- Canada’s proposed Bill C-22 would require electronic service providers to retain user metadata for up to one year
- Encrypted messaging app Signal has stated that it would rather leave the Canadian market than undermine its privacy commitments.
- Windscribe confirmed it would do the same and threatened to relocate its Canadian headquarters to prevent the recording of user identification data.
The fight over digital privacy in North America is intensifying. Popular virtual private network (VPN) provider Windscribe has threatened to move its headquarters out of Canada if the country’s controversial new surveillance legislation, known as Bill C-22, becomes law.
Introduced in March 2026, the proposed Legal Access Act aims to give law enforcement broader tools to investigate serious crimes. However, privacy advocates and technology companies are sounding the alarm, warning that the bill’s requirements would seriously weaken user security.
If enacted, Bill C-22 would require electronic service providers to develop technical surveillance capabilities and retain certain user metadata for up to one year. For anyone using a VPN to protect their online identity, this legislation contradicts strict no-logs policies that keep user data out of the reach of governments and hackers alike.
A threat to user privacy
Windscribe’s ultimatum followed a similar warning from encrypted messaging platform Signal. Earlier in the week, Signal Vice President of Strategy and Global Affairs Udbhav Tiwari told reporters that the bill could force the introduction of technical vulnerabilities, making private messaging platforms a prime target for foreign adversaries.
Tiwari said the firm would “rather withdraw from the country” than comply with a law that undermines its privacy commitments. In response to the news about X, Windscribe made it clear that it shares Signal’s zero-tolerance stance on mandatory registration.
“We will not be left behind if C-22 is approved,” Windscribe said. “In their current state, VPNs would almost certainly require us to log user identification data.”
The cost of compliance
While Signal operates entirely out of Canada and could simply shut down its Canadian servers, Windscribe faces a much more complex logistical challenge. The company was founded in Toronto, meaning its primary operations and headquarters are directly under Canadian legal jurisdiction.
Expressing frustration with the proposed regulatory framework, Windscribe’s post on X did not mince words regarding the financial and ethical cost of the bill.
“Signal is not based in Canada, so they can simply turn off the Canadian servers, but our headquarters is,” the VPN provider added. “We pay an ungodly amount of taxes to this corrupt government and in return they want to destroy the entire essence of our service to basically spy on their own citizens.”
The looming threat of Bill C-22 mirrors similar global legislative battles, such as the European Union’s much-debated “chat control” proposals and the U.K.’s Online Safety Act, both of which have drawn heavy criticism for threatening end-to-end encryption.
For Windscribe users, the company’s threat to relocate should offer some degree of comfort. The provider recently empirically validated its strict no-logs policy in a 2025 Greek court case, where authorities were unable to recover any user data because the company simply did not have any to provide. Relocating its headquarters would allow Windscribe to maintain this technical infrastructure without violating Canadian law.
Currently, Bill C-22 is still under parliamentary review, with committee hearings beginning on May 7. It remains to be seen whether lawmakers will amend the bill to protect encrypted services, but the tech industry is already drawing its red lines.
