Yes, but EU would have to convince Google and Apple to get a new root certificate to browsers.
Not really. They just have to convince an existing CA that cross-signing their CA won't make Google and Apple mad.
Cross-signed roots are common. Just takes money and maybe audits, but it's the same audit they'd need to get in the browser root stores anyway.
Not really. They just have to convince an existing CA that cross-signing their CA won't make Google and Apple mad.
Cross-signed roots are common. Just takes money and maybe audits, but it's the same audit they'd need to get in the browser root stores anyway.