As much as I'm tempted to agree, decentralization perhaps risks even more. Opsec compromise is only one SPOF for a signing service; the state might coerce the CA into handing over the keys or issuing an intermediate for MitM.
Do you shard across 20 nations? If so, you have to contend with 20 intelligence agencies. It might make more sense to keep all the eggs in one basket, and have new baskets ready to go if a canary triggers.
Do you shard across 20 nations? If so, you have to contend with 20 intelligence agencies. It might make more sense to keep all the eggs in one basket, and have new baskets ready to go if a canary triggers.