Apple's Certificate Transparency policy states that:
For certificates with a notBefore value equal to or greater than 20210421T00:00:00Z, log operators MAY reject leaf certificates which don’t contain the serverAuth EKU.
And GoogleChome Certificate Transparency Log Policy says:
TLS Server Auth EKU: The Log may reject logging submissions for certificates that do not contain the id-kp-serverAuth Extended Key Usage (EKU).
w_ct_sct_policy_count_unsatisfied should require EKU serverAuth therefore to emit a notice.
Apple's Certificate Transparency policy states that:
And GoogleChome Certificate Transparency Log Policy says:
w_ct_sct_policy_count_unsatisfied should require EKU
serverAuththerefore to emit a notice.