The Council of the European Union this week adopted new language for regulations governing internet systems that may put the security of your browser at greater risk.The new language affects the EU’s electronic identification, authentication and trust services (eIDAS) rules, which are supposed to...

“In a nutshell, the EU is mandating that browsers accept EU member state-issued Certificate Authorities (CAs) and not remove them even if they are unsafe. If you think this sounds bad, you’re right. Multiple times, EFF, along with other security experts and researchers, urged EU government regulators to reconsider the amended language that fails to provide a way for browsers to act on security incidents. There were several committees that supported amending the language, but the EU council went ahead and adopted this highly flawed language.”