Security regulations
100 (1) The Regulator may, with the approval of the Governor in Council, make regulations respecting the security of regulated facilities, including regulations respecting standards, plans and audits that are related to the security of regulated facilities and respecting cybersecurity matters that are related to regulated facilities and may, for that purpose, define what constitutes cybersecurity. (2) Every person who contravenes any of the regulations made under subsection (1) is guilty of an offence and liable (a) on conviction on indictment, to a fine of not more than $500,000 or to imprisonment for a term of not more than five years or to both; or (b) on summary conviction, to a fine of not more than $100,000 or to imprisonment for a term of not more than one year or to both. (3) Subsections 379(2) to (6) apply, with any modifications that the circumstances require, to the offence referred to in subsection (2).
Source
https://laws-lois.justice.gc.ca/eng/acts/C-15.1/section-100.htmlCanonical document at the regulator. Always cite this URL — not the Vantage detail page — in compliance evidence.