‘No-logs architecture and encryption are non-negotiable’ — ExpressVPN joins the backlash against Canada’s controversial Bill C-22
- ExpressVPN has joined other VPN providers in criticizing Canada’s Bill C-22
- The bill seeks to impose greater data retention and an encryption backdoor
- Proton, Windscribe, NordVPN, Signal have already slammed the proposal
The privacy industry’s backlash against Canada’s controversial Bill C-22 continues to grow. Virtual private network giant ExpressVPN has formally criticized the proposed legislation, stating that its no-logs architecture and encryption remain strictly “non-negotiable.”
The controversy is a major concern for anyone searching for the best VPN to protect their online identity. Bill C-22, officially known as the Lawful Access Act, would require online services to build technical capabilities facilitating government access to encrypted communications, while also mandating metadata retention for up to a year.
In a statement shared with TechRadar, ExpressVPN said to be “carefully reviewing” Canada’s Bill C-22, particularly the provisions on access to user data and the requirement to build technical capabilities supporting government access to encrypted user communications.
For millions who rely on VPN services, the proposal threatens the core mechanisms of online privacy. Under a strict no-logs policy, a VPN provider like ExpressVPN technically promises to never track or store what its users do online. This means that if a government demands user logs, a secure provider simply has nothing to hand over — a fundamental privacy guarantee that Bill C-22 threatens to disrupt.
ExpressVPN’s stance follows similar warnings shared by other VPN providers, including NordVPN and Proton VPN. Windscribe and Signal also threatened to leave the market if Bill C-22 were to pass.
The danger of mandated backdoors
Why are VPN companies and secure messaging apps uniting against Ottawa? The core of the issue lies in the bill’s technical requirements. ExpressVPN warned that forcing companies to build tools to access secure user data creates a massive security vulnerability that malicious parties could easily abuse.
“Our position on the underlying principles is clear: ExpressVPN’s no-logs architecture and encryption are non-negotiable,” the ExpressVPN spokesperson told TechRadar.
That’s because, ExpressVPN explains, both encryption and a no-log architecture protect users from a wide range of threats, including bad actors who would exploit any technical capabilities built for one purpose to use them for another.
Public Safety Canada (@Safety_Canada) has now received its second Community Note on X over misleading claims about its proposed surveillance legislation, Bill C-22, the Lawful Access Act. The government claims that all G7 countries have lawful access frameworks with “technical… https://t.co/elqHBw8rWgMay 20, 2026
“Legislation that mandates data retention or technical access, however well-intentioned, undermines the security that millions of users rely on,” the ExpressVPN spokesperson added.
By mandating that providers build a way to circumvent encryption, the bill effectively demands digital backdoors.
Security experts argue that there is no such thing as a backdoor that only “good guys” can use. Once an entry point is created, it becomes a high-priority target for cybercriminals and state-sponsored hackers.
A growing privacy exodus
ExpressVPN is not alone in its stance. The provider joins an increasingly vocal resistance that includes some of the industry’s biggest names.
Earlier this week, Swiss-based Proton VPN declared that “there is no universe in which Proton VPN compromises its no-logs policy,” vowing to fight the legislation by any means.
Meanwhile, Toronto-headquartered Windscribe VPN went as far as threatening to relocate its operations out of Canada entirely. Encrypted messaging giant Signal similarly warned that it would rather exit the Canadian market than compromise user trust.
The friction has even raised cross-border concerns. Lawmakers in the United States have cautioned that the bill could compromise the data privacy of American citizens.
“We are monitoring the legislation closely as it unfolds and engaging with the broader conversation about how Canada balances law enforcement needs with the security and privacy of its citizens,” the ExpressVPN spokesperson concluded. “We will be transparent with our users as the situation develops.”
TechRadar has contacted ExpressVPN for further comment.
ExpressVPN has joined other VPN providers in criticizing Canada’s Bill C-22 The bill seeks to impose greater data retention and an encryption backdoor Proton, Windscribe, NordVPN, Signal have already slammed the proposal The privacy industry’s backlash against Canada’s controversial Bill C-22 continues to grow. Virtual private network giant ExpressVPN has…
