Standing Committee on Government Operations and Estimates: Supplementary Estimates (B)
Opening statement
Scott Davis
Assistant Deputy Minister, Chief Financial Officer
Shared Services Canada
Ottawa, Ontario
December 4, 2025
Thank you, Mr. Chair, for this opportunity to discuss Shared Services Canada’s (SSC) requests in the 2025-26 Supplementary Estimates (B).
I am accompanied today by: Paule Labbé, the Assistant Deputy Minister of SSC’s Strategy and Engagement Branch
Before we begin, I would like to acknowledge that we are on the traditional, unceded territory of the Algonquin Anishinaabe People.
Introduction
First, I’d like to situate our work.
SSC is at the centre of the Government of Canada’s priority to transform government and modernize operations. Our mandate is clear: to deliver secure, reliable and efficient digital services that enable federal departments and agencies to deliver services to Canadians and businesses.
SSC is essential to the operations of government. We are present wherever the GC operates—spanning about 4,000 locations across Canada and around the world. SSC has dedicated teams that work around the clock, 24 hours a day, 7 days a week.
SSC is shifting government away from siloed, decentralized systems toward unified, enterprise-wide models that enable digital government. This approach strengthens both security and reliability, ensuring that sensitive information is safeguarded and remains under Canadian control.
By consolidating key systems in SSC’s enterprise data centres, we have achieved important cost savings, significantly improved the availability and stability of government services, and reinforced the protection of critical government data.
SSC’s approach has delivered savings. Our actual spending decreased by $174 million from 2023-24 to 2024-25.
Our core mission to consolidate and modernize IT services has driven these efficiencies. For example, by leveraging government purchasing power to buy and manage mobile devices in bulk, we saved $20 million.
Additional savings came from reducing the use of professional services—those costs are down by $81 million from 2022-23 to 2024-25.
Estimates
In this year’s Supplementary Estimates (B), SSC is seeking a net increase of $48.5 million.
These requests are relatively routine and include:
- $45 million to provide core IT services, including software, hardware and technology-related services for new employees.
- $8 million to support the continued transfer of cloud operations from Statistics Canada to SSC, plus $2 million for associated benefits.
- Transfers to other departments will also reduce SSC’s appropriations by $7 million.
- Finally, the estimates make a technical adjustment to reflect the increased needs of the Department of National Defence (DND). This does not affect SSC’s direct funding, as appropriations flow to DND.
Looking ahead
While these estimates are standard, Budget 2025 reinforced SSC’s role in digital transformation across the Government of Canada, and in enabling the adoption and scaling of Artificial Intelligence (AI) across the public service.
SSC is developing a sovereign, made-in-Canada AI platform for government-wide deployment, in partnership with leading Canadian AI companies, the Communications Security Establishment and the Department of National Defence.
We are leading a competitive procurement process for generative AI productivity tools for government employees, which includes 3 Canadian prequalified vendors.
We are applying AI and robotic process automation across SSC’s internal operations to increase efficiency and service to departments and agencies.
SSC will also advance work to consolidate the management of Government of Canada desktop computers—similar to our approach for smartphones—improving portability across departments while reducing costs and increasing security.
Comprehensive Expenditure Review
SSC is also identifying new savings within its operations.
Under the Comprehensive Expenditure Review, SSC will realize ongoing savings of $318.5 million.
We will achieve this by:
- standardizing platforms
- eliminating low-use or redundant licences
- reducing the number of traditional fixed telephone lines
- consolidating contracts to eliminate duplication and secure better pricing
- further reducing spending on external contractors
- consolidating departmental partner cloud environments into SSC’s enterprise cloud, and
- continuing to close legacy data centres
Conclusion
The bottom line is that a more effective and efficient government improves program and service delivery to Canadians—and SSC is proud to be part of that work.
I look forward to answering your questions.
Shared Services Canada 2025-26 Supplementary Estimates (B) overview
Shared Services Canada (SSC) is seeking a net increase of $48.5 million through Supplementary Estimates (B), increasing its available funding, after deducting revenues, from $2,636.3 million to $2,684.8 million.
| New funding | Amount (in millions) |
|---|---|
| Funding for core information technology (IT) services | $45.1 |
| Funding for cloud operations at Statistics Canada (StatCan) | $8.3 |
| Transfers | |
| From other departments | |
| From the National Research Council Canada (NRC) for additional M365 E5 licence requirements | $0.5 |
| To other departments | |
| To the Treasury Board of Canada Secretariat (TBS) for Government of Canada (GC) Enterprise Portfolio Management | ($0.7) |
| To the Communications Security Establishment (CSE) for the operation of the Secure Communications for National Leadership program | ($3.0) |
| To the Canadian Food Inspection Agency (CFIA) for the Centre for Plant Health | ($4.0) |
| Total transfers | ($7.2) |
| Other adjustments | |
| Statutory appropriations | |
| Employee Benefit Plan (EBP) | $2.3 |
| Total | $48.5 |
| Increase in VNR operating authority due to rising service volumes driven by activities to support the Department of National Defence’s (DND) operational and modernization priorities | $100.0 |
New funding: $53.4M increase
Funding for core IT services
$45,125,505
Purpose of funding
The funding of $45.1M will support the onboarding of new full-time equivalents (FTE) for core IT services, including standardized network services, software and hardware for workplace technology devices and technology-related services.
Funding for cloud operations at StatCan
$8,342,259
Purpose of funding
The funding of $8.3M will support the continued transfer of cloud operations functions and accountabilities from StatCan to SSC through a transfer of StatCan’s cloud human resource capacity.
Transfers: ($7.2M) decrease
Transfers between SSC and other organizations
Transfer of ($7,174,618)
Purpose of funding
The following transfers between SSC and other organizations for various initiatives result in a net decrease of $7.2M for 2025-26:
- Transfer from NRC of $448,026 for additional M365 E5 licence requirements
- Transfer to TBS of ($698,052) for the GC Enterprise Portfolio Management project
- Transfer to CSE of ($2,945,656) for the operation of the Secure Communications for National Leadership program
- Transfer to the CFIA of ($3,978,936) for the Centre for Plant Health
Other adjustments: $2.3M increase
Statutory appropriations
Employee Benefit Plan
$2,252,410
Purpose of funding
The increase of $2.3M to SSC’s statutory appropriations is related to EBP adjustments stemming from an increase in salary funding to support the transfer of StatCan’s cloud operations, an item added in the Supplementary Estimates (B).
NIL impact
Vote netted revenue
$100,000,000
Purpose of funding
A VNR authority increase of $100.0M in the operating vote is due to rising service volumes driven by activities to support DND’s operational and modernization priorities.
Government transformation
Issue
- As the Government of Canada’s (GC) common information technology (IT) services provider, Shared Services Canada (SSC) plays a central role in driving government transformation and creating government-wide efficiencies—in close collaboration with the Treasury Board of Canada Secretariat’s (TBS) Office of the Chief Information Officer (OCIO) and Public Services and Procurement Canada (PSPC).
Key facts
- N/A
Key messages
- The GC is committed to transformation—to increasing government productivity while reducing the cost of operations. A more effective and efficient government will result in improved program and service delivery to Canadians and businesses.
- SSC is playing a key role in digital transformation across the GC—facilitating the adoption and scaling of artificial intelligence (AI) across the public service. SSC will also achieve $318.5 million in ongoing savings through efficiencies in its internal operations.
- SSC is enabling AI across government by:
- developing a sovereign made-in-Canada AI platform that can be deployed across the government in partnership with leading Canadian AI companies, the Communications Security Establishment and the Department of National Defence
- leading a competitive procurement process for generative AI productivity tools for government employees, which includes 3 Canadian pre-qualified vendors
- enabling access to sovereign AI compute capacity for public and private research, in collaboration with the National Research Council Canada (NRC)
- applying AI and automation across internal operations to automate common IT support requests and reduce call volumes and costs, while improving the user experience
- SSC is transforming the government’s hosting infrastructure from a sprawling landscape of siloed and outdated systems to modern hosting solutions. This new model combines cloud services and traditional on-premise data centres to optimize performance, reduce costs and provide flexibility.
- SSC will advance a common government-wide desktop solution to transition departments to a standardized, cloud-managed desktop service. This will reduce complexity, standardize IT security, increase portability and result in significant cost savings for Canadians.
- Aligned to the GC priority to modernize the way government procures goods and services, SSC is reviewing all aspects of its IT procurement by undertaking benchmarking, prioritizing Canadian vendors and sovereign infrastructure and services, and ensuring best value for Canada.
- SSC also supports the government’s broader digital transformation agenda through partner-led projects and initiatives, including enabling access to sovereign AI compute capacity in collaboration with NRC; ongoing work to improve human resources and pay for federal public servants; and enabling the Department of National Defence to modernize their systems to support the Canadian Armed Forces at home and abroad.
If pressed on cost savings
- Under the Comprehensive Expenditure Review (CER), SSC will meet up to 15% in savings targets over 3 years, achieving ongoing savings of $318.5 million.
- Specifically, SSC will:
- standardize platforms, including realigning enterprise software offerings to match current needs
- eliminate low-use or redundant licences
- eliminate non-essential telephone fixed lines in all GC buildings, which will reduce expenses, and deploy cost-effective softphones to all workers
- review, consolidate and renegotiate contracts to eliminate duplication, secure better pricing and align spending with enterprise needs
- leverage emerging technologies to automate repetitive tasks, use AI-driven tools to optimize operations and service delivery, automate common IT support requests to reduce call volumes and costs while improving user experience
- build its in-house capacity and expertise to reduce spending on external consultants and contractors for ongoing operations
- simplify the GC cloud footprint by consolidating over 287 departmental partner cloud environments into GC Cloud One, SSC’s enterprise cloud
- reduce and rationalize the remaining 190 legacy data centres across Canada into 4 enterprise data centres, 1 High Performance Computing Centre, 5 consolidation data centres, and approximately 50 edge computing sites
Background
- SSC is responsible for modernizing, securing and managing the IT infrastructure that supports departments and agencies. This ensures reliable and effective service delivery to Canadians, both domestically and abroad. TBS’s OCIO sets government-wide direction for data, IT, cyber security and service management, while individual departments and agencies remain responsible for their own applications and data.
Shared Services Canada’s 2024-25 Departmental Results Report
Issue
- Shared Services Canada’s (SSC) 2024-25 Departmental Results Report provides details on SSC’s mandate, commitments and results.
Key facts
- In 2024-25, SSC employed 9,346 full-time equivalents (FTE), had net expenditures of $2,617 million and met 20 of 25 results indicators.
Key messages
- SSC’s accomplishments in 2024-25 included:
- deploying over 500 low Earth orbit satellite terminals
- expanding enterprise Wi-Fi to more than 250 government buildings
- strengthening cyber defences through the new Secure Cloud to Ground service, the Cyber Security Program Management Office and by implementing integrated enterprise monitoring tools
- expanding the use of artificial intelligence and automation to improve service delivery and internal operations
- delivering $20 million in savings through initiatives such as the bulk procurement of mobile devices, the rationalization of fixed phone lines and deploying softphones
- As part of the work to incorporate agile procurement principles into its broader contracting, SSC used an agile process for procuring cloud services. This involved iterative solicitation design and development, as well as collaboration with industry, to achieve the best possible outcome for Canadians.
- SSC surpassed the government’s 5% Indigenous procurement target, achieving a result of 9.8%.
- Furthermore, SSC onboarded one third of the department to Docuverse, a SharePoint solution that modernizes business processes. This streamlined collaboration improved coordination and strengthened governance.
- SSC launched the efficient and user-friendly Employee Service Portal to automate corporate requests and improve the onboarding and offboarding of employees.
If pressed on unmet Departmental Results indicators
- Number of partners that migrated their email to the cloud – target: 39
- Result: 37. For SSC to complete email migrations, partners must complete all the preparatory work. More complex departments took longer than expected and this caused delays.
- Percentage of time that the Enterprise Mobile Device Management (EMDM) service is available – target: 99.9%
- Result: 99.19%. In 2024-25, there were three EMDM outages due to major infrastructure-related incidents. To mitigate future risks, SSC is working to enhance coordination, improve alerting and monitoring processes, and strengthen validation protocols for third-party infrastructure changes.
- Partner satisfaction with cloud brokering and cloud advisory services (five-point scale) – target: 3.6
- Result: 3.5. While service levels were sustained, the new Application Hosting Strategy changed the accountability for cloud operations from partners to SSC, which may have reduced satisfaction. To address these challenges, improvements are under way to enhance service and streamline cloud intake processes.
- Percentage of SSC-led and customer-led projects rated as on time, on scope and on budget – target: 70%
- Result: 65%. Cyber security projects experienced delays due to evolving requirements and the rapid evolution of the cyber security landscape. This made it challenging to deliver effectively using traditional waterfall approaches, in which all planning is done at the start. SSC is moving toward agile project practices, in which planning and delivery are done iteratively.
- Percentage of critical incidents under SSC control resolved within established service-level standards – target: 60%
- Result: 55.04%. SSC is addressing three root causes of this outcome. To better deliver improvements to more complex systems, SSC is assessing adjustments to its processes. With regard to extended wait times for hardware replacement, SSC is evaluating an emergency replacement service for critical equipment at some sites. To improve service at remote locations, SSC is investigating opportunities to pre-identify additional remote supports.
Background
The Departmental Results Report (DRR) tells parliamentarians and Canadians what SSC achieved and how resources were used to attain those results. It details SSC’s actual accomplishments in 2024-25 against the plans, priorities and expected results outlined in its 2024-25 Departmental Plan. The DRR is based on the approved 2024-25 Departmental Results Framework and Program Inventory.
Artificial intelligence
Issue
- Artificial intelligence (AI) is considered a foundational technology, which stands to propel significant social and economic change. Shared Services Canada (SSC) is exploring how to use new technologies like AI to support government work.
Key facts
- N/A
Key messages
- By adopting AI, the Government of Canada (GC) will transform government operations and support a more efficient and effective public service.
- SSC is playing a leading role in digital transformation across the GC, facilitating the adoption and scaling of AI across the public service. SSC is:
- developing a sovereign made-in-Canada AI platform that can be deployed across the federal government in partnership with leading Canadian AI companies, the Department of National Defence (DND) and the Communications Security Establishment (CSE)
- leading a competitive procurement process for generative AI productivity tools for government employees, which includes 3 Canadian pre-qualified vendors
- enabling access to sovereign AI compute capacity for public and private research, in collaboration with the National Research Council Canada (NRC)
- applying AI and automation across internal operations to automate common IT support requests, reducing call volumes and costs while improving the user experience
If pressed on SSC’s AI initiatives
- SSC is building foundational tools using in-house AI experts, reducing dependency on contractors, lowering costs and keeping knowledge within government.
- SSC has fine-tuned large language models (LLMs) on Canadian content to ensure that AI tools reflect Canadian context, values and priorities.
- SSC is scaling its in-house developed generative AI tool called CANChat. This is a safe and secure AI platform for public servants, ensuring that GC data remains in Canada, is hosted on government-accredited infrastructure and is not accessible by foreign service providers.
- SSC is in the process of launching a government-wide procurement of generative AI tools that integrate with office productivity suites such as Microsoft 365. There are currently 5 qualified respondents that are expected to submit bids, 3 of which are Canadian.
- SSC is expanding the infrastructure, skills and expertise to support AI adoption, including making commercial AI tools available, creating an AI marketplace for sharing resources and helping establish a secure and sovereign supercomputing facility for advancing AI research.
- SSC operates the AI Centre of Excellence (AICoE), which supports departments and agencies in applying AI, shares best practices, contributes to policy development and fosters collaboration through peer reviews and working groups.
- The GC is committed to ensuring the responsible use of AI and ensuring it is governed by clear values, ethics and rules.
If pressed on jobs
- AI is meant to support the work of public servants, not replace them. It can assist with routine and repetitive tasks so employees can focus on work that needs creativity, problem-solving and human judgment. This can increase agility, efficiency and retention by automating routine and time-consuming tasks.
If pressed on memoranda of understanding for AI
- The GC recently signed a memorandum of understanding with Cohere Inc. to explore opportunities for deploying AI in internal government operations and to strengthen digital sovereignty through a made-in-Canada digital and AI ecosystem. SSC’s efforts to define requirements for sovereign cloud hosting services furthers this work.
Background
To guide the responsible use of AI, the Treasury Board of Canada Secretariat released key resources, including the Directive on Automated Decision-Making, the Guide on the use of generative artificial intelligence and the Algorithmic Impact Assessment tool.
Digital sovereignty
Issue
Digital sovereignty is defined as the ability to exercise autonomy over digital infrastructure, data and intellectual property, as well as critical technologies. This protects national security, supports economic competitive and allows a country to operate independently and reduce the risks of foreign interference in the digital age. It includes:
- Data sovereignty: Ensuring data complies with national laws and remains under the jurisdiction and control of the country
- Operational sovereignty: Retaining control over how digital services are deployed and preventing reliance on, or interference from, foreign entities
- Technological sovereignty: Maintaining the ability to make independent decisions about technology without being overly dependent on monopolistic or foreign‑controlled vendors
Key facts
- Under the Directive on Service and Digital , departments and agencies are expected to prioritize computing facilities in Canada—or on Government of Canada (GC) premises abroad—for storing or handling sensitive electronic information, such as Protected B, C or classified data. This helps keep important data secure and under Canadian control.
- Under the Policy on Privacy Protection, departments and agencies must protect personal information properly, reduce privacy risks and remain open and accountable, even when it is processed or stored by third-party companies.
- Data protection obligations are embedded in contracts with service providers through standardized security clauses, access restrictions and incident reporting requirements.
Key messages
- Digital sovereignty is a critical priority for the GC to protect essential data, reduce risks of foreign interference and strengthen domestic IT capabilities.
- Shared Services Canada (SSC) is investing in Canadian technology capabilities and strengthening policies to protect critical infrastructure.
- SSC has launched a procurement process to establish Sovereign Canadian Cloud capabilities for the GC through a process that prioritizes Canadian-owned and controlled cloud service providers. These efforts will secure Canadian capacity as part of the GC cloud ecosystem.
- SSC will also develop a sovereign made-in-Canada AI platform that can be deployed across the government, in partnership with leading Canadian AI companies, and enable greater access to sovereign AI compute.
- SSC has been actively working to strengthen IT diversification by reducing vendor concentration and influence in strategic areas, while promoting Canadian-made solutions.
If pressed on protections
- The GC applies a range of technical safeguards to protect data, maintain service reliability and ensure continued operation of its systems. These include secure system design; encryption to protect information in storage and in transit; access and identity management; and continuous monitoring to detect and respond to incidents.
If pressed on how SSC strengthens digital sovereignty
- SSC works with Canadian telecommunications companies and provides the GC with a fast and reliable network in Canada that operates on Canadian-owned assets. This helps keep important data secure and under Canadian control.
- SSC uses state-of-the-art enterprise infrastructure and multiple layers of defence, including cutting-edge sensors designed to identify and eradicate cyber threats.
- SSC delivers hybrid hosting models to meet the GC’s needs for security, scalability and sovereignty. Hosting models range from fully GC-owned data centres (maximum sovereignty) to public cloud services (lower control, higher scalability).
- SSC’s enterprise data centres (EDCs) are located within Canada and operate on Canadian-owned assets. This helps keep important data secure and under Canadian control.
Background
Due to the global dominance of U.S.-based technology vendors and the comparatively small size of Canada’s IT sector, targeted interventions are essential to scale Canadian capabilities. Cloud computing, in particular, is dominated by Amazon Web Services, Google Cloud and Microsoft Azure, posing challenges to operational and technological sovereignty.
Advanced cyber threat actors are increasingly using supply chains to bypass traditional security defences by introducing vulnerabilities. Since 2012, SSC has mitigated this risk through Supply Chain Integrity (SCI) procurement reviews for equipment, software and services. These assessments help departments and agencies to identify and potentially mitigate security vulnerabilities before they impact operations.
The GC has made strategic investments in Canadian IT firms, including a March 2025 announcement by Innovation, Science and Economic Development Canada (ISED) of up to $240 million in funding for Toronto-based Cohere Inc. This investment marks Cohere as the first recipient of the AI Compute Challenge, part of the $2 billion Canadian Sovereign AI Compute Strategy. In August, the GC signed a memorandum of understanding with Cohere to explore opportunities for deploying AI technologies across the GC to enhance operations within the public service and to build out Canada’s commercial capabilities in using and exporting AI.
Cyber security
Issue
The Government of Canada (GC), like all organizations worldwide, faces ongoing cyber threats from bad actors, on a national and international level, that require constant attention and strong security measures. Cyber threats are becoming more complex and sophisticated. These include criminal activities such as ransomware attacks and attacks by state-sponsored adversaries.
Key facts
- Shared Services Canada (SSC) blocks approximately 6.5 trillion cyber threats annually, ensuring the uninterrupted operation of government online services.
- Investments in strong cyber security systems reduce the costs associated with service disruptions and recovery.
Key messages
- SSC provides state-of-the-art enterprise infrastructure and employs modern commercial cyber security solutions to defend GC systems against a wide range of cyber threats.
- SSC employs multiple layers of cyber security defences, including firewalls, network defences, anti-denial of service measures, anti-virus and anti-malware tools, encryption, virtual private networking (VPN) and robust identification and authentication services.
- Together, SSC and the Communications Security Establishment’s (CSE) Canadian Centre for Cyber Security (the Cyber Centre) provide sophisticated cyber security tools, including proprietary sensors that provide additional defence beyond commercial capabilities.
- SSC is actively reducing security vulnerabilities by consolidating, standardizing and modernizing IT systems across the GC.
- To strengthen data protection, SSC is implementing zero-trust principles—minimizing reliance on implicit trust within networks and deploying modern, industry-leading security solutions.
- In consultation with the Treasury Board of Canada Secretariat (TBS) and CSE, SSC integrates security and privacy by design when developing new services.
If pressed on supply chain integrity
- Together with the Cyber Centre, SSC has completed over 83,000 Supply Chain Integrity reviews since 2012 to help ensure that components used in systems do not compromise safety or security.
If pressed on quantum computing
- A quantum computer capable of compromising many cryptographic standards could be available in the next 5 to 8 years.
- Departments and agencies will be required to develop customized migration plans to transition their systems to post-quantum cryptography. SSC is developing a comprehensive strategy to ensure its enterprise solutions align with the cryptographic recommendations from the Cyber Centre.
If pressed on small departments and agencies
- SSC is working with 43 small departments and agencies (SDAs) to deliver a targeted set of secure IT services. By the end of 2024-25, 23 SDAs had fully transitioned to government-managed Internet and remote access services, while 15 had adopted the shared government email system.
If pressed on provincial and territorial cooperation
- In September, all 14 federal, provincial and territorial jurisdictions signed a historic cyber security agreement to share real-time intelligence, tools and services to counter cyber threats.
- The agreement strengthens SSC’s cyber security posture through secure intergovernmental collaboration on threat intelligence and incident response.
Background
Cyber security is a shared responsibility across the GC:
- TBS sets government-wide cyber security policies and leads the response to major cyber incidents.
- SSC builds and manages secure IT systems, monitors key applications and ensures new services are designed with security and privacy in mind.
- CSE is the lead agency for cyber security. It provides defensive capabilities that are not currently available commercially, adding an additional layer of defence unique to the GC.
- All departments and agencies must protect their own systems and applications.
- Public Safety Canada leads the National Cyber Security Strategy, working with partners outside government to protect Canadians and businesses.
- The Royal Canadian Mounted Police (RCMP) investigates cyber crimes that target government systems.
- The Canadian Security Intelligence Service (CSIS) gathers intelligence on threats to national security and supports departments through security screening and foreign intelligence.
- The Canadian Armed Forces (CAF) shares cyber threat intelligence with allies and conducts foreign cyber operations.
The GC Cyber Security Event Management Plan (GC CSEMP) outlines how different departments respond to cyber incidents. Smaller issues are handled by the affected department, while serious ones are managed by teams led by TBS and the Cyber Centre. SSC’s responsibilities during a cyber security event include watching for unusual network activity, blocking cyber threat activity, assessing service impacts, reporting through the Cyber Centre and implementing prevention, mitigation and recovery efforts, such as emergency patching and isolating infrastructure.