Windscribe (Among Others) May Leave Canada Over Bill C-22 Surveillance Requirements
Published
Key Takeaways
- Canada Bill C-22 surveillance law: Windscribe may exit Canada if forced to log user metadata for compliance.
- Industry reaction: Signal and Windscribe oppose bill, citing risks to encryption and user privacy commitments.
- Regulatory concern: Critics warn metadata retention rules could weaken VPN no-logs principles and digital security.
Privacy-focused VPN provider Windscribe (among other VPN providers) has warned that it may move its headquarters out of Canada if the country’s proposed surveillance legislation, Bill C-22, becomes law. The company says the bill could force it to log user data, which goes against its core privacy model.
The warning comes alongside similar concerns raised by encrypted messaging service Signal, which has also suggested it could exit the Canadian market over the same legislation.
What Bill C-22 Proposes for Digital Services
Canada’s proposed Lawful Access Act, known as Bill C-22, was introduced in March 2026. It is designed to give law enforcement more tools to investigate serious crimes.
However, the bill has raised concerns because it would require electronic service providers to store certain user metadata for up to one year. It could also compel companies to implement technical capabilities that allow access to user-related information.
Privacy advocates argue that these requirements conflict with services like VPNs, which are built to avoid storing identifying user logs in the first place.
Windscribe and Signal Push Back on Compliance Demands
Signal has already stated it would prefer to leave the Canadian market rather than weaken its encryption standards or privacy protections. Windscribe has taken a similar stance.
The VPN provider said it would likely be forced to log identifying user data if the bill passes in its current form. Windscribe also noted that, unlike Signal, it is headquartered in Toronto and operates under Canadian jurisdiction, making compliance more complex.
The company stressed that it cannot support regulations that undermine its “no-logs” approach, which is central to how VPN services protect user privacy.
Privacy Risks and Industry Concerns Grow
Windscribe also highlighted the financial and operational pressure the law could create. The company warned that being forced to store or log data would directly impact its service model and user trust.
It also pointed to broader concerns raised by similar laws in other regions, including encryption-related proposals in the European Union and the UK’s Online Safety Act. These laws have drawn criticism from privacy groups over potential risks to secure communications.
Windscribe further referenced a 2025 Greek court case where its no-logs policy was tested. Authorities were unable to obtain user data because none was stored, reinforcing its stance on privacy.
Bill Still Under Review in Canada
Bill C-22 is currently undergoing parliamentary review, with committee hearings starting on May 7. Lawmakers are still considering potential changes before any final decision is made.
For now, Windscribe says it will continue monitoring the situation but has made clear that relocation is a real possibility if the law moves forward without changes.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular