Upcoming removal of Chrome's One-6962-log policy

[Joe DeBlasio]

Chrome currently requires the presence of at least one SCT from an RFC6962 log known to Chrome in order to comply with Chrome's CT policy. As previously discussed, we have always intended to remove this requirement once static-ct-api logs were considered sufficiently robust and the new API had sufficient uptake among monitors and other members of the ecosystem.

As of April 15, 2026, TLS connections with Chrome clients may use SCTs exclusively from static-ct-api logs (assuming they otherwise comply with Chrome's CT policy). We have updated our policy to reflect this change.

Please note that other browsers' requirements likely differ from Chrome's. Site operators should ensure that they provide a set of SCTs that satisfy all clients expected to connect to the site. 

For those interested in technical details: Chrome 144 and later will not enforce the one-6962-log policy. Chrome 144 is tentatively scheduled to be released on January 13th. Within two weeks of the release of Chrome 144, we will push an update to the log list that disables CT enforcement on pre-Chrome-144 clients. 70 days after pushing CT updates to clients, it is safe to assume that either all Chrome clients have received the update or are no longer enforcing CT.

As always, questions are welcome,

Joe, on behalf of the Chrome CT team