End-to-end encrypted messaging has been a thorn in the side of lawmakers for a while now, and although many companies like Apple already offer backdoors and pre-screening of messages for illegal content as demanded by the US government, this is new for the EU. The eIDAS regulation aims to force software companies to create backdoors into such messaging services. What precedent does this set for say, hardware wallets? What are the options if this passes?
Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government. Which CAs? Specifically the CAs that were appointed by the government, which in some cases will be owned or operated by that selfsame government. That means cryptographic keys under one government’s control could be used to intercept HTTPS communication throughout the EU and beyond.