Why shouldn't you be able to do that? Seems like a simple thing to implement. I get why they want a hardcoded list, but I don't get why you can't add a way to block parts of that hardcoded list.

web-browsers shall ensure

The only requirement is that browsers displays the data. The browser can add "warning, this certificate is potentially compromised" when it displays it, nothing in the current document says browsers aren't allowed to say that, just that the browser has to be aware of the certificate.

It is similar to how Chrome displays a warning when you visit some sites. You can visit the site anyway, but you get a warning since Google thinks it is bad.

It's not clear that a warning would be allowed. In particular, the new paragraph 45(2a) prohibits mandatory checks on eIDAS certificates.

Mozilla has proposed text[1] that would make clear that the requirement is only to display identity information, but this text has not been adopted.

[1] https://securityriskahead.eu/wp-content/uploads/2023/09/Mozi...

Technically correct. But if Firefox displays a big red warning when someone's grandma goes to her favourite recipe website, and Safari (or Chrome) just display the website to grandma (and to the officer on duty, but who cares) - how long will Firefox survive?

Even without the 45 (2a), displayed in a user-friendly manner could already be interpreted to prevent prominent warnings