Actually quite logical: The ever-increasing number of accounts and the ever-increasing security requirements for password length and complexity mean that they are written down or recycled according to regular patterns.
The BSI and also other (European) authorities have so far not been officially drawn into making a statement because it would involve a rat tail: What if damage is caused by a false recommendation? Is professional liability insurance liable if a company does not follow the official recommendations of a government authority?
Finally - rarely enough - common sense has prevailed, at least for a short time ;-)
The whole message is available at heise security news (machine translated from German).