AI Disclosure Practice - 7 min read

We Built a Public Tracker for Canadian Listed-Issuer AI Disclosures. Here Is Why, and What It Will Tell You Every Week.

Today we are launching the Canada AI Disclosure Observatory, a public, weekly-refreshed tracker of how Canadian TSX and TSXV listed companies are disclosing their use of AI in issuer-hosted PDFs and filed annual reports. This is what it is, why we built it, what it surfaces, and how it pressure-tests the governance posture every regulated Canadian organization should already be developing.

TL;DR

We just put observatory.airiskmanagement.ca online.

It is a free, public, weekly-refreshed snapshot of how TSX and TSXV listed companies are disclosing AI in their official filings - drawn from issuer-hosted PDFs and filed annual reports, with traceable excerpts and source links. Each Saturday it auto-updates and we publish the week's snapshot on LinkedIn. The full archive stays open at the URL above.

If you are building, buying, governing, or auditing AI inside a Canadian regulated organization, the Observatory is meant to be a free shared reference point for what listed-issuer disclosure practice actually looks like, week over week.

Why we built it

Three things kept showing up in our governance work this year:

1) The Canadian listed-issuer disclosure picture is fragmented. AI-related language now appears across annual reports, MD&A, AIFs, sustainability reports, and continuous-disclosure documents - on different cadences, in different places, with no consolidated cross-issuer view. If you are an OSFI-supervised institution trying to benchmark how peers are disclosing AI governance, model risk, and generative-AI deployment, you are stitching it together by hand, one filing at a time.

2) The global pace is now measurable. The US signed its frontier-model pre-deployment testing Executive Order on June 2. The EU's harmonized standard (prEN 18286) is in late-stage drafting. China's binding agentic AI rules continue to tighten. Canada's posture is principles-based, which is a strength, but it makes the question "how is this actually moving across our capital markets?" much harder to answer without a tracker.

3) Boards want a number. Risk committees keep asking the same question in different words: "Is our AI disclosure practice in line with what our peer issuers are doing, ahead of them, or behind?" The honest answer for most organizations is "we do not have a comparable benchmark." The Observatory is our attempt to fix that.

What the Observatory tracks

The launch dataset covers:

  • The full TSX and TSXV listed-company universe as the issuer base.
  • Issuer-hosted PDFs and filed SEC annual reports as the official-source evidence corpus. Public evidence rows are generated only from these traceable, source-linked documents.
  • Explicit AI signal language - artificial intelligence, generative AI, machine learning, and related mentions extracted from those filings.
  • AI risk-management language - governance, privacy, cybersecurity, controls, oversight, vendor risk, and responsible-use language tied to AI.

Each tracked excerpt has a clear evidence trail: the issuer, the source document, the page or section context, and a link back to the original PDF. Nothing is editorialized. If a filing later disappears from the issuer's site, the snapshot still records what was there and when.

A source-expansion lane queues additional issuer investor-relations pages and SEDAR+ targets that still need automated resolution. Coverage gets denser, not narrower, over time.

What it is not

It is not an enforcement registry, a maturity scorecard, or a ranking. It is not legal advice. It does not cover federal departments, Crown corporations, or the Government of Canada's algorithmic impact assessment register - those are public-sector instruments, a separate problem. The Observatory is a private-sector view: a public, source-cited mirror of what Canadian listed issuers are themselves disclosing in their own filings. If an issuer has a richer internal AI inventory that is not publicly disclosed, the Observatory will not see it, and that is the correct behaviour.

How to read it

Three angles will reward most readers:

Coverage. Which sectors are disclosing AI at all? Financials, materials, energy, technology, healthcare? Which document types carry the language: MD&A, AIF, annual report, sustainability report? Where are the silences?

Velocity. What changed since last Saturday? New issuers picking up AI language, new categories of risk-management terminology being itemized, peer disclosures expanding. The week-over-week deltas are usually more informative than the totals.

Convergence. Are Canadian listed-issuer disclosure patterns starting to look more like the EU's structured approach, the US SEC's risk-factor posture, or staying distinctly principles-based? This is the long arc that risk committees should be watching.

Why this matters for regulated organizations

Three concrete uses:

Board reporting. When the board asks "how are we positioned against peer disclosure?", an OSFI-supervised institution can point at the Observatory's weekly snapshot, mark its own AI inventory against the same disclosure categories used by Canadian listed peers, and answer the question with evidence rather than instinct. The benchmark is public-company peer practice - other Big Six banks, lifecos, and large issuers - not a government-published standard.

Vendor due diligence. A material share of large enterprise AI vendors are themselves TSX or TSXV listed, or are subsidiaries of listed parents. Where a vendor's own annual report, MD&A, or AIF discusses AI governance, model risk, or generative-AI deployment, that disclosure is an admissible evidence point in B-10 third-party diligence on that vendor - a fact you can cite rather than relying on the vendor's marketing deck. The Observatory will not surface every supplier, but where a listed vendor has disclosed, the disclosure is one click away.

Regulatory anticipation. OSFI's E-23 and the broader principles-based posture leave a great deal to institutional judgment. Watching where leading listed-issuer disclosure is moving - which categories of AI risk are now being itemized in MD&A and AIFs, which controls are being named, which committees are being credited - is one of the cheapest signals available for where principles-based expectations are likely to harden into explicit requirements. Leading practice tends to precede formal supervisory guidance by 12 to 24 months.

How it stays current

The Observatory refreshes automatically every week. The pipeline rebuilds the TSX and TSXV universe, ingests issuer-hosted PDFs, refreshes the filed SEC annual report layer, validates the corpus, and rebuilds the static bundle. The site is served on its own infrastructure separate from this corporate site, which lets it update on its own cadence without any release coupling. Each Saturday, the new snapshot is what you see on the public URL.

Each weekly LinkedIn post will summarize the snapshot: new issuer disclosures, notable deltas, anything that looks like a real signal. The deeper analytical posts on Aeon's blog will continue on Wednesdays.

Questions, corrections, and suggestions welcome

This is a v1. The taxonomy will sharpen. The issuer-source expansion queue will work through SEDAR+ targets and more investor-relations pages. Some excerpts will need correction.

If you see a missing issuer, an outdated entry, a document source that should be in the queue, a new disclosure category we should extract, or a methodological issue we should think about, please reach out. The fastest path is a comment on the LinkedIn post or an email to info@airiskmanagement.ca.

If your organization is using public-issuer benchmarks like this to support board reporting, vendor diligence, or your AI risk program, we should talk.

Open the Observatory →