Incorrect - everything related to the protocol, including becoming a compatible vendor, is managed by the fido alliance which Yubico is a member of. The U2F specification requires you to parse the certificate, and verify the response message against the cert's public key when registering the device with your application. You can choose to only accept certificates whose public key comes from a certain manufacturer, but that is up to the discretion of the implementer and is not required. If you want to read a full overview of the specification you can read the following document

https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fid...