Comment by beeflet

Easy. They'll just demand major tech companies implement in Europe exactly what they did to comply with China's government surveillance request. They already have the blueprint of the apparatus, they just need to throw a blue coat of paint and a circle of gold stars over it to legitimize it and make it less scary looking.

And they don't give a damn about attracting eyeballs since the surveillance will be mandated by law and done legally by the book, and it will be done "for your own safety and protection against the boogieman", so that people will accept it.

I can't speak to the political or legal aspects, but technically, Ledger firmware updates are closed‑source binaries delivered from Ledger's servers. That centralization makes it possible for a state actor—or anyone with access to Ledger's signing keys and servers—to slip in a backdoor. Even if the firmware were fully open source, a backdoor could still be inserted during the build process and never appear in the repositories. Avoiding it would require building the firmware yourself, which most users don't do.

As a side note, Bitcoin Core mitigates this risk with deterministic builds and multiple independent developers verifying and signing releases. But this option isn't available for Ledger as most of the firmware is closed source.

The government just doesn't care.