> In the article the author says we should use "pre-approved vendor lists" or "streamlined approvals" and that sounds great in principle, but could also easily be exploited.

Every kind of regulation can be exploited and is currently being exploited. GDPR led to law firms squeezing money out of neighborhood bars with cease and desists. Government grants spawn companies doing the exact minimum to keep getting grants without building real businesses.

I totally agree that lobbyism is a massive problem (and often the reason we get such complex regulation—they shut out the little players). But any proposed solution will have to be some type of risk.