PwC Canada launches CPCSC Readiness Service to help defence suppliers with new mandatory cyber certification Français

• Starting this summer, businesses who want to bid on defence contracts will be required to meet new mandatory cybersecurity requirements.
• The 2025 federal budget allocated more than $81 billion to defence spending over the next five years.
• More than $1 trillion could be allocated to defence spending over the next decade as Canada grows defence spending to 5% of GDP, as per NATO commitments.

New service designed to guide Canadian defence suppliers through the mandatory Canadian Programme for Cyber Security Certification (CPCSC) and unlock access to historic national defence investments.

TORONTO, May 13, 2026 /CNW/ - As the Canadian government makes a historic financial commitment to modernizing national defence, starting summer 2026, Canadian companies looking to capitalize on this growth opportunity and bid on defence contracts will need to comply with new mandatory cybersecurity requirements.

In response to the new requirements, PwC Canada has announced the launch of its CPCSC Readiness and Advisory Service, a new offering designed to guide organizations through the CPCSC and ensure they are eligible for defence procurement.

"Canada's planned defence investment is a once-in-a-generation opportunity -- but to take part, businesses need to be cyber ready," said John Proctor, Partner, Cybersecurity, Privacy & Financial Crime & Cyber Defence Sector Leader, PwC Canada. "We're making it easier for Canadian companies to meet CPCSC requirements by breaking complex cyber rules into clear, practical steps -- so they can qualify to bid and grow with this market."

The CPCSC is a new mandatory cyber security certification framework, jointly led by Public Services and Procurement Canada (PSPC) and the Department of National Defence (DND), in collaboration with the Canadian Centre for Cyber Security (CCCS). Modelled on the U.S. Department of Defense's CMMC programme, CPCSC establishes minimum cyber security requirements that contractors must meet in order to bid on, be awarded, and continue performing defence contracts involving sensitive, unclassified information.

With certification requirements appearing in DND solicitations this year, the timeline for suppliers to achieve compliance is narrowing. Organizations that fail to meet the required CPCSC level will be ineligible to retain existing defence contracts or bid on new projects, creating a significant risk to revenue and market position.

Unlocking access to Canada's defence market

CPCSC establishes minimum cyber security standards for any organization in the DND supply chain. PwC Canada's CPCSC Readiness and Advisory service enables businesses to:

• Confirm their CPCSC scope by identifying affected contracts, data flows, and business units.
• Commission a readiness assessment to benchmark current controls against CPCSC requirements.
• Develop a remediation and certification roadmap with clear ownership, budget, and timelines.
• Prepare for final certification by gathering evidence and validating controls.
• Strengthen supply chain trust and protect eligibility for future defence contracts.

Extending PwC's legacy of trust and sector expertise

PwC Canada's multidisciplinary teams bring together expertise in cybersecurity, defence, risk management, digital trust, internal controls, and regulatory insights. This blend of technical depth and assurance rigor, positions PwC Canada uniquely to help clients address both the opportunities and risks of the new defence procurement landscape.

PwC Canada's service is designed to support the government's objective of broadening the national defence industrial base, making it possible for more Canadian organizations, particularly small and medium-sized enterprises (SMEs), to meet cyber security requirements and participate in defence procurement.

"Canada's defence spending ambitions represent a significant opportunity for Canadian businesses, but participation in this market will increasingly depend on being cyber ready. As CPCSC requirements become mandatory, organizations across the defence supply chain, especially SMEs, will need to act now to understand their obligations, build resilience and position themselves to compete. Our goal is to help clients navigate this shift, with confidence, so they can protect their eligibility for contracts, and play a meaningful role in strengthening Canada's defence industrial base," said Laura Wood, Partner and Government Defence Leader, PwC Canada.

"This isn't just about checking a box; it's about helping businesses turn cybersecurity from a risk into a competitive advantage," said Asif Qayyum, Partner, Cybersecurity risk, Controls & Compliance, PwC Canada. "By integrating our deep cybersecurity and regulatory knowledge with our defence sector expertise, we are helping clients embed security into their operations and differentiate themselves from competitors."  

About PwC Canada 

At PwC Canada, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We're a tech-forward, people-empowered network with more than 6,500 partners and staff in offices across the country. Across audit and assurance, tax and legal, deals and consulting, we help build, accelerate and sustain momentum. 

PwC refers to the Canadian member firm and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. Find out more by visiting us at: http://www.pwc.com/ca

© 2026 PricewaterhouseCoopers LLP, an Ontario limited liability partnership. All rights reserved.

SOURCE PwC Management Services LP

For media inquiries, please contact: Anuja Kale-Agarwal, National Communications Director, PwC Canada, [email protected]