Canada’s privacy-focused messaging app Signal has signaled it may exit the Canadian market if compelled to comply with Bill C-22, the government’s proposed lawful access legislation. The draft bill would require electronic service providers to build surveillance capabilities and retain certain user metadata for up to a year, underscoring a key policy tension between national security objectives and strong end-to-end encryption.
In an interview with The Globe and Mail, Signal’s vice president of strategy and global affairs, Udbhav Tiwari, warned that the bill could threaten encryption and leave private messaging services more vulnerable to cyberattacks. Bill C-22 was introduced in March as part of a broader regulatory package intended to aid law enforcement investigations into crimes such as terrorism and child exploitation.
The debate has drawn criticism from privacy advocates and mirrors wider concerns within the European Union around encryption and compelled access. Critics point to potential privacy trade-offs and the risk of creating exploitable weaknesses in communications platforms. On social media, Canadian Conservative Party MP Jacob Mantle argued that many MPs rely on Signal for safety and privacy, contending that the bill would allow the government to read messages and undermine trust in private communications.
Tiwari said Signal would “rather pull out of the country” than compromise on the privacy promises it has made to users. He warned that the proposal could enable hackers to exploit built-in vulnerabilities in electronic systems, turning private messaging services into possible targets for foreign adversaries.
The bill remains pending and is not law yet; committee hearings began on May 7 and are ongoing as part of the legislative process. Meanwhile, tech platforms have offered mixed reactions. Meta Platforms welcomed certain aspects of Bill C-22, noting that it would give law enforcement a framework to obtain critical evidence and protect public safety, while also raising concerns that some provisions could affect Canadians’ privacy and cybersecurity.
Windscribe, a privacy-focused VPN provider, joined Signal in signaling concern. In a post responding to The Globe and Mail, Windscribe said it would follow Signal’s potential move out of Canada, arguing that the law would require the logging of identifying user data and stifle privacy protections. The company criticized the current text as incompatible with its focus on user privacy and warned that headquarters in Canada could face direct regulatory pressures and higher operating costs if the bill passes.
Cointelegraph reached out to Signal for comment and will update the article if the company provides a response. The broader policy discussion surrounding Bill C-22 sits within a wider, global debate over how to balance law enforcement access with robust encryption and privacy protections. Observers note that the Canadian process could influence how privacy tech firms operate in Canada and how cross-border services approach compliance obligations in a jurisdiction that contemplates sweeping data-retention and access requirements.
Bill C-22 is positioned as part of Canada’s effort to equip law enforcement with timely and effective tools to investigate serious crimes. If enacted, electronic service providers would be required to design and deploy technical capabilities that enable lawful access to communications and to retain relevant user metadata for an extended period. The stated objective is to bolster investigations into terrorism and child exploitation, among other offenses. However, the proposal raises practical questions for platform operators, particularly around how to preserve security and privacy while meeting new obligations.
From a regulatory compliance perspective, the bill would introduce new obligations that could influence licensing, oversight, and ongoing conformity assessments for digital service providers operating in Canada. For financial institutions and crypto firms with Canadian operations, the framework could intersect with AML/KYC expectations and cross-border data handling requirements, prompting reassessment of data localization, incident response, and vendor management practices.
The proposal sits at the center of a broader policy discourse about encryption integrity and lawful access. Signal’s public stance reflects a principled commitment to end-to-end encryption and privacy architecture, arguing that mandated backdoors or scan capabilities can introduce systemic risks and create vulnerability windows that adversaries might exploit. The debate resonates with discussions in the European Union around proposals that would enable scanning and data access at the client side, which have faced stiff opposition on privacy and security grounds. The Canadian consideration therefore contributes to a larger policy milieu in which encryption remains a pivotal issue for both private sector innovation and public safety.
For institutions and market participants, the evolving stance on lawful access raises questions about cross-border operations, data-residency requirements, and the extent to which regulatory divergence may affect the resilience of communications infrastructure. While some policymakers emphasize the public-safety rationale, industry observers highlight the risk that increased monitoring capabilities could undermine trust in digital services and complicate compliance for global platforms that rely on end-to-end encryption by default.
The bill’s reception among tech platforms reflects a split between public-safety objectives and privacy protections. Meta’s public position acknowledged the potential benefits of a robust evidentiary framework for enforcement while cautioning that certain provisions could impact Canadians’ privacy and cybersecurity. The company’s stance illustrates how large platform operators may seek to balance lawful-access objectives with user protections and risk management liabilities.
Signal’s leadership has framed the regulatory proposition as a fundamental privacy issue, suggesting that complying with C-22 could compromise user trust and the core privacy guarantees it offers. In this context, market participants that rely on private communications and privacy tools – including VPN providers like Windscribe – have sounded caution about operational viability and user data practices if such mandates become law.
From a compliance and risk-management standpoint, the unfolding legislative process requires careful monitoring by legal teams, regulators, and corporate governance functions across crypto firms and fintechs. Beyond the legal text, enforcement trajectories, rulemaking, and potential transitional provisions will determine how quickly and in what form any new requirements would apply to service providers and their affiliates. The current stage of hearings means significant policy refinement remains possible, with stakeholders attempting to influence the balance between investigative efficiency and privacy protections.
According to Cointelegraph’s coverage, the Canadian debate on lawful access is part of a broader global pattern in which regulators search for a workable equilibrium between security objectives and cryptographic integrity. For institutions, this signals a continuing need to assess regulatory exposure, update privacy-by-design practices, and adjust incident-response playbooks to reflect evolving requirements across jurisdictions.
As the legislative process advances, observers should watch for the clarifications that typically accompany committee stage, including definitions of service-provider scope, retention timelines, data-minimization principles, and the specific mechanisms by which access would be authorized and audited. The outcome will influence not only Canadian privacy and security norms but also the strategic choices of international platforms operating in Canada and other similarly situated markets.
Closing perspective: The Bill C-22 debate underscores the enduring tension between privacy preservation and public-safety imperatives in the digital era. For crypto firms, messaging platforms, and privacy services, the key questions revolve around enforceability, risk exposure, and the degree to which regulatory adaptations can be reconciled with robust cryptography and user trust. The path forward will depend on legislative negotiations, regulatory guidance, and how any final law addresses both the legitimate needs of law enforcement and the protections that underpin secure, private communications.
This article was originally published as Signal Considers Exiting Canada Over Lawful Access Bill on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.
