They want everything to run in TEE on the TPM, which has device specific keys signed by the manufacturer and can't be accessed through normal means
Best case scenario is someone learns to spoof it, but that's not easy. Possible, but unlikely to be packaged for personal use, since it'd be the kind of exploit you could sell to the right group for a 6 or 7 figure payout - and that's doing it officially and above board. Plus, if you did share it, you'd want to keep your identity hidden, the manufacturer would probably try to silence you with legal action
Hopefully, the EU challenges them if they try to move forward, someone brought up a law on the books in Germany that makes it illegal to use an automated system to make the decision to deny someone access to a system