The rules are well intentioned. The policies stem from not standing up to bullies. In my experience:

1/ Some top-level authority writes down a rule saying “as of 2021, it is forbidden to have red pencils”.

2/ The authority might prosecute one or two cases, but most enforcement is largely farmed out to certification bodies: the lawyers, auditors, inspectors of this world.

3/ No auditor or auditee ever wants to be the first to fall foul of PNCL21 regulations. The expense one would incur of being a test case incentivizes every regulation to be widened in scope, unreasonably, to try minimize risk.

4/ Moreover, there is a purity spiral incentive as an auditor to maintain the illusion you know what you are doing and therefore justify your $500-a-day fee. No widening-of-scope is too much! No one ever got fired for buying IBM, and no one ever got fired for banning pink crayons “just to be safe”, even though no normal person would call them either red or a pencil.

Cylindrical graphite rods stored in the same building as red paint? Audit failure risk. Orange pens on your desk? Audit failure risk. Office within 1000 yards of a stationery shop? Audit failure risk. You are single, own a traditional twig-broom, and you like black cats? Audit failure risk, I say!

Oh brings me to the good pre-CoC era when we did not need to have explicit rules and a simple rule "don't be an asshole" worked just fine. :D You might say that it is too broad, but now with the CoC you have many more broad rules. :P

Because of a problem that all those rules and policies don’t solve, while introducing new ones and creating an entire bureaucracy dependent upon keeping them in place regardless of their efficacy?

Fear of everything