- Proton VPN has responded to Canada’s proposed Bill C-22
- Proposed legislation could require VPNs to log user metadata
- NordVPN and Windscribe also criticized the bill
The fight over digital privacy in North America has just gained another heavyweight. Proton VPN has come out against Canada’s controversial Bill C-22, assuring users that it will not comply with the proposed surveillance legislation.
Speaking to X on Tuesday, the Switzerland-based provider warned that the bill “empowers the government to order VPN providers in Canada to retain metadata for up to one year.” In response to the looming threat, the company drew a definitive line on its core privacy commitments, stating that “There is no universe in which Proton VPN would compromise its no-logs policy.”
“Complying with foreign surveillance orders without Swiss legal process is a criminal offense. It doesn’t happen,” Peterson said. “We will stand up for our Canadian users and never compromise them. We will fight C-22 enforcement by every means available.”
If you’re looking for the best VPN to protect your online identity, a strict no-logs policy is what keeps your data out of the reach of hackers and overreaching governments.
What is Bill C-22?
Introduced in spring 2026, Bill C-22, also known as the Legal Access Act, is designed to give law enforcement broader tools to investigate crimes.
However, privacy advocates warn that the legislation is a surveillance nightmare. If approved, it would force digital services to register and retain users. metadata for a full year.
Bill C-22 empowers the government to order VPN providers in Canada to retain metadata for up to one year. The EU’s highest court has already struck down this type of bulk data retention legislation twice, suggesting it will not stand up to scrutiny:1. https://t.co/ZYRwYlDW7cMay 19, 2026
Crucially, it provides a mechanism for the Minister of Public Safety to require companies to create a technical backdoor for their services, as long as it does not introduce a “systemic vulnerability.”
As cybersecurity experts often point out, a balance between encryption backdoors and complete security is fundamentally impossible. Creating a way for law enforcement to access encrypted data inherently creates a vulnerability that malicious hackers can exploit.
The “clown show” response
Proton VPN is not the only provider rejecting the legislation. The clamor continues Similar threats from Signal and Windscribe last week, with the latter warning it would move its headquarters to Toronto if the bill passes.
The situation took a strange turn on Tuesday when Public Safety Canada posted on X, encouraging citizens to use VPNs to protect their data on public Wi-Fi networks. Windscribe was quick to point out the hypocrisy of a government that promotes the use of VPNs while attempting to ban the privacy protections that make them effective.
“Oh, this is just rich… Bill C-22 is driving VPN companies like ours out of Canada because of the requirement that users log in. And at the same time you’re telling people to secure their data with VPNs,” Windscribe wrote. “I hope you bought your tickets to the circus, because the clown show is starting.”
NordVPN has also formally joined the opposition. While the company stated that it is still reviewing the draft and hopes to participate in the consultation process, it made clear that its core security infrastructure is not up for debate.
“If Bill C-22 is passed in its current form and if we are subject to mandatory obligations, there is no scenario in which we would compromise our architecture without logging or encryption protections,” NordVPN said.
As the world’s largest privacy companies take a hard line against Bill C-22, it remains to be seen whether Canadian lawmakers will amend the legislation or risk driving the cybersecurity industry out of the country entirely.
