> Because one can share their passkeys with a Google password manager does not mean that they have to.
The standard provides the means for the relying party to choose what password managers it will accept, so you may very well have to use the Google password manager.
Without passkeys, a service can force you to use their own proprietary app as a second factor. It's been like that for years with banks and at big companies.
They already do select the security they want. And it does make sense when security matters to them!
Say you managed to put into the law that "it's illegal to discriminate passkeys, either you accept all implementations or none of them". What would happen then? Those services would just not use passkeys, because they already have a solution they control today (with their own authenticator apps).
What the standard provides is a way to have certified/audited passkeys. So that instead of using the authenticator app of my bank to log into my bank and the Microsoft authenticator to log into my company SSO, maybe (just maybe) I will someday be able to use a passkey. Not any passkey, that's very clear, and it actually does make sense in terms of security. But maybe instead of using Apple or Google, you will be able to use a security key like Yubikey.
And the fight should be to give a fair chance to those third-party systems for getting certified. Not to refuse the passkey technology because instead of being forced to use the Microsoft passkey, we really like it better when we are forced to use the Microsoft authenticator app.