Google has announced that it will cease to trust root Certificate Authority (CA) certificates issued by Chunghwa Telecom and Netlock in its Chrome browser, citing significant compliance failures and a lack of improvements from both entities. This decision is set to take effect with the release of Google Chrome version 139, scheduled for August 1, 2025.
In a statement from the company, Google expressed concerns regarding the ongoing compliance issues and broken commitments to improve practices by both Chunghwa Telecom and Netlock. According to Google, “Chrome’s confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners has diminished due to patterns of concerning behavior observed over the past year.” These issues, the company noted, erode trust in these entities as publicly trusted certificate issuers.
Chunghwa Telecom, which stands as Taiwan’s largest telecom provider, and Netlock, a prominent digital certification service provider in Hungary, have both operated as public CAs for years. Their certificates have been a default trust source for the Chrome Root Store, which verifies HTTPS connections for the browser users.
Starting in August 2025, users visiting websites that still utilize certificates from these CAs will encounter a warning indicating, “Your connection is not private.” This precaution will disrupt browsing experiences for users and raise trust concerns regarding the impacted sites. Administrators are urged to transition to trusted CAs to avoid these complications. It is notable that certificates issued by Chunghwa Telecom and Netlock prior to July 31, 2025, will remain trusted, but timely action is advised for ongoing compliance.
This latest development follows a similar action against Entrust, announced in June 2024, where Google highlighted issues with compliance and security standards. With the adoption of new mandatory security requirements for all publicly trusted HTTPS/TLS certificate issuers, Google is tightening standards significantly. The incidents involving Chunghwa Telecom and Netlock mark an early enforcement of these stricter regulations, with more changes anticipated in the future. The moves reflect Google’s broader intention to enhance browser security and trust.