Apple, Meta Warn Canada’s Bill C-22 Could Weaken Encryption

Apple and Meta have put Canada’s Bill C-22 at the center of a fight over whether public-safety enforcement should come at the expense of encrypted products that people rely on for private communication. The companies warned that the proposed law could force providers to build technical capabilities for lawful access that weaken the security of devices and services used by millions of people.

Bill C-22, tabled in the House of Commons on March 12, 2026, would modernize investigative powers in Part 1 by speeding access to subscriber information, tracking data, transmission data and certain computer data. Part 2 would create a new Supporting Authorized Access to Information Act, or SAAIA, framework that would require selected electronic service providers to maintain technical capabilities for lawful-access compliance. Public Safety Canada has said the bill does not create new interception authorities and would not require a “systemic vulnerability” in encryption. The department also says current support for lawful-access requests outside voice telephony is voluntary and rests on a 1995 licensing condition that no longer fits today’s internet and messaging services.

Meta said Part 2 could force companies to build or maintain capabilities that break, weaken or circumvent encryption or zero-knowledge security architectures, and could even push providers to install government spyware directly on their systems. Apple said the measure would undermine the privacy and security features customers expect, and said it would never add backdoors into its products. End-to-end encryption means only the user can read the contents without the key, not even the platform provider or law enforcement, which is why services such as WhatsApp and iMessage are widely used by privacy-conscious customers and by people trying to avoid spying or cybercrime.

The dispute reaches beyond Canada because the products at issue are global. If Apple or Meta changed core security design to satisfy one country’s rules, those changes could spill over into services used outside Canada, either through shared codebases, shared cloud systems or pressure to avoid building separate versions of the same product. Critics say that is what makes lawful-access laws so consequential: a tool built for one jurisdiction can become a template for weakening privacy protections elsewhere.

The concern has been sharpened by a similar case in the United Kingdom. Apple removed a feature that allowed users to store cloud data with end-to-end encryption after a UK data-access order last year, before Britain later dropped the request after Tulsi Gabbard raised concerns it could conflict with a cloud data treaty. That episode has become a warning sign for companies now watching Ottawa.

Canada’s Charter Statement was tabled on April 24, 2026, and the Standing Committee on Public Safety and National Security began hearing testimony in early May. Public Safety Canada says the bill is meant to align Canada more closely with Five Eyes lawful-access regimes, but Apple and Meta are pressing the opposite case: once governments demand a way in, the door can open for criminals, hostile states and other unauthorized actors too.