EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…
This isn’t it. You can use a separate CA for identification and for websites (TLS). If this were the problem, they could use any existing CA for their websites and their own for identifying the user - since that doesn’t involve the browser trusting the ID CA.
See RFC 5280, Section 4.2.1.3, Key Usage: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3
I guess you’re right. Maybe it is about spying after all.