Canada’s digital sovereignty — its ability to store data, run AI workloads and transact value without foreign-government veto — rests on three interlocking pillars: monetary independence, data independence and compute independence. None of the three is secure today.

Why this matters right now

In June 2026, Anthropic restricted access to its flagship Claude models for foreign nationals — not because Canada did anything wrong, but because a US regulatory directive made it necessary. Canadian developers who had built workflows, businesses and compliance processes around a US-controlled AI service woke up to find those services offline. It was a clean demonstration of a structural dependency that predates AI by decades.

Canada’s financial infrastructure, cloud computing layer and AI compute stack are all majority-owned or majority-controlled by US companies and subject to US law. Under the US CLOUD Act (18 U.S.C. §2713), any data held by a US-headquartered company — regardless of where the servers physically sit — is reachable by US government order without notice to the data subject or host jurisdiction. No Canadian data residency clause changes that.

D-Central Technologies has operated at the intersection of Bitcoin, open-source hardware and self-hosted infrastructure since 2016. This page is the index for everything we have published on Canadian digital sovereignty across all three dimensions.

The three sovereignties

1. Monetary sovereignty — Bitcoin as Canada’s reserve option

The US dollar represents approximately 57% of global foreign-exchange reserves (IMF COFER data, Q4 2025). Visa and Mastercard control an estimated 90% of card-payment rails outside China (Nilson Report, 2024). Every Canadian dollar that crosses a border moves through a US-governed clearing layer. Canadian businesses that hold inventory, pay suppliers or collect receivables internationally carry structural USD exposure that has nothing to do with exchange-rate risk — it is jurisdictional exposure.

Bitcoin is the only widely-deployed monetary network with no controlling jurisdiction, no CEO and no regulatory chokepoint. It does not eliminate exchange-rate risk. It eliminates censorship risk. That is a different category of protection, relevant to any business whose counterparty or supply chain crosses the US regulatory perimeter.

D-Central’s mining hardware, education and pool-infrastructure content covers the technical layer of operating Bitcoin nodes and hashpower inside Canada. See our mining pools guide and the open data hub (including live hashprice and power-profiles data).

2. Data sovereignty — Law 25, the CLOUD Act and the AIDA gap

Quebec’s Law 25 (Loi modernisant des dispositions législatives en matière de protection des renseignements personnels, fully in force September 22, 2023) is Canada’s most rigorous provincial privacy statute. Its key provisions for organisations using cloud services:

• Privacy impact assessments (PIAs) are mandatory before any cross-border transfer of personal information. The PIA must evaluate whether the destination jurisdiction offers comparable protection.
• Contractual safeguards must mirror Quebec’s protections — foreign cloud contracts that defer entirely to US law do not satisfy this requirement.
• Breach notification to both the Commission d’accès à l’information (CAI) and affected individuals is required for any breach that presents a risk of serious injury.
• Privacy-by-design is now a legal obligation, not an aspiration.

Quebec’s Bill 96 (Loi sur la langue officielle et commune du Québec, la langue française, in force June 1, 2022) adds a language-layer consideration: technology contracts and software interfaces used in the Quebec workplace must be available in French, and organisations with 25 or more employees are subject to francisation requirements. Procurement of AI tools and cloud platforms must account for this.

At the federal level, Bill C-27 / AIDA (the Artificial Intelligence and Data Act) is defunct. It died when Parliament prorogued in January 2025 and was not reintroduced after the April 2025 election. Canada has no federal AI-specific legislation in force as of June 2026. This is not a temporary gap — it is a governance vacuum that organisations must fill at the contract and infrastructure level rather than relying on statutory protection.

The practical implication: a Quebec organisation running personal data through a US-controlled cloud AI service has a Law 25 compliance exposure today, with no federal statute to lean on and no certainty that any future statute will arrive before an enforcement action does. On-premise AI deployment is the only approach that definitively closes both the CLOUD Act gap and the Law 25 cross-border-transfer trigger.

3. Compute sovereignty — the AI infrastructure layer

US firms account for approximately 85% of Canadian enterprise cloud spend, according to research cited by the Canadian Alliance of Managed and Professional Services (CAMP). NVIDIA holds an estimated 80%+ share of the AI-accelerator market (company filings, Q4 2025). Both figures mean that Canada’s AI compute layer is almost entirely controlled by US-headquartered entities.

This is not a hypothetical risk. The June 2026 Claude/Anthropic export-control episode is one instance. US export controls on advanced semiconductors (Entity List, EAR §744) have already restricted what GPU configurations Canadian research organisations can acquire from certain vendors. The regulatory apparatus exists and has been used; the only question is which workload is next.

Compute sovereignty requires owning the physical hardware, running open-weight models locally, and building redundant communication infrastructure that does not transit US-controlled network chokepoints. That is the thesis behind everything D-Central has built in the sovereign-stack pillar.

The sovereign-stack answer

No single product or service solves all three dependencies simultaneously. The defensible answer is a layered stack, each layer independently verifiable and replaceable:

Layer	Dependency being replaced	Technology	D-Central resources
Money	USD rails, Visa/MC, PayPal	Bitcoin (on-chain + Lightning)	Mining pools guide · Data hub
AI compute	OpenAI / Anthropic / Google cloud APIs	Open-weight LLMs (Llama, Mistral, DeepSeek, Qwen, Gemma) running on owned hardware	Sovereign AI Canada · Local LLM Canada · AI hardware guide
AI consulting	Dependency on US-SaaS AI integrators	On-premise LLM deployment by D-Central	AI sovereignty consulting
Distributed compute	AWS / Azure / GCP centralised cloud	On-premise GPU/CPU clusters, federated deployment	Distributed compute
Energy	Grid dependency, fossil-fuel-backed compute	Quebec hydro, solar + battery, behind-the-meter	Energy for compute · Canada electricity rates
Communications	Telecom carriers, US-controlled internet exchanges	Meshtastic LoRa mesh, Nostr relay federation	Mesh networking · Nostr

The stack is not monolithic. Each layer can be adopted independently and delivers immediate risk-reduction even if the other layers remain centralised. The order above is roughly increasing deployment effort; the monetary layer (running a Bitcoin node and accepting on-chain payment) has the lowest barrier and the longest operational track record.

Pillar pages — go deeper

Quebec’s structural advantage

Canada is not uniformly positioned for the sovereign-stack transition. Quebec has a combination of structural advantages that make it the most viable Canadian province for sovereign compute infrastructure:

• Electricity price: Hydro-Québec industrial rates are among the lowest in North America (verified at Canada electricity rates by province — verify current tariffs at Hydro-Québec’s published rate schedule). Compute is energy; price per kWh directly sets compute cost per token.
• Legal framework: Law 25 creates a compliance push toward on-premise data handling. Organisations that move to sovereign infrastructure to satisfy Law 25 simultaneously reduce their CLOUD Act exposure — two birds, one architectural decision.
• Climate: Free cooling for nine-plus months of the year reduces cooling overhead for GPU and ASIC hashcenter operations.
• Technical talent: Montréal’s AI research ecosystem (Mila, Polytechnique, McGill, UdeM) produces machine-learning and infrastructure engineers with directly applicable skills.

See our Quebec hydro AI compute guide for the infrastructure-planning detail.

What D-Central builds

D-Central Technologies is a Canadian company that has operated Bitcoin mining hardware sales, repair and infrastructure services since 2016. The sovereign-stack work grows from that foundation:

• Bitcoin mining hardware — new and refurbished ASICs, parts, and repair services. The hashpower behind the monetary-sovereignty layer.
• DCENT_OS — an open-source (GPL-3.0) mining firmware, closed beta, public beta targeting summer 2026. Built on the shoulders of Braiins OS+, VNish, LuxOS, and the open-source mining firmware community.
• DCENT_axe — open-source solo mining hardware in the Bitaxe / Bitaxe Ultra lineage, GPL-3.0 closed beta. See the web flasher for firmware tooling.
• Sovereign AI / Sovereign Mesh product lines — quote-only on-premise AI nodes, workstation builds, and Meshtastic deployment kits. Not off-the-shelf; built to order for Canadian organisations.
• AI Sovereignty Consulting — Law 25 gap assessments, on-premise LLM deployment, and sovereign-stack architecture. See service page.

Everything is one more layer decentralised. That is not marketing language — it is the operating thesis behind every product in the catalogue.

Frequently asked questions

What does “digital sovereignty” mean for a Canadian business?

Digital sovereignty is the ability to operate your business’s data, communications and financial infrastructure without being subject to foreign-government intervention. For a Canadian business today, that means: data stored with US cloud providers is reachable by US law enforcement under the CLOUD Act without a Canadian court order; AI services hosted by US companies can be restricted by US export-control directives; and card-payment rails are subject to US sanctions enforcement. Digital sovereignty is the set of architectural choices that reduce those exposures — on-premise data handling, local AI deployment, Bitcoin payment options, and mesh-based communication backup.

Is Law 25 actually enforced, and what are the penalties?

Yes. Quebec’s Law 25 is enforced by the Commission d’accès à l’information (CAI). Penalties for serious violations can reach up to CAD $25 million or 4% of worldwide turnover, whichever is higher (s. 90.1 of the Act, for the most serious intentional or negligent violations). The CAI has issued investigative notices and is conducting compliance audits across sectors. Organisations that have not completed a Privacy Impact Assessment before transferring personal data to a US cloud provider are not in compliance. This is not a theoretical risk — it is a live enforcement environment.

What happened to Bill C-27 / AIDA?

Bill C-27, which included the proposed Artificial Intelligence and Data Act (AIDA), is defunct. It died when the Canadian Parliament prorogued in January 2025 following the Trudeau resignation, and was not reintroduced after the federal election of April 2025. As of June 2026, Canada has no federal AI-specific legislation in force. Organisations cannot rely on forthcoming federal regulation as a substitute for active compliance management at the contractual and infrastructure level.

Can I use open-weight AI models locally without violating any export controls?

Open-weight models published under permissive licences (Meta’s Llama series, Mistral, DeepSeek, Alibaba’s Qwen, Google’s Gemma) are generally downloadable and deployable without a specific export licence for standard commercial and research use, provided the hardware you run them on is not itself export-controlled. Hardware controls are the more relevant consideration for Canada: high-end GPU configurations above certain compute thresholds (specifically those above the US BIS export control thresholds updated in the 2024 and 2025 Commerce rules) may require a licence for import into some jurisdictions. Canada is generally not a restricted destination, but verify current thresholds with a trade-law adviser before procuring large GPU clusters. See our AI hardware guide for model-size-to-hardware mapping.

What is Bill 96 and does it affect AI tool adoption in Quebec?

Bill 96 is Quebec’s Act to strengthen French as the official and common language of Quebec (in force June 1, 2022). For organisations with 25 or more employees in Quebec, it requires that the language of work, internal communications and software used by employees be available in French. AI tools deployed in the workplace — including local LLMs, chatbot interfaces and AI-assisted workflows — must be usable in French. This creates a practical filter on which AI solutions are viable for Quebec organisations: a tool available only in English does not satisfy Bill 96. Open-weight models fine-tuned or prompted in French, and deployments with French-language interfaces, meet the requirement. Cloud AI products from US providers often satisfy this technically (many support French inference), but the Law 25 cross-border-transfer issue remains a separate obligation.

How does Bitcoin mining relate to digital sovereignty?

Bitcoin mining is the security layer of the Bitcoin network. Every Canadian-operated mining machine contributes to a network that no single government controls. Running mining hardware in Canada means Canadian hashrate participates in the global proof-of-work consensus — making it marginally harder for any jurisdiction to coerce the network and ensuring Canadian organisations have a domestically-anchored monetary settlement option. It also means that Canadian electricity (especially Quebec’s abundant hydro surplus) backs the monetary sovereignty layer rather than US or Chinese energy. The operational know-how D-Central brings from a decade of mining hardware translates directly into operating sovereign compute infrastructure: power management, cooling, hardware procurement and repair are the same skill set regardless of whether the machine is hashing SHA-256 or running a neural network inference job.