossed the legal boundary set by Law 25.
The good news: knowing this puts you ahead of most improvised deployments.
Article 17: the three requirements
Article 17 of P-39.1 has been in force since September 22, 2023. It applies to any business that holds personal information, with no size threshold. A fifteen-person SMB has the same obligations as a large corporation.
Three concrete requirements follow from it.
First requirement: the PIA
Before communicating personal information outside Quebec, you must conduct a PIA. This assessment documents which data is leaving, to which country or province, under which legal regime, and what measures protect the information in transit and at rest. Article 17 provides that the communication is permitted if the assessment concludes that adequate protection is in place.
Many business owners picture a PIA as a $15,000 consulting report. The Commission d'accès a l'information (the CAI, the body responsible for enforcing the law) publishes a guide and a generic template, both available free on its website. For a transfer to an established AI provider with a public privacy policy and known security certifications, the exercise takes a few hours. What matters is that it is done and documented.
A transfer may also require a PIA outside the context of an AI agent. Any outsourcing of collection, use, communication, or storage to a third party outside Quebec, a cloud provider for example, falls under the same framework. We cover that in the dedicated article on PIAs for AI agents.
Second requirement: adequate protection
The assessment must demonstrate that the personal information will benefit from adequate protection, taking into account the legal regime of the destination and the contractual measures agreed upon.
For a transfer to the United States, that means reviewing the data processing clauses in your contract with the AI provider, verifying whether it commits to not using your data to train its models without consent, and noting the applicable security certifications (SOC 2, ISO 27001, and so on). No one can guarantee absolute imperviousness. The law asks for a documented demonstration of reasonable diligence, not a promise of infallibility.
Third requirement: the written agreement
The communication of personal information outside Quebec must be covered by a written agreement. In practice, this means that the contract with your AI provider (often the API terms of service combined with a Data Processing Agreement, or DPA) must exist, be signed, and cover the protection obligations.
Most major providers offer a DPA on request or automatically for business accounts. Verifying this is part of responsible deployment work.
The practical solution: Canadian residency and data minimization
The obligation does not disappear, but it can be substantially simplified if data never leaves Quebec, or at least never leaves Canada. And contrary to what you sometimes hear, this is achievable now, not two years from now.
Canadian data residency, concretely. Anthropic's Claude models (including Sonnet 4.5 and Haiku 4.5) are available via Amazon Bedrock with Canadian data residency: data at rest stays in the Canada (Central) AWS region (ca-central-1), inference requests travel over Amazon's private network rather than the public internet, and encrypted responses are returned to Canada. This does not entirely eliminate the article 17 issue (data is still outside Quebec), but it simplifies the PIA considerably and strengthens the case for adequate protection.
An agent built on this architecture has significantly more solid compliance documentation than one sending requests to public APIs with no thought given to the underlying infrastructure.
Data minimization, the other lever. The minimization principle sits at the heart of Law 25: you must collect and communicate only the personal information necessary for the purpose being pursued. Applied to an AI agent, this means one simple thing: send the model only what it needs for the task.
If the agent is qualifying a service request, send the problem description, not the customer's full file. If the agent is processing an order, send the internal identifier, not the social insurance number. This is both a legal requirement and a sensible architectural decision: a shorter request costs less, exposes less surface area, and is easier to debug.
What this means for your employees
Article 17 governs organized transfers, the ones you design and document. But there is another vector for personal information leaving Quebec that Law 25 targets indirectly: unsupervised use by employees.
When a team member pastes a client contract into ChatGPT to save time, personal information leaves Quebec without a PIA, without a written agreement, and without minimization. This is shadow AI, and it is the most common scenario in Quebec SMBs in 2026. We dedicate a full article to it: Employees and shadow AI: the risk Law 25 won't excuse.
A governed agent reduces this risk at the source. It gives your teams a fast, compliant path instead of leaving them to improvise with consumer tools.
What you can do this week
Three steps, in order.
Identify which personal information your agent sends to the model, and toward which infrastructure. If you do not know, ask your provider. If they do not know either, you need a different provider.
Check whether your contract with the AI provider includes a DPA. For major players (Anthropic, OpenAI, Google), it is available. If it is not signed, it takes a few minutes to sort out.
Start even a lightweight PIA for the transfer. The CAI publishes a free template. Having it documented protects you if a complaint arises. Not having it, in the event of an incident, is much harder to defend.
A few hours in total. A single client complaint takes considerably more.
If you want to check whether your current agent, or the one you are planning, meets the article 17 requirements, the first conversation is free. 30 minutes, no commitment, to review the data architecture and identify the adjustments needed before it becomes a problem.
Take the free 30-minute review
This is plain-language education, not legal advice. For anything involving sensitive information or a high-stakes decision, consult a qualified legal advisor. The Commission d'accès à l'information and the legislation on LégisQuébec are the sources that prevail.
Written by