Is refusal realistic? It's nice in the abstract, but in practice, there are plenty of ways to coerce illegitimate compliance.

No company is gonna seriously refuse when their jurisdiction's equivalent of the FBI or NSA turn up with a court authorised order. As James Mikkens said: "YOU'RE STILL GONNA BE MOSSAD’ED UPON"

But it'd be nice to be able to expect your email provider to not cave in to a request from some other counties CERT organisation without pushing back for evidence and some sort of proper judicial authority behind the request.