Delaying patches slightly doesn't really help revenues unless it's widely publicized, in which case they look bad and possibly get sued and it doesn't even save them any effort. Maybe it's a risk, but I'll definitely take that risk over what we have today.
If you're asking how it gets enforced, there could be a government office tasked with enforcement, and the law could let people sue.