By: Alexandra Lyn, Joel Reardon, and Michael Nesbitt
Legislation Commented On: Bill C-22, An Act respecting lawful access (1st Sess, 45th Parl, 2026)
PDF Version: Decrypting Bill C-22, Part I: Why Canada Needs a Lawful Access Regime
Bill C-22, An Act respecting lawful access (1st Sess, 45th Parl, 2026) is the federal government’s long-overdue and contentious attempt to address the intractable issue of lawful access. C-22 has cleared the House and is awaiting Senate study beginning on September 21, 2026, having been fast-tracked through third reading despite ongoing privacy, encryption, and overbreadth objections. The Bill has two parts. Part 1, Timely Access to Data and Information, governs law enforcement access to personal information held by communication service providers (think Bell, Rogers, Telus) and other tech companies and services like Signal, Gmail, and WhatsApp, by amending the Criminal Code and several related statutes. Part 2 enacts the Supporting Authorized Access to Information Act (SAAIA), which establishes a framework that requires electronic service providers to facilitate lawful access requests under the Criminal Code or the CSIS Act. Framed by the government as a response to criminal activity increasingly enabled by the digital environment, the Bill expands the state’s powers of search and seizure by conscripting private providers into its investigative apparatus — for example by requiring them, among other things, to retain user metadata that may not otherwise be preserved, and to develop technical capabilities that would otherwise not exist, so that law enforcement can access the data these providers hold. These expanded powers lie in tension with civil liberties and the privacy interests Canadians hold in their digital lives, interests protected by section 8 of the Charter. Bill C-22 asks Canadians to decide a question that has become increasingly pressing in a digital world: in the pursuit of public safety, how much of our privacy are we prepared to relinquish, to whom, and at what cost?