Asked by @MathiasSchindler in the ORC mailing list:

Given that a manufacturer can always fulfill their Article 13(5) due diligence by conducting an internal assessment or by commissioning a private one from any third party, what is the justification for proposing to limit who gets to issue attestations under Article 25? This refers both to the proposals […] allowing an open source project to select who gets to issue article 25 attestations or limiting it to - for example - stewards.