Frequently Asked Questions

Nord Paradigm is an AI governance consulting firm based in Chicoutimi, Quebec, serving organizations across Canada in both English and French. The firm helps companies adopt artificial intelligence responsibly by benchmarking governance posture against Quebec’s Loi 25, ISO/IEC 42001, and emerging Canadian AI regulation, then translating findings into concrete implementation roadmaps. Nord Paradigm operates as an implementation advisor, not a certification body, and combines hands-on AI practice with audit methodology drawn from aeronautical quality management.

Nord Paradigm was founded by Dominic-André Leclerc, a 21-year veteran of the Royal Canadian Air Force who retired at the rank of Warrant Officer. He served as an avionics systems technician and AF9000+ Lead Auditor, responsible for quality management compliance across complex military aviation systems. He is pursuing ISO/IEC 42001 Lead Auditor and IAPP AI Governance Professional (AIGP) certifications to formalize his AI governance practice alongside his existing audit credentials.

Nord Paradigm Inc. is headquartered at 393, rue Racine Est, 4e étage, Chicoutimi, Quebec, G7H 1T2, Canada. The firm is registered in Quebec and serves clients across Canada either remotely or on-site. Being based in the Saguenay region positions Nord Paradigm to serve regional Quebec SMEs that are often underserved by Montreal and Toronto consultancies, while still working with national clients.

Yes. Nord Paradigm serves organizations across Canada and engages internationally where governance frameworks overlap, particularly with the EU AI Act. Most engagements run remotely, with on-site work available when scope justifies travel. The firm is built on bilingual delivery, so anglophone clients in Ontario, the Prairies, British Columbia, and Atlantic Canada receive the same depth of service as Quebec-based clients.

Yes. Nord Paradigm delivers all services bilingually in English and French. Reports, audits, policies, workshops, and client communications are produced natively in either language to professional Quebec French standards. This matters for organizations operating under Loi 25, which requires that privacy and AI-related disclosures be available in French for Quebec residents.

Nord Paradigm offers audit-grade rigor without Big Four overhead. Big Four engagements typically allocate senior partners to scoping calls, then hand delivery to junior staff, and bill accordingly. With Nord Paradigm, the founder runs the engagement directly. The methodology is rooted in 21 years of aeronautical AF9000+ auditing, where evidence chains and structured remediation are non-negotiable. Smaller firms also move faster: a gap analysis closes in weeks, not quarters.

Nord Paradigm offers a structured commercial ladder running from free diagnostic to full governance audit. Step one is Breach, a free AI disruption analysis. Step two is Breach Pro, a paid premium analysis adding governance assessment, competitor intelligence, GEO scoring, and funding matches (currently in development). Step three is Prism, a future flagship internal AI governance audit aligned to ISO/IEC 42001. Available today alongside the productized ladder: ISO 42001 implementation advisory, workshops and training, and selective advisory engagements.

Most organizations start with the free Breach AI disruption report at breach.nordparadigm.com, which delivers a personalized analysis in under two minutes. Organizations that already know they need governance work, such as those preparing for an EU procurement requirement or an ISO 42001 readiness initiative, can skip directly to a discovery conversation by emailing dominic@nordparadigm.com. The free Breach is designed to qualify the conversation, not gate it.

Breach is a free AI disruption report that analyzes how artificial intelligence is reshaping a specific industry and where a given business is exposed. Users enter their business details and receive a personalized PDF report in under two minutes. The analysis covers disruption threats, competitive pressure, and emerging opportunities relevant to the user’s sector. It uses only publicly available data and is available at breach.nordparadigm.com.

The Breach analysis runs in under two minutes from start to finish. The user enters basic business information, and the system generates a personalized AI disruption report on the spot. There is no scheduling, sales call, or waiting period. Usage is limited to three analyses per 24-hour period to prevent abuse.

Yes. The Breach AI disruption report is fully free with no credit card required and no upsell required to receive the report. It exists as a free diagnostic tool to help organizations understand their AI exposure before deciding whether deeper engagement is worth their time. Some users run Breach and never speak to Nord Paradigm again, which is fine. Others use it as a starting point for governance consulting.

Breach uses only publicly available data to generate its analysis. Nothing entered into the tool is stored or shared. The report is generated, delivered, and the session closes. This privacy-first design is intentional, given that Nord Paradigm advises clients on Loi 25 and ISO 42001 compliance and applies the same standards to its own products.

Breach is designed for owners, executives, and decision-makers at small and mid-sized Canadian businesses who want a fast, concrete read on how AI is changing their industry. It works particularly well for service-based SMEs, professional firms, and regional businesses that have heard about AI disruption but lack a structured way to assess their own exposure.

The Breach report identifies how AI is reshaping the user’s industry, where competitive pressure is building, and what the user’s business should consider doing about it. It is positioned as a diagnostic, not a complete strategy. Users who want governance assessment, competitor scraping, GEO scoring, tool recommendations, and funding matching upgrade to Breach Pro when it launches.

Breach Pro is the paid extension of the free Breach report. It adds a full governance-readiness assessment covering Loi 25, ISO 42001, and upcoming AIDA, live competitor scraping, AI visibility scoring, tool recommendations including what to skip, and federal and provincial funding matches. Everything arrives as an executive-ready PDF report with a built-in AI implementation prompt, so the team can begin executing immediately. Same-day delivery.

Breach is a free, two-minute industry-level disruption report. Breach Pro is a paid, business-specific deep analysis that adds governance-readiness benchmarking, live competitor intelligence, AI visibility (GEO) scoring, tool recommendations, funding matches, and an executive-ready deliverable. Breach answers “is my industry exposed?” Breach Pro answers “what specifically should my business do, where am I exposed on governance, and which competitors are already moving?”

Breach Pro is currently in development. Interested users can join the waitlist at nordparadigm.com to be notified at launch. Subscribing also offers an opt-in to Signal, the Nord Paradigm AI newsletter.

Breach Pro includes six core deliverables in a single executive-ready PDF: a governance-readiness assessment benchmarked against Loi 25, ISO/IEC 42001, and upcoming AIDA expectations; live competitor scraping showing which competitors are using AI and which tools they have adopted; an AI visibility (GEO) score measuring how findable the business is to AI agents; tool recommendations including what to skip; federal and provincial funding program matches; and a built-in AI implementation prompt for immediate execution.

Yes. Breach Pro includes federal and provincial funding matches as part of its deliverable. The report identifies grant programs and funding streams the business may qualify for to offset AI adoption costs, scoped to the business’s province, sector, and stage. Funding matches are a working starting point; final eligibility and application support are handled in advisory engagements.

Breach Pro is delivered as a same-day, executive-ready PDF report. The format is intentionally executive-friendly: short enough to read in one sitting, structured so each section maps to an action, and ending with an AI implementation prompt the team can paste directly into their internal tools to begin work.

Prism is the future flagship of Nord Paradigm: a comprehensive internal AI governance audit aligned to ISO/IEC 42001 and international frameworks, designed to prepare an organization for external certification. It covers a full assessment of AI systems, risk posture, internal policies, and organizational readiness. The result is a detailed report with prioritized recommendations, a compliance roadmap, and clear next steps. Prism is positioned as a structured internal assessment, not a questionnaire.

Prism is currently in development as the future flagship of the Nord Paradigm service ladder. Interested organizations can join the waitlist at nordparadigm.com. In the meantime, the same underlying capability is available through Nord Paradigm’s ISO 42001 implementation advisory engagements, which deliver gap analysis, policy design, internal audits, and certification handoff for organizations ready to act now.

Breach Pro is a same-day diagnostic and action plan: governance posture, competitor intelligence, GEO score, funding matches, and an implementation prompt, delivered as a single executive PDF. Prism is a comprehensive internal governance audit: a multi-week engagement that examines every AI system, policy, and risk control against ISO/IEC 42001 and produces a detailed compliance roadmap. Breach Pro tells an organization where to start. Prism prepares it for external certification.

ISO/IEC 42001 is the first international standard for AI management systems, published in December 2023 by ISO and IEC. It specifies the requirements for establishing, implementing, maintaining, and continually improving an AI management system within an organization. The standard covers governance, risk management, AI impact assessments, data governance, and lifecycle controls. It is rapidly becoming the global baseline for demonstrating responsible AI practices, similar to how ISO 27001 became standard for information security.

No. ISO/IEC 42001 is voluntary in Canada. However, it is becoming a de facto requirement in EU procurement and a pragmatic baseline in the absence of federal Canadian AI legislation, since AIDA died on the order paper. Canadian organizations selling to or partnering with European entities, or operating under Quebec’s Loi 25 and Ontario’s AI hiring disclosure rules, increasingly find ISO 42001 referenced in due diligence questionnaires.

End-to-end ISO 42001 implementation typically runs 6 to 12 months for mid-sized Canadian organizations, depending on existing governance maturity and the complexity of the AI systems in scope. A standalone gap analysis can be completed in 2 to 4 weeks. Full readiness for an external certification audit usually takes 3 to 6 months once gap remediation begins. Organizations with mature ISO 9001 or ISO 27001 systems move faster.

Implementation means building the AI management system: writing policies, designing controls, running risk assessments, training staff, and operating the system long enough to generate evidence. Certification is the formal attestation by an accredited external auditor that the system meets ISO/IEC 42001 requirements. An implementation advisor like Nord Paradigm prepares the organization. An accredited certification body conducts the certification audit and issues the certificate.

No. Certification bodies must be accredited by a national authority, in Canada the Standards Council of Canada, and are kept structurally independent from implementation advisors to avoid conflicts of interest. Nord Paradigm prepares organizations for the external audit. Accredited certification bodies in Canada include MHM, DEKRA Canada, and CSA Group. Nord Paradigm coordinates the handoff to the chosen certification body.

A full ISO 42001 implementation engagement runs in five phases: gap analysis against ISO 42001 clauses and Annex B controls; policy and governance design covering AI policy, risk framework, roles, decision rights, and escalation paths; control implementation operationalizing risk management, AI impact assessments, data governance, and lifecycle controls; an internal audit and readiness review based on AF9000+ audit methodology; and certification handoff with documentation support for the external audit. Each phase is independently scopable.

ISO 42001 implementation costs vary with organization size, the number of AI systems in scope, existing governance maturity, and the level of advisory involvement. Gap analyses are typically scoped as fixed-fee engagements. Full implementations are usually hybrid engagements combining advisory retainer and project-based work. Nord Paradigm provides scoped proposals after an initial discovery conversation rather than publishing per-day rates.

AF9000+ is the Royal Canadian Air Force’s quality management standard for aviation maintenance organizations, derived from ISO 9001 with additional aeronautical safety requirements. The underlying audit discipline transfers cleanly to AI management systems. Both demand documented processes, traceable decisions, risk-based thinking, and continuous improvement. ISO/IEC 42001 sits in the same management-system family as ISO 9001, so a senior AF9000+ auditor reading ISO 42001 sees familiar architecture and applies the same evidence standards.

AI governance consulting at Nord Paradigm covers policy development, risk assessment methodology, accountability structures, AI impact assessments, lifecycle controls, and alignment with Loi 25, ISO/IEC 42001, the EU AI Act, and Canadian privacy law. Engagements typically include gap analysis against an applicable standard, design of governance documentation, implementation support, and an internal pre-certification audit. The end goal is an AI management system the organization can maintain on its own.

Selective advisory refers to custom consulting engagements that fall outside the productized service ladder, typically discussed after a Breach or Breach Pro analysis. These engagements address specific governance challenges that don’t fit a standard ISO 42001 readiness path: AI policy reviews, vendor due diligence support, board-level governance briefings, incident response planning, or ad-hoc decision support during an AI deployment. Nord Paradigm takes on selective advisory engagements where the fit is clear and the scope is well defined.

Nord Paradigm focuses on small and mid-sized Canadian organizations, particularly Quebec SMEs, professional service firms, and regional businesses adopting AI tools faster than their governance can support. Engagements range from a fixed-fee gap analysis for a 25-person firm up to multi-phase ISO 42001 readiness programs for organizations with hundreds of staff. The firm does not chase enterprise procurement cycles where Big Four economics dominate.

The methodology is rooted in AF9000+ aeronautical audit discipline. In military aviation, audit findings are evidence-based, traceable, and tied to corrective actions with clear ownership. That same structure applied to AI management systems produces governance documentation that survives external scrutiny, whether from a certification body, a privacy regulator, or an EU procurement officer. The result is governance that holds up under audit, not governance theater.

Yes. Nord Paradigm runs interactive workshops and training sessions for leadership teams and practitioners covering responsible AI adoption, governance fundamentals, risk literacy, Loi 25 compliance for AI systems, ISO/IEC 42001 awareness, and strategic planning for AI integration. Workshops range from a single half-day executive briefing to multi-session programs aligned to a specific governance initiative.

Workshops are designed for two audiences. Leadership-track sessions target executives, board members, and senior managers who need to understand AI governance enough to make decisions and oversee implementation. Practitioner-track sessions target the people doing the work: privacy officers, IT leaders, compliance staff, HR leaders deploying AI in hiring, and operations leaders deploying AI in service delivery. Custom mixed-audience formats are available.

Yes. All Nord Paradigm workshops are delivered bilingually in English or French, including custom curricula. Quebec organizations operating under Loi 25 receive workshops in professional Quebec French with the regulatory terminology and case examples relevant to their context. Bilingual delivery is core to the firm’s positioning, not an afterthought.

Yes. Custom curricula are available for organizations that want training built around their specific tools, sector, and risk profile. A custom engagement typically begins with a short scoping conversation to identify the audience, the AI systems in use, the regulatory exposure, and the desired learning outcomes. Nord Paradigm then designs the curriculum, delivers the sessions live or remotely, and provides reference materials the organization can reuse internally.

Workshop topics include AI governance fundamentals, ISO/IEC 42001 awareness and management system design, Loi 25 obligations for AI systems, AI risk literacy for non-technical leaders, responsible AI adoption frameworks, AI impact assessment methodology, vendor and tool evaluation, and strategic AI planning. Custom workshops can also address sector-specific concerns: AI in healthcare, AI in financial services, AI in HR and hiring, or AI in public sector procurement.

Loi 25, formally An Act to modernize legislative provisions as regards the protection of personal information, is Quebec’s privacy law. It applies to any business handling personal information of Quebec residents and includes specific obligations relevant to AI: transparency about automated decision-making, the right to human review of algorithmic decisions, and privacy impact assessments for new technologies. AI systems that touch personal data of Quebec residents must comply, regardless of where the business is headquartered.

No. The Artificial Intelligence and Data Act (AIDA), the federal AI bill bundled into Bill C-27, died on the order paper when Parliament was prorogued. There is currently no replacement federal AI bill on the horizon. Canadian AI regulation is therefore fragmented across provincial laws like Loi 25, Ontario’s AI hiring disclosure rules, federal privacy law (PIPEDA), and the extraterritorial reach of the EU AI Act. ISO 42001 increasingly serves as the pragmatic anchor.

Yes, in many cases. The EU AI Act has extraterritorial reach. It applies to any organization placing AI systems on the EU market, providing AI services used in the EU, or whose AI system outputs are used in the EU. Canadian companies selling to European customers, supplying European partners, or processing data on EU residents may fall within scope. ISO 42001 conformance is increasingly cited in EU procurement due diligence as evidence of responsible AI management.

Bill C-27 was the federal Digital Charter Implementation Act, which bundled three pieces of legislation: the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (AIDA). The bill died on the order paper. Its components, including AIDA, are not currently law and have no scheduled return. Canadian organizations should plan against existing provincial law and international standards rather than waiting for federal action.

Canadian businesses should prepare for Loi 25 if they handle personal information of Quebec residents, Ontario’s Working for Workers Four Act provisions on AI in hiring if they recruit in Ontario, federal PIPEDA for personal information generally, and the EU AI Act if they have any European exposure. ISO/IEC 42001 provides a structured framework that covers the underlying obligations across all of these regimes and serves as a defensible baseline if and when federal AI legislation returns.

Generative engine optimization (GEO) is the practice of making a business visible to and accurately represented by AI agents like ChatGPT, Claude, Perplexity, Google’s AI Overviews, and Microsoft Copilot. It is the AI-era counterpart to search engine optimization (SEO). Where SEO targets ranked search results, GEO targets the answers AI assistants give when users ask questions. Strong GEO requires structured data, clean content, entity reinforcement, and content that AI models can extract reliably.

SEO optimizes for ranked lists of links produced by search engines like Google. GEO optimizes for direct answers produced by AI agents. SEO success is measured in clicks and rankings. GEO success is measured in whether AI models cite the business, describe it accurately, and recommend it when a relevant question is asked. GEO leans more heavily on structured data (Schema.org), clean factual content, FAQ pages, and entity-rich writing than traditional SEO does.

A business becomes more visible to AI agents through several reinforcing tactics: implementing Schema.org structured data including FAQPage and Organization markup, publishing content in clear question-and-answer formats, ensuring consistent business entity information across the web, writing factual content that AI models can extract without hallucinating, and serving an llms.txt file that tells AI crawlers what content matters. Breach Pro measures how a business is performing on these dimensions.

An AI visibility score is a quantitative measure of how findable, accurately described, and recommendable a business is across major AI agents. It typically combines several signals: whether AI models can answer factual questions about the business correctly, whether the business is recommended in relevant prompts, how its competitors compare on the same dimensions, and what gaps in structured data or content are weakening its visibility. Breach Pro produces a detailed AI visibility score as part of its delivery.

Yes, particularly if the business serves consumers, professionals, or other businesses that increasingly use AI assistants for discovery. Quebec SMEs that have invested in French-language SEO often have weaker GEO performance because AI models trained predominantly on English content underrepresent French sources. This creates both a risk and an opportunity: businesses that take GEO seriously now will be early movers in their regional market.

Nord Paradigm uses three pricing structures depending on engagement type. The free Breach diagnostic has no cost. Productized assessments like Breach Pro at launch will be flat-fee. Custom advisory work, including ISO 42001 implementation, governance consulting, workshops, and selective advisory, is scoped per engagement, typically as a fixed-fee gap analysis followed by either a project fee or an advisory retainer for implementation. Pricing is shared after a discovery conversation rather than published as day rates.

The lowest-friction starting point is running the free Breach AI disruption report at breach.nordparadigm.com, which takes under two minutes and produces a personalized PDF. Organizations that want a deeper conversation can email dominic@nordparadigm.com or use the contact form. Initial discovery calls are free and run 30 to 45 minutes.

A free Breach report runs in under two minutes. A scoped gap analysis against ISO 42001 or Loi 25 typically takes 2 to 4 weeks. Full ISO 42001 readiness runs 3 to 6 months. End-to-end implementation including external certification handoff runs 6 to 12 months. Workshops and training engagements range from a single half-day session to multi-month curricula depending on scope.

Nord Paradigm typically responds within 24 to 48 hours on business days. Urgent matters should be flagged in the message subject. The firm operates on Eastern Time from Chicoutimi, Quebec, and is reachable in both English and French.