There's no solution to that other than having knowledge and researching the code/device yourself. You can pick apart modern Linux/busybox based IoTs fairly quickly, so effort needed is not really a huge issue.

Maybe trusted community of people could do it for everyone, but there's currently all kinds of potential legal trouble brewing in that approach. Complete and public reverse engineering of every aspect of any device would have to be made completely legal, so that people could freely publish all artifacts extracted from a device and produced during reverse engineering and collaborate on them without any fear of repercussions. Also HW manufacturers would have to be prohibited from NDAing documentation for SoCs, etc.

Side benefit would be that this would also serve as a documentation for freeing the device and developing alternative firmwares with modernized sw/reduced attack surface.

In my country, government applications are required to be interoperable, use open APIs and work with open formats (XML, PDF, etc.). There should be no problem there. I've already used some FOSS applications to interact with government services.

Banks are required to interoperate using open API in the EU. EU managed to cripple this requirement, by not requiring open api access to regular customers, but only to accredited organizations. There's more work to be done on this front.