- Canada’s proposed Bill C-22 would require electronic service providers to retain user metadata for up to one year
- Encrypted messaging app Signal said it would rather exit the Canadian market than undermine its privacy commitments.
- Windscribe confirmed it would follow suit and threatened to move its Canadian headquarters to avoid logging that identifies user data
The battle for digital privacy in North America is heating up. Popular VPN (Virtual Private Network) provider Windscribe has threatened to move its headquarters out of Canada if the country’s controversial new surveillance legislation, known as Bill C-22, is passed into law.
The proposed Lawful Access Act, introduced in March 2026, aims to give law enforcement broader tools to investigate serious crimes. However, privacy advocates and technology companies are sounding the alarm and warning that the bill’s requirements will seriously weaken user security.
If passed, Bill C-22 would mandate electronic service providers to build technical monitoring capabilities and retain certain user metadata for up to a year. For anyone using a VPN to protect their online identity, this legislation runs counter to the strict no-logs policies that keep user data out of the hands of governments and hackers alike.
A threat to user privacy
Windscribe’s ultimatum followed a similar warning from encrypted messaging platform Signal. Earlier this week, Signal’s vice president of strategy and global affairs, Udbhav Tiwari, told reporters that the bill could force the introduction of technical vulnerabilities, making private messaging platforms a prime target for foreign adversaries.
Tiwari stated that the firm would “rather pull out of the country” than comply with a law that undermines its confidentiality obligations. In response to the news on X, Windscribe made it clear that it shares Signal’s zero-tolerance stance on mandatory logging.
“We won’t be far behind if the C-22 passes,” Windscribe said. “In its current state, VPNs will almost certainly require us to log identifying user data.”
The costs of compliance
While Signal operates entirely outside of Canada and could simply shut down its Canadian servers, Windscribe faces a much more complex logistical challenge. The company was founded in Toronto, which means that its core operations and headquarters fall directly under Canadian legal jurisdiction.
Windscribe’s post on X expressed frustration with the proposed legislative framework and was tight-lipped about the financial and ethical burden of the bill.
“Signal is not headquartered in Canada, so they can just shut down Canadian servers, but our headquarters is,” the VPN provider added. “We pay an ungodly amount in taxes to this corrupt government and in return they want to destroy the whole essence of our service to basically spy on its own citizens.”
The looming threat of Bill C-22 mirrors similar global legislative battles, such as the EU’s much-debated “chat control” proposal and the UK’s Online Safety Act, both of which have been widely criticized for threatening end-to-end encryption.
For Windscribe users, the company’s threat of relocation should provide some reassurance. The provider recently had its strict no-logs policy empirically validated in a Greek court case in 2025, where authorities were unable to retrieve any user data because the company simply had nothing to give. Moving its headquarters would allow Windscribe to maintain this technical infrastructure without running afoul of Canadian law.
Currently, Bill C-22 is still under parliamentary review and committee hearings have begun on May 7. Whether lawmakers will amend the bill to protect encrypted services remains to be seen, but the tech industry is already drawing its red lines.
