Certificates are expensive because governments aren't digitized and don't really "do" cryptography, so associating ownership of a private key with ownership of a legal identity requires a lot of manual effort. CAs have to do things like look up your registration details in country-specific websites that don't have APIs, make phone calls, study passport scans and so on. That's all very labor intensive which makes it expensive.

It could be made a lot cheaper if governments ran their own PKIs and issued every company registrant with private keys as part of setup, likewise if passports came with private keys usable for document signing (govs already run PKIs for e-Passports but you have no way to associate a personal private key with that certificate).

Unfortunately there's been no movement on that for a long time, and the few countries that did experiment with national PKIs have mostly given up. America never tried to do large scale government PKI outside of the DoD, and therefore US software firms never felt much need to do a good job of smartcard support. No mainstream operating system has solid support for it, standards are lacking, etc.

Then you have the generally high overheads that the certificate consumers (Microsoft) and CA/Browser forum mandates for CAs. That costs money too. Then the overheads that come with a company existing at all (websites, taxes, salaries etc).

The reason for the annual fee is to amortize the cost over time. It costs the CA more than the 1-year fee to issue the certificate in the first place, but if they assume you'll use it for at least a few years then they can break even then make a small profit.