And this is why having true ownership over our own devices is so important, so that they can’t force this on everyone and if they try, we just replace the root certs.
This is why “trusted computing” has been pushed for so long, to remove control from the user specifically to enable bullshit like this
Even if it's as simple as choosing which Root CA's we want to trust, how many people will know to do that and be able to do that? A couple percent at most.
Of course we need full ownership of our devices, and trusted computing has always referred to the trust of for-profit corporations, but this in itself doesn't help the vast majority of people who either don't know that they're compromised, think they have nothing to hide, are unable to do anything about it, or a mix of all three.
Privacy and security are already a privilege. Proposals like eIDAS only make it even more unaccessible.