A piece of proposed Canadian legislation is producing a rare degree of unified opposition from some of the most influential technology companies and privacy advocates in the world. Bill C-22, which would expand the Canadian government's lawful access and interception capabilities, has drawn direct public warnings from Apple, Meta, and Signal - companies that rarely align on policy matters - along with prominent Canadian technology figures who argue the bill threatens the country's standing as a viable home for digital infrastructure and investment.
Canadian technology entrepreneur and investor Yanik Guillemette has been among the most direct domestic voices framing the stakes in economic rather than ideological terms. "We are witnessing one of the largest collisions between government surveillance ambitions and digital economic reality in modern Canadian history," he said. "The message from the global tech sector is becoming impossible to ignore: countries perceived as hostile to encryption and digital privacy will lose infrastructure, capital, talent, and strategic relevance."
What the Legislation Would Require - and Why the Industry Rejects It
At the core of the dispute is a concept the cybersecurity industry has consistently rejected for decades: the idea that governments can compel technology companies to build exceptional access mechanisms - commonly called backdoors - into their encrypted products without fundamentally compromising security for everyone.
Apple issued a rare direct statement on the matter, warning that Bill C-22 "could allow the Canadian government to force companies to break encryption by inserting backdoors into their products, something Apple will never do." Meta similarly warned Parliament that the legislation risked conscripting private companies into functioning as extensions of government surveillance infrastructure. Signal's Executive Udbhav Tiwari went further, stating the platform would withdraw from Canada entirely before altering its end-to-end encryption architecture.
The technical argument behind these positions is not new. Cryptographers and security researchers have maintained for decades that there is no engineered mechanism that allows authorized access by one party - a government, a regulator - that cannot eventually be discovered and exploited by unauthorized parties. Every exceptional access point is, architecturally, an attack surface. Guillemette put it plainly: "There is no such thing as a secure backdoor. Every exceptional access mechanism eventually becomes an attack surface. That is not ideology, it is basic security architecture."
The Economic Argument Is Sharpening
Beyond the technical objections, a parallel conversation is emerging about what the legislation signals to the global infrastructure investment community. Shopify CEO Tobi Lütke delivered a pointed assessment on X: "C-22 is looking like a huge mistake. It worries me a great deal. There is so much nonsense in there that it may well end up dealing a death blow to Canadian tech viability."
The concern is structural. Canada has positioned itself in recent years as a competitive destination for artificial intelligence research, hyperscale data centre deployment, and cloud infrastructure investment. That positioning depends heavily on the perception that data housed in Canada is governed by a predictable, rights-respecting legal framework. Mandatory access regimes - or even the credible threat of them - can shift infrastructure decisions. Data centre investments are long-horizon commitments; legal uncertainty is a meaningful deterrent.
The VPN sector is already signaling reallocation. Windscribe, a Canadian-founded VPN provider, publicly indicated it could relocate its headquarters outside Canadian jurisdiction rather than comply with provisions that would require logging identifying user data. NordVPN issued a comparable warning, stating it would remove its Canadian operational presence before compromising its no-logs policy. These are not peripheral players - they are companies whose entire product proposition rests on jurisdictional credibility.
"Modern economies run on trust," Guillemette noted. "AI infrastructure, encrypted communications, financial technology, and cloud computing all depend on strong digital protections. If Canada becomes associated with mandatory access regimes or systemic surveillance vulnerabilities, companies will simply deploy elsewhere. The infrastructure of the future is mobile."
International Attention Raises the Diplomatic Dimension
The debate has moved beyond Canada's parliamentary process. Reports indicate that the chairs of the U.S. House Judiciary Committee and the House Foreign Affairs Committee have begun reviewing Bill C-22, examining its implications for cross-border digital security, data governance, and business operations affecting American companies with Canadian exposure.
That level of scrutiny from Washington is significant. Canada and the United States share extensive digital infrastructure, deeply integrated supply chains for technology products and services, and a bilateral relationship that includes intelligence-sharing frameworks. Legislation that introduces systemic vulnerabilities into Canadian digital infrastructure - or that drives major platforms to alter their architecture for Canadian users - has plausible downstream effects on shared security environments.
The international dimension also reshapes the domestic political calculus. What began as a debate framed around child safety and national security - the typical justifications offered for lawful access legislation - has acquired a second front: economic competitiveness and diplomatic consequence. Guillemette's characterization of the moment as a defining one for Canada's future relevance in AI and cloud infrastructure reflects a broadening of the conversation that Canadian lawmakers will find harder to contain within the original framing of the bill.
Whether Parliament proceeds, amends, or withdraws the legislation, the coalition that has formed against it - spanning domestic entrepreneurs, global platform companies, international lawmakers, and specialized privacy infrastructure providers - represents an unusual alignment of interests that will be difficult to dismiss as a narrow industry lobby.
