The New Reality For Canadian Critical Infrastructure Planners: Navigating Superpower Dependencies

For decades, investment strategies in the critical infrastructure sector were predicated upon the efficiency and scale of key global manufacturing hubs, including China, and the legal certainty, technological sophistication, and capital depth of the world's leading economy, the United States. However, recent shifts in the geopolitical landscape suggest that the world's superpowers may now present unique, systemic risks to critical infrastructure in leading economies. From the erosion of international legal norms to the weaponization of digital infrastructure, Canadian and OECD country critical infrastructure planners are increasingly facing very challenging decisions when it comes to selecting international equipment and technology solution providers.

"You can't unsee it": The Schleswig-Holstein pivot

The German state of Schleswig-Holstein has recently emerged as a vanguard for digital sovereignty, initiating the migration of 30,000 government workstations to Linux and LibreOffice by 2026. This transition is driven by a desire to gain self-determination over IT infrastructure and eliminate dependencies on proprietary vendors that can impose unpredictable cloud policies or licensing costs. By October 2025, the state successfully migrated over 40,000 accounts and 100 million emails to open-source solutions like Open-Xchange and Mozilla Thunderbird. Financially, this shift is projected to save the state over €15 million in annual licensing fees by 2026. The migration utilizes "openDesk," a modular, sovereign collaboration suite developed by the Center for Digital Sovereignty (ZenDiS) to ensure that public data remains under regional control rather than being subject to foreign jurisdiction.

As Matthew Tuttle articulated in a recent market research note, this shift may be structural: "the world is building optionality away from U.S. policy and platform dependence" and "once you see it, you can't unsee it," because it is now manifesting in tangible procurement mandates, supply chain realignments, defense budget allocations, and long-term capital flows. This strategic pivot is no longer restricted to the realm of theoretical policy debate; it has entered the operational phase where the "pipes" and "cables" of critical infrastructure and core data systems are being reclaimed to ensure that international alliances—should they wobble—do not result in the sudden cessation of critical services.¹

France has also emerged with an aggressive "sovereign stack" strategy, implementing a comprehensive plan to purge U.S. videoconferencing and collaboration tools from its government apparatus. The replacement for these platforms is "Visio," a domestically developed platform created by the Interministerial Directorate for Digital Affairs (DINUM). (Anyone who remembers France's Minitel foray may have reason to pause.) In Denmark, municipalities are already moving away from major proprietary software platforms for civil servants, specifically citing the leadership of Schleswig-Holstein as a model. Similarly, in Austria, the Ministry of Defense and the national military have also begun adopting homegrown alternatives.

The domestic shift: Judicial volatility and data overreach

The United States has historically been viewed as the gold standard for the "Rule of Law." However, historic internal shifts within the United States are complicating this perspective. The recent trend of judicial behaviour—specifically the overturning of long-standing administrative law doctrines—has introduced a new era of regulatory uncertainty.² For Canadian entities, which rely heavily on multi-decadal stability for planning and investment decisions, the potential for radical executive action that bypasses traditional administrative safeguards creates significant operating risk.

Furthermore, U.S. legislation such as the Patriot Act and the CLOUD Act has institutionalized a system where the U.S. maintains extraterritorial reach over data. Any utility utilizing hardware, software, or cloud-based solutions tied to the United States must now necessarily consider whether, by extension, it is providing a foreign executive branch with a "backdoor" to its corporate intelligence and operational independence, regardless of where data is physically stored or where day-to-day operations occur. Such utilities will also need to consider this in light of any requirements in respect of the location of data residency to which they may be subject, as well as the potential need for data security or privacy impact assessments associated with such requirements.

The Chinese counterpoint

Of course, it is not just our close ally the United States that causes system planners concern. On the opposite pole, China, the world's other manufacturing and technological superpower, maintains its National Intelligence Law—which requires all organizations and citizens to support, assist, and cooperate with state intelligence work—presenting a different but equally potent risk. In the power and utility sectors, this currently manifests primarily as supply-chain risk. However, the integration of Chinese-origin hardware into smart grids and renewable energy storage systems introduces at least the perceived risk of "kill switches" and/or data exfiltration. As China increasingly links its technology platforms to evolving national security objectives, the ability of a Western firm to maintain technological sovereignty while using those platforms or components also becomes less certain.³

Beyond the theoretical, recent investigations regarding the presence of undocumented "rogue" communication devices—including cellular radios—embedded within the firmware of major manufacturers' solar inverters and energy storage systems are a serious concern. These hardware-level backdoors, combined with the "pre-positioning" of state-sponsored actors on critical utility networks, provide the capability to bypass traditional firewalls and execute a remote, coordinated collapse of the energy grid.

Readers familiar with Canadian federal procurement standards may have noted the recent inclusion of stringent foreign investment review requirements, which effectively necessitate that proponents obtain formal clearance under the Investment Canada Act (ICA) as a prerequisite for participation. In the case of the High-Frequency Rail (HFR) project—Canada's largest infrastructure endeavour in generations—procurement documents specifically mandated a comprehensive Foreign Ownership, Control or Influence (FOCI) evaluation. This regulatory gatekeeping aligned with the federal government's 2024 and 2025 modernization of national security reviews, which focused on protecting critical transportation corridors from state-influenced entities. By requiring such clearances upfront, the procurement process creates a structural barrier that effectively blocks out Chinese state-owned bidders and other foreign enterprises deemed a potential risk to the "pipes and cables" of Canada's sovereign infrastructure.

Standards over sentiment: Avoiding the sovereignty trap

As we navigate this "rupture" in the world order, to use the phrase coined by Prime Minister Mark Carney in his Davos address, critical infrastructure sector leaders must remain clinical. It is imperative that we avoid the xenophobia that can contaminate discussions of geopolitical risk. Our focus must remain steadfastly on universally applicable, fact-driven engineering, system design, software development, and legal and operational requirements and standards. Sovereignty is not about the ethnicity of a supplier; it is about the integrity of the code and the independence of the jurisdiction. Carney's call for "variable geometry" and "strategic autonomy" reminds us that middle powers like Canada must act to ensure they are not "on the menu." By establishing rigorous, objective testing protocols—such as "zero-trust" architectures and open-source redundancies—we move from reactive fear to proactive resilience: a better place to be in the long run.

To make this resilience work in the real world, the power sector is turning to an evolving set of global standards known as the ISA/IEC 62443 series. These standards were developed by the International Society of Automation (ISA) in partnership with the International Electrotechnical Commission (IEC). They serve as the "defensive playbook" for the hardware and software that runs power plants and grids.⁴

Countering dependence on superpower infrastructure

The central—and rather uncomfortable—question for every public infrastructure system operator is now: Can your system survive a total disconnection from both superpowers' digital, operational and manufacturing supply ecosystems?

When a company's entire operational capacity—from its ability to pay employees (via foreign-controlled payment rails) to its ability to monitor a substation (via foreign-hosted cloud services)—can be toggled off by a foreign government order, that company and the critical services that it provides are no longer reliable.⁵

Stay clinical: Navigating the 44% reality

Implementing a "Third Way" strategy is a formidable challenge that should not be underestimated. And it will take time. Together, the two global superpowers represent approximately 44% of the global economy and nearly 46% of global manufacturing capacity. For the critical infrastructure sector—where components are often specialized and capital-intensive—decoupling from these two giants is not a simple procurement change; it will be a structural transformation that will take time and money.

This requires a rigorous commitment to developing and adopting new standards and a relentless cycle to test and retest equipment and systems for both cyber security and physical and operational resilience. It will also, unfortunately for end-users everywhere, require a fundamental change in the Total Cost of Ownership (TCO) calculus for public-sector procurement. Traditionally, the low upfront cost of SaaS and the "polished" experience of leading vendor platforms made them a default choice. Now, sovereignty concerns have shifted the balance.

Canadian planners and operators should be prepared to focus investment and procurement on jurisdictions that maintain:

• Rule of law: Judiciaries that remain insulated from the direct whims of government or the volatility of partisan shifts, ensuring that long-term contracts remain enforceable regardless of political turnover.
• Data sovereignty: Jurisdictions where privacy is an entrenched right and state access to corporate or utility data requires transparent, high-threshold judicial intervention rather than mere administrative fiat.
• Transparency: A regulatory environment that mandates full disclosure of hardware and software lineage. This includes the implementation of a "Software Bill of Materials" (SBOM) to expose "rogue" functions and ensure that the digital components of our critical systems are not "black boxes" subject to foreign state influence.
• Jurisdictional diversification: A model for evaluating capital expenditures based on the "Legal Resilience" of the host country. Priority must be given to nations with robust, predictable, and independent judicial systems that respect international norms and provide a stable harbor for long-term assets.

Strategic considerations for Canadian planners

In addition, Canadian planners must begin to consider:

• Technological neutrality: Actively support the development of "trusted partner" hardware and software stacks. This can help ensure that the digital nervous system of our grids is not subservient to the national security laws or "kill switch" capabilities of a foreign power.
• Digital decoupling & testing: Conduct a comprehensive "Dependency Audit" to identify every node where a foreign executive order could halt operations or seize data. Planners should invest in redundant systems based in rule-of-law jurisdictions and establish rigorous protocols—such as zero-trust architectures—to test the integrity of all incoming firmware.
• Support for international norms and standards: Industry leaders must recognize that the erosion of international technical standards is a leading indicator of systemic risk. Defending the international rule of law and the implementation of rigorous technical standards (such as the ISA/IEC 62443 series) is not merely a moral stance; it is a critical matter of long-term risk management. It is, quite literally,  about keeping the lights on.

Conclusion

Public infrastructure is the bedrock of the modern digital economy, yet it cannot thrive if the "rules of the game" remain tethered to the shifting interests of a single state or the volatility of individual leadership. Counterintuitively, true sovereignty in critical infrastructure is not found in isolationist policies or protectionism, but in a clinical commitment to system resilience. By aligning with stable, reliable counterparties and adhering to rigorous, objective standards, planners can ensure that the "pipes and cables" of modern Canadian society remain independent of geopolitical whims. As we navigate this era of superpower dependency, we must replace reactive fear with clear-eyed pragmatism: "Trust everybody, but cut the cards."

Footnotes

Read the original article on GowlingWLG.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.