I had gone into elaborate analysis as to why proof-of-stake and reputation based systems are inherently centralizing.
Proof-of-work has the potential be an unbounded entropy (i.e. effectively random and not gameable) up to 25 - 51% (25 - 33% for selfish mining) concentrated control of the hash rate. That is where I agree with smooth's caveat, except if permission-less commerce is the goal even that caveat has another caveat which is you've still got to find sufficient hash rate to push your transaction through without KYC if 51% of the hash rate is regulated for KYC.
You can't push anything through period if 51% is regulated because that 51% will reject unapproved (not signed with a MSB license number) blocks. That's the 51% attack right there.
Without that issue, I contend that owning the hash rate yourself is not really necessary to push the transaction through yourself because as long as the system is permissionless you can always find someone to push it through for you for a fee. Anywhere you go in the world, even under the most authoritarian regimes, you can always find a black market if you look for it. Thus such oppression really becomes a question of how much it costs to push a transaction through, not whether you can do it at all.
Going back to the original case, Bitcoin's security model simply does not work at all if 51% (really >50%, or >25% or >33% or really even a moderately-large smaller share that could easily collude with some other moderately-large smaller share to form such a bloc) of the hash rate is attacking it. It can be a temporary condition though, where users can just sit on their keys and wait it out, like a hurricane. Whether that is effective is a complex political game theory question that you probably agree we can't really answer and is best avoided altogether if you want any kind of strong security model. That requires either a fundamentally different system or a much better distribution of mining than exists today.