NordVPN said in a social media post it is reviewing the bill and would consider leaving Canada if the bill requires it to compromise its privacy protections.

The company said if Bill C-22 passes "and if we are subjected to mandatory obligations, there isn't a scenario in which we would compromise our no-logs architecture or encryption protections."

"To prevent this, we will consider all viable options, including limiting or, if necessary, removing our presence from Canadian jurisdiction," NordVPN said in a post on X.

A spokesperson for the company said it is closely monitoring the bill's legislative progress. Bill C-22 is currently being studied by a parliamentary committee.

"NordVPN is built on a commitment to user security and privacy, and we believe legislation should not require providers to weaken encryption or compromise the protections users depend on," the spokesperson said.

Earlier this week, The Globe and Mail reported that the encrypted messaging service Signal said it would leave Canada if the bill requires it to compromise user privacy.

Conservative MP Jacob Mantle said in a post on X Friday that MPs depend on the service.

"Every member of Parliament in the country uses Signal, precisely because they believe it is safe (confidential) to use. No one wants Gary reading their messages," he said.

A spokesperson for Public Safety Minister Gary Anandasangaree said in a statement the government wants to "reassure Signal and all service providers that we are not legislating to require them to install capabilities to enable surveillance and any assertions otherwise are false."

Simon Lafortune said the government "categorically rejects claims that Bill C-22 would enable the surveillance of Canadians through everyday devices such as cars, home cameras, or smart TVs, or that it would require companies to introduce so‑called 'backdoors' into their products so that the government could gain access to customer data."

Lafortune added authorities would still be required to get legal authorization to obtain data, such as through a warrant issued by a court.

Canadian VPN provider Windscribe said Thursday it also would leave the country if the bill passes.

"Signal isn't headquartered in Canada so they can just shut off Canadian servers, but our HQ is," the company said in a post on X.

"We pay an ungodly amount of taxes to this corrupt government, and in return they want to destroy the entire essence of our service to basically spy on its own citizens. Not happening. We'll move HQ and take our taxes elsewhere."

The comments from Signal follow warnings from big tech companies Apple and Meta that the legislation threatens to compromise their encryption services.

Last week, the lawful access bill also drew opposition from members of the U.S. Congress. The heads of the judiciary and foreign affairs committees said in a joint letter to Anandasangaree the bill would "drastically expand Canada’s surveillance and data access powers in ways that create significant cross-border risks to the security and data privacy of Americans."

They said it would allow "Canadian government officials to compel American companies to build backdoors into their encrypted systems, thereby introducing systemic vulnerabilities that could be exploited by hackers, foreign adversaries, and cybercriminals."

The spokesperson for the public safety minister said the letter reflects a misunderstanding of how the bill would function.

Bill C-22 also has run into fierce opposition from civil liberties groups and law professors who say it would open the door to serious privacy infringements.

The government says the bill will ensure law enforcement agencies have the legal tools to prevent, investigate and respond to modern crime and protect Canadians in a Charter-compliant manner.

Under the bill, authorities could demand that a telecommunications provider like Bell or Rogers reveal whether it provides service to an individual or a number of interest — a measure intended to speed up investigations.

The bill would also require electronic service providers to develop and maintain the technical capabilities necessary to enable police and the Canadian Security Intelligence Service to effectively obtain communications and information for investigations.

There would be mandatory requirements for certain core providers — likely large telecommunications companies and satellite providers — to have specific capabilities. In addition, the public safety minister could issue a ministerial order to require a provider to develop a particular capability, even if they are not a core provider. The bill would prohibit a provider from disclosing the existence or content of a ministerial order.

Meta said this could require companies to build or maintain capabilities that break or weaken encryption, and force providers to install government spyware directly on their systems. Apple, maker of the iPhone, said the legislation could allow the government to force companies to break encryption by inserting backdoors into their products — "something Apple will never do."

The bill would also allow for regulations requiring service providers to retain metadata — digital traces of a communication, but not the email or text itself — for up to one year.

This report by The Canadian Press was first published May 15, 2026.

— With files from Jim Bronskill

1721