Your Quebec SAP Landscape Probably Isn't Ready for Law 25's AI Rules. A 9-Point Compliance Checklist Before Q3 2026.

If you run an SAP landscape in Quebec, the next two quarters will surface a regulatory mismatch that has been quietly accumulating since the first generative AI workflows shipped. Quebec's Loi 25 (the Act to modernize legislative provisions as regards the protection of personal information) finished its three-stage implementation in September 2024 — but the Section 17 cross-border-transfer rules and the new Section 12.1 automated-decision-making provisions are now in active enforcement, with the Commission d'accès à l'information beginning to publish decisions that meaningfully change the cost of being wrong. The federal AI Sovereign Compute Infrastructure Program opens for first applications in June 2026 — a $890M signal that Canadian sovereign inference capacity is now official policy, not aspiration.

For SAP shops that introduced AI workflows on the back of the global LLM defaults — OpenAI calls landing in US data centers, Anthropic calls landing in US data centers, Gemini calls landing wherever Google's regional load balancer points that day — the gap between what the regulator now expects and what the stack actually does is non-trivial.

This is the practical checklist we run with Quebec SAP CIOs and Centers of Excellence before Q3 2026.

Why SAP-running Quebec enterprises are exposed

SAP itself is well-positioned. SAP Sovereign Cloud for Canada launched in early 2026 with Cohere as the embedded model partner; the Canadian Centre for Cyber Security (CCCS) completed its cloud assessment of SAP Sovereign Cloud for Canada in March 2026. If your AI footprint is entirely inside SAP Joule with Cohere as the inference layer, you have a credible compliance posture today.

Most Quebec SAP shops do not look like that. The realistic stack we see at Manufacturing CFOs, Retail SAP CoE Directors, and Quebec public-sector procurement leads:

• Joule (or non-Joule) workflows that call OpenAI or Anthropic for reasoning the Cohere models don't yet match
• A Knowledge Base layer running RAG over SharePoint or Confluence content, with embedding calls landing at OpenAI's US endpoint by default
• A meeting intelligence layer running speech-to-text and summarization through whatever provider was easiest to wire up
• Custom workflows that orchestrate across SAP, ServiceNow, and a Quebec-specific LOB system, with no clear inventory of where each model call resolves

None of those choices were wrong when they were made. All of them assume cross-border transfer is acceptable by default. Section 17's enforcement posture inverts that assumption.

The 9-point checklist

For each item: a plain statement, the regulatory reason, and the practical "what do I check today" answer.

1. Cross-border transfer impact assessment exists for every AI provider

Section 17 of Law 25 requires that, before transferring personal information outside Quebec, you conduct a privacy impact assessment considering the legal regime of the receiving jurisdiction. Every model provider you use is a transfer.

What to check: an inventory of every model endpoint your stack calls, with a documented PIA for each. If you have not done this for your inference layer, you have not satisfied Section 17.

2. Inference data residency is documented per workflow

The location of training data matters less than the location of inference data — what the model sees at request time. This is where personal information actually lives during an AI agent's reasoning step.

What to check: for each AI workflow, can you say in one sentence where the inference call resolves? "Anthropic Claude, US-East" is honest and bookable against. "OpenAI default routing" is not.

3. Section 12.1 automated decision-making disclosure

Where personal information is used to make a decision based exclusively on automated processing, Quebec requires that the affected individual be informed at or before the decision, and given the right to submit observations to a person reviewing the decision. This includes AI-driven recruiting, credit, claims, and entitlement decisions running through SAP SuccessFactors, S/4HANA Finance, or any custom workflow.

What to check: is there a Section 12.1 disclosure surface in your workflow? Is there a human-review path? "We document it in the privacy notice" is a common answer; the regulator's emerging position is that it's insufficient if the individual cannot find or use it.

4. Right of explanation is operational, not theoretical

Section 12.1 also gives the affected individual the right to know the personal information used to make the decision and the reasons that led to it. For agentic AI workflows, this means the audit trail must reconstruct what the model saw and what it returned with enough fidelity to explain a specific decision.

What to check: for any decision your AI agents make about a person, can you reproduce — at the row level — the prompt, the retrieved context, the model output, and the downstream action? If your audit trail only logs "agent decision: approve," you have not met this standard.

5. Consent for cross-border transfer is informed and granular

Generic privacy-policy language that says "we may use third-party AI providers" no longer clears the bar. The transfer must be specific enough that the individual knows what they are consenting to.

What to check: does your consent mechanism enumerate the AI providers in scope, identify the receiving jurisdictions, and give the individual a clear opt-out where the workflow's lawful basis depends on consent?

6. Audit trail captures full agent provenance

Distinct from item 4: the operational audit trail should capture every model call, every tool invocation, every cross-system action, with cryptographic linkage between them. For SAP-augmented workflows that span the SAP plane and a non-SAP system (ServiceNow, Workday, a custom Quebec LOB system), the audit trail has to span the boundary.

What to check: pick any agent action from yesterday. Can you reconstruct the full agent execution — model calls, retrieved context, system calls, downstream effects — from one query, or do you have to correlate four log streams?

7. Data minimization at the prompt level

The principle of data minimization applies at the prompt — what personal information is actually included in the request to the model. Sending a full customer record where only a redacted ID is needed is a Section 6 collection-purpose violation in addition to a Section 17 cross-border concern.

What to check: a sampling review of recent prompts. Are agents passing more personal information than the workflow strictly requires?

8. Vendor attestations cover model-provider sub-processors

Your SaaS provider's compliance posture is necessary but not sufficient. The model provider underneath them is the sub-processor handling personal information at inference time. The attestation chain has to reach the model provider, not stop at the platform.

What to check: do your vendor attestations identify the foundation model providers used at inference, with documentation of where those providers process data?

9. Incident notification covers AI-specific failure modes

Quebec's incident notification regime triggers on confidentiality incidents. An AI hallucination that emits another customer's personal information into an agent response is a confidentiality incident. A misconfigured RAG chunker that surfaces personal information across role boundaries is a confidentiality incident. Many AI stacks today have no detection or notification path for this class of failure.

What to check: does your incident response plan specifically enumerate AI failure modes, with a detection plane that catches them and a notification path that triggers within Section 17's required windows?

Where SAP's own response stops, and where Bastion picks up

SAP Sovereign Cloud for Canada with Cohere is the right answer for Joule workflows where Cohere's model is sufficient. For Joule + Cohere customers in Canada, items 1, 2, and 8 are largely satisfied by the SAP attestation chain.

The gap is the realistic stack we described earlier: most enterprise workflows need more than Cohere today, and Joule's Generative AI Hub routes those calls through US-domiciled providers by default. The cross-border problem is not solved by SAP's sovereign cloud alone — it is solved by the inference layer being domiciled in Canada and configurable per workflow.

This is precisely what we built Qubittron Bastion to handle. Bastion is an OpenAI-compatible API where all inference runs in Canada on OVH AI Endpoints (BHS region), aligned with PIPEDA, Quebec Law 25, and ITSG-33 from day one. For SAP shops running Qubi as the augmentation layer alongside Joule, Bastion is the inference plane. The augmentation pattern keeps the SAP plane intact and routes the AI workload through a Canadian-domiciled inference layer that satisfies items 1, 2, 5, and 8 of the checklist out of the box.

That is not the only path — you can build an equivalent posture with other Canadian inference providers. The architectural principle is the one to internalize: the inference layer has to be a separate, configurable choice from the agent runtime. When inference is welded to the agent runtime, every regulatory shift forces an architectural rewrite.

What the SoD pattern looks like in production

We work with an SAP CoE Director at a multi-billion-dollar Quebec retailer who has been running this kind of augmentation for SoD analysis specifically:

"Manual SoD analysis was costing my team hours every week. Qubi runs it automatically and the report lands in my inbox every Monday — hours and budget back where they belong." — Director, SAP Center of Excellence, Retail Manufacturing, Quebec

The unglamorous part of that quote is the operative one. Every Monday — meaning continuous, not quarterly. Inside our infrastructure — meaning the inference layer respects the cross-border posture. Hours back — meaning an SAP CoE budget that used to fund manual analysis can now fund higher-leverage work. The continuous SoD pattern is the one we recommend Quebec SAP shops install first; it satisfies multiple checklist items simultaneously and produces a measurable operational signal the CFO can defend.

Where to start before Q3 2026

A practical sequencing for the next quarter:

1. Inventory. List every AI provider your SAP-adjacent stack calls, by workflow, with the inference jurisdiction. This alone usually surfaces three to five workflows that need rerouting.
2. Triage. For each workflow, classify whether the personal-information exposure justifies a US-domiciled inference call or whether the workflow needs Canadian inference. Most workflows that touch HR, customer, or regulated data will need rerouting.
3. Reroute. Move the workflows that need it onto a Canadian-domiciled inference layer. SAP's Sovereign Cloud + Cohere if Cohere satisfies the workflow; Qubittron Bastion if you need multi-model with Canadian residency; another Canadian inference provider if you have a specific reason to choose one.
4. Audit trail. Verify that the audit trail satisfies items 4 and 6 above for every agent that touches personal information.
5. Section 12.1 surface. For any agent making decisions about people, ship the disclosure surface and the human-review path.

If you'd like to walk through your specific Quebec SAP landscape — which workflows, which inference providers, which gaps against the 9-point checklist — book a 30-minute call or reach out via the contact form. We have the reference architecture and the security posture documentation ready to share.

Quebec's regulatory environment is becoming the more demanding one in North America. SAP shops that get the inference layer architecture right in the next two quarters will spend the rest of 2026 shipping product. The shops that don't will spend it explaining their cross-border posture to the Commission d'accès à l'information.

---

SAP, S/4HANA, ECC, SuccessFactors, Joule, Generative AI Hub, BTP, GRC, and PartnerEdge are trademarks of SAP SE. Cohere is a trademark of Cohere Inc. Qubittron is an independent SAP Silver Partner with PartnerEdge Sell and Service authorizations. This article is for informational purposes only and is not legal advice; engage qualified Quebec privacy counsel for compliance review.