Build Canada LogoBuilder MP
← Back to bills

Expanded Lawful Access for Digital Accounts

An Act respecting lawful access

Summary

  • Modernizes Criminal Code and CSIS authorities to speed up access to basic subscriber and transmission data, including a new "confirmation of service" demand to telecoms, new production orders, foreign production requests, and extended non-disclosure orders.
  • Creates the Supporting Authorized Access to Information Act, empowering government to require designated "core" electronic service providers to build and maintain lawful-access capabilities and retain limited categories of metadata (not content, browsing history, or social media activity) for up to one year.
  • Enables ministerial orders (subject to Intelligence Commissioner approval), inspections, internal audits, administrative monetary penalties, and offences to enforce compliance, with temporary exemptions and discretionary cost compensation possible.
  • Requires an annual public report (with redactions) and mandates a parliamentary review of the framework after three years.

Builder Assessment

Vote No

The bill strengthens public safety tools but does so by imposing broad, open-ended compliance mandates and enforcement powers on electronic service providers, increasing regulatory risk and costs. Despite guardrails like the ban on systemic vulnerabilities and Intelligence Commissioner oversight, the framework conflicts with reducing red tape and risks dampening investment and competitiveness in Canada’s digital economy.

  • Positives: clearer investigative authorities, time-bound retention limited to metadata categories, explicit protection against mandated backdoors, and annual public reporting with independent oversight.
  • Concerns: new audits, inspections, AMPs, offences, and confidentiality gags increase red tape and uncertainty; metadata retention and foreign production enforcement may harm privacy trust and deter investment; ministerial orders are broad and discretionary.
  • Improve alignment: codify clear scale thresholds and safe harbours for SMEs; set statutory, predictable cost-recovery/compensation; narrow retention defaults (e.g., 90 days) and require necessity/proportionality tests; publish provider transparency allowances; hard-code a robust definition of systemic vulnerability to protect encryption; tighten use thresholds and time limits for non-disclosure; sunset high-burden orders unless re-justified with measurable outcomes.

Question Period Cards

What is the government’s estimate of the total compliance cost this bill will impose on Canadian electronic service providers, especially SMEs, and what binding compensation formula will offset those costs?

Share on

How will the regulations define and operationalize the term systemic vulnerability to ensure end-to-end encryption and zero-knowledge architectures are fully protected from mandated weakening?

Share on

Why does the bill rely on the lower reasonable grounds to suspect threshold for subscriber-information demands and non-disclosure orders, and what guardrails will prevent fishing expeditions and protect Canadians’ privacy?

Share on

Principles Analysis

Canada should aim to be the world's most prosperous country.

Improved security can support prosperity, but the bill also imposes costs and compliance burdens on service providers; the net economic effect is unclear.

Promote economic freedom, ambition, and breaking from bureaucratic inertia (reduce red tape).

Introduces new obligations, audits, orders, penalties, and confidentiality constraints for electronic service providers, increasing regulatory red tape.

Drive national productivity and global competitiveness.

Compliance mandates and uncertainty can deter tech scale-ups and foreign entrants, risking a drag on Canada's digital competitiveness despite a safeguard against systemic vulnerabilities.

Grow exports of Canadian products and resources.

Not trade-focused; any reputational effect on Canadian SaaS and cloud exports is speculative at this stage.

Encourage investment, innovation, and resource development.

Potential to chill investment and innovation in Canadian digital services due to metadata retention mandates, enforcement powers, and regulatory uncertainty.

Deliver better public services at lower cost (government efficiency).

Could streamline investigations and cross-border cooperation, but also creates a new regulatory apparatus that likely adds administrative cost for both government and industry.

Reform taxes to incentivize work, risk-taking, and innovation.

Contains no tax measures.

Focus on large-scale prosperity, not incrementalism.

Represents a major security policy framework, but it is not aimed at driving large-scale economic prosperity.

Did we get the builder vote wrong?

Email hi@buildcanada.com

C-22

PartyMinister of Public Safety
StatusAt second reading in the House of Commons
Last updatedN/A
TopicsNational Security, Criminal Justice, Technology and Innovation, Foreign Affairs
Parliament45