In this case the biggest failure was that ExxonMobil et al were capable of subverting EU lawmaking via external pressure (via US diplomatic channels/trade negotiation) and indirect influence by targetting individual countries.

This seems difficult to systematically prevent to me, and the fact that they went for an approach like that is IMO actually a good sign that its not trivial and cost effective to direct such efforts at EU regulators themselves.

What we actually need to prevent cases like this in my opinion is to hold companies accountable for damages when they sabotage legislation or research in that sector.

A really good historical example is leaded gas: Industry knowingly hobbled research (discredited researchers, paid shills, etc.) and legislation for decades, but there were zero consequences after everything came to light. If there was a credible threat of company leadership going straight to prison and shareholders losing everything in extreme cases like that, companies would be MUCH more circumspect when messing with law/science.