[ramtatatam]

I wonder where would be the boundaries in case such legislation was pushed through. If my software is python-based then would python itself would have to be audited too? If I run my software in Podman containers then should Podman be audited too? What about operating system I execute my software on? Lets say thousand of companies use dependency X - would that dependency have to be audited 1000 times independently? That would be huge waste in my opinion..

[throwaway294566]

Usually only the original producer of each component has to do the certification and apply the CE stamp. Any conglomerate doesn't need to reevaluate all the components themselves, only their interactions in the conglomerate.

So for your Python software you are fine either just providing the software alone, without an interpreter, having the customer get a Python-standard-compliant (if there were such a thing...) interpreter for themselves. Or you could provide a CE-certified Python interpreter that you got somewhere else along with your software, provided you do not change the interpreter you got and the interaction between your software and the interpreter is standard, run-of-the-mill, unsurprising normal use as intended and certified.

[ramtatatam]

This feels like trying to match physical-world regulations to software products... I'm skeptical about this legislation, it feels like another step for policy makers to conquer software domain which is still very open for anybody to enter... I remember living in London and talking with friend who is electrician, the amount of papers he needed in order to be able to do his job was mind boggling...

[paulryanrogers]

Electrical mistakes can very directly and invisibly lead to deaths. Most software is not life and death.