NordVPN and Windscribe Threaten to Exit Canada If Bill C-22 Passes

NordVPN and Windscribe Threaten to Exit Canada If Bill C-22 Passes

Two major VPN providers have formally announced they will leave the Canadian market if Bill C-22 becomes law. NordVPN and Canadian-born Windscribe both issued statements confirming they cannot operate under legislation that would require them to retain user metadata for one year and build backdoors into their encryption. The announcements follow Signal's earlier warning that it would cease operations in Canada under the same conditions.

What Bill C-22 Would Require

Bill C-22, currently before the Canadian Parliament, would compel telecommunications and messaging service providers to retain metadata - who communicated with whom, when, and from where - for a minimum of 12 months and make it available to law enforcement without a warrant in certain circumstances. The bill also contains provisions requiring providers to build technical capabilities allowing lawful interception, which critics say is functionally equivalent to mandating encryption backdoors.

For VPN providers, whose entire business model rests on not logging user activity, compliance would be technically impossible without fundamentally betraying their core product promise. A VPN that retains 12 months of connection metadata is not a private VPN - it is a surveillance log with a monthly subscription fee.

Why Windscribe's Position Is Especially Significant

Windscribe is headquartered in Toronto. Unlike NordVPN, which is incorporated in Panama and can simply shut down its Canadian user base while continuing operations elsewhere, Windscribe cannot easily relocate. Its founder and team are Canadian. The company's statement that it would rather exit than comply is a particularly stark signal - a Canadian company telling Canadian lawmakers that their own legislation is incompatible with running a legitimate privacy business on Canadian soil.

NordVPN's position is less operationally complicated but equally symbolic. As one of the world's most recognizable VPN brands, its public refusal to comply carries significant weight in the policy debate.

The Broader Pattern: Exodus as a Policy Signal

This is not Canada's first experience with privacy-led market exits. Signal set the precedent for this conversation when it announced it would pull out of Canada rather than compromise its encryption. The pattern now extends to VPN providers, who serve a different but overlapping user base: journalists, activists, business travelers, and ordinary Canadians who use VPNs for privacy on public networks rather than end-to-end messaging.

Across Europe and the Anglosphere, a similar dynamic has played out repeatedly. The UK's Online Safety Act, the EU's Chat Control proposal, and Australia's Assistance and Access Act all triggered similar warnings from privacy technology companies. In most cases, legislators have treated those warnings as bluster. In some cases - Signal's refusal to add backdoors under UK pressure being the most prominent - the companies have followed through.

What Canadian Users Would Lose

If C-22 passes in its current form and major VPN providers exit the market, Canadian users would face a significantly narrowed field of privacy tools. The providers most likely to stay are those with the least commitment to privacy - services that already log data or are incorporated in jurisdictions with poor oversight. In practice, the bill would not eliminate VPN use; it would push Canadians toward less trustworthy providers or toward operating their own servers to avoid compliance entirely.

For the many Canadians who use VPNs for legitimate purposes - corporate security, protecting financial data on public Wi-Fi, bypassing geographic content restrictions - the practical impact would be a degraded set of available tools and reduced confidence in any remaining provider's privacy claims.

Status and Next Steps

Bill C-22 is currently in parliamentary review. Privacy advocates, technology companies, and civil liberties organizations including the Canadian Civil Liberties Association have filed formal objections. The bill's sponsors argue that the metadata retention provisions are narrowly scoped and necessary for law enforcement to investigate serious crimes, and that the backdoor framing is a mischaracterization of the technical requirements.

NordVPN and Windscribe have not set a specific withdrawal date, and the bill has not yet passed. But the formal announcements from both providers signal that the industry's opposition has moved from lobbying to contingency planning.