Publikation
Die Kunst des Streitens
Mit unserem Newsletter möchten wir Ihnen praktische Hinweise und prägnante Analysen der wichtigsten Rechtsprechung und jüngsten Entwicklungen im Bereich der Streitbeilegung an die Hand geben.
Controlled Goods Data: Overview of the Regulatory Framework
Kanada | Publikation | Oktober 2025
The Controlled Goods Program (CGP) is Canada’s domestic industrial security program, which regulates the examination, possession, and transfer of controlled goods. The CGP is managed by Public Services and Procurement Canada (PSPC) under the Defence Production Act (the Act), and more specifically under the Controlled Goods Regulations (the Regulations). The Act and the Regulations exist to enhance Canadian defence and security and safeguard against unlawful access to controlled goods. In addition, and among other things, the Regulations establish a mandatory registration and compliance framework for individuals and organizations examining, possessing or transferring controlled goods. Any person accessing controlled goods must, subject to certain exclusions and exemptions applicable primarily to governmental employees and non-Canadians, register in the CGP and comply with the Act and the Regulations.
Controlled goods are primarily defence articles, including certain components and associated technologies, that have military or national security significance, as more particularly described in the Controlled Goods List schedule to the Act. While the Controlled Goods List is primarily comprised of physical defence articles, related technologies and technical data are also captured. For example, blueprints and technical data, including in electronic format, are considered controlled goods. By extension, controlled goods data stored in the cloud or on physical storage devices such as USB sticks fall within the scope of the CGP.
This article focuses on the unique considerations applicable to controlled goods data stored in the cloud.
Watch this Space
Although some useful guidance on the use of the cloud for storage and transfer of controlled goods data is available, cloud data storage technology, like many other new and evolving technologies, is exposing the limits of existing regulations and safeguards, a trend that shows no signs of slowing. Companies and individuals storing controlled goods data in the cloud should take care in selecting a CSP and ensure that appropriate security protocols and procedures are in place to protect that data. Likewise, CSPs providing cloud services for the storage of controlled goods data should be familiar with the obligations and restrictions applicable to controlled goods to ensure that the cloud services they provide, and their related internal processes and features, are compliant. Given the highly sensitive nature and treatment of controlled goods in Canada, parties should err on the side of greater caution and security when selecting, implementing or providing cloud services for storing and transferring controlled goods data.
It is noteworthy in the context of this discussion that the Canadian government has publicly emphasized the importance of developing a sovereign cloud to, among other objectives, increase Canadian data security. Canadian sovereign cloud technology could provide clarity and solutions to the open questions and issues raised in this article. Interested parties should watch this space.
If you have any questions about the topics discussed in this article, Canada’s Controlled Goods Program generally, how the CGP applies to your organization or the development and implementation of cybersecurity strategies to protect your controlled goods data, please contact the authors.
Aktuelle Publikationen
Publikation
Auswirkungen der EU-Sanktionen im hypothetischen Szenario einer US-Sanktionslockerung
Seit Beginn des russischen Angriffskriegs gegen die Ukraine im Februar 2022 haben westliche Staaten umfassende Sanktionen gegen Russland verhängt, wobei die EU ihr Sanktionsregime konsequent fortsetzt.
Publikation
Zwischen Kontrolle und Interoperabilität: Das BGH-Urteil zu Sony v. Datel und seine Folgen für das Software-Urheberrecht
Das Urteil des Bundesgerichtshofs (BGH) in der Rechtssache Sony v. Datel (BGH, 31.07.2025 – I ZR 157/21, Action Replay II) (das „Urteil”) klärt eine bislang umstrittene Frage: Wann stellt die Manipulation von RAM-Daten eine urheberrechtsrelevante Bearbeitung von Software dar?
Subscribe and stay up to date with the latest legal news, information and events . . .