Unfortunately, it’s both. They also hold back security updates for non-latest releases that are still covered under Standard support. I work in an environment where we track new CVEs for our builds, and we constantly see vulnerabilities for 22.04 that are fixed in Pro but not made available otherwise.

Sure, technically you can opt into Pro as an individual user without paying, but it puts everyone who uses off the shelf installs and containers at risk and is therefore an immoral and unethical process in my opinion.