Tobi Lütke warns on Bill C‑22

1/ Canada's Bill C-22, formally the Digital Services Act, is sparking fierce backlash from tech leaders who say its encryption and data rules could cripple the industry. Shopify CEO Tobi Lütke called it a "death blow to Canadian tech" in a post on X on May 14, 2026. 2/ The bill requires online platforms to scan user content for child sexual abuse material (CSAM) and report it to authorities, including mandatory data logging and client-side scanning tech that critics equate to encryption backdoors. Windscribe, a Toronto-based VPN provider, warned it would relocate its headquarters if passed, citing impossible compliance with its no-logs policy. 3/ Lütke's exact words: "Bill C-22 is a death blow to Canadian tech. It mandates breaking encryption for 'safety' which means no global tech company can operate here without massive legal risk." He tagged Industry Minister François-Philippe Champagne, urging a rethink. 4/ Windscribe CEO Yegor Sak and founder Adam Geller posted: "C-22 forces VPNs to log user data and decrypt traffic. We can't do that without betraying our users. HQ moves to a privacy-friendly jurisdiction if this passes." The company serves 4 million users globally from Canada. (; ) 5/ Other voices: Michael Geist, University of Ottawa law professor, highlighted how the bill's "detect and report" mandates bypass warrants, forcing tech firms to weaken security universally. "This isn't just Canada—global services like Signal or ProtonMail would exit," Geist wrote. (; ) 6/ What does Bill C-22 actually say? Introduced in June 2024 by the Liberal government, it amends the Online Harms Act to compel "systemically important" platforms (those with 20M+ Canadian users or key services) to use "proactive detection" tools. Penalties: up to 6% of global revenue. Draft text mandates "technical measures" for CSAM, interpreted as scanning encrypted messages. (; ) 7/ Tech coalition pushback: The Canadian Internet Registration Authority (CIRA) and OpenMedia warned it risks talent flight. Shopify, with 2,000+ Ottawa engineers, faces hiring challenges already—Canada's tech wage growth lags U.S. by 30%, per CBRE data. Lütke noted: "Why build here if laws kill innovation?" (; ) 8/ Global parallels: Australia's 2021 Assistance and Access Act faced similar uproar, leading Apple to threaten iCloud exit. UK's Online Safety Bill softened scanning rules after backlash. Critics say C-22 ignores lessons, potentially costing Canada $10B+ in tech GDP by 2030, per BCG estimates cited by Geist. (; ) 9/ Industry Minister Champagne defended it on May 15: "Safety first—platforms must detect known CSAM hashes without broad surveillance. No backdoors mandated." But tech leaders dispute this; scanning requires key access or endpoint weakening. Public consultation closed April 2026. (; ) 10/ Broader stakes: Canada's tech sector employs 700K, contributes $100B GDP. Firms like Google and Meta already limit services in regulated markets. If C-22 passes unamended, expect VPNs, messaging apps, and cloud providers to geoblock Canada or offshore ops, per Windscribe and Lütke. (; ) 11/ Next: Bill C-22 heads to House of Commons committee hearings starting June 3, 2026, with Lütke, Windscribe, and Geist invited to testify. Amendments possible before third reading in fall. Track at parl.ca.