Bill C-22 Lawful Access Act

Read Full Bill Text Here

C-22 An Act Respecting Lawful Access

Short Title: Lawful Access Act, 2026

Bill Type: House Government Bill

Bill Sponsor: Minister of Public Safety

What This Bill Does

This Bill gives police, CSIS and other authorized agencies faster and broader legal tools to access Canadians' digital data — including subscriber information, transmission data, computer data and device tracking. It also creates a new Law — the Supporting Authorized Access to Information Act — that forces electronic service providers (apps, platforms, telecoms) to build and maintain technical capabilities that allow government to access information when authorized. Providers who don't comply face fines, audits, inspections and criminal charges.

WHO GAINS POWER

  • Police and CSIS gain faster access to subscriber information, transmission data and computer data — with shorter review windows and new exigent circumstances powers that bypass warrant requirements
  • The Minister of Public Safety gains authority to issue secret orders to any electronic service provider — requiring them to build backdoor access capabilities — without those orders being subject to the Statutory Instruments Act
  • Government gains authority to compel foreign telecom companies operating in Canada to produce subscriber and transmission data
  • Inspectors gain authority to enter any business premises — without a warrant — to verify compliance, examine documents and copy electronic data
  • Government gains authority to require providers to retain metadata for up to one year

WHO LOSES POWER

  • Canadians — police can now seize subscriber information in exigent circumstances without a warrant and publicly available information requires no order at all
  • Electronic service providers — must build and maintain government access capabilities at their own cost, keep secret orders confidential and cannot disclose they are subject to an order
  • Telecom companies — must confirm whether they provide services to specific individuals within 24 hours of a demand, with limited ability to challenge
  • Corporate directors and officers — personally liable for violations committed by their organizations

WHO GAINS MONEY

  • The Minister may — but is not required to — compensate providers for costs of building access capabilities
  • Designated inspectors and enforcement officers gain new roles and authority

WHO LOSES MONEY

  • Electronic service providers bear the cost of building and maintaining government access capabilities — compensation is discretionary, not guaranteed
  • Non-compliant providers face fines up to $250,000 per violation (administrative) and $500,000 per violation (criminal) — with each day of non-compliance counting as a separate violation

THE CATCH

  • The Minister can issue secret orders to any electronic service provider — not just large telecoms — requiring backdoor access capabilities and providers cannot tell anyone they received the order
  • The Bill explicitly prohibits providers from introducing "systemic vulnerabilities" — but the Minister's orders requiring access capabilities could themselves create exactly that
  • Exigent circumstances now allow warrantless seizure of subscriber information — a significant expansion beyond existing Law
  • The schedule defining "core providers" is blank — the Governor in Council fills it in by regulation after the Bill passes, with no Parliamentary vote required
  • Part 2 (the Supporting Authorized Access to Information Act) comes into force by Order in Council — meaning Cabinet decides when, with no fixed date and no Parliamentary trigger
  • Parliamentary review only happens three years after all provisions are in force — by which time the infrastructure will already be built

Source: Bill C-22 — Lawful Access Act, 2026 First Reading: March 12, 2026