Europe's Digital Security Compromised: The Consequences of Article 45 and the EU Cyber Resilience Act
Lawmakers in Europe are expected to adopt eIDAS 2.0, a digital identity legislation that civil society groups argue will compromise internet security and expose citizens to online surveillance. The legislation requires browser makers to trust government-approved Certificate Authorities (CAs) and prohibits them from implementing additional security controls. This means that if a website is issued a certificate from a government-backed CA, the government can intercept and decrypt the encrypted HTTPS traffic between the website and its users, potentially allowing for surveillance. Mozilla, Google, and other organizations have raised concerns about the legislation and are urging EU lawmakers to revise it.