Chamber
commons
Stage
2nd Reading
Introduced
Mar 12, 2026
Progress
This bill modernizes how police and intelligence agencies can legally access digital data and requires tech companies to help authorized investigators.
Key Changes
- Police can demand that telecom companies confirm whether they provide services to a specific subscriber, with a minimum 24-hour response time and a right for companies to challenge the demand within 5 business days
- New production orders allow courts to require companies to hand over subscriber information (name, address, account details) to assist investigations
- Warrants can now authorize examination of computer data already in police possession, and can cover similar unknown devices or accounts a suspect may use in the future
- Officers can seize subscriber information or transmission data without a warrant in urgent (exigent) circumstances
- A new law (Supporting Authorized Access to Information Act) requires designated electronic service providers to build and maintain technical capabilities enabling lawful interception, with fines up to $500,000 for non-compliance
- Foreign tech companies can be asked — with judicial authorization — to produce transmission data or subscriber information, and foreign production orders can be enforced in Canada through the Mutual Legal Assistance process
Gotchas
- Companies cannot be forced to create 'systemic vulnerabilities' — meaning they cannot be required to build backdoors that would weaken security for all users, only to assist with lawfully authorized access
- Ministerial orders requiring tech companies to build interception capabilities must be approved by the independent Intelligence Commissioner before taking effect, providing an oversight check
- Non-disclosure conditions can prevent telecom companies from telling customers their data was requested, for up to one year in criminal investigations and indefinitely under CSIS demands
- Metadata (such as transmission data) can be required to be retained by companies for up to one year, but companies cannot be required to retain content of communications, browsing history, or social media activity
- A parliamentary review of the entire law must occur in the third year after it fully comes into force, providing a built-in accountability mechanism
- Part 1 comes into force 180 days after royal assent, while Part 2 comes into force by Governor in Council order, meaning the two parts may not take effect at the same time
Who's Affected
- Telecommunications and internet service providers operating in Canada
- Messaging, social media, and app companies providing services to Canadians
- Law enforcement agencies (RCMP, police forces)
- Canadian Security Intelligence Service (CSIS)
- Canadians whose subscriber or transmission data may be accessed during investigations
- Foreign tech companies that serve Canadian users
Vibes
0 responses
Gotchas
- Companies cannot be forced to create 'systemic vulnerabilities' — meaning they cannot be required to build backdoors that would weaken security for all users, only to assist with lawfully authorized access
- Ministerial orders requiring tech companies to build interception capabilities must be approved by the independent Intelligence Commissioner before taking effect, providing an oversight check
- Non-disclosure conditions can prevent telecom companies from telling customers their data was requested, for up to one year in criminal investigations and indefinitely under CSIS demands
- Metadata (such as transmission data) can be required to be retained by companies for up to one year, but companies cannot be required to retain content of communications, browsing history, or social media activity
- A parliamentary review of the entire law must occur in the third year after it fully comes into force, providing a built-in accountability mechanism
- Part 1 comes into force 180 days after royal assent, while Part 2 comes into force by Governor in Council order, meaning the two parts may not take effect at the same time
Summary
Bill C-22, the Lawful Access Act, 2026, updates Canadian laws to make it easier for police and intelligence agencies to access digital information during investigations. Part 1 changes the Criminal Code and other laws to allow officers to more quickly obtain subscriber information (like names, addresses, and account details) from telecom companies, access computer data with proper warrants, and even request data from foreign tech companies. It also allows officers to act in urgent situations without a warrant when time is critical. Part 2 creates a brand new law called the Supporting Authorized Access to Information Act. This law requires electronic service providers — like internet, messaging, and app companies — to build and maintain technical capabilities that allow authorized investigators to access information when legally required. The Minister of Public Safety can issue orders to specific companies, and those orders must be reviewed and approved by the Intelligence Commissioner before taking effect. The bill was introduced to address the growing challenge that modern encrypted and digital communications pose to law enforcement and national security investigations. It attempts to balance investigative needs with privacy protections by requiring judicial oversight for most access requests and prohibiting companies from being forced to create security backdoors that could expose all users to risk.
Automatically generated from bill text using Claude
Vibes
0 responses