As the sibling pointed out, there are already plenty of laws about, for example, handling of personally identifiable data. Somehow there is a lack of awareness, perhaps what is needed is a couple of high-profile convictions (which can't be too far off).
One of the key functions of a professional body is to ensure all members are aware of existing and new laws, standards and codes of practice. And to ensure different grades of engineer are aware of different levels of the standards. And that sector-specific laws and standards are accredited accordingly.
High profile convictions are not a good way of dealing with this. Not in the short or long term. Sure they have an impact, and laws should be enforced, but that’s not a substitute for managing the industry properly.
Nothing would be more effective at killing open source and commercial software business that requiring everyone that writes and ships software to users, directly or indirectly (e.g. an open-source library) to have License To Program from Software Licensing Organization.
> aware of existing and new laws, standards and codes of practice
Yeah, because software business is not at all ruled by fads.
1997: you have to follow Extreme Programming (XP) or you don't get your license
2000: you now have to use XML for everything in XML or you don't get your license
2002: you now have to follow Agile or you don't get your license
2025: you now have to write everything in Rust or you don't get your license
etc., etc.
What complete nonsense. Professional bodies don't mandate fads. Get a grip.
A software engineering licensing body would require licensed individuals to understand things about security and accessibility, which would be a huge improvement. If you are responsible for a trivial security vulnerability you and the company should actually be liable for it.
Sysadmins/other adjacent roles should likely have the same requirements. An unmaintained/unsecured server can create a huge liability.