Listen to this Post
Introduction
In a major shake-up to internet security protocols, Google has announced that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock starting August 1, 2025. This move, to be implemented in Chrome version 139, marks a firm stand by Google against repeated compliance failures and unfulfilled improvement commitments from these Certificate Authorities (CAs). With this decision, Chrome users attempting to access websites using certificates from these CAs will be met with privacy warnings, severely impacting trust and user experience. The decision is not isolated either; it follows Google’s broader mission to tighten browser security and enforce higher compliance standards across the web.
Chunghwa Telecom and Netlock Certificates to Lose Chrome Trust Starting August 2025
Google is revoking trust in the root CA certificates of Chunghwa Telecom and Netlock, which have long been part of the Chrome Root Store, meaning they were trusted by default for secure HTTPS communications. According to the official announcement, this action stems from a persistent pattern of compliance violations and a failure by both CAs to deliver on promised improvements.
Chunghwa Telecom, the largest telecom provider in Taiwan, manages public CAs like ePKI and HiPKI. These issue digital certificates crucial for encrypted communications. Similarly, Hungary-based Netlock has been a key digital certification provider in Europe, particularly known for its Arany Root CA.
Starting with Chrome version 139, scheduled for release on August 1, 2025, users visiting websites that still rely on certificates from these authorities will see a “Your connection is not private” warning. Although it will still be possible to bypass the warning, the user experience and trust will be significantly degraded.
The move affects only Google Chrome; other browsers like Safari, Firefox, and Edge rely on their own certificate trust stores and are not impacted. Enterprises can continue using the certificates internally by adding them as locally trusted roots, but for public-facing sites, Google urges web admins to switch to trusted CAs immediately. Certificates issued before July 31, 2025, will remain valid, but waiting to replace them is discouraged.
This action mirrors Google’s similar step against Entrust in 2024, which also lost trust over compliance issues and a lack of meaningful progress. The recent enforcement actions are part of Google’s new strategy, rolled out in March 2025, to impose stricter requirements for all CAs issuing publicly trusted HTTPS/TLS certificates. Chunghwa and Netlock are the first to be held accountable under these tighter standards, and more could follow if others fail to comply.
What Undercode Say:
This bold move by Google
By removing Chunghwa Telecom and Netlock from its Chrome Root Store, Google is sending a clear message to the entire CA ecosystem: credibility is not negotiable. Google has adopted a zero-tolerance approach, particularly after repeated instances where CA operators failed to uphold the integrity demanded by their position. Chunghwa and Netlock’s inability to demonstrate improvement suggests systemic issues within their organizations — not just isolated missteps.
This also signals a broader shift: tech giants are no longer just enforcers; they’re shaping governance. Chrome, with its dominant market share, has the power to significantly influence web standards, often outpacing regulatory bodies. The implementation timeline gives website operators about two months to act, which underscores the urgency and the weight of Google’s decision.
Interestingly, while the move may cause disruption in the short term, it’s a proactive investment in long-term trust. End users may not understand the technical details of root stores, but they certainly recognize browser security warnings. These interruptions can quickly erode confidence in sites that appear unsafe, even if the issue lies with the certificate provider.
Web administrators are now faced with a logistical challenge: replacing certificates across potentially thousands of domains, sometimes manually. Organizations relying heavily on Chunghwa or Netlock will need to audit their infrastructures, migrate certificates, and possibly even review internal policies for CA selection.
From a geopolitical standpoint, Chunghwa Telecom’s removal is particularly noteworthy. As a state-affiliated telecom in Taiwan, it plays a prominent role in regional infrastructure. This decision may be interpreted differently depending on political and cybersecurity perspectives, especially in the Asia-Pacific region.
Meanwhile, Netlock’s removal could ripple across Europe, where its certificates have been widely used in public and private sectors. Hungarian institutions that relied on its Gold Class certificates must now reassess their security posture and compliance frameworks.
This crackdown by Google is a wake-up call not just to Chunghwa and Netlock, but to all CAs operating under the assumption that their legacy reputation is enough. Trust must be earned and maintained continuously. With Chrome’s new mandatory security standards announced earlier this year, more CAs may face similar scrutiny. Those who fail to modernize or prove compliance will likely find themselves next on the chopping block.
Fact Checker Results:
✅ Google is officially removing trust in Chunghwa Telecom and Netlock due to repeated compliance failures.
✅ The change only affects Google Chrome; other browsers remain unaffected.
✅ Certificates issued before July 31, 2025, remain trusted but should still be replaced quickly. 🔐
Prediction:
Google’s enforcement against Chunghwa Telecom and Netlock sets a precedent that will likely extend to more CAs in 2026. As new compliance requirements tighten, smaller or regional certificate authorities that struggle with modernization and transparency may also be dropped. Expect a more centralized CA ecosystem dominated by entities that can meet rigorous standards. Web admins will increasingly opt for CAs with proven track records, and we may see industry consolidation as a result. This could lead to better overall web security, but also raises concerns about monopolization in the trust landscape.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub:
https://www.quora.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
