You simply legislate that if a company is building anything that will be used regularly by more than eg. a few thousand people, then the work must be designed and/or signed off by a licensed engineer, who will a) be subject to a code of ethics and b) be professionally liable for any failures causing loss or damage to the public.
We seem to be able to manage this with bridges, planes, electrical & hydro installations etc. No reason it shouldn't be the same for critical software infrastructure.
I mean with a thing like a plane you can say "that's not allowed in our state/country", with software that starts to get a whole lot more problematic. Soon you'll see people starting to push laws that say things like "because people are running dangerous software from outside the country we demand that only signed software can run on our phones/computers and that devices here must enforce it" coming out of our politicians that seemingly get a pile of cash from groups like Microsoft and META.
It's perhaps not 'critical' in the sense that losing it would matter much, but it is worth caring about because of the number of people who are affected if/when things go wrong.
We seem to be able to manage this with bridges, planes, electrical & hydro installations etc. No reason it shouldn't be the same for critical software infrastructure.