This work addresses the absence of open-source time series point forecasting tools compliant with regulatory frameworks such as the EU AI Act in safety-critical contexts. It presents the first solution that deeply embeds standards—including the EU AI Act and IEC 61508—into library design through four mandatory development rules: zero dead code, deterministic processing, fail-safe mechanisms, and minimal dependencies. Regulatory compliance is further ensured via rigorous process controls, including model cards, executable documentation, CI/CD pipelines, and REUSE licensing compliance, which collectively establish a bidirectional traceability matrix linking regulatory clauses to code implementation. The resulting open-source package, spotforecast2-safe (licensed under AGPL 3.0+), has undergone end-to-end validation on European power system forecasting tasks, demonstrating safe, auditable, reproducible, and regulation-compliant time series prediction.

With spotforecast2-safe we present an integrated Compliance-by-Design approach to Python-based point forecasting of time series in safety-critical environments. A review of the relevant open-source tooling shows that existing compliance solutions operate consistently outside of the library to be used - e.g. as scanners, templates, or runtime layers. spotforecast2-safe takes the inverse approach and anchors the requirements of Regulation (EU) 2024/1689 (the EU AI Act, in German: KI-VO), of IEC 61508, of the ISA/IEC 62443 standards series, and of the Cyber Resilience Act within the library: in application-programming-interface contracts, persistence formats, and continuous-integration gates. The approach is operationalised by four non-negotiable code-development rules (zero dead code, deterministic processing, fail-safe handling, minimal dependencies) together with the corresponding process rules (model card, executable docstrings, CI workflows, Common-Platform-Enumeration (CPE) identifier, REUSE-conformant licensing, release pipeline). Interactive visualisation, hyperparameter tuning and automated machine learning (AutoML), as well as deep-learning and large-language-model backends are deliberately excluded, because each of these components either enlarges the attack surface, introduces non-determinism, or impairs reproducibility. A bidirectional traceability matrix maps every regulatory provision onto the corresponding mechanism in the code; an end-to-end example of European-market electricity generation, transmission, and consumption forecasting demonstrates the application. The package is open-source and available under Affero General Public License (AGPL) 3.0-or-later.