TL;DR:
- A major new IT outage paralyzed SAAQ services from May 6 to 8, 2025, affecting the SAAQclic platform and forcing the temporary closure of service centres 2 3
- The Quebec government pointed the finger directly at Microsoft, while internal officials admitted that the SAAQ remained responsible for system maintenance operations 5 6
- This outage adds to SAAQclic's chronic problems, with cost overruns already reaching $500 million since its chaotic launch in 2023 1 4
- The Gallant Commission, established to investigate the project's failures, is currently continuing its work 1 2
- The incident highlights the dangers of vendor lock-in in government digital projects and raises questions about public sector technology governance
The SAAQclic Saga Gets a New Chaotic Chapter
On May 6, 2025, a major IT outage struck the servers of the Société de l'assurance automobile du Québec (SAAQ), paralyzing access to the SAAQclic platform and forcing the closure of all service points across the province3. This failure, attributed to "a problem in the organization's essential server infrastructure," forced the cancellation of approximately 40,000 appointments and considerably disrupted citizen services for two full days25. Although the gradual restoration of services began on the evening of May 8, this incident is part of a long series of technical problems undermining the credibility of the digital transformation undertaken by the organization5.
This new episode comes in an already tense context for the SAAQ, as the Gallant Commission continues its investigation into the botched implementation of SAAQclic in 2023, a project whose total cost reached $1.1 billion, a $500 million overrun from initial estimates14. Quebec's Auditor General had noted that this unsuccessful digital transformation had led to long lineups outside many branches, creating unprecedented administrative chaos1.
When Government and Microsoft Play the Blame Game
The most troubling aspect of this new crisis lies in the blame-shifting that quickly emerged between the various stakeholders. The day after the outage, the Minister of Cybersecurity and Digital Affairs, Gilles BĂ©langer, rushed to exonerate the government: "This is totally unacceptable, but it's not SAAQclic, it's Microsoft"36. This categorical statement was clearly intended to dissociate this outage from SAAQclic's known structural problems.
Yet the narrative quickly became more complex when Sylvain Goulet, Assistant Deputy Minister for Technology Infrastructure, provided important clarifications: "It's a private cloud, installed on-site" and especially "it's not Microsoft that did something, it's us who did something"5. These remarks directly contradict the minister's version and raise important questions about technology governance within the government apparatus. Faced with this obvious contradiction, Minister BĂ©langer attempted to nuance his position: "Microsoft asks the SAAQ to make a certain modification, then there's a problem, whose responsibility is it? I don't think we should be the referee"5.
Vendor Lock-In: The Invisible Trap of Digital Transformations
This new crisis highlights a fundamental problem in the Quebec government's digital strategy: vendor lock-in. This phenomenon describes a situation in which an organization becomes excessively dependent on a single technology vendor, to the point of being unable to switch solutions without incurring major costs or disruptions.
In the case of the SAAQ, dependence on Microsoft solutions seems to have created a grey area in terms of operational responsibility. On one hand, the infrastructure formally belongs to the SAAQ, but on the other, its management seems inseparable from the vendor's recommendations and technical support5. This situation creates an environment conducive to mutual blame-shifting when critical incidents occur.
Vendor lock-in also carries other major risks for public organizations: high and unpredictable maintenance costs, the inability to adapt solutions to specific needs without vendor intervention, and vulnerability to changes in the vendor's commercial policies. For an essential service like the SAAQ, this dependence represents a systemic risk for all citizen services.
Toward Responsible Digital Sovereignty
To avoid such situations in the future, several alternatives and best practices are available to government organizations. The first is to favour, wherever possible, solutions based on free and open source software and open standards, allowing greater independence from single vendors. This approach, successfully adopted by several European administrations, promotes the development of in-house skills and reduces the risks of technology lock-in.
The second approach involves adopting a multi-vendor strategy, allowing risks to be distributed and excessive dependence to be avoided. Finally, contracts with technology vendors should systematically include clear clauses regarding responsibilities in the event of technical failure and service guarantees suited to the criticality of deployed systems.
Blue Fox's Take
Faced with these complex challenges, public organizations would benefit from surrounding themselves with independent experts capable of objectively assessing the risks associated with vendor lock-in. At Blue Fox, we support government agencies in developing resilient digital strategies focused on technological autonomy and risk management. Digital sovereignty is not a luxury but a necessity in a world where essential services increasingly depend on complex technological infrastructure.
#DigitalTransformation #SAAQ #DigitalSovereignty #FreeSoftware #ITSecurity #ITGovernance #PublicService
Sources:
CTV News - Gallant commission opens on SAAQclic fiasco
Vingt55 - SAAQclic de nouveau paralysés par une panne informatique majeure
Montreal CityNews - Computer outage affecting SAAQclic website, online services
Radio-Canada - Panne majeure Ă la SAAQ
Radio-Canada - Le service reprend progressivement Ă la SAAQ
Economic Times - Microsoft blamed as Quebec's SAAQ service centres shut down