I’ve used KSoftware OV certificates for many years… although recently I had a LOT of trouble getting a new certificate (not the fault of KSoftware though).
KSoftware resell Sectigo certificates - and part purchasiing a certificate is proving identity - they basically use the D&B company database to lookup your phone number and call it. I closed our office last years so the number no longer existed - this caused a lot of issues - getting D&B to update your details in Australia is practically impossible (unlike for US companies) - and Sectigo were very inflexible when it came to how they will verify identity. I eventually somehow managed to get our D&B entry updated after 2 weeks of emailing and calling every contact I could find for them - the new cert arrived the day before our old one expired
As for EV certificates - that’s another world of hurt (and ). Microsoft requires EV certs for device drivers etc…
Firstly the key is issued on a physical usb key - which is a major pain if your build server is in a data center in another city - and ours being in a shared cage I’m not keen to have it plugged into the server for other dc customers to find (mine is a digicert one with a bright blue led on the back that lights up my home office at night!). If you are using a cloud platform then you can’t just buy a physical cert and ship it to them - they do have some certificate features but most were not very windows friendly when I looked (a while ago now).
Then there’s the issue with getting virtual machines to see the physical device - Hyper-V server is not great with this.
And then we get to automation. EV keys are designed for User Interaction - they actually want you to type a password in each time they are used. They each have their own client software that needs to be installed - the most common one being SafeNet.
If your build runs under a service, you are sh1t out of luck. If your build runs from the desktop (ie running the FinalBuilder IDE) you can get it to work - however you will have to enter the password at least once in the client software.
I would just stick with an OV certificate if you can (that’s what we are currently using) and avoid the pain of EV’s