It is a secret from policymakers in Dutch and European offices: software is still completely insecure and unreliable. Not me saying so, but IT professionals like Bert Hubert:

The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online

(…)

I understand that it can be frustrating if the government (including the US) starts to take an interest in how you do your work, but given the dreadful state of computer security, we can’t credibly claim things are going well.

Read his article on a European draft, The EU Cyber Resilience Act (CRA).