Signal may leave Canada over Bill C-22

Signal warned it may withdraw from Canada if Bill C-22 requires messaging services to build technical surveillance capabilities that could weaken end-to-end encryption. The company added it would prefer to exit rather than change how its app protects users.

Udbhav Tiwari, Signal’s vice president of strategy and global affairs, told reporters the bill could force companies to introduce vulnerabilities and make private messaging platforms attractive targets for hackers and foreign adversaries. Tiwari said, “We would rather pull out of the country than comply with a law that undermines the privacy promises we have made to users,” and warned that engineered weaknesses could be exploited by cybercriminals.

Bill C-22 was introduced in March as part of a regulatory package intended to give law enforcement new tools to investigate crimes such as terrorism and child exploitation. The proposal would require electronic service providers to build technical surveillance capabilities and retain certain user metadata for up to one year. Committee hearings began May 7 and are ongoing; the bill must still clear parliamentary review and receive royal assent to become law.

Some critics compared the measure to proposals that pushed for client-side scanning, which privacy advocates say would threaten encryption. Opponents have argued that forcing companies to alter software or retain more data could reduce user privacy and increase cybersecurity risk.

Conservative Member of Parliament Jacob Mantle wrote on X that “Every member of Parliament in the country uses Signal primarily for its safety and privacy features,” and argued the bill would allow government access to messages.

VPN provider Windscribe posted on X that it would likely leave Canada if the bill passes in its current form, saying, “VPNs would almost certainly require us to log identifying user data.” The company wrote that mandatory logging would make it difficult to maintain its privacy guarantees.

Some major technology companies welcomed portions of the proposal that clarify legal procedures for obtaining evidence, while noting other provisions could harm Canadians’ privacy and increase cybersecurity risks. Those firms urged lawmakers to align investigative powers with the technical realities of encryption.

Legal and technical experts warned that designing systems to enable government access can introduce new attack surfaces. They said retaining metadata and building surveillance capabilities could create vulnerabilities that malicious actors might exploit.

If enacted as drafted, the bill would change how messaging apps, VPNs and other electronic services operate in Canada. Companies headquartered outside Canada could limit or close local infrastructure; firms based in Canada would face distinct legal and operational requirements.

The bill remains under parliamentary review. Signal and other privacy-focused providers stated they are monitoring committee hearings and will decide on continued operations in Canada once the law’s final requirements are clear.