1) when software is developed with legitimate purpose in mind, it is not malware. If a developer of such software is persecuted, it would be easy for their legal defense to demonstrate it _unless_ there’s some other regulation that prohibits such use cases (eg something similar to EU Chat Control proposals).
2) it is very unlikely that police will go after such software. They need to connect it to their case first and that requires technical expertise, so it will likely be a cybercrime unit.