I completely agree that such a thing should not be US-only. There would need to be a clear distinction between one-gov't backdoor and voluntary regulatory certification, because ultimately the goal would be for other countries to follow suit and provide similar/identical certifications. You could look to standards bodies to provide standard implementation details on what "firmware escrow" is, what exact formats and files must be included, etc. IEEE, ISO, JIS, DIN, and all of them could write or adopt the document. But actually running the service and providing the certification is a little closer to a patent office than organizing standards which is why I propose doing it federally. Think Energy Star (which is a US gov't program based on EPA standards) which has been implemented successfully outside of the US.