I don’t believe this is true. CT is wholly encompassing by design: if you could somehow opt out, an attacker could use that mechanism to bypass CT.

(As far as I know, the only way to “opt out” is to use a wildcard to obscure the true subdomain being accessed.)

Edit: from a quick look online, CT became mandatory for CA issued certificates in the Web PKI in 2018.