Apple and Meta are pushing back hard against Canada’s proposed Bill C-22—and they’re not mincing words. Both tech giants say the legislation, currently being debated in the House of Commons, could legally compel them to break their own encryption and hand the Canadian government a master key to private user data. The bill, backed by Canada’s ruling Liberal Party following its parliamentary majority last month, is designed to give law enforcement faster access to digital evidence during criminal investigations. But for Apple and Meta, the way it’s written leaves far too much room for overreach.Apple told Reuters it would “never” insert backdoors into its products. Meta warned the bill’s scope is so broad it could force companies to “install government spyware directly on their systems.” And Will Cathcart, head of WhatsApp at Meta, went to X to say Canada’s bill would “turn private companies into permanent government surveillance tools”—arguing that scanning everyone’s messages weakens security for everyone, not just active targets of an investigation.Public Safety Canada isn’t buying any of it. A spokesperson told Reuters the law would not require firms to introduce “systemic vulnerabilities” into their encryption—essentially accusing Big Tech of overstating the risk and knowing full well how their own systems work.
Why Canada’s Bill C-22 has set off alarm bells across the tech industry
Bill C-22—formally the Lawful Access Act, 2026—was introduced by Canada’s ruling Liberal Party on March 12 and is backed by law enforcement agencies who say it will help them investigate security threats faster. Part 1 of the bill, which covers updated production orders and subscriber information requests, has drawn relatively little criticism. It’s Part 2—the Supporting Authorized Access to Information Act—that’s the real flashpoint.Part 2 would allow the Minister of Public Safety to issue secret orders requiring electronic service providers to build technical capabilities for government access. The bill does say companies can’t be forced to create “systemic vulnerabilities”—but critics note that the definition of that term can be rewritten by regulation at any time. The Canadian Constitution Foundation put it plainly: the government can redefine what counts as a vulnerability whenever it suits them. That’s the loophole Apple and Meta say they simply can’t live with.
The UK precedent that’s making Apple extra cautious
This isn’t Apple’s first rodeo on this exact issue. In early 2025, the British government secretly ordered Apple to hand over global access to all encrypted iCloud data. Apple refused and promptly pulled its Advanced Data Protection feature from the UK market entirely, before the US eventually pressured Britain into backing down.Canada’s bill contains strikingly similar powers. Meta noted in its parliamentary testimony that France, Sweden, and the EU have all walked back comparable proposals within the past year alone—which raises a fairly pointed question about why Canada is moving firmly in the opposite direction.The bill is still being debated in parliament. But with Apple, Meta, and privacy advocates all sounding the alarm loudly, Ottawa is facing some serious pressure to rethink Part 2 before it goes any further.
