- Canada’s proposed Bill C-22 would require electronic service providers to retain user metadata for up to a year.
- Encrypted messaging app Signal said it would rather exit the Canadian market than compromise its privacy commitments.
- Windscribe confirmed it would follow suit, threatening to move its Canadian headquarters to avoid recording user identification data.
The fight for digital privacy in North America is intensifying. Popular virtual private network (VPN) provider Windscribe has threatened to move its headquarters out of Canada if the country’s controversial new surveillance legislation, known as Bill C-22, is passed.
Introduced in March 2026, the lawful access bill aims to give law enforcement broader tools to investigate serious crimes. However, privacy advocates and tech companies are sounding the alarm, warning that the bill’s requirements would significantly weaken user security.
If passed, Bill C-22 would require electronic service providers to develop technical monitoring capabilities and retain certain user metadata for up to a year. For anyone using a VPN to protect their online identity, this legislation contradicts strict no-logging policies that keep user data out of the reach of governments and hackers.
A threat to user privacy
Windscribe’s ultimatum followed a similar warning from encrypted messaging platform Signal. Earlier in the week, Signal’s vice president of strategy and global affairs, Udbhav Tiwari, told reporters that the bill could force the introduction of technical vulnerabilities, making private messaging platforms a prime target for foreign adversaries.
Tiwari said the company “would prefer to withdraw from the country” rather than comply with a law that undermines its privacy commitments. In response to the news about X, Windscribe made it clear that it shared Signal’s zero-tolerance stance regarding mandatory logging.
“We won’t be far away if the C-22 passes,” Windscribe said. “In their current state, VPNs would almost certainly require us to log user credentials.”
The cost of compliance
While Signal operates entirely outside of Canada and could simply shut down its Canadian servers, Windscribe faces a much more complex logistical challenge. The company was founded in Toronto, meaning its core operations and head office fall directly under Canadian legal jurisdiction.
Expressing frustration with the proposed regulatory framework, Windscribe’s post on X minced no words regarding the financial and ethical implications of the bill.
“Signal is not headquartered in Canada, so they can just shut down the Canadian servers, but our head office is,” the VPN provider added. “We pay an ungodly amount of taxes to this corrupt government, and in return, they want to destroy the very essence of our service to spy on their own citizens.”
The looming threat of Bill C-22 mirrors similar global legislative battles, such as the European Union’s highly controversial “chat control” proposals and the UK’s Online Safety Act, both of which have drawn heavy criticism for threatening end-to-end encryption.
For Windscribe users, the company’s threat of offshoring should offer some reassurance. The provider recently saw its strict no-logging policy empirically validated in a 2025 Greek trial, where authorities were unable to recover user data because the company simply had none to provide. Relocating its headquarters would allow Windscribe to maintain this technical infrastructure without violating Canadian law.
Currently, Bill C-22 is still under parliamentary review, with committee hearings beginning on May 7. Whether lawmakers will amend the bill to protect encrypted services remains to be seen, but the tech industry is already drawing its red lines.
