Avoiding complicity in mistreatment by foreign entities: Annual report 2025

Introduction
Background
Information sharing practices and written arrangements and agreements
Implementation of the directions
Activity report: January 1, 2025 to December 31, 2025

Introduction

The Canada Border Services Agency (the CBSA or the Agency) was established by the Canada Border Services Agency Act and is an integral part of the Public Safety Portfolio.

The Agency is responsible for providing integrated border services that support national security and public safety and facilitate the flow of persons and goods. Information sharing with domestic and international partners is essential for the successful execution of its mandate.

This report is presented to the Minister of Public Safety (the Minister) in accordance with subsection 7(1) of the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA, or ‘the Act’). It provides an overview of the Agency’s information sharing practices; provides an update on the implementation of the Agency’s policy in support of the Order in Council (the OiC) – Directions for Avoiding Complicity in Mistreatment by Foreign Entities, and indicates the number of substantial risk cases and restrictions to any written arrangement or agreement due to concerns of mistreatment for the period of January 1 to December 31, 2025.

Background

The Act came into force on July 13, 2019 and requires the Governor in Council to issue written directions to deputy heads regarding:

the disclosure of information to any foreign entity that would result in a substantial risk of mistreatment of an individual
the making of requests for information to any foreign entity that would result in a substantial risk of mistreatment^{Footnote 1} of an individual, and
the use of information that is likely to have been obtained through the mistreatment^{Footnote 2} of an individual by a foreign entity

On September 4, 2019, the Governor in Council, on the recommendation of the Minister, pursuant to paragraph 3(2)(f) of the Act, issued the OiC – Directions for Avoiding Complicity in Mistreatment by Foreign Entities to the President of the CBSA.

Pursuant to the OiC, the President of the CBSA must, before March 1 of each year, submit to the appropriate Minister a report in respect of the implementation of those directions during the previous calendar year.

Information sharing practices and written arrangements and agreements

The CBSA relies on information to execute its border management responsibilities safely and efficiently. The Agency collects, retains, and shares information strictly within the parameters of its border management mandate, as set out by CBSA program legislation.

The CBSA’s information sharing activities can be characterized as follows:

The CBSA is a net consumer of information. The majority of the information used by the Agency is derived from private sector stakeholders (such as air carriers or commercial transport companies) or collected during the customs and immigration processes. This information is provided to the CBSA under regulatory requirements and allows the Agency to make timely, risk-based decisions on the admissibility of people and goods attempting to enter Canada. Individuals and private sector stakeholders also provide information to the CBSA when engaging in one of its ‘trusted’ programs (e.g., Trusted Traveller or Trusted Trader).
In order to effectively identify and manage higher-risk cases, the CBSA expands regulatory information with information received from partner agencies, namely Public Safety Canada (PS); the Royal Canadian Mounted Police (RCMP); the Canadian Security Intelligence Service (CSIS); Immigration, Refugees and Citizenship Canada (IRCC); the Canada Revenue Agency (CRA); the Department of National Defence (DND); Financial Transactions and Reports Analysis Centre of Canada (FINTRAC); Global Affairs Canada (GAC), and Transport Canada (TC).
As outlined in the Agency’s legislative authorities, and mirrored in the CBSA’s policies and operational guidance, the CBSA primarily conducts information sharing activities with domestic and international partners in cases where the activity is permissible under the Customs Act or the Privacy Act. These exchanges are outlined in various written arrangements and agreements.
Liaison Officers (LOs) located abroad work directly with foreign partners and represent the CBSA in an international context. For the International Network of officers, the International Operations Division (IOD), located in headquarters, is the main point of contact for guidance and support for all program-related enquiries, including information sharing requests. LOs routinely lawfully exchange information with various foreign entities, as per various policies, legislation, and written arrangements and agreements.

Although the CBSA has numerous partnerships and manages a substantial amount of information, given the context described above, its administrative information sharing activities are generally low-risk in terms of possible association with mistreatment.

The CBSA recognizes that one of its key responsibilities is to be a steward of the information in its control. In line with the OiC, the CBSA implemented measures to enhance its management of information sharing activities.

Implementation of the directions

Updated policies, guidance, and procedures

The CBSA has maintained its Policy on the Order in Council to the CBSA: Avoiding Complicity in Mistreatment by Foreign Entities (the policy), since publication on September 1, 2022. This policy replaced the previous Policy and Operational Guidelines pertaining to the 2017 Ministerial Directive (MD) to the CBSA.

Under the policy, CBSA officials are directed to consult the Privacy & Information Sharing Policy (PISP) Division within the Chief Privacy Office (CPO) for general information sharing questions, and the Intelligence and Targeting Policy and Support Division (ITPSD) for questions pertaining to the risks associated with disclosing, requesting, or using information from a specific international entity.

The policy is located within the CBSA’s Information Sharing Toolkit and is accessible to employees across the Agency via the CBSA intranet.

To ensure consistency in the ACA application, the CBSA, via its CPO, utilizes a Mandatory Tracking Form (MTF) for officials to complete when making disclosures that have a mandatory external reporting requirement. These disclosures include, but are not limited to, lawful authorities under section 107 of the Customs Act and section 8 of the Privacy Act. The MTF also captures whether a disclosure has resulted in the ACA being engaged. On a monthly cadence, CPO collects all reporting area’s applicable disclosures for review and compliance purposes. Once each report is validated, they are moved into a centralized report managed by CPO for furtherance as needed.

Interdepartmental coordination

While developing and maintaining the policy in support of the OiC, the CBSA has ensured that it is applying a compatible and complementary approach to that of other federal partners in terms of how it assesses risk associated with its information sharing activities with foreign entities.

In line with this approach, the CBSA continues to be an active participant in the Public Safety-led Information Sharing Coordination Group (ISCG). The ISCG is the primary interdepartmental forum for supporting interdepartmental collaboration and information sharing between members as they implement the Act and the corresponding Directions.

The three primary objectives of the ISCG are to:

Establish best practices
Share information, and
Coordinate the development of policy documents and responses for inter-departmental issues

In 2024, the CBSA established an ACA Working Group consisting of IRCC and CBSA representatives to address common concerns pertaining to the ACA. In 2025, this group met monthly to discuss efficiencies and best practices pertaining to risk assessment work. After the December 2025 meeting, the CBSA developed an initial draft of the standard operating procedures (SOP) for CBSA-IRCC ACA Compliance. This SOP outlines how the CBSA and IRCC jointly manage select cases under the ACA, ensuring consistency in high-level country risk assessment while maintaining independent decision-making on specific information exchanges. Following the development of the initial draft, the CBSA and IRCC will continue their consultations to refine the SOP and ensure alignment on joint case management.

Country profiles

The CBSA’s Intelligence Collection, Analysis and Production (ICAP) Division developed and continues to maintain Serious Inadmissibility & Mistreatment Country Assessments (SIMCAs) which capture and reflect the security, organized crime, and human rights environment in identified countries of concern. During the 2025 reporting period, ICAP produced one SIMCA.

SIMCAs provide the basis for the CBSA’s Country and Foreign Entity Mistreatment Risk Assessment process as part of its responsibilities under the ACA and related OiC.

The mistreatment risk assessment (MRA) process assesses the country or entity risk rating in relation to the ACA. SIMCAs are considered for each assessment.

CBSA officials are instructed to contact ITPSD if they have questions pertaining to the risk levels of a specific country.

Risk mitigation and mistreatment risk assessment

The CBSA establishes the level of the risk associated with a given information sharing activity by simultaneously considering the level of mistreatment risk associated with the intended recipient of the information, as well as the sensitivity of the information to be disclosed. Information sharing activities may only proceed in cases where there is no substantial risk of mistreatment, and/or risks that might be present can be adequately mitigated.

Senior Management Risk Assessment Committee

In instances where there is a desire for an information sharing activity to proceed, but there is substantial risk that cannot be mitigated at the working level, the ITPSD will convene a Director General-level Senior Management Risk Assessment Committee (SMRAC) meeting and accordingly prepare a risk assessment package for consideration.

The risk assessment package includes the ACA Consultation Request Form, SIMCA, the MRA, the ITPSD operational determination, and any additional related documentation or research. Consultations with Departmental Legal Services, PISP, and ICAP will be conducted to ensure all relevant input is incorporated into the risk assessment package.

SMRAC processes the available information in order to determine if a given information sharing activity may result in mistreatment, or if information may have been derived through some form of mistreatment. In exceptional circumstances, SMRAC may refer the decision to the President for action. It should be noted that no cases were referred to the President during the 2025 calendar year.

After considering the information contained within the package, there are four potential outcomes:

If SMRAC determines that information sharing with a foreign entity will likely lead to the mistreatment of an individual, or it is likely that the information received from a foreign entity was obtained as a result of mistreatment, SMRAC will provide a negative information sharing opinion, indicating that the information should not be shared or used.
In the event that SMRAC is unable to reach a decision as to whether or not the information sharing activity could result in a substantial risk of mistreatment, or if they are unable to determine if the foreign entity had obtained the information as a result of mistreatment, SMRAC will refer the case to the President of the CBSA for consideration.
If SMRAC determines that information sharing with a foreign entity may result in a substantial risk of mistreatment, or if there is a risk that the foreign entity obtained the information as a result of mistreatment, but these risks have been sufficiently mitigated, SMRAC will provide a positive information sharing opinion, indicating that the information may be shared or used.
If SMRAC determines that the information sharing with a foreign entity is not likely to lead to the mistreatment of an individual, or if the information received from an entity was likely not obtained as a result of mistreatment, SMRAC will provide a positive information sharing opinion, indicating that the information may be shared or used.

Notwithstanding the outcome of SMRAC deliberations, the ITPSD will prepare a record of decision and provide it to the CBSA official who had initially requested their assistance.

If it is determined that the CBSA will not release the information, the ITPSD will provide a draft response explaining the decision to the originating CBSA official for onward transmission to the requestor. In cases where the disclosure is approved, the originating CBSA official will proceed with the information release or exchange.

SMRAC process complements existing CBSA information sharing policies and procedures in order to maximize operational efficiency while ensuring that the CBSA adheres to the requirements of the OiC.

Training

In addition to the virtual “Introduction to CBSA Information Sharing”, available to employees via the CBSA intranet, the CBSA also provided a total of 10 information sharing training sessions to 149 employees during the 2025 reporting period. It should be noted that PISP is finalizing an updated version of the virtual “Introduction to CBSA Information Sharing” training that will include expanded content related to the ACA. Specifically, the new version will include in-depth guidance related to ACA disclosure and reporting requirements (e.g. the difference of considered vs engaged), and will direct users to relevant information sharing policies, directives, and applicable working tools. PISP has established a target date of summer 2026 for the rollout of the updated training.

CBSA officials regularly involved in information sharing activities, or those whose responsibilities may bring them into information sharing scenarios, have access to additional information sharing training tailored to their particular roles and responsibilities. This approach ensures that training received is commensurate with the level of potential risk associated with a given role.

During 2025, IOD’s Functional Development team administered the LO Induction Training Program (LOITP), which includes a section dedicated to the ACA. This training was delivered by subject matter experts within CROSS and PISP.

Standardization and training for program consistency

To ensure efficiency and consistency across the MRA program, the ITPSD team has focused on developing comprehensive process documents that serve as the foundation for future training.

During the 2025 reporting period, ITPSD produced 11 business process documents (with one draft currently undergoing review) designed to build training and enhance consistency.

Completed documents:

ACA Email Templates (General)
ACA Email Template for Submitting Interpol Requests for Information (RFIs)
Mistreatment Risk Assessment Request Form
ACA Risk Scoring Info Sheet
ACA Finding Country Human Rights Information Info Sheet
ACA Country & Entity Risk Rating Request Form
MRA Information Sharing Risk Table Template (Our GoC-leading innovation)
MRA Source Log
MRA Instructions for Writing a Final Assessment Info Sheet
MRA Research Checklist Info Sheet
ACA General Risk Mitigation Measures Info Sheet

The Entity Risk Assessment Template is currently undergoing final review, which will complete a critical suite of MRA guidance documents for the Agency.

Activity report

This report describes OiC related activities undertaken by the CBSA between January 1 and December 31, 2025.

Engagements of the OiC

Per the table below, within the aforementioned reporting period, the CBSA had no cases of disclosure, request, or use of information requiring additional risk assessment or referral for Presidential Determination.

Cases of engagements for the period of January 1 to December 31, 2025
Type of case	Disclosure of information	Request for information	Use of information
Number of cases requiring Presidential Determination	0	0	0

Restriction to written arrangements or agreements

The CBSA did not have any cases of restrictions being applied to any written arrangement or agreement due to concerns related to mistreatment within the aforementioned reporting period.

Footnotes

Footnote 1

“Substantial risk” as defined in the 2017 Ministerial Direction which has been superseded by the OiC, is a personal, present and foreseeable risk of mistreatment. In order to be “substantial”, the risk must be real and must be based on something more than mere theory or speculation. In most cases, the test of a substantial risk of mistreatment will be satisfied when it is more likely than not that there will be mistreatment; however, in some cases, particularly where the risk is of severe harm, the “substantial risk” standard may be satisfied at a lower level of probability.

Return to footnote 1 referrer

Footnote 2

“Mistreatment”, as defined in the Act, means torture or other cruel, inhuman, or degrading treatment or punishment, within the meaning of the Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, signed at New York on December 10, 1984.

Return to footnote 2 referrer

Page details

Date modified:: 2026-03-10

Language selection

Search