Google Removes Certificate Authorities: Impact on Web Security and Compliance Standards

| Editorial Team
3

Google Removes Two Certificate Authorities from Chrome's Trusted List

Google has announced the removal of two certificate authorities (CAs) – Chunghwa Telecom and Netlock – from Chrome's default trusted list due to ongoing compliance issues. The change will take effect with Chrome version 139's release on August 1, 2025. This decision highlights the critical importance of maintaining robust website security measures.

The decision reflects Google's diminishing confidence in these CAs following a pattern of concerning behavior over the past year that failed to meet expected security standards. This move could significantly impact websites using certificates from these authorities.

Security Implications and Industry Response

The removal of these CAs stems from multiple violations of the CA/Browser Forum's Baseline Requirements, which establish global standards for publicly-trusted certificate authorities. Jason Soroko, Senior Technical Expert at Sectigo, explains the specific compliance failures:

"Both CAs repeatedly went past the Baseline-Requirement revocation deadlines, leaving invalid certificates active beyond the allowed window," Soroko notes. "High-risk problems require certificate revocation within 24 hours, while most other issues have a five-day maximum deadline."

Impact on Web Security and Business Operations

The decertification of these authorities could have far-reaching consequences for organizations using their certificates. Thomas Richards, Infrastructure Security Practice Director at Black Duck, emphasizes the potential disruption:

"Removing these root CA certificates from Chrome can disrupt secure TLS communications with any host using their certificates. While this may impact customer websites, accountability and compliance are fundamental requirements for maintaining trust in the digital ecosystem."

Understanding the benefits of proper SSL certificate implementation is crucial for maintaining online security and customer trust.

Protecting Your Digital Assets

For businesses and website operators, this development highlights several important considerations:

  • Organizations using certificates from Chunghwa Telecom or Netlock should plan to transition to other trusted CAs
  • Regular audits of certificate authorities and compliance measures are crucial for maintaining digital trust
  • Companies should implement robust certificate management processes to prevent security disruptions

The removal of these CAs from Chrome's trusted list underscores the critical importance of maintaining strict security standards in digital certificate management. As online security threats continue to evolve, such enforcement actions help maintain the integrity of internet security infrastructure.

To ensure long-term protection, businesses should focus on implementing comprehensive e-commerce security measures that go beyond basic certificate management.

Organizations should:

  • Verify their current certificate authorities
  • Plan necessary transitions if affected
  • Review certificate management practices
  • Monitor industry changes and requirements
  • Maintain compliance with security standards
Editorial Team
You might also like

11 Vital Data Security Tips all Businesses must implement

Cybersecurity as a Service (CaaS): What benefits does CaaS bring for your Business?

Managing Technical Debt: Effective Strategies for Software Development

How to Select Multiple Files in Google Drive

Exploring Amazon to eBay Arbitrage: Pros and Cons

Outsourcing your IT Services