98 percent
What they are doing is trying to create a narrow slot in the graph of security strength and force everybody in there. 97% illegally fails to protect privacy, 99% illegally fails to allow easy snooping, every supplier has to hit 98% secure.
Who will be first in the dock in one country for illegally lose code, while simultaneously in the dock in another country because that same code is illegally tight?
The only conceivable way ahead would be an international standard and certification body for 98% code, with supplier indemnity from prosecution under international law, once their code is approved.
OMG look, Hell is freezing over...