Lawful Access Act

Lawful Access Act
Parliament of Canada
  • An Act respecting lawful access
Considered byHouse of Commons of Canada
Legislative history
Bill titleBill C-22
Introduced byGary Anandasangaree
First reading12 March 2026
Status: Pending

The Lawful Access Act, also known as Bill C-22, is a proposed piece of legislation of the 45th Parliament of Canada.

The bill contains provisions regarding "lawful access" to information from electronic service providers as part of criminal investigations by law enforcement and the Canadian Security Intelligence Service (CSIS). It will compel telecommunications providers to identify without a warrant whether individuals under reasonable suspicion of criminal activity are users of their services, and requires "electronic service providers" to assist in providing data to law enforcement when requested.

The bill's provisions were originally proposed as part of the Strong Borders Act (Bill C-2), which also included provisions regarding immigration reform. In late-2025, amid controversy over the lawful access portion, the omnibus bill was split into a revised Bill C-22 and C-12 (Strengthening Canada's Immigration System and Borders Act) so that they could be considered individually.

Contents

Strong Borders Act
Parliament of Canada
  • An Act respecting certain measures relating to the security of the border between Canada and the United States and respecting other related security measures
Considered byHouse of Commons of Canada
Legislative history
Bill titleBill C-2
Introduced byGary Anandasangaree
First reading3 June 2025
Status: Not passed

The bill contains two main sections. The first section, "Timely access to data and information", grants law enforcement the authority to—without a warrant—compel telecommunications providers to identify whether they have provided services to an individual, if they have "reasonable grounds to suspect" that they have committed or are about to commit a crime. Only a "yes" or "no" response can be compelled; authorities may only request "subscriber information" (such as names, addresses, and emails associated with the individual under investigation) via a court warrant. A provider can challenge and appeal these demands in court.[1][2][3][4]

This provision is intended to fill a "gap" in investigation capabilities formed by the Supreme Court's ruling in R v Spencer, which found that law enforcement could not request information on individual telecom subscribers without a court warrant due to an expectation of privacy, and Charter protections against unreasonable search or seizure.[5]

The second section is titled the Supporting Authorized Access to Information Act (SAAIA): "electronic service providers" (ESPs) are obligated to provide "reasonable assistance" to "permit the assessment or testing of any device, equipment or other thing that may enable an authorized person to access information". It grants the Governor-in-Council the ability to create regulations regarding "core providers"—a class of ESPs that can be obligated (subsection (2)) to co-operate with law enforcement on developing, implementing, or installing means for authorized persons to access information from the service as part of an investigation, which can include being required to retain metadata for up to one year.[6][1][2][4][7]

Core providers cannot be compelled to retain a user's internet browsing history, social media activities, or the "content [...] of information transmitted in the course of an electronic service", nor are they required to comply with subsection (2) obligations if they would "introduce a systemic vulnerability related to that service or prevent the provider from rectifying such a vulnerability."[4]

History

In June 2025, minister of public safety Gary Anandasangaree introduced Bill C-2, the Strong Borders Act; the bill came amid an ongoing trade war with the United States, which saw U.S. president Donald Trump impose tariffs on Canada and Mexico for failing to control an alleged influx of illegal immigrants and fentanyl entering the United States via their respective borders.[8][9][10][11][12]

The bill was an omnibus consisting of immigration- and surveillance-related measures. The border measures proposed a tightening of asylum rules in order to control an ongoing backlog of pending cases, and additional authority for the mass cancellation of temporary residency visas and permanent resident cards if deemed to be in the "public interest". Parts 14 and 15 established "lawful access" regulations; Part 14 compelled anyone who provided a "service" to the public to comply with warrantless requests from law enforcement (including the Canadian Security Intelligence Service (CSIS)) for certain information regarding a user of the service (including confirmation that they are a customer, how long they have been a customer, and a "name or identifier" of the user), if they have "reasonable grounds to suspect" that the user is engaged in or likely to engage in criminal activity. Law enforcement could also receive authorization from a court to request "all" information regarding the user, which does not require a warrant in "exigent circumstances".[13][14] Part 15 (SAAIA) established obligations for "electronic service providers" to "permit the assessment or testing of any device, equipment or other thing that may enable an authorized person to access information", and the Governor-in-Council to establish and define obligations of electronic service providers who are "core providers".[13][14]

After facing criticism over the breadth of its data access provisions,[15][16] the Liberal Party elected to split the bills into the separate bills C-12 (Strengthening Canada's Immigration System and Borders Act) and C-22 (Lawful Access Act) so that the passage of the immigration-related measures could be expedited.[17][18] Bill C-22 contained some changes to the lawful access provisions in comparison to Bill C-2, including replacing Part 14 with a narrower provision that only allows warrantless requests to telecom providers to identify whether a specific person is a subscriber to their services, and expanded Part 15 to include the possibility of additional data retention obligations.[1][4]

Reception

Minister of Public Safety Gary Anandasangaree stated that the bill was necessary to bring Canada's intelligence capabilities in line with those of its allies, and was designed to "[balance] the needs of law enforcement with the privacy and civil rights that Canadians demand."[6]

The SAAIA portion of the bill has faced opposition from civil liberties and digital privacy advocates, as well as technology companies, who displayed concern that it could compromise user privacy and require the weakening of services utilizing end-to-end encryption.[19][20] University of Ottawa professor Michael Geist noted that although the new "confirmation of service" provision was an improvement over Bill C-2 due to its narrower scope (including applying only to telecom companies rather than "services") and limits on subscriber information can be obtained without a warrant, but showed concerns over its requirement of a “reasonable grounds to suspect”—a weaker standard than the “reasonable grounds to believe” used for production orders under the Criminal Code.[4] Geist also displayed major concerns over SAAIA, noting the broad definition of an "electronic service provider", that the exemption for systemic vulnerabilities "lacks specificity" and could thus allow the government to "define encryption and vulnerability narrowly enough to hollow out the protection", and that it contradicted a portion of the law that "unconditionally require[s] compliance with orders and provide that orders prevail over inconsistent regulations."[4][21] It has also been suggested that Bill C-22's provisions are meant to align with potential agreements under the U.S. CLOUD Act.[22][23]

Apple Inc. warned that the bill "could allow the Canadian government to force companies to break encryption by inserting backdoors into their product" and would "undermine our ability to offer the powerful privacy and security features users expect from Apple",[7] while Meta Platforms' head of public policy Rachel Curran stated that it would "conscript private companies into service as an arm of the government’s surveillance apparatus."[24] A number of VPN services, including NordVPN and Windscribe, as well as the secure messaging service Signal, threatened to leave the Canadian market or move out of Canadian jurisdiction if Bill C-22 were to take effect, as the requirements on "core providers" were inconsistent with their privacy practices.[25][19] U.S. chair of the House Judiciary Committee Jim Jordan and chair of the House Foreign Affairs Committee Brian Mast stated that the bill "harms U.S. national security and economic interests by undermining trust in American technology and inviting reciprocal demands from other nations."[20]

Anandasangaree dismissed these concerns, arguing that U.S. tech companies were "misinterpreting some of the safeguards that are already built in, including on ensuring that encryption is not in any way interrupted as part of Bill-22."[24] Geist argued that Anandasangaree was "follow[ing] much the same script" as the government's response to companies such as Meta threatening to block links to news articles in response to the Online News Act.[26]

See also

References

  1. ^ a b c "Bill C‑22: The Lawful Access Act Reintroduces Lawful Access in Parliament After the Government of Canada's Abortive Attempt to Do So in Bill C‑2, the Strong Borders Act". Fasken. 2026-03-26. Retrieved 2026-05-20.
  2. ^ a b "New lawful access bill still lacking". CBA National Magazine. Canadian Bar Association. Retrieved 2026-05-20.
  3. ^ "Federal government pitches new bill increasing law enforcement's access to information". Canadian Lawyer Magazine. Retrieved 2026-05-20.
  4. ^ a b c d e f Geist, Michael (2026-03-13). "A Tale of Two Bills: Lawful Access Returns With Changes to Warrantless Access But Dangerous Backdoor Surveillance Risks Remain". Self-published. Retrieved 2026-05-20.
  5. ^ "Proposed changes to laws on timely access to information (Bill C-22 - Part 1): Department of Justice". Department of Justice, Government of Canada. 2026-03-11. Retrieved 2026-05-20.
  6. ^ a b Zimonjic, Peter (12 March 2026). "New lawful access bill would give police, CSIS more powers to track suspects online". CBC News. Retrieved 2026-05-20.
  7. ^ a b "Apple argues Liberals' lawful access bill could put users' personal data at risk". CBC News. 2026-05-06. Retrieved 2026-05-20.
  8. ^ Murray, Warren; Bekiempis, Victoria (February 2, 2025). "Canada and Mexico hit back after Trump signs order for punishing tariffs". The Guardian. ISSN 0261-3077. Retrieved February 2, 2025.
  9. ^ Lynch, David J. (February 1, 2025). "Trump signs order imposing tariffs on Canada, Mexico and China". The Washington Post. Archived from the original on February 2, 2025. Retrieved February 2, 2025.
  10. ^ Kaye, Danielle (February 1, 2025). "Here's What to Know About Trump's Tariffs". The New York Times. ISSN 0362-4331. Archived from the original on February 3, 2025. Retrieved February 2, 2025.
  11. ^ Mann, Brian (February 2, 2025). "Trump used fentanyl to justify tariffs, but the crisis was already easing". NPR. Archived from the original on February 9, 2025. Retrieved February 9, 2025.
  12. ^ Lawder, David; Shalal, Andrea; Holland, Steve (March 3, 2025). "Trump says Canada, Mexico tariffs to take effect on Tuesday; stocks tumble". Reuters. Retrieved March 3, 2025.
  13. ^ a b "Bill C-2: Strong Borders Act Introduces Lawful Access and Data Disclosure Regime". Fasken. 2025-06-25. Retrieved 2026-05-21.
  14. ^ a b Lake, Holly (2025-06-27). "'An anti-refugee bill in all respects'". CBA National Magazine. Retrieved 2026-05-21.
  15. ^ "Government Doubles Down in Defending Bill C-2's Information Demand Powers That Open the Door to Warrantless Access of Personal Information". Michael Geist. 17 September 2025.
  16. ^ Tunney, Catharine (2025-11-22). "Liberals hoped their border bill would quickly pass. Now they're aiming for next year". CBC News. Retrieved 2026-05-19.
  17. ^ Boudjikanian, Raffy (2026-03-30). "A major immigration reform bill is now law in Canada. Some worry it rolls back refugee rights". CBC News. Retrieved 2026-05-19.
  18. ^ Zimonjic, Peter (2026-03-12). "New lawful access bill would give police, CSIS more powers to track suspects online". CBC News. Retrieved 2026-05-19.
  19. ^ a b Geist, Michael (2026-05-19). "Tech Exodus: Why Bill C-22's Privacy and Security Risks Will Drive Digital Services Out of the Country". Self-published. Retrieved 2026-05-20.
  20. ^ a b "Why the U.S. is noticing this Canadian security bill". CBC News. 2026-05-15. Retrieved 2026-05-22.
  21. ^ Geist, Michael (2026-05-16). "The Lawful Access Two-Headed Surveillance Monster: How Bill C-22 Went Off the Rails - Michael Geist". Retrieved 2026-05-22.
  22. ^ "Trump Wants to Tap Your Phone. Ottawa Might Let Him". The Walrus. 2026-05-25. Retrieved 2026-05-25.
  23. ^ "Unspoken Implications: A Preliminary Analysis of Bill C-2 and Canada's Potential Data-Sharing Obligations Towards the United States and Other Countries". The Citizen Lab. Retrieved 2026-05-25.
  24. ^ a b "Facing mounting backlash, Anandasangaree says U.S. tech companies are 'misinterpreting' his lawful access bill". CBC News. 2026-05-13. Retrieved 2026-05-20.
  25. ^ "Lawful access bill could lead to exit from Canada, major VPN provider says". Canadian Press. Retrieved 2026-05-20 – via Global News.
  26. ^ Geist, Michael (2026-05-14). "Bill C-22's Groundhog Day: Why the Government's Dismissal of Signal, Apple and the U.S. Congress Concerns Runs Back the Disastrous Online News Act Playbook". Retrieved 2026-05-22.