BILL NO. 139
(as introduced)
1st Session, 65th General Assembly
Nova Scotia
4 Charles III, 2025
Private Member's Public Bill
Nova Scotia Power Cybersecurity Transparency Act
Honourable Iain Rankin
Timberlea–Prospect
First Reading: September 24, 2025
Second Reading:
Third Reading:
An Act to Ensure Transparency and Accountability
in Cybersecurity at Nova Scotia Power
Be it enacted by the Governor and Assembly as follows:
1 This Act may be cited as the Nova Scotia Power Cybersecurity Transparency Act.
"Committee" means the House of Assembly's Standing Committee on Natural Resources and Economic Development;
"cybersecurity breach" means any unauthorized access to, or disruption of, the Utility's information technology or operational systems that could compromise service delivery, customer data or system integrity;
"cybersecurity investment" includes expenditures for hardware, software, personnel, training, incident response and other measures designed to prevent, detect or respond to cybersecurity threats;
"Utility" means Nova Scotia Power Incorporated.
3 (1) The Utility shall prepare and submit an annual report to the Speaker of the House of Assembly, who shall table it in the House not later than May 31st each year or, if the House is not then sitting, file it with the Chief Clerk of the House.
(a) a summary of annual cybersecurity investments made in infrastructure, staffing and training;
(b) a description of the cybersecurity standards, frameworks or guidelines adopted and followed by the Utility;
(c) a disclosure of all cybersecurity breaches, including the nature of the breach, the date of occurrence, the impact on operations and customers and the remedial measures taken; and
(d) an assessment of emerging risks and planned responses.
4 (1) The Utility may, with the consent of the Minister of Cyber Security and Digital Solutions, withhold specific technical details in the public version of the report if disclosure would create an undue risk to security.
(2) Where information is withheld under subsection (1), a full unredacted version of the report must be submitted in confidence to the Committee for review.
5 The Committee shall conduct an annual hearing on the report submitted under this Act and may call witnesses, including representatives of the Utility, to answer questions regarding the contents of the report.
6 (1) Failure to comply with this Act or the cybersecurity standards, frameworks or guidelines reported by the Utility constitutes a contravention of the Public Utilities Act.
(2) The Board may impose administrative penalties of up to $25,000 per day for failure to comply with this Act or the regulations, in addition to any penalties otherwise provided by law.
(3) The Utility may not recover through rates paid by its customers any administrative penalty imposed on it under this Section.
(4) The Utility may not recover through rates paid by its customers any costs, losses, damages or expenditures incurred as a result of a cybersecurity incident if the Utility has failed to comply with this Act or the cybersecurity standards, frameworks or guidelines reported by the Utility.
7 (1) The Governor in Council may make regulations prescribing additional reporting requirements or clarifying the application of this Act.
(2) The exercise by the Governor in Council of the authority contained in subsection (1) is a regulation within the meaning of the Regulations Act.
This page and its contents published by the Office of the Legislative Counsel, Nova Scotia House of Assembly, and © 2025 Crown in right of Nova Scotia. Created September 24, 2025. Send comments to legc.office@novascotia.ca.
