Not really. They just have to convince an existing CA that cross-signing their CA won't make Google and Apple mad.

Cross-signed roots are common. Just takes money and maybe audits, but it's the same audit they'd need to get in the browser root stores anyway.