How much funding can be received?

There is no informations about how much funding can be received.

What is the deadline to apply?

The program is accepting continuous intake

Who are the financial supporters of the MaLoi25?

MaLoi25 is funded by Gouvernement du Québec

What are MaLoi25's eligibility criterias?

The organization must be based in Quebec. The organization must have fewer than 500 employees. The program is open to both public and private organizations.

MaLoi25

Last Update: July 22, 2025

QC, Canada

Modernize legislative provisions as regards the protection of personal information

MaLoi25 at a glance

Eligible Funding

No Condition

Timeline

Closing date : March 31, 2025

Financing Type

Expert Advice

Eligible Industries

Information and cultural industries
Professional, scientific and technical services

Grant Providers

Gouvernement du Québec

Program status

Closed

Overview of the MaLoi25 program

The MaLoi25 pathway, specifically, refers to a set of measures, tools, and resources designed to assist businesses and organizations in complying with the new requirements of Law 25. This pathway is intended to provide clear and accessible information on the legal obligations introduced by the law and how entities can adjust their personal information management practices to effectively meet these obligations.

Financing terms and conditions

The program MaLoi25 is subsidized by the Ministry of Economy, Innovation, and Energy.
The subsidy for this program is valid until March 31, 2025, after which services will no longer be provided.
If a participant has not commenced any steps of the program, all service and registration fees will be fully reimbursed.
If a participant starts but does not complete a service, In-Sec-M cannot refund the service and registration fees.
In-Sec-M commits to trying to communicate with participants beforehand to avoid non-commencement situations.

Eligible projects & activities

Completion of a self-diagnostic questionnaire for compliance with Law 25.
Participation in a 2-hour group training focused on cybersecurity best practices and compliance with Law 25.
Engagement in personalized support, including a 2-hour individual meeting, 8 hours of virtual coaching, and 2 hours allocated for client case preparation.

Examples of admissible projects:

$ 35,000

Implementation of a comprehensive cybersecurity compliance program

$ 40,000

Developing a data protection compliance and training platform

$ 38,000

Enhancing cybersecurity infrastructure for Law 25 compliance

Eligibility criteria of the MaLoi25 program

The eligibility criteria for this grant require specific characteristics regarding the organization applying for support.

The organization must be based in Québec, Canada.
The organization must be either a public or private entity.
The organization must have fewer than 500 employees.

Who is eligible?

Organizations in Quebec, both public and private, with fewer than 500 employees are eligible to apply for support under the MaLoi25 program. This includes Small and Medium Enterprises (SMEs) and Small and Medium Organizations (SMOs) looking to enhance their cybersecurity measures and comply with the new legal requirements.

Who is not eligible

Large companies: Companies with 500 or more employees are not eligible.
Organizations outside Quebec: Organizations that are not based in the province of Quebec.
Federal government organizations: Agencies and institutions that report to the Canadian federal government.
International organizations: Companies or institutions based outside Canada.
Individuals: The program is not open to individual applications; it targets organizations only.

Eligible expenses

Costs related to a 2-hour group training to reinforce cybersecurity and compliance with Law 25.
Personalized support fees of 12 hours for the development and implementation of a compliance plan.

Eligible geographic areas

The MaLoi25 grant program is specifically designed for organizations located within the province of Quebec, Canada. It aims to assist small and medium-sized enterprises in complying with local cybersecurity regulations.

Organizations must be located in Quebec.

Eligibility criteria of the MaLoi25 program

Location: The organization must be based in Quebec.
Organization size: The organization must have fewer than 500 employees.
Sector: Applicable to all organizations, both public and private.
Cybersecurity needs: The organization must have identified cybersecurity and Bill 25 compliance needs.
Ability to participate: The organization must be able to actively participate in all stages of the program (self-diagnosis, training, coaching).
Commitment: The organization must commit to following the guidelines and implementing the recommended practices for the protection of personal data.

How to apply to the MaLoi25 program

Online registration

Sign up on the official MaLoi25 program website at the address.
Provide the necessary information to create a user account.

Completion of the self-diagnostic questionnaire

Access the online self-diagnosis questionnaire for compliance with Law 25.
Answer the questions to assess your organization's situation in relation to the requirements of Law 25.
Obtain a detailed report of the results to be forwarded to the expert appointed by In-Sec-M.

Participation in group training

Enroll the members of your organization in the 2-hour group training.
Attend the training and take notes on best practices in cybersecurity.

Personalized support

Establish the schedule of coaching sessions with the assigned expert after the training.
Participate in virtual and individual coaching sessions totaling 12 hours.
Work collaboratively with the expert to develop and implement an action plan.

Follow-up and completion

Fill out an online satisfaction questionnaire after completing the support.
Ensure the ongoing compliance of your organization's practices with the expert's guidelines.

Additional information

Here are additional relevant details for this grant:

Post-program support is available through a form to request cybersecurity assistance for deploying solutions or increasing cybersecurity maturity levels.
An online satisfaction questionnaire is provided after both the group training and the personalized coaching to gather feedback for program optimization.
Participants are strongly advised to keep a copy of the self-diagnostic report as it is crucial for personalizing the compliance journey, and In-Sec-M cannot retrieve it if lost.
The program is operationalized by In-Sec-M and supported by service providers who focus on personal information protection expertise.
If services are initiated and not completed by March 31, 2025, fees are non-refundable; however, full refunds are provided if no service has been started before this deadline.