[philprx]

No, it would mean for Firefox developers that it's illegal to have feature that can disable the EU member state certificates.

Such crypto backdooring failed in the past, so they're trying to go after the weakest link they can think of. In this case, software publishers.

[SenAnder]

Suppose they include those features anyway. Do Firefox developers in the EU get arrested? Does the EU block US websites distributing Firefox, and arrest anyone running a local mirror? Do programmers that compile and run their own, personal versions of Firefox, where they have personally removed untrustworthy CAs, get raided by the police?

[YESNONAMEMAN]

They do not need to hijack this process, in a way as is said in article, or in comments, there are different methods already in use, successfully. So there is absolutely no need from anybody to be doing this in this way ( even if it works like they write in that article ). if they need it for state security then it does not need to be this OVERT, there are legal provisions to do this covertly IN US OR IN EU. They are even cooperating between jurisdictions. So UK is sending data from US citizens on uk servers to US, EU is sending data about US citizens on Eu servers to US, etc. And no GDPR does not cover this.