[anothernewdude]

> I am sure that MSFT carefully vets all CA additions.

I'm sure that Microsoft carefully ensure they're paid for all CA additions.

Given their monopoly there is no incentive for vetting.

[tialaramex]

I'm pretty sure there isn't a fee. Somebody from ISRG (the people who brought you Let's Encrypt) might be able to state categorically that there was no fee charged by Microsoft, obviously it's not free in practice to spin up a decent Certificate Authority, but that's not the same thing as Microsoft charging a fee.

For these government CAs my expectation is that they're a sort of quid pro quo and (wrongly) not seen as a security problem.