Well, the Italian government agreed to those terms when they bought the certificates. If they didn't like that, they could've gotten them from somewhere else, or maybe set up a CA of their own, governed according to their own policies. Sure, then their CA wouldn't be pre-loaded in browsers, but they also wouldn't have to bother with pesky details such as responding in a timely way to incidents.