Ledger has been in hot soup lately. If you use latest Ledger’s cloud recovery solution, the Ledger Recover, a government can send them a subpoena to get them access of your funds.
Co-founder of Ledger has confirmed on Reddit that user’s crypto currencies can get frozen by government if they contact Ledger about it. Clearly, Ledger is no longer the only one having access to your funds. If government wants access to funds, they can.
So who holds the encryption keys? Either it is held on your original device, which is more secure but makes the backup useless if you lose the original device. Or Ledger holds it, which allows the recovery to a new device but that means recovery to any device.
If the user holds the encryption key, then Ledger the company cannot collude to access your funds via the shards. If they do hold the encryption key, they can give access to your funds to anyone.
The 2.2.1 update will eventually be forced on users. Ledger has been running a promo on Nano X – $30 worth of Bitcoin, so that promo is ONLY redeemable with the new update.