EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…
The government CA could just issue a new certificate for let’s say Google, force your ISP to return a wrong IP when you ask your ISPs dns server what the address of Google is and then return a fake Google page instead or forward traffic to Google on your behalf and read all data. And since your browser trusts the new fake Google certificate from the government you won’t get any https error or warning.