Chamber
commons
Stage
2nd Reading
Introduced
Mar 12, 2026
Progress
This bill updates laws to give police and intelligence agencies faster, clearer access to digital data and subscriber information during investigations.
Key Changes
- Police and public officers can demand telecom companies confirm whether they serve a specific subscriber, with a minimum 24-hour response window, without needing a full court order
- New court orders allow police to obtain subscriber information (names, addresses, account numbers, device identifiers) from service providers during investigations
- In urgent (exigent) circumstances, officers can seize subscriber information or certain data without a warrant if getting one is not practical
- Warrants can now cover 'similar' unknown devices or accounts a suspect might use in the future, not just ones known at the time the warrant is issued
- A new law (Supporting Authorized Access to Information Act) requires designated electronic service providers to build and maintain technical capabilities to help authorized investigators access information, with fines up to $500,000 for non-compliance
- The Minister of Public Safety can issue secret orders to specific tech or telecom companies requiring them to assist with lawful access, subject to review by the Intelligence Commissioner
Gotchas
- The bill allows non-disclosure conditions on demands and orders, meaning a telecom company can be legally prohibited from telling its customers that their information was requested — for up to one year in some cases
- The new Supporting Authorized Access to Information Act requires companies to build technical interception capabilities into their systems, which critics of similar laws elsewhere have argued can weaken overall cybersecurity; however, the bill explicitly prohibits requiring companies to introduce 'systemic vulnerabilities'
- Ministerial orders under Part 2 are secret and reviewed by the Intelligence Commissioner rather than a court, meaning affected companies have limited public recourse; judicial review is available but requires 15 days' advance notice to the Minister
- The bill allows metadata (like transmission data) to be retained by companies for up to one year under regulations, but explicitly prohibits requiring retention of message content, web browsing history, or social media activity
- The Intelligence Commissioner — not a court — approves secret ministerial orders requiring companies to build access capabilities, which is a lower level of judicial oversight than a warrant
- Part 3 requires a parliamentary review of the entire law after three years, which provides a built-in accountability mechanism but does not guarantee changes will be made
Who's Affected
- Telecom companies and internet service providers operating in Canada
- App developers, social media platforms, and other electronic service providers serving Canadians
- Canadians whose subscriber or account information may be requested by law enforcement
- Police forces and public officers conducting criminal investigations
- The Canadian Security Intelligence Service (CSIS)
- Foreign tech and telecom companies that serve Canadian users
Vibes
0 responses
Gotchas
- The bill allows non-disclosure conditions on demands and orders, meaning a telecom company can be legally prohibited from telling its customers that their information was requested — for up to one year in some cases
- The new Supporting Authorized Access to Information Act requires companies to build technical interception capabilities into their systems, which critics of similar laws elsewhere have argued can weaken overall cybersecurity; however, the bill explicitly prohibits requiring companies to introduce 'systemic vulnerabilities'
- Ministerial orders under Part 2 are secret and reviewed by the Intelligence Commissioner rather than a court, meaning affected companies have limited public recourse; judicial review is available but requires 15 days' advance notice to the Minister
- The bill allows metadata (like transmission data) to be retained by companies for up to one year under regulations, but explicitly prohibits requiring retention of message content, web browsing history, or social media activity
- The Intelligence Commissioner — not a court — approves secret ministerial orders requiring companies to build access capabilities, which is a lower level of judicial oversight than a warrant
- Part 3 requires a parliamentary review of the entire law after three years, which provides a built-in accountability mechanism but does not guarantee changes will be made
Summary
Bill C-22, the Lawful Access Act, 2026, makes it easier and faster for police, public officers, and Canada's spy agency (CSIS) to get digital information — like who owns a phone account or what data was transmitted — when investigating crimes or threats to national security. It updates the Criminal Code and several other laws to allow things like demanding telecom companies confirm if they serve a specific person, getting court orders for subscriber information, and in urgent situations, seizing some data without a warrant. It also allows Canadian authorities to formally request data from foreign telecom companies. Part 2 of the bill creates a brand new law called the Supporting Authorized Access to Information Act. This law requires certain electronic service providers (like internet or app companies) to build and maintain technical capabilities that let authorized investigators access information when legally permitted. Companies that don't comply can face inspections, fines, and criminal charges. The Minister of Public Safety can also issue secret orders to specific companies requiring them to assist with access. The bill was introduced to modernize Canada's surveillance and data-access laws, which haven't kept up with how communications technology has changed. It aims to close gaps that make it hard for law enforcement and intelligence agencies to get digital evidence quickly and lawfully.
Automatically generated from bill text using Claude
Vibes
0 responses