The eIDAS regulation makes an enormous change by mandating man-in-the-middle attack technology that it would be illegal for browser makers to defend against
How would this law affect websites with Onion Services (eg Facebook) that don’t use http at all, but Tor’s internal pinned end-to-end encryption with a pinned certificate tied to the .onion name?