There is a very good article on certificate authorities (CA's) in EFF, given the history of past (CA's) spying, example Symantec etc, how is grapheneos going to handle the CA issue on the mobile, if you think this bill only affect EU. You are surely wrong, as this bill metastasis elsewhere under various names or bills per countries around world, and on all devices with (CA's) in them.
https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years