Privacy-focused messaging app Signal has signaled it could exit Canada if forced to comply with the government’s proposed lawful access framework. The legislation, Bill C-22, would require electronic service providers to enable surveillance capabilities and retain user metadata for up to a year, part of a broader effort to aid law enforcement in investigating crimes such as terrorism and child exploitation.

In an interview with The Globe and Mail, Signal’s vice president of strategy and global affairs, Udbhav Tiwari, argued that the bill could threaten end-to-end encryption and leave private messaging services vulnerable to cyberattacks. He said Signal would rather pull out of Canada than compromise on the privacy commitments it has made to users.

Key takeaways

• Bill C-22 would compel tech and messaging providers to build surveillance mechanisms and retain certain user metadata for up to a year to assist law enforcement.
• Signal warns the legislation could undermine encryption and expose private communications to external threats, potentially prompting an exit from Canada.
• The bill is not law yet; parliamentary committee hearings began on May 7 and are ongoing.
• Industry players have mixed reactions: Meta welcomed selective provisions for evidence gathering but raised privacy and cybersecurity concerns, while Windscribe signaled it would consider following Signal if the bill passes.
• The debate echoes broader privacy-security tensions seen in Europe, notably around chat control and client-side scanning proposals.

Encryption under pressure as Bill C-22 advances

The bill, introduced in March as part of a wider regulatory package, would mandate electronic service providers to equip themselves with surveillance capabilities and retain metadata for a defined period. Proponents say the framework would bolster law enforcement’s ability to investigate serious crimes, from terrorism to child exploitation. Critics, however, warn that such measures could erode user privacy and undermine the security guarantees that underlie popular encrypted messaging apps.

Signal’s position highlights a broader industry risk: if end-to-end encryption becomes compromised or undermined by compelled access, the usability and trust in private messaging could be diminished. The Globe and Mail reported that Udbhav Tiwari described the bill as potentially creating vulnerabilities that could be exploited by hackers, undermining the privacy promises Signal offers to its users.

Public discussion around Bill C-22 has already touched on comparisons with the European Union’s controversial privacy proposals, which critics say could push for client-side scanning or other measures that would weaken encryption. The debate frames a larger, ongoing tension between privacy protections and increasing government capability to monitor communications in the name of safety and security.

Industry responses and political context

Tech giants have weighed in with nuanced takes. Meta, for its part, welcomed certain aspects of Bill C-22, arguing that it would provide law enforcement with a clearer legal framework to obtain evidence and protect public safety, while also signaling concerns about the potential impact on Canadians’ privacy and cybersecurity. The company’s stance reflects a common industry position: support for effective enforcement tools, tempered by a demand for clear privacy safeguards.

Canada’s political scene has also spotlighted the privacy-versus-security debate. A post by a Conservative Party Member of Parliament on X asserted that “every member of Parliament in the country uses Signal primarily for its safety and privacy features,” contending that the bill would undermine that privacy. In response, Signal’s leadership indicated it would resist any mandate that compromises user confidentiality.

The bill is not yet law; it must pass through parliamentary review and receive royal assent before taking effect. Committee hearings, which began on May 7, are still underway, signaling that the legislative process could stretch as lawmakers weigh the balance between enforcement capabilities and privacy protections.

Beyond Signal, Windscribe, a VPN provider, warned that the law’s requirements could force providers to log identifying data. In a post responding to The Globe and Mail coverage, Windscribe said it would likely follow Signal in reconsidering its Canadian operations if C-22 advances, arguing that the current draft threatens the core privacy premise of VPNs and similar services.

What comes next for privacy, security, and startups

The unfolding debate places Canada at a crossroads similar to regulatory moves in other regions. As lawmakers refine Bill C-22, observers will be watching not only whether the bill gains passage but how it will affect service design, data retention practices, and cross-border service provision for privacy-centric apps and networks. For developers and users who rely on strong encryption, the central questions are whether the proposed framework can preserve privacy guarantees while providing lawful access tools for investigators, and how firms will operationalize those demands without creating exploitable weak points.

Industry watchers should monitor the committee hearings for clues about potential amendments, as well as any clarifications from tech platforms on how they would implement or resist compliance. The regulatory trajectory in Canada could influence similar debates elsewhere, shaping how privacy-preserving services balance user trust with perceived public safety needs in the months ahead.

Readers should keep an eye on the next set of committee proceedings and any official statements from Signal, Windscribe, and other stakeholders as they gauge how far the government intends to push lawful access measures and what that means for encryption-centric communication tools going forward.

Major South Korean financial conglomerate Hana Financial is buying a stake in Dunamu, the operator of the crypto exchange Upbit, in its latest venture into the digital assets sector, amid a broader trend of traditional financial institutions wading into the digital assets market.

In a regulatory filing on Friday, Hana Financial announced it is buying more than 2.2 million shares in Dunamu, or roughly 6.55% of the company, from investment firm Kakao Investment, worth over 1.003 trillion Korean won ($668 million).

Hana Financial’s 6.55% stake from Kakao makes it the fourth-largest Dunamu shareholder. South Korean outlet The Chosun Daily reported last September that major shareholders of Dunamu include its chairman Song Chi-hyung with 25.5%; Vice Chairman Kim Hyoung-nyon with 13.1%; Kakao with 10.6% and Woori Technology Investment with 7.2%.

Hana Financial said in the filing that the acquisition is to secure “competitiveness in new finance through strategic equity investment.” At the same time, Kakao also filed regarding the sale and said it was keeping 1.4 million shares on its books while offloading the rest to secure “funds for future investments.”

Hana Financial is buying more than two million shares in Dunamu, or roughly 6.55% of the company. Source: DART

A growing number of banks and traditional financial institutions have started to dip their toes into crypto after years of skepticism. Mirae Asset Consulting, an affiliate of South Korean multinational financial services company Mirae Asset Group, acquired a controlling stake in crypto exchange Korbit in February.

Earlier in the year, fellow exchange Coinone announced it was exploring the sale of shares held by its chairman, with local financial institutions and foreign exchanges rumored to be circling. South Korean tech company Naver Financial also agreed last year to acquire Dunamu through a share swap, bringing the Upbit operator under its umbrella.

Hana Financial very active in crypto sector 

The financial conglomerate has been very active in the crypto sector. Hana Financial signed a trilateral memorandum of understanding in April to launch a blockchain-based remittance system with POSCO International and Dunamu. 

Related: South Korea crypto holdings halve in a year as investors turn to stock market

Meanwhile, in March, it struck a deal with the UK’s Standard Chartered Group to collaborate on global financial and digital asset markets, and also inked agreements with USDC issuer Circle and major US crypto exchange Crypto.com to promote stablecoin-based payments for foreign visitors in South Korea.

Magazine: eToro founder timed Bitcoin top perfectly due to belief in 4 year cycles 

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

OKX has moved closer to securing a major foothold in South Korea after entering talks to acquire a substantial stake in local crypto exchange Coinone alongside Korea Investment & Securities.

According to Yonhap News Agency, OKX and Korea Investment & Securities are each seeking to purchase roughly 20% of Coinone. 

The report stated that the exchange is expected to issue new shares for the transaction rather than transfer existing holdings, a structure that would likely leave Coinone’s current management intact.

If regulators approve the deal, OKX would become the second overseas crypto exchange to take ownership in one of South Korea’s major trading platforms after Binance acquired a stake in Gopax.

Among South Korea’s licensed exchanges, Coinone remains part of the country’s small group of platforms permitted to offer fiat-to-crypto trading services. Trading activity in the domestic market, however, is still heavily concentrated around Upbit and Bithumb.

Arriving within hours of another major investment announcement, the reported OKX transaction follows confirmation from banking group Hana Financial Group that it plans to acquire a $670 million stake in Dunamu, the parent company behind Upbit.

Earlier this year, financial conglomerate Mirae Asset also announced plans to buy a 92% stake in Korbit, another exchange operating within the country’s top tier.

At the same time, South Korean lawmakers are discussing ownership restrictions for digital asset firms under the proposed Digital Asset Basic Act. Local media reports said authorities are considering limiting corporate ownership in crypto exchanges to 34%, while individual shareholders could face a 20% ceiling.

Yonhap reported that Coinone’s current ownership structure may already place attention on those proposed limits. The One Group holds 34.3% of the exchange, while founder Cha Myung-hoon owns 19.14%. Cha is also identified as the largest shareholder in The One Group.

Gaming company Com2uS Holdings controls another 21.95% stake in Coinone, according to Yonhap, while affiliated investment unit Com2uS Plus owns 16.47%.

OKX expands beyond trading infrastructure

The Coinone talks add to a period of aggressive expansion for OKX across payments, institutional services, and blockchain infrastructure.

As previously reported by crypto.news, in Europe, the exchange recently disclosed transaction data from its OKX Card, a stablecoin-linked payment product launched with Mastercard and Circle support. According to OKX, grocery purchases accounted for 26% of transactions made through the card during its first month across the European Economic Area, while restaurants and online marketplaces represented another large share of activity.

Separately, OKX unveiled its Agent Payments Protocol in April, an open framework designed to allow AI agents to complete commercial actions such as payments, escrow, settlement, and dispute handling across multiple blockchains. OKX said the protocol was developed with support from ecosystems including Ethereum, Base, Sui, Aptos, and Optimism.

Institutional services have also remained part of the exchange’s recent expansion plans. Through a partnership with BitGo, OKX integrated off-exchange settlement services in the U.S., allowing institutional clients to trade while assets remain under third-party custody.

Canada’s privacy-focused messaging app Signal has signaled it may exit the Canadian market if compelled to comply with Bill C-22, the government’s proposed lawful access legislation. The draft bill would require electronic service providers to build surveillance capabilities and retain certain user metadata for up to a year, underscoring a key policy tension between national security objectives and strong end-to-end encryption.

In an interview with The Globe and Mail, Signal’s vice president of strategy and global affairs, Udbhav Tiwari, warned that the bill could threaten encryption and leave private messaging services more vulnerable to cyberattacks. Bill C-22 was introduced in March as part of a broader regulatory package intended to aid law enforcement investigations into crimes such as terrorism and child exploitation.

The debate has drawn criticism from privacy advocates and mirrors wider concerns within the European Union around encryption and compelled access. Critics point to potential privacy trade-offs and the risk of creating exploitable weaknesses in communications platforms. On social media, Canadian Conservative Party MP Jacob Mantle argued that many MPs rely on Signal for safety and privacy, contending that the bill would allow the government to read messages and undermine trust in private communications.

Tiwari said Signal would “rather pull out of the country” than compromise on the privacy promises it has made to users. He warned that the proposal could enable hackers to exploit built-in vulnerabilities in electronic systems, turning private messaging services into possible targets for foreign adversaries.

The bill remains pending and is not law yet; committee hearings began on May 7 and are ongoing as part of the legislative process. Meanwhile, tech platforms have offered mixed reactions. Meta Platforms welcomed certain aspects of Bill C-22, noting that it would give law enforcement a framework to obtain critical evidence and protect public safety, while also raising concerns that some provisions could affect Canadians’ privacy and cybersecurity.

Windscribe, a privacy-focused VPN provider, joined Signal in signaling concern. In a post responding to The Globe and Mail, Windscribe said it would follow Signal’s potential move out of Canada, arguing that the law would require the logging of identifying user data and stifle privacy protections. The company criticized the current text as incompatible with its focus on user privacy and warned that headquarters in Canada could face direct regulatory pressures and higher operating costs if the bill passes.

Cointelegraph reached out to Signal for comment and will update the article if the company provides a response. The broader policy discussion surrounding Bill C-22 sits within a wider, global debate over how to balance law enforcement access with robust encryption and privacy protections. Observers note that the Canadian process could influence how privacy tech firms operate in Canada and how cross-border services approach compliance obligations in a jurisdiction that contemplates sweeping data-retention and access requirements.

Key takeaways

• Bill C-22 would compel electronic service providers to enable lawful-access capabilities and retain certain user metadata for up to one year, shaping how digital communications can be monitored by authorities.
• Signal has threatened to exit Canada rather than compromise on encryption and user privacy, highlighting potential operational and strategic shifts for privacy-centric services in regulated markets.
• Windscribe’s response indicates that a similar trajectory could affect VPN providers and other privacy tools, with possible implications for data logging and local data retention obligations.
• The bill is not law yet; parliamentary committee hearings began May 7 and are ongoing, leaving significant regulatory uncertainty for industry and users.
• Industry responses are divided: some tech platforms support enhanced law-enforcement access, while others warn of privacy and cybersecurity risks and potential compliance burdens for global services.

Bill C-22: Scope, process, and practical implications

Bill C-22 is positioned as part of Canada’s effort to equip law enforcement with timely and effective tools to investigate serious crimes. If enacted, electronic service providers would be required to design and deploy technical capabilities that enable lawful access to communications and to retain relevant user metadata for an extended period. The stated objective is to bolster investigations into terrorism and child exploitation, among other offenses. However, the proposal raises practical questions for platform operators, particularly around how to preserve security and privacy while meeting new obligations.

From a regulatory compliance perspective, the bill would introduce new obligations that could influence licensing, oversight, and ongoing conformity assessments for digital service providers operating in Canada. For financial institutions and crypto firms with Canadian operations, the framework could intersect with AML/KYC expectations and cross-border data handling requirements, prompting reassessment of data localization, incident response, and vendor management practices.

Encryption, privacy, and security tensions in a global context

The proposal sits at the center of a broader policy discourse about encryption integrity and lawful access. Signal’s public stance reflects a principled commitment to end-to-end encryption and privacy architecture, arguing that mandated backdoors or scan capabilities can introduce systemic risks and create vulnerability windows that adversaries might exploit. The debate resonates with discussions in the European Union around proposals that would enable scanning and data access at the client side, which have faced stiff opposition on privacy and security grounds. The Canadian consideration therefore contributes to a larger policy milieu in which encryption remains a pivotal issue for both private sector innovation and public safety.

For institutions and market participants, the evolving stance on lawful access raises questions about cross-border operations, data-residency requirements, and the extent to which regulatory divergence may affect the resilience of communications infrastructure. While some policymakers emphasize the public-safety rationale, industry observers highlight the risk that increased monitoring capabilities could undermine trust in digital services and complicate compliance for global platforms that rely on end-to-end encryption by default.

Industry responses, oversight, and the regulatory horizon

The bill’s reception among tech platforms reflects a split between public-safety objectives and privacy protections. Meta’s public position acknowledged the potential benefits of a robust evidentiary framework for enforcement while cautioning that certain provisions could impact Canadians’ privacy and cybersecurity. The company’s stance illustrates how large platform operators may seek to balance lawful-access objectives with user protections and risk management liabilities.

Signal’s leadership has framed the regulatory proposition as a fundamental privacy issue, suggesting that complying with C-22 could compromise user trust and the core privacy guarantees it offers. In this context, market participants that rely on private communications and privacy tools – including VPN providers like Windscribe – have sounded caution about operational viability and user data practices if such mandates become law.

From a compliance and risk-management standpoint, the unfolding legislative process requires careful monitoring by legal teams, regulators, and corporate governance functions across crypto firms and fintechs. Beyond the legal text, enforcement trajectories, rulemaking, and potential transitional provisions will determine how quickly and in what form any new requirements would apply to service providers and their affiliates. The current stage of hearings means significant policy refinement remains possible, with stakeholders attempting to influence the balance between investigative efficiency and privacy protections.

According to Cointelegraph’s coverage, the Canadian debate on lawful access is part of a broader global pattern in which regulators search for a workable equilibrium between security objectives and cryptographic integrity. For institutions, this signals a continuing need to assess regulatory exposure, update privacy-by-design practices, and adjust incident-response playbooks to reflect evolving requirements across jurisdictions.

As the legislative process advances, observers should watch for the clarifications that typically accompany committee stage, including definitions of service-provider scope, retention timelines, data-minimization principles, and the specific mechanisms by which access would be authorized and audited. The outcome will influence not only Canadian privacy and security norms but also the strategic choices of international platforms operating in Canada and other similarly situated markets.

Closing perspective: The Bill C-22 debate underscores the enduring tension between privacy preservation and public-safety imperatives in the digital era. For crypto firms, messaging platforms, and privacy services, the key questions revolve around enforceability, risk exposure, and the degree to which regulatory adaptations can be reconciled with robust cryptography and user trust. The path forward will depend on legislative negotiations, regulatory guidance, and how any final law addresses both the legitimate needs of law enforcement and the protections that underpin secure, private communications.