The federal government has fast-tracked Bill C-22, An Act respecting lawful access (Bill C-22) as Parliament rises for the summer on June 18, 2026. A motion on the Order Paper introduced on June 15 and passed on June 17 directed the Standing Committee on Public Safety and National Security (SECU) to complete its clause-by-clause review, limit further amendments and restrict debate, leading the House of Commons to pass Bill C-22 at third reading just before Parliament’s summer recess. [1] Upon return on September 21, the Senate will take up its study of Bill C-22.

Introduced only a few months ago, Bill C-22 proposes the Supporting Authorized Access to Information Act (the SAAIA), as well as institutes new types of lawful access requests and judicial authorizations in the Criminal Code, the Canadian Security Intelligence Service Act (the CSIS Act) and the Mutual Legal Assistance in Criminal Matters Act (the MLACM Act). While other commentators have flagged Bill C-22’s potential implications for privacy and Charter rights, we focus on the implications of Bill C-22 for electronic service providers (as defined in the SAAIA) and telecommunications service providers (as defined in the Telecommunications Act). In particular, we examine the implications for both electronic and telecommunications service providers arising from (1) expanded scope of providers that are subject to existing and new lawful access obligations; and (2) new obligations to render wireline networks and systems intercept-capable.

Expanded scope of lawful access requests and potential recipients

Under the Criminal Code and CSIS Act, law enforcement officials may seek judicial authorization of production, wiretap, preservation and search and seizure orders. However, the existing regime is poorly adapted to the migration of criminal activity to the online and increasingly global context.[2] In response, Bill C-22 proposes amendments that would enable law enforcement to request new types of information, including without judicial authorization:   

  • Confirmation of service demands: Telecommunications service providers (TSPs) would be required to confirm whether or not they provide or have provided telecommunications services to any subscriber or client, or to any account or identifier within a specified period of time and in a specified manner. Notably, law enforcement agents can make such demands without judicial authorization as long as they have reasonable grounds to suspect an offence (under the Criminal Code or any other federal Act) will be committed or the confirmation will assist in an on-going investigation of such an offence.  
  • Blanket authorization to search ‘similar things’: In connection with warrants for tracking data or transmission data, a judge may authorize searches of ‘similar items’ that a person uses, carries, or wears, even if such ‘similar things’ are unknown at the time the warrant is issued in the scope of the warrant.
  • Expanded scope of service providers required to produce subscriber information and transmission data: Beyond TSPs, Bill C-22 expands the scope of persons who may be ordered to produce “subscriber information” (as defined in Bill C-22) and transmission data to now include persons who provide services to the public and foreign entities that provide either telecommunications services or services by means of telecommunications providers.

The proposed changes to the production of subscriber information and transmission data from foreign entities is intended to create an effective tool to facilitate cross-border flows of information and data for criminal investigations. Canadian law enforcement agencies presently procure information and data from other jurisdictions through the mutual legal assistance process, which is often protracted. [3] This is mirrored in amendments to the MLACM Act to create a process through which the Minister of Justice will receive requests to enforce foreign decisions ordering the production of transmission data or subscriber information located in Canada. The Minister of Justice (or a designated authority) must then apply to a Canadian court for authority to enforce the foreign decision in Canada. According to the Department of Justice, this layer of judicial oversight ensures that requests are compliant with Canadian law and the Charter protections against unreasonable search and seizure.[4] 

It is clear that cross-border production is an area that requires statutory reform. Across Canada, the uncertainty regarding law of jurisdiction over corporations without a physical presence has resulted in conflicting decisions between the provinces and at various court levels, including The King v. OVH (OVH)[5]. In OVH, the Ontario Court of Justice (the OCJ) upheld its production order and dismissed the application from the French parent OVH company and its Canadian subsidiary to revoke or vary the production order. The OCJ held that the court had in personam jurisdiction over the French parent corporation by virtue of its “virtual presence” in Canada and furthermore, its Canadian subsidiary, which operated data centres in Québec and Ontario, had access to the data stored on servers controlled by the French parent in France, and its respective subsidiaries in the United Kingdom and Australia. The judgment of the OCJ in OVH is currently under appeal.

Mandated technical capabilities for interception

Currently, only mobile wireless carriers are required to maintain intercept capabilities; there is no corresponding obligation in the wireline context. Instead, law enforcement agencies have relied on ad hoc arrangements with TSPs to implement and maintain such capabilities, leading to a lack of standardization with regards to whether and how much TSPs are compensated in such arrangements.[6]

The SAAIA seeks to standardize intercept capabilities through future regulations which will require ‘core’ electronic service providers to implement and maintain intercept capabilities which enable lawful access, as well as metadata retention for up to six months. Building on this framework, all electronic service providers (whether ‘core’ or not) would be required to, among other things, comply with any orders made by the Minister of Public Safety and Emergency Preparedness (the Minister). The content of the Minister’s orders could mirror the regulations imposed on ‘core’ providers, but otherwise there are no overt limits for the parameters of such orders. The Minister’s ability to issue orders is circumscribed by the requirement that the Intelligence Commissioner approve such orders.  

As Parliament rises for the summer, calls for amendments to guard against the possibility of providers being required by regulations to build or maintain capabilities which would weaken or bypass end-to-end encryption, were only partially answered by last-minute amendments. In the same vein, the question of who will bear the costs of compliance with the SAAIA remains open. Under the SAAIA, the Minister may compensate an electronic service provider for the costs of compliance with any of the Minister’s orders, but there is no parallel provision to enable compensation for core providers’ compliance with regulations. In the meantime, Canadian TSPs have asked to be reimbursed for enabling intercept capabilities, so that costs of compliance are not borne by Canadian consumers.[7]

Conclusion

Modernizing the tools available to law enforcement is a policy priority for the Carney government. Bill C-22 widens the net of potential respondents with new types of requests and judicial authorizations and many electronic service providers with users in Canada that are outside the scope of the current intercept regime could potentially be captured by future regulations or executive orders.

For more information about Bill C-22 and lawful access obligations in Canada, please reach out to Monica Song and Olivia Graham, members of Dentons’ Canada Communications team.

The authors, Monica Song and Olivia Graham, thank Matthew Alla, summer student, for his contributions to this insight.

[1] House of Commons, Bill C-22, An Act respecting lawful access, third reading as passed by the House of Commons June 18, 2026; see also House of Commons, Votes – 45th Parliament, 1st Session (Monday, May 26, 2026 to Present), Vote No. 172, June 17, 2026 ;see also House of Commons, Notice Paper No. 137, (Tuesday, June 16, 2026), Government Business – No. 13

[2] Bill C-22, An Act respecting lawful access, 2nd Reading, House of Commons Debates, Vol 152, No 101, 1st Session, 45th Parliament, (13 April 2026) at 1205 (Hon. Sean Fraser, Minister for Public Safety).

[3] Department of Justice Canada, “Proposed changes to laws on timely access to information (Bill C-22 – Part 1)” at Part 4–Cooperation requests with international partners (last modified March 12, 2026).

[4] Ibid.

[5] The King v OVH (19 September 2025), Ottawa 24/000659 (ONCJ)

[6] The National Security and Intelligence Committee of Parliamentarians, “Special Report on the Lawful Access to Communications by Security and Intelligence Organizations” (September 2025), at 34–36.

[7] Standing Committee on Public Safety and National Security, No. 38, 1st Session, 45th parl., Evidence (Tuesday, May 26, 2026) at 1905.

Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Monica Song

About Monica Song

Monica Song is the national co-leader of Dentons Canada’s Regulatory group. Monica is a senior administrative and public policy lawyer with a deep understanding of the Canadian legislative and public policy landscape who specializes in advising clients spearheading growth and innovation in the digital economy.

Full bio

Olivia Graham

About Olivia Graham

Olivia Graham is an associate in the Regulatory group in the Ottawa office.

Full bio

RELATED POSTS