Comment by Edmond

Do note that the reference here to CA is a conceptual reference, in other words it refers to a trusted entity who can verify certain bits of information (like your age or identity) then issue certificates for it, "trust anchor" is the lingo Certisfy uses for CAs.

Hostnames are what TLS certificate CAs such as DigiCert verify ownership of then issue certificates for; the same concept can be applied to any kind of information, including private information.

For instance a state DMV could choose to be a Certisfy "trust anchor"/CA and issue you a cryptographic certificate for your driver's license to be used for IRL identity anchoring.

So no, a "trust anchor"/CA need not be a big tech company, in fact if such a concept is deployed at scale a large class of entities can/should play the role of "CA", including people doing it as part of a business service.