Cyber-physical and software-intensive systems for public use typically are subject to various national regulations and EU regulations, like the General Data Protection Regulation (GDPR), the Medical Device Regulation (MDR), the Low Voltage Directive (LVD), the Radio Equipment Directive (RED), the Measuring Instruments Directive (MID), and others. According to the „New Approach“ to product safety in the EU, the party that places a product or service on the market is responsible to proactively assess the conformity of said product with all applicable regulations. Depending on the risk class of the product, a Notified Body (NB) must be involved during the conformity assessment process. Certain harmonized EU norms embody the current state of the art and carry the assumption of conformity if the norm is properly followed.