The European Union continues on its path to eIDAS 2.0, which includes the controversial Article 45 that basically tells browsers which certification authorities (CAs) to trust. eIDAS, which stands for electronic identification and trust services, is a framework aimed at regulating electronic transactions. As part of this proposal, the EU wants to support embedding identities in website certificates. In essence, the goal is to bring back Extended Validation (EV) certificates.
Browsers—of course—don’t want that, but the real problem is the fact that, with the legal text as it is at the moment, in its near-final form, the EU gets the final say in which CAs are trusted. The global security community has been fighting against Article 45 for more than two years now; we wrote about it on a couple of occasions. As of November 2023, the European Council and Parliament have reached a provisional agreement. The next step is for the law to be put to the vote, which is usually a formality.
It's stupid shit like this why regulation is not the answer to big tech. But then we wouldn't need regulation if big tech didn't ruin all that was good about the Internet to begin with.
People are the problem. At large scale they turn everything to shit. Both in the private sector and in the public sector. Both meddling, making decisions on your behalf. In all cases taking your power away. It was better when we were just small communities, suffering and learning from the consequences of our own actions.
How are they going to enforce it? Ban Firefox, Waterfox, *fox from the EU? Pigeon-hole themselves into using Chrome on their quest for "digital sovereignty"?