Become a TechRadar Insider
- Canada’s proposed Bill C-22 would require electronic service providers to retain user metadata for up to a year
- Encrypted messaging app Signal stated it would rather leave the Canadian market than undermine its privacy commitments.
- Windscribe confirmed it would follow suit, threatening to relocate its Canadian headquarters to avoid logging identifying user data
The fight for digital privacy in North America is heating up. Popular Virtual Private Network (VPN) provider Windscribe has threatened to relocate its headquarters out of Canada if the country's controversial new surveillance legislation, known as Bill C-22, is passed into law.
Introduced in March 2026, the proposed Lawful Access Act aims to give law enforcement broader tools to investigate severe crimes. However, privacy advocates and tech companies are sounding the alarm, warning that the bill’s requirements would severely weaken user security.
If enacted, Bill C-22 would mandate electronic service providers to build technical surveillance capabilities and retain certain user metadata for up to a year. For anyone using a VPN to protect their online identity, this legislation contradicts the strict no-logs policies that keep user data out of the hands of governments and hackers alike.
A threat to user privacy
Windscribe's ultimatum followed a similar warning from the encrypted messaging platform Signal. Earlier in the week, Signal's Vice President of Strategy and Global Affairs, Udbhav Tiwari, told reporters that the bill could force the introduction of technical vulnerabilities, making private messaging platforms a prime target for foreign adversaries.
Tiwari stated that the firm "would rather pull out of the country" than comply with a law that undermines its privacy commitments. Responding to the news on X, Windscribe made it clear that it shares Signal's zero-tolerance stance on mandatory logging.
"We won't be far behind if C-22 passes," Windscribe stated. "In its current state, VPNs would almost certainly require us to log identifying user data."
The cost of compliance
While Signal operates entirely outside of Canada and could simply shut off its Canadian servers, Windscribe faces a much more complex logistical challenge. The company was founded in Toronto, meaning its core operations and headquarters fall directly under Canadian legal jurisdiction.
Expressing frustration with the proposed regulatory framework, Windscribe’s post on X did not mince words regarding the financial and ethical toll of the bill.
"Signal isn't headquartered in Canada so they can just shut off Canadian servers, but our HQ is," the VPN provider added. "We pay an ungodly amount of taxes to this corrupt government, and in return they want to destroy the entire essence of our service to basically spy on its own citizens."
The looming threat of Bill C-22 mirrors similar global legislative battles, such as the European Union's highly debated "chat control" proposals and the UK's Online Safety Act, both of which have drawn heavy criticism for threatening end-to-end encryption.
For Windscribe users, the company's threat to relocate should offer a degree of reassurance. The provider recently had its strict no-logs policy empirically validated in a 2025 Greek court case, where authorities were unable to retrieve any user data because the company simply had none to give. Relocating its headquarters would allow Windscribe to maintain this technical infrastructure without running afoul of Canadian law.
Currently, Bill C-22 is still undergoing parliamentary review, with committee hearings having begun on May 7. Whether lawmakers will amend the bill to protect encrypted services remains to be seen, but the tech industry is already drawing its red lines.
