It’s been mandatory since 2018. Browsers will reject certificates which have not been publicly logged.
Perhaps next you’ll wonder if it’s as simple as compromising a CA and a CT log? Nope, as browsers require cryptographic attestations from multiple CT logs. If you’re using Chrome, one of those logs has to be the one operated by Google.
