12.5.2. The Minister may, by any means, and for the purpose of supporting a public body if a breach or risk of a breach referred to in the second paragraph of section 12.2 occurs, order the body to remove from its infrastructures or from its systems any software, application or other information asset that the Minister determines.
The power provided for in the first paragraph may only be exercised in either of the following cases:(1) the Minister considers that urgent action is immediately required in the area of cybersecurity or that there is a risk of irreparable harm to an information resource or to information under the responsibility of the public body concerned; or
(2) the Minister considers that urgent action is required within a short period of time in the area of cybersecurity.
In the case provided for in subparagraph 2 of the second paragraph, the Minister may exercise the power provided for in the first paragraph only following thorough and documented verification. In addition, the Minister may not exercise such a power without there first being a consultation between the government chief information security officer and the deputy chief information security officer attached to the body and without notifying the chief executive officer of the public body concerned beforehand of the Minister’s intention to do so.
2023, c. 282023, c. 28, s. 41.