And what is the EU going to do about it? Governing bodies can declare extraterritorial laws all they want, but they are meaningless unless they have a way to enforce them.

This has been solved for over a decade. Include a linter and static analysis stage in the build pipeline. No code review until the checkbox goes green (or the developer has a specific argument for why a particular finding is a false positive)