defeat devices aren't even complicated (they just fake the sensor data to ECU to get what owner needs). Locking down is pointless. Most people are not tuning their cars.
IF we wanted to do it properly, I'd imagine we'd have zero mandatory locks on ECU, just a little closed down black box with sensor installed in relatively tamper-proof way (of course there will always be one, the target is for 90% of people to not bother), logging away and maybe sending check engine light if it detects wrong AFR for too long.
Then you just check that on yearly MOT + any signs of tampering. Then owner is free to tune the engine as they want, provided the exhaust is still within the norms for most of the time.
What would you be accomplishing by trying to control end user behavior like that? As a manufacturer, there are certain standards your machine must meet when it leaves your factory. After that, a whole separate set of standards applies to users--e.g. EPA rules about emissions equipment tampering. As a manufacturer, though, you don't need to attempt enforcement. Leave that to the government, it's their job. Locked down, proprietary hardware and software doesn't ultimately achieve enforcement, it just makes tampering more difficult at the cost of serviceability. This is a dumb trade.
It's to contain the regulation into little box that controls the emission, rather than span it to entire system making it harder to repair. Then the EPA can have its "proof" the vehicle emissions are fine without compromising entire system for repairs.
I think you're asking for something magical, like when politicians go on TV and demand safe cryptosystems with government backdoors. Any time you try to do engineering work to hinder users from using devices they own it's a really bad time. That's the purview of law enforcement, not engineering.