A proposed Canadian surveillance law is generating an international backlash of unusual intensity. Bill C-22, which grants Canadian authorities expanded digital access powers, has drawn direct opposition from some of the world's largest technology companies, prompted warnings from U.S. congressional leaders, and sparked a public debate about whether Canada is about to make itself structurally inhospitable to the digital economy it has spent years trying to build. The concern is no longer abstract: companies are naming specific consequences, including moving infrastructure and headquarters out of Canadian jurisdiction entirely.
What the Legislation Actually Threatens
The core dispute is about encryption. Bill C-22, as currently drafted, contains provisions that critics argue would compel technology companies to build mechanisms allowing government access to otherwise protected communications. In the security architecture community, this concept - commonly called a backdoor - is not a matter of political opinion. It is a structural vulnerability. Any pathway deliberately engineered into an encrypted system for authorized access can, and historically does, become an entry point for unauthorized access as well. The question is not whether such a mechanism would be exploited; the question is when and by whom.
Apple issued a direct public statement warning that the legislation could force companies to break encryption by inserting backdoors into their products - something the company stated it would refuse to do. Meta, whose WhatsApp platform uses end-to-end encryption for over two billion users globally, warned Parliament that the bill risks conscripting private companies into service as an arm of government surveillance. Signal, the encrypted messaging platform trusted by journalists, lawyers, human rights workers, and government officials worldwide, stated through its policy director Udbhav Tiwari that it would withdraw from Canada before compromising its encryption architecture. These are not negotiating positions. They are operational conclusions drawn from legal and technical analysis.
The Economic Calculation Behind the Backlash
Yanik Guillemette, a prominent Canadian technology entrepreneur and investor, describes the Bill C-22 debate as having moved decisively beyond privacy into economic territory. "We are witnessing one of the largest collisions between government surveillance ambitions and digital economic reality in modern Canadian history," Guillemette said. "The message from the global tech sector is becoming impossible to ignore: countries perceived as hostile to encryption and digital privacy will lose infrastructure, capital, talent, and strategic relevance."
That assessment is grounded in how modern digital infrastructure actually gets deployed. Hyperscale data centres, AI compute facilities, and cloud infrastructure are capital-intensive but geographically flexible. Operators choose jurisdictions based on a combination of factors: energy availability, regulatory stability, tax policy, and - critically - the legal risk profile associated with data stored or processed in that location. A jurisdiction known for mandatory access regimes or systemic encryption vulnerabilities becomes a liability for multinational operators, not an asset. Canada has positioned itself aggressively in recent years as a destination for AI infrastructure investment. That positioning is now at direct risk.
Shopify CEO Tobi Lütke made the point with unusual bluntness on X: "C-22 is looking like a huge mistake. It worries me a great deal. There is so much nonsense in there that it may well end up dealing a death blow to Canadian tech viability." Lütke's voice carries specific weight here - Shopify is among the most significant technology companies to have been built and headquartered in Canada, and his public criticism of domestic legislation is not a routine occurrence.
VPN Providers Signal a Practical Exodus
Among the most concrete signals of potential departure are those coming from Virtual Private Network providers. Windscribe, a Canadian-founded VPN company, publicly indicated it may relocate its headquarters outside Canadian jurisdiction rather than be compelled to log identifying user data. NordVPN stated it would remove its operational presence from Canada before violating its no-logs policy. These are not large companies by revenue standards, but their decisions carry symbolic and practical weight. VPN infrastructure specifically exists to protect user identity and data in transit. A legal regime that requires such companies to undermine that function does not regulate them - it eliminates the basis on which they operate.
International Attention and Canada's Reputational Exposure
The controversy has reached Washington. Reports indicate that the chairs of both the U.S. House Judiciary Committee and the House Foreign Affairs Committee have begun examining Bill C-22 and its implications for cross-border digital security and data governance. That level of attention from American legislators reflects a broader reality: digital infrastructure does not respect borders, and surveillance vulnerabilities in one allied jurisdiction create exposure across integrated systems. Canada and the United States share extensive digital infrastructure, financial networks, and intelligence relationships. A legal framework that weakens encryption protections in Canada does not stay contained to Canada.
"Modern economies run on trust," Guillemette emphasized. "AI infrastructure, encrypted communications, financial technology, and cloud computing all depend on strong digital protections. If Canada becomes associated with mandatory access regimes or systemic surveillance vulnerabilities, companies will simply deploy elsewhere. The infrastructure of the future is mobile." That mobility is precisely what makes the stakes so high. Unlike manufacturing capacity or physical supply chains, digital infrastructure can be redeployed with relative speed. The investment Canada has attracted in AI and cloud infrastructure reflects years of policy effort and competitive positioning. Legislation perceived as hostile to encryption could erode that positioning faster than it was built.
