While I don't doubt that ITAR is especially complex, following legislation is pretty common as a basic requirement in software development — say GDPR, or tax rules, or COPPA, etc. — it really doesn't seem to me that this is pushing all that hard for anything specific and detailed enough to even justify the claim that they're calling for a specific level of complexity of legislation.
Yeah, I'm not trying to argue that what's being proposed is bad, just trying to clarify what he said. The licensing part does make it more like ITAR and less like GDPR, HIPPA, etc. Those sorts of laws don't have active government activity to certify and license beforehand, though there are 3rd party orgs that will do that sort of thing if you want.
While I don't doubt that ITAR is especially complex, following legislation is pretty common as a basic requirement in software development — say GDPR, or tax rules, or COPPA, etc. — it really doesn't seem to me that this is pushing all that hard for anything specific and detailed enough to even justify the claim that they're calling for a specific level of complexity of legislation.