This is the same like for closed source. A new software release must be tested and have regression tests that homologation relevant parts are not changed and if they are changed, that they do not violate regulations.

Yes, but with closed software you only have to have those tests and certification done once per version of the software. All installed instances of this version are the same, because only the manufacturer can make changes and sign the software to be installable.

This is completely different with open source software that can be changed and installed without limitations by every end user/owner of the car. Now the certification has to be done by every single person every time they install a new version to make sure that no forbidden changes were done to the code or the configurations.

Open Source Software that can be installed freely and unrestricted on a car turns every car into a DIY system, even if it was manufactured by a company

Going down further that road, there are very specific regulations that cover software updates in particular. There needs to be a software update Management process behind it that makes sure software is only distributed to vehicles that it is designed for.

Yes, but such a process would be so tight that it more or less produces the same closed system that we have at the moment. One possibility I see would be that the boot loader of the EV is locked and only updates signed by the company can be installed to the car, with the option to send in your changed open source version to have it checked and signed. But this would not be very open source and not really that much more secure then what we have today because you can never be sure that the version you send in for verification and signing is the same that you get back.

But if you have better Idea the would be true to the open source idea and be compatible with the strong regulations, I would love to read that.