Yes, that’s the same thing. Removing it from one place, and just adding it to another.

Adding it where?

but maybe I’m missing something.

Yes, FTA:

May 13, 2026: the tlsclient ACME profile will no longer be available and no further certificates with the Client Authentication EKU will be issued.
…
Once this is completed, Let’s Encrypt will switch to issuing with new intermediate Certificate Authorities which also do not contain the TLS Client Authentication EKU.
…
After this change is complete, only TLS Server Authentication will be available from Let’s Encrypt.

What is the public key infrastructure for obtaining client authentication certificates that have a path of trust back to a root CA? You said separate PKI for every use case, so what is the intended PKI for this use case, if not CAs like LetsEncrypt?

This honestly is basic security in a number of ways. Separate PKI for every use-case is the standard.

So what is the PKI for client certificate authentication?