[pjmlp]

Curious if it also includes programming language requirements towards security processes.

[tirpen]

It does not. Other than mandating some details about cryptography and MFA, it's mostly about company processes, incident reporting, security training, risk assessments and such.

And it only affects corporations and other entities in a few select sectors of critical importance to society.

[pjmlp]

Pity, it is not yet that we get labels in the box depending on how the sausage was produced.