In 2018, the federal government amended Part II of the Canada Labour Code through Bill C-65. The stated goal was clear: create a legal framework that would require federally regulated employers to prevent workplace harassment and violence, respond when it occurs, and support the workers affected.

That was eight years ago.

And yet, in conversations with HR leaders and organizational heads across federally regulated sectors, I keep hearing the same thing: "We have a policy. We have a reporting process. We're compliant."

I want to gently push back on that.

Having a policy is not the same as having a prevention architecture.

What the Law Actually Says

Bill C-65 🇨🇦 — now embedded in the Work Place Harassment and Violence Prevention Regulations — requires federally regulated employers to do three distinct things:

Most organizations have built reasonable processes around the second obligation — responding to notices. They have a complaint form, a designated recipient, an investigation process. That infrastructure exists because it is visible, auditable, and the most obvious thing to build when a new regulatory obligation lands.

The first obligation — prevention — is where the gap consistently lives.

Prevention Is Not a Training Day

Prevention under Bill C-65 🇨🇦 is not a one-time workshop. It is a structured, ongoing organizational commitment that requires:

The regulations are specific about who must be trained and on what. Designated recipients — the people employees come to first when something happens — carry particular responsibility. They need to understand the resolution options available under the regulations, know how to handle a notice of occurrence properly, and be equipped to have difficult conversations without causing further harm.

That is not a half-day sensitivity training. That is a skilled, practised capability that needs to be built deliberately.

The designated recipient in most organizations is under-trained, under-supported, and carrying more responsibility than they know.

The Intersectional Reality

Bill C-65 🇨🇦 also requires that prevention plans address the specific risks faced by different groups of workers. This is where the regulatory obligation and the equity obligation meet.

Indigenous workers, racialized workers, women in male-dominated environments, workers with disabilities — these groups face harassment and violence risk factors that a generic prevention plan does not capture. A risk assessment that does not account for intersectional experience will produce a prevention plan with blind spots. And blind spots are where harm continues to occur, quietly, below the reporting threshold.

Genuine Bill C-65 compliance requires looking at who in your workforce is most vulnerable to harassment and violence — and designing your prevention architecture around those realities, not around the average worker.

What Good Looks Like

Organizations that are genuinely meeting the spirit of Bill C-65 — not just the letter — have built something that looks more like a system than a policy:

This is achievable. It is not an unreasonable standard. But it requires treating prevention as an organizational capability to be built — not a compliance box to be checked.

Where to Start

If you are a federally regulated employer and you are not certain whether your current approach meets the full prevention obligation under Bill C-65 🇨🇦, the right first step is an honest assessment. Not an audit that produces a clean report — an assessment that surfaces the actual gaps.

That is what we do at UPL. We work with federally regulated employers to build prevention architectures that hold — frameworks grounded in the regulatory requirements, the specific risk profile of the workplace, and the intersectional realities of the workforce.

If you want to talk through where your organization stands, I am easy to reach.