Your Employees Already Use ChatGPT: The Hidden Law 25 Risk
By Xavier PeichAn employee pastes a client list into ChatGPT to move faster. That's shadow AI, and it's a real Law 25 risk. Here's why it matters and what to do.
On May 1, 2026, La Presse ran the headline that using AI at work could be illegal. Not in ten years. Now. The story made the rounds in management meetings, and for good reason.
But the real problem is probably not the AI agent your IT team has been evaluating for six months. It's what's already happening, quietly, with no bad intent: an employee pastes a client list into the free version of ChatGPT to draft a follow-up email. Another pastes a supplier contract to get a summary. A third exports a contact sheet and drops it into an AI tool to prepare a presentation.
That's shadow AI. And it's exactly the scenario the headline was about.
This article is part of a series on Law 25 obligations for SMBs deploying AI agents. Here, we focus on the most common and least visible risk: your employees already using public AI tools with data that shouldn't be in them.
The short answer, for the busy
Your employees' informal use of ChatGPT is a Law 25 risk for three concrete reasons. First, the personal information they paste into it leaves your control: you no longer decide where it goes, how long it stays, or what OpenAI does with it. Second, that data leaves Quebec, which triggers a prior assessment obligation that nobody has fulfilled. Third, the consent your clients gave you does not cover their information being processed by a public AI tool. Under Law 25, the employer remains responsible for the personal information it holds, regardless of which tool an employee used. The problem is structural, not a matter of bad faith. The fix is a fast path that is also a compliant path: a governed, custom agent connected to your tools, paired with a clear one-page usage policy.
Why this breaks Law 25, precisely
Law 25 is the common name for the legislation that modernized private-sector privacy protection in Quebec (formally, Act P-39.1). Its most significant AI-related obligations have been in force since September 22, 2023. They apply to any organization that holds personal information, with no size threshold. A fifteen-person SMB has the same obligations as a large bank.
Three mechanisms trigger the moment an employee pastes data into ChatGPT.
The data leaves your control
Law 25 holds you responsible for the personal information you hold. When an employee transfers it to a tool you don't control, you lose the ability to fulfill the obligations that follow: correct it, delete it on request, explain how it is being used. The responsibility doesn't disappear. It stays on your shoulders, even though you no longer control anything.
The data leaves Quebec
This is the point many executives miss. The threshold under Law 25 is not "outside Canada." It's "outside Quebec." OpenAI's servers are in the United States. The moment personal information is communicated outside the province, the law requires a prior assessment and a demonstration that the information will receive adequate protection. We cover that mechanism in detail in the article on data transfers outside Quebec and AI agents. Nobody has completed that assessment for the ChatGPT sessions your team runs over lunch.
Your clients' consent doesn't cover this
Article 14 of Law 25 requires that consent to the use of personal information be "manifest, free, informed and given for specific purposes." Your clients consented to you using their information to deliver the agreed-upon service. They did not consent to that information being processed by a public AI model, potentially used to train a future model, and stored on servers whose address you don't know. Even where no bad intent exists, the consent simply isn't there.
A structural problem, not an intention problem
The La Presse headline could leave the impression that someone needed to be disciplined. They don't. Your colleagues are trying to get through their day faster with the tools they have in front of them. ChatGPT is free, open in a browser tab, and genuinely useful for rewording an email or summarizing a twenty-page contract. If nobody has given them a governed alternative, it's the only fast path they can see. They take it.
A policy that says "never use AI with client data" and offers no replacement will hold for two weeks, until delivery pressure picks back up. You'll have the document. You won't have compliance.
Sanctions: what the CAI can do
The Commission d'accès à l'information (CAI) is the body that enforces Law 25. Since 2023, it can impose sanctions directly, without going through the courts. Amounts can reach the greater of $10 million or 2% of worldwide revenue. On the penal side, before the courts, fines can reach the greater of $25 million or 4% of worldwide revenue, and can target executives personally.
For an SMB, the realistic risk is not the seven-figure fine. It's the complaint from a client or a former employee that leads to an investigation, with everything that implies in time, legal fees, and reputation. The CAI has reinforced its inspection resources and complaints are rising. The context has shifted.
The fix: a fast path that is also a compliant path
The shadow AI problem is fundamentally a supply problem. Your employees are looking for the fastest way to do their work. If the fast path is an ungoverned public tool, that's where they go. The fix is making the fast path the compliant path as well.
In practice, that takes two things.
A custom agent, connected to the right tools. An agent configured for your business can do everything your employees are trying to do with ChatGPT, but with built-in guardrails: it only receives the data that's necessary, it runs in an environment you control, the information is not used to train a public model, and transfers outside Quebec are documented and assessed. The difference between a public tool and a custom agent is as much about governance as it is about performance. We explain this in detail in What is the difference between an AI agent and ChatGPT?.
A one-page usage policy. Not a fifty-page document nobody reads. One clear page: which tools are approved, which are off-limits with client data, who to ask when you're unsure. It takes a few hours to write, and it becomes the reference point when onboarding new employees. The policy without the agent isn't enough, but the agent without the policy isn't either. Together, they form a system that holds.
Where to start, this Monday
Three steps, in order.
First, do an honest inventory. Ask your teams which AI tools they're already using, how, and with what data. Not to blame them: to understand where the real risk sits. Shadow AI is almost always present. It's better to map it than to discover it in a complaint.
Next, identify the two or three tasks where informal use is most frequent, the ones where your employees routinely turn to ChatGPT or another public tool. Those are the priority cases for a governed agent.
Finally, draft a short policy to cover the interval. Even one page that says "here are the approved tools, here are the ones that are off-limits with client data, here is who to ask" reduces your exposure while the agent is being built.
If you want to talk through your specific situation, the first conversation is free. 30 minutes to look at what's already happening in your teams, identify the at-risk cases, and see whether a custom agent is the right answer.
Get in touch, no commitment required
This is plain-language education, not legal advice. For any situation involving sensitive information or an important decision, consult a legal advisor. The Commission d'accès à l'information and the legislation on LégisQuébec are the sources that prevail.
Written by