AI Agents and Law 25: What a Quebec SMB Must Know Before Deploying
By Xavier PeichLaw 25 doesn't ban AI agents. It sets four specific obligations. Here's what they are, and how to deploy without putting your business at risk.
On May 1, 2026, La Presse ran the headline that your use of AI at work might be illegal. The kind of story that lands on Monday morning's agenda, usually with the wrong conclusion: "let's put AI on hold until we understand this better."
That is exactly the wrong reaction. Law 25 does not ban AI agents. It regulates one specific thing: what your software is allowed to do with the personal information of your clients and employees. A well-designed agent checks the boxes. An improvised one doesn't. And your employees pasting client data into the free version of ChatGPT at lunch? That is where the real risk lives.
Here is what the law actually requires, without the legal jargon, and how a Quebec SMB deploys a custom agent without inviting trouble. If the term "AI agent" is still fuzzy, we define it in What Is an AI Agent and Why Should Your SMB Care?
The short answer
Yes, an AI agent is perfectly legal in Quebec. Quebec's Law 25 (the modernized Act respecting the protection of personal information in the private sector, P-39.1) does not target any particular technology: it protects personal information regardless of the tool that handles it. It applies to every business that holds such information, with no size threshold. A twelve-person SMB carries the same obligations as a bank. For an AI agent, four obligations actually matter: informing people when a decision is made entirely by automated means (article 12.1); assessing risks before deploying any system that touches personal information (the PIA, or privacy impact assessment); governing any transfer of data outside Quebec; and obtaining clear, specific consent. The legal risk does not come from the agent itself. It comes from how the agent handles, stores, and moves information. That is a question of design, not a prohibition.
Law 25 in 30 seconds (and why it concerns you)
Law 25 came into force in stages between 2022 and 2024. The core obligations relevant to AI have been active since September 22, 2023. This is not upcoming legislation: it is already in effect. The Commission d'accès à l'information (CAI), Quebec's privacy regulator, has been empowered to impose penalties since 2023, its inspection resources have been strengthened, and citizen complaints are rising.
The numbers are not symbolic. The CAI can impose administrative monetary penalties directly, without going through a court, of up to the greater of $10 million or 2% of worldwide turnover. On the penal side, before the courts, fines can reach the greater of $25 million or 4% of worldwide turnover, and officers can be personally targeted.
For an SMB, the realistic risk is not the $25 million fine. It is the complaint from a client or a former employee, the investigation that follows, and the time and reputation it costs you. Compliance here is essentially insurance against a very bad day.
The four obligations that apply to an AI agent
1. Disclose when a decision is fully automated (article 12.1)
Since September 2023, if your business makes a decision "based exclusively on automated processing" about a person, you must inform that person no later than the moment the decision is made. On request, you must also explain which information was used, the main factors that influenced the outcome, and give the person an opportunity to have the decision reviewed by a member of your staff.
In practice: an agent that approves or declines a credit application, screens job candidates, sets a premium, or closes an account falls squarely under this rule. The operative word is "exclusively." An agent designed to escalate borderline cases to a human changes the picture, because a person is genuinely participating in the decision. That is an architectural choice, and one of the choices that separates a smooth deployment from a risky one.
→ Read the dedicated article: Automated decisions and article 12.1, in detail
2. Complete a PIA before deploying
The privacy impact assessment (PIA) is the obligation most often overlooked. The law requires you to assess privacy risks before any project involving the acquisition, development, or overhaul of an information system that handles personal information. A new AI agent fits that description exactly.
This is not an 80-page document. For an SMB, it is a structured exercise: which data the agent touches, where it goes, who can access it, and what happens if something goes wrong. Done seriously, it takes a few hours, and it keeps you from discovering a problem after it has already become a complaint.
→ Read the dedicated article: How to run a PIA before deploying
3. Govern data that leaves Quebec
This is the subtlest technical trap. Law 25's threshold is not "outside Canada." It is "outside Quebec." Any time personal information is communicated outside the province, you must first complete a PIA and ensure the information will receive adequate protection.
Most major AI models, including those from OpenAI, Anthropic, and Google, run on servers in the United States. An agent that sends a client file to one of those models triggers the obligation. That does not make it prohibited. It means the transfer must be assessed, documented, and ideally minimized: send the model only what it needs, never a full social insurance number when an internal identifier will do.
→ Read the dedicated article: Your data outside Quebec and article 17, in detail
4. Obtain clear consent (and deal with shadow AI)
Law 25 requires consent that is "manifest, free, informed, and given for specific purposes," requested separately for each purpose. If your agent uses personal information in a new way, people need to understand what it is doing and why.
But the most common risk in 2026 is not the official agent. It is shadow AI: your employees, without bad intent, pasting a client contract or an email list into the free version of ChatGPT to save time. At that moment, personal information leaves your control, crosses out of Quebec, and may feed a model's training data. That is precisely the scenario La Presse pointed to. A controlled, purpose-built agent, connected to the right tools with the right guardrails, is often the best answer to this problem: it gives employees a fast, compliant path instead of a fast, risky one.
→ Read the dedicated article: Shadow AI and your employees, in detail
Off-the-shelf chatbot vs. custom agent: why compliance tilts one way
Here is the distinction that changes everything legally. A consumer tool like the free version of ChatGPT is a black box you do not control: you have no say over where the data goes, what is retained, or what will be used to train the next model.
A custom agent is built around your constraints. You decide what it is allowed to read, minimize the personal information that passes through it, keep a record of decisions so they can be explained (article 12.1), define when it escalates to a human, and document all of this in the PIA. Compliance is not a layer you add at the end: it is in the way the agent is built. That is also what technically separates an agent from a chatbot, which we cover in What Is the Difference Between an AI Agent and ChatGPT?
Where to start, concretely
Three steps, in order, before deploying anything.
First, take stock of what your teams are already using. Shadow AI is almost always present; better to find it yourself than to discover it in a complaint.
Next, for each serious use case, run a lightweight PIA: which data, going where, with what safeguards. It scopes the project and already satisfies one of your legal obligations.
Finally, for the tasks where an agent makes sense, require your vendor to explain clearly where the data runs, what is retained, and how the agent handles sensitive cases. If they cannot answer those questions clearly, you already have your answer.
If you want to talk through your specific situation, the first conversation is free. Thirty minutes to look at your workflows, identify which ones are a good fit for an agent, and name the compliance questions honestly, before a single line of code is written.
This is plain-language education, not legal advice. For anything involving sensitive information or a high-stakes decision, consult a qualified legal advisor. The Commission d'accès à l'information and the legislation on LégisQuébec are the sources that prevail.
Written by