Complete your AIA.
On time. Audit-ready.
Built for federal institutions running compliance reviews and the vendors who support them.
Does the system support decisions affecting eligibility, access, prioritization, or enforcement?
Internal notes
Pending legal review of scope definition for this system.
// Corresponding JSON output
{
"questionId": "risk-02",
"weight": 2.5,
"response": "yes",
"status": "draft",
"attachments": 2,
"lastModified": "2025-03-14T16:42:00Z"
}
What Is an AIA v3.0 Algorithmic Impact Assessment?
An AIA is a mandatory risk evaluation required by the Government of Canada under the Directive on Automated Decision-Making (DADM). It determines the impact level of an automated system and prescribes corresponding mitigation requirements.
Little to no impact
Automated decisions with minimal downstream consequences on eligibility or access.
Moderate impact
Decisions affecting rights, access, or service eligibility with limited scope.
High impact
Significant decisions affecting health, liberty, financial well-being, or safety.
Very high impact
Decisions with irreversible or high-consequence effects on eligibility, enforcement, or access.
How the AIA fits into the Directive on Automated Decision Making (DADM)
The DADM is the legal framework. It requires federal institutions to assess the risks of any automated system before it makes or supports decisions that affect people. The AIA is how that requirement gets fulfilled in practice.
The DADM tells you that you must assess your system. The AIA tells you what to assess, how to score it, and what mitigations your impact level requires. Under the Directive on Automated Decision-Making, federal institutions must complete and publish an AIA before an automated decision system goes into production. Without the DADM, the AIA has no enforcement authority behind it.
Official references
- Directive on Automated Decision Making (Treasury Board of Canada)
- AIA JSON Schema (Canada GitHub repository)
- IT Security Risk Management Lifecycle (ITSG-33)
- Algorithmic Impact Assessment (Canada.ca) English | Français
How AIA Simplified supports AIA completion under DADM v4.0
Federal institutions must complete Algorithmic Impact Assessments before deploying automated decision systems under the Directive on Automated Decision-Making.
Invite assessors, reviewers, and approvers into the same assessment.
Each action is tied to a role and recorded with user and time.
Does the system use personal information?
Internal notes
Pending privacy officer review. May require ATIP consultation.
// Corresponding JSON output
{
"schemaVersion": "v1.2.2",
"assessmentId": "AIA-2025-0042",
"questionId": "data-01",
"response": "limited",
"status": "draft",
"attachmentsCount": 2,
"lastModified": "2025-03-14T16:42:00Z"
}
See it in action
Get a glimpse of how the platform streamlines your assessment workflow with an intuitive, comprehensive interface.
Resume screener - Created 2026-02-16
Auto-Fill Suggestions
Context-aware completion support
Questionnaire
Complete the questions below. Changes are saved per question.
Overall Progress
5 additional questions appear based on your answers
Required
0 of 101 currently visibleAbout the System
Required What type of automated decision system is being used? Select the category that best describes the system.
Evidence
0 linked
Supporting documentation for this assessment
No evidence linked yet
Impact Score
No score calculated yet
Answer questions and calculate the score
Export & PDF
Structure your AIA. Trace every decision.
Understand your impact level.
Create reusable templates
Build evidence templates for linking to assessment questions. Standardize your evidence collection process and reuse across assessments.
Create Template
✕Create a reusable evidence template for linking to assessment questions.
Structured questionnaires
Organize assessments into logical sections with progressive disclosure. Track progress across multiple question categories seamlessly.
Questionnaire
Complete the questions below. Changes are saved per question.
Overall Progress
0%
0 of 101 visible questions
Required
0 of 101 currently visible
5 more appear based on answers
1. System
0/10
2. Algorithm
0/9
Impact level guidance
See exactly which answers are driving your current impact score and what changes would reduce it.
Level Guidance
How to reduce your impact level
Current:
Level 1
Already at the lowest impact level.
TOP SUGGESTIONS
Improve Mitigation
-3.1 pts
Estimated: 17.5 → Level 1
Change Answer
-2.8 pts
Is this system precedent-setting?
Estimated: 17.8 → Level 1
Complete audit trail
Maintain comprehensive audit logs of all system activities and security events. Track every action for compliance and accountability.
Audit Logs
View system activity and security events.
| Timestamp | User | Action | Resource |
|---|---|---|---|
| 2026-02-16T09:22:54Z | 5201b272-9265-4092-8d10 | evidence.linked | evidence_link |
| 2026-02-16T09:22:30Z | 5201b272-9265-4092-8d10 | evidence.created | evidence |
| 2026-02-16T09:20:14Z | 5201b272-9265-4092-8d10 | assessment.created | assessment |
How it works
Five stages from initialization to Treasury Board submission. Each stage enforces schema integrity and role-based access.
Initialize
Create a new AIA. The platform loads the current TBS-aligned schema and assigns an initial draft status.
Import context
Optionally import existing system documentation, prior assessments, or organizational metadata to pre-populate fields.
Draft responses
Analysts complete all TBS-aligned questions. Every edit is saved with version history. Bilingual fields are validated in real time.
Review and approve
Reviewers assess completeness and accuracy. Approvers verify the final impact level. Separation of duties is enforced by the platform.
Export and submit
Generate the final JSON and PDF outputs with embedded schema version. Ready for Treasury Board submission.
A structured execution engine for AIA v3.0 Assessments
Built for teams accountable for DADM v4.0 compliance and Canadian AIA v3.0 submissions.
WHAT THE PLATFORM ENFORCES
Core execution layer
- Official Treasury Board AIA structure enforced
- DADM scoring and conditional logic applied
- Incomplete assessments blocked from review
- Full version history and approvals preserved
Submission integrity
- Drafts kept separate from final submissions
- Only approved answers included in exports
- Required sections enforced before submission
- Internal notes retained for audit
Outputs
- Official AIA JSON for government submission
- PDF exports matching the approved submission
- Full audit trail of answers and approvals
- Clear traceability from answers to evidence
What the platform enforces
Every compliance mechanism maps to a specific DADM clause or TBS specification. The platform does not interpret policy -- it enforces structure. The platform is maintained against the official TBS schema repository to prevent schema drift.
| Mechanism | Status | Source |
|---|---|---|
| Impact-level scoring (I–IV) | Supported | Directive on Automated Decision-Making, Appendix B |
| All TBS-aligned AIA questions (official 2024-01 schema) | Supported | AIA JSON Schema (Canada GitHub) |
| Separation of duties (drafter and approver) | Supported | Directive on Automated Decision-Making, s.6.3.3 |
| Immutable audit logging | Supported | Directive on Automated Decision-Making, s.6.3.2 |
| JSON + PDF export | Supported | AIA JSON Schema (Canada GitHub) |
| Immutable schema version snapshots | Supported | AIA Tool Releases (GitHub) |
{ "generateAnswers": false, "interpretPolicy": false, "assignImpactLevels": false, "providesStructure": true, "enforceSchema": true }
What the platform does not do
AIA Simplified is a structured execution engine, not an AI decision-maker. Every boundary below is intentional and exists to protect your institution's accountability.
Does not generate or submit compliance answers on your behalf.
Security and data handling
Data sovereignty, access control, and audit logging are not features. They are architectural constraints enforced at every layer.
Canadian data residency
All assessment data is hosted in Canada per ITPIN 2017-02 (Direction for Electronic Data Residency). No cross-border storage.
View policy referenceRole based access control
Org scoped access with enforced roles for review, approval, and export.
Encryption at rest and in transit
AES 256 at rest. TLS 1.3 in transit.
SSO and session controls
SSO support with configurable session timeout and sign in policies.
Immutable audit logging
Audit records are append only. They cannot be edited or deleted.
Export integrity controls
Drafts stay separate. Only approved answers appear in exports.
Procurement-aligned licensing
No per-seat pricing. No usage metering. Pricing is scoped to deployment model and institutional scale.
| Licence type | Intended buyer | Deployment model | Scope unit | Contract term | Procurement compatibility |
|---|---|---|---|---|---|
| Vendor licence | Vendors and consultancies building ADM systems for federal clients | Multi-tenant SaaS | Active workspaces | Annual | Standard commercial terms, volume discounts available |
| Institutional licence | Federal departments and agencies completing AIAs internally | Single-tenant SaaS or on-premise | Department | Annual | Compatible with PSPC procurement vehicles, SSO included |
Frequently asked questions
Everything you need to know about AIA v3.0 compliance, DADM v4.0 requirements, and platform capabilities.