It would be totally reasonable to require special certification for software running on critical infrastructure (is it not the case already by the way?). They are trying to blanket cover the whole market though which looks like another attempt to fight the market reality frankly, with predictable outcome.