the guidelines that NIST, Microsoft, GCHQ and a few other institutions now recommend for password security

Because they are morons that don’t understand entropy.
Requiring at least 1 number increases entropy less than simply allowing the use of numbers, and then recommending it.
But most password queries are lousy at describing what’s allowed when creating it, and they generally don’t describe it at all when you enter it for access.
The second part can be crucial for remembering exactly how the password was created, because what is now required, used to often not even be possible to use!