That can be okay. The problems we're worried about come when it's government mandated.
The EU Cyber Resilience Act puts heavy liability on vendors for software vulnerabilities that get exploited, including in open-source components they incorporate. OSS devs are shielded - liability is on the companies who incorporate OSS into commercial stuff.
In practice, what’s the difference between a government mandated license and a government that quickly rules in favor of parties who are damaged by companies that don’t use licensed software engineers?
E.g. “Your software caused serious damages to our company / livelihood, and you best hope that it turns up in discovery that you used properly licensed software engineers who were following licensing best practices, otherwise this will be a slam dunk case.”
Genuinely an interesting question to me. Seems like the latter is a better option, generally, but it does lock restorative justice behind a paywall - you have to be able to afford a lawyer.