Its legislation that attempts to weaken and break encryption so that law enforcement and others can access encrypted communications. It also seeks to require mandatory suspicionless metadata for all online services.
The legislation was explicitly written to target both telecom companies and every online service.
Citizen Lab has a good writeup on the legislation here: https://citizenlab.ca/research/analysis-of-proposed-surveill...
https://www.parl.ca/DocumentViewer/en/45-1/bill/C-22/first-r...
The parts that are garnering a lot of negative feedback is
1) requiring core providers (a list as yet undefined), and any others if specifically directed to, to maintain a rolling year of metadata that the government can request on a targeted individual with a warrant. This is obviously at odds with "no log" VPNs in particular. And let's be real: 99% of the industry already logs everything.
2) "the development, implementation, assessment, testing and maintenance of operational and technical capabilities, including capabilities related to extracting and organizing information that is authorized to be accessed and to providing access to such information to authorized persons;"
The #2 could potentially imply secondary decryption keys and the like, though the bill explicitly says the requirement cannot impose a systematic vulnerability, and the government has pointed to that and said they want no such thing.
So VPN providers are saying "we don't want to log", and encryption providers are saying "be much clearer in what you mean by systematic vulnerability. Define this explicitly".
That's not true. Most people are not legal experts with extensive expertise in technology, knowledge of how Canadian courts will interpret the legislation, and knowledge of how governments around the world are trying to attack encryption (ex: they do their best to hide and not to explicitly say it in the legislation).
> And let's be real: 99% of the industry already logs everything.
That's your opinion. That's not a real scientific claim, and yet you are using it to justify an unprecedented attack on privacy rights.
Suspicionless metadata retention has been illegal in the European Union since 2014, and it violates the Charter. There is no world in which it is acceptable.
An RCMP witness speaking about the bill during a recent committee meeting literally said the legislation will help them "solve the problem of encryption": https://www.michaelgeist.ca/2026/05/rcmp-confirms-bill-c-22-...
are they just going to ban specific vpn providers then ? this is absurd!
There are arguments for all sides, and I do think the narrative gets monopolized by the hysterical. On the one side I like torrenting without concern, but on the other it would be nice if services didn't provide cover for people to send death threats, bomb threats to schools because they fly a pride flag, VoIP swatting, and so on. Though ultimately limiting just VPNs directly operating in Canada just offshores the problem so the solution doesn't really achieve anything.