Yet, it is unrealistic to expect that Canonical and Red Hat would service and maintain separate distributions of their main products. System76 could just ship a different distribution particularly catered towards compliance in problematic jurisdictions.

I personally believe that such regulations will just be more or less ignored, having no more of an affect than a disclaimer in the Terms and Conditions; unless you are Canonical or Red Hat.

Brazil, Colorado, California, and even New York soon. The list is growing too fast.

I see so much abuse coming from so much corners of the marketplace and business settings.

Who watches the watcher? Who declare where malware ends and surveillance begins?

No. As a veteran OS expert/malware analyst: Just stop.

OS is a tool, a hammer, no need to add watchers of who makes, certify, regulate, control or uses a tool. Western civilization prides on training of a tool and advances faster than any other kind of civilization in history of mankind.