TORONTO, June 4, 2026 – As federal Bill C-22, the Legal Access Act, 2026, is being reviewed by a parliamentary committee, opposition from encrypted messaging, VPN and search service companies is growing. Global News reported on June 4 that companies including Signal, DuckDuckGo and NordVPN have expressed concerns about the bill, with some saying they may reassess whether to continue offering services in Canada if the legislation passes in its current form. For newcomers, international students, small businesses and content creators who rely on cross-border communication, cloud data, encrypted chats and cybersecurity tools, the debate is no longer only a disagreement between technology companies and government. It has become a public issue involving security, personal privacy and digital trust.
According to Parliament of Canada information, Bill C-22 is formally titled the Legal Access Act, 2026. It was introduced by the Minister of Public Safety and is currently at the House of Commons committee stage. The bill aims to establish a framework that would allow electronic service providers, under legal authorization, to assist law enforcement and security agencies in exercising information access powers under the Criminal Code and the Canadian Security Intelligence Service Act.
The federal government’s position is that crime and national security threats have moved into the digital environment, and investigative tools need to be updated. Public Safety Canada background information says the bill is intended to help police and the Canadian Security Intelligence Service more effectively investigate, prevent and respond to crime and security threats when authorized to do so. From the government’s perspective, the issue is how to ensure lawful investigative powers keep pace with encrypted communication, online platforms and modern data storage.
However, technology companies and privacy advocates are not questioning whether crime should be investigated. Their concern is how investigative powers will be limited. Global News reported that several companies worry the bill could affect encrypted services, no-log systems and user trust. Reuters previously reported that Apple and Meta warned C-22 could force companies to weaken encryption protections. Public Safety Canada has said the bill would not require companies to create systemic vulnerabilities in encryption systems.
This debate is not distant from Chinese communities in Canada. Many newcomer families rely on WhatsApp, Signal, WeChat, email, VPNs, cloud storage and cross-border work platforms to stay connected with relatives, clients, schools and institutions overseas. Small businesses and content creators also use cloud tools to store customer information, contracts, video materials and account data. If digital services change data retention practices, encryption methods or Canadian service availability because of regulatory changes, the impact will not only fall on technology companies, but also on ordinary users who depend on these tools every day.
The bill’s confidentiality provisions have also drawn attention. The Department of Justice’s Charter Statement notes that the bill would limit electronic service providers from disclosing the existence or content of a ministerial order unless allowed by law. For privacy experts, the key question is whether these orders would have sufficient judicial oversight, independent review and transparency reporting. For ordinary users, the concern is under what circumstances personal information may be accessed, whether companies can notify users, and whether users have any way to challenge or appeal.
At this stage, C-22 has not become law, and changes may still be made during committee review. The next phase of debate is likely to focus on several core questions: whether government access to data must be authorized by a court, whether service providers could be required to change their technical architecture, whether encrypted communication can continue to maintain full protection, and whether users can clearly understand how their information is handled.
For local residents and businesses, the impact of C-22 should not be understood only as whether technology companies may leave Canada. The larger issue is whether Canada can update digital policing tools while also establishing clear, limited and accountable boundaries for state power. Public safety requires effective investigative capacity, but public trust in the digital age also depends on whether the government can clearly explain how these powers will be used, who will oversee them, and how ordinary users will be protected.(LJI by Yuanyuan)
