First, a nitpick that the FCC makes regulation not legislation, and it could do this under existing authority. Second, I think a fine solution would be to force open the buildable source including all drivers and firmwares upon EOL. If top-down security updates will stop, then all components must be open source at that point.
All information required to build, package, and install; as well as a license for anyone using or working on affected hardware to the copyright and patents involved for use with affected devices.
