> You don't get kicked out of trusted roots for non-compliance

Of course you do, it's the main reason CAs fix compliance issues so fast.

Symantec, WoSign, Entrust, etc repeatedly had non-compliance issues and that led to them being removed (even if fixed)

Here was not a big issue: they forgot a flag to narrow the delegation of trust (but nobody knew that a few hours ago)

Still it can be very problematic, there is a quite similar situation here https://bugzilla.mozilla.org/show_bug.cgi?id=1883843

A basic non-compliance issue, just a web link missing, but huge consequences if they don’t fix it.

Repeated non-compliance (like the Symantec) will eventually get you removed even if fixed.

The core definition of losing “trust” in someone.

Keep in mind that few hours ago, nobody knew what the violation was. Turns out it was an easy fix.