Certification authority GlobalSign, based in Belgium and owned by the Japanese corporation GMO Group, has initiated the process of revoking SSL certificates that were previously issued to Russian companies affected by current sanctions imposed by the European Union. An announcement was made in a letter to GlobalSign’s partners by the director of the Russian representative office, stating that the revocation process started on June 13 at 04:10 (MSK) and will be conducted in phases. The rationale behind this action is the adoption of new requirements by the CA/Browser Forum consortium, which serves as a platform for collaborative decision-making considering the interests of browser manufacturers and certification authorities.
The revoked certificates are extended TLS certificates of the EV level (Extended Validation), which confirm specific identification parameters and necessitate verification not only of domain ownership but also of the existence and legal status of the company obtaining the certificate by the certification center. Both EV certificates and domain-validated certificates display the same icon in browsers when accessing websites.
The updated regulations for issuing EV certificates, effective since May 4, now explicitly prohibit certification authorities from issuing certificates to companies listed under sanctions and mandate checking against block lists rather than suggesting it as optional.
However, it has been clarified that the mentioned requirements were actually included by the CA/Browser Forum in the regulations issued in 2024. There were no alterations made to paragraphs 3.2.2.12.2 and 4.1.1.1 concerning checks on sanctions lists in the most recent version of the document (2026 version