Quebec Law 25 (P-39.1) Enforcement, Active

See what privacy laws your website is breaking today.

Verimont audits your site against applicable Canadian privacy law — consent, breach notification, cross-border transfers, data subject rights — and shows you exactly where you're exposed.

Free. No credit card. ~15 min.

Quebec Law 25 (P-39.1), Fines up to CAD $25,000,000
PIPEDA, the Personal Information Protection and Electronic Documents Act, Mandatory Privacy Officer designation
Bill C-27, Statutory tort of privacy violation (proposed, not in force)
CLOUD Act, US subpoena risk for Canadian data on AWS
Quebec Law 25 (P-39.1), Proactive consent required before script execution
PIPEDA, 72-hour breach notification mandate
Quebec Law 25 (P-39.1), Cross-border transfer PIAs required
Quebec Law 25 (P-39.1), Consent must be as easy to withdraw as to grant
Quebec Law 25 (P-39.1), Fines up to CAD $25,000,000
PIPEDA, the Personal Information Protection and Electronic Documents Act, Mandatory Privacy Officer designation
Bill C-27, Statutory tort of privacy violation (proposed, not in force)
CLOUD Act, US subpoena risk for Canadian data on AWS
Quebec Law 25 (P-39.1), Proactive consent required before script execution
PIPEDA, 72-hour breach notification mandate
Quebec Law 25 (P-39.1), Cross-border transfer PIAs required
Quebec Law 25 (P-39.1), Consent must be as easy to withdraw as to grant
CAD $25M
Maximum fine under Quebec Law 25 under the Act respecting the protection of personal information in the private sector, P-39.1, or 4% of global annual turnover, whichever is greater.
20+
Evidence-based checks per scan across consent, governance, infrastructure, and subject rights.
~15 min
From domain submission to preliminary findings. No installation, no integration, no access required.
4
Structured like a framework. Exhaustive like a checklist. Overlap-proof by design.

The Commission d'accès à l'information doesn't schedule appointments.

It audits. It orders. It fines. And it does not notify you in advance. By the time an enforcement action arrives, the window to remediate has closed, and the cost of the violation has compounded every day you didn't act. Verimont exists to give you that information first. What you do with it is up to you.

Average cost per breached record CAD $246
Average records per mid-market company 42,000+
Cost of a Verimont mid-market audit $1,499
Cost of the alternative Work it out.

Submit a domain.
Get a dossier.

No installation. No integration. No access credentials. We load your site the same way a regulator would: from the outside, in a live browser, with nothing to hide.

01 T + 0

Domain Submitted

Submit your domain. A live browser loads your site immediately. No disruption to your infrastructure, no access required.

02 ~15 min

Preliminary Findings

Preliminary findings disclosed. The first two diagnostic vectors with observed evidence. Risk classification assigned.

03 T + 2-4 hrs

Full Dossier

The complete report delivered to your report page. All four vectors documented. Every finding cited against the relevant statute, with a direct link to the legislation.

04 T + 60 days

Refund Window

Act on the findings. If you choose not to, for any reason, you have 60 days to request a full refund.

The regulators are not waiting.

The preliminary scan costs nothing. Staying non-compliant costs considerably more.

Confidential. No credit card. No account.