Encrypted messaging service Signal has warned that it will withdraw from Sweden if the government proceeds with a proposed data retention law that would mandate backdoors for law enforcement access.
Signal’s president, Meredith Whittaker, stated in an interview with Swedish news outlet SVT Nyheter that the company would rather leave the Swedish market than compromise its encryption model.
The proposed legislation, set for a parliamentary vote in March 2026, aims to compel messaging services such as Signal and WhatsApp to store all user communications for potential law enforcement access. The Swedish Security Service (Säpo) and the National Police Authority have expressed support for the measure, arguing that access to encrypted communications is critical for crime prevention. However, Försvarsmakten (the Swedish Armed Forces) and cybersecurity experts warn that such a requirement would introduce significant security vulnerabilities.
Signal, operated by the nonprofit Signal Foundation, is widely recognized for its commitment to privacy and security through end-to-end encryption — ensuring that only the sender and recipient can read messages. Whittaker emphasized that introducing a backdoor would undermine this encryption, exposing user data to potential breaches.
“If this law passes, Sweden would be asking us to break the encryption that is fundamental to our service. We would rather exit the market than create vulnerabilities that could be exploited by third parties,” Whittaker stated.
Army objects to the law proposal
News about Signal’s potential exit comes just days after the Swedish Armed Forces formally adopted the app for non-classified communications. Brigadier General Mattias Hanson, the military’s Chief Information Officer, directed personnel to use Signal to mitigate the risks of eavesdropping and number spoofing in telephone networks. The move aligned Sweden’s defense sector with international military and government agencies that rely on Signal for secure communications.
However, the proposed law directly contradicts the Försvarsmakten’s cybersecurity stance. The military has formally objected to the legislation, warning that it would create systemic vulnerabilities that could be exploited by foreign actors. In a letter to the government, Försvarsmakten explicitly stated that such measures “cannot be implemented without introducing backdoors that could be leveraged by third parties.”
Governments push for backdoors
Sweden’s proposal reflects an increasing global push for government-mandated access to encrypted data. This case bears similarities to the UK government’s recent backdoor order against Apple. The UK compelled Apple to disable Advanced Data Protection (ADP) — its end-to-end encryption feature for iCloud backups — after secretly issuing a technical capability notice under the Investigatory Powers Act. Apple refused to weaken encryption globally and instead disabled ADP entirely for UK users.
These developments highlight a broader clash between privacy advocates and law enforcement agencies, with tech companies increasingly choosing to withdraw features — or entire services — rather than compromise encryption.
If Sweden’s proposed law passes, Signal’s withdrawal could set a precedent, prompting other secure communication platforms to reconsider their presence in the country. Users in Sweden may need to explore alternative encrypted services, but the effectiveness of such apps would remain uncertain under a legal framework requiring data retention.
HIBP Adds 284 Million Stolen Credentials from Infostealer Logs
Hi Alex, thanks for your post. Would you recommend in that case, using a proxy to bypass that block in Sweden? https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support