I wonder why it took them 3 years to find out, I thought these radiation tests are pretty basic these days due to cancer scares some decade and half (?) ago. I think gsmarena publishes similar values in their summary pages, but maybe its just copy paste from release material.
I guess this is because the agency is underfunded. Their missions are not only to check the radiation on new phones but also to check all 2G/3G/4G/5G in France (about 200k) and investigated in case of radio-frequency problems.
Most EU regulations let manufacturers self certify they are observing them. This should come with heavy testing but sadly this is so irregular you can get away with a lot.
A few years ago a French tech journal caught several huge chinese PSU maker who claimed they had all certification but during actual testing they would catch fire or short under 50% of rated load.
This was explained on French news: those radiation levels can vary with a software update. It's likely they were compliant before and a software update changed that.
Which also means the fix can be a software update. That was (according to the news) the likely way this would be resolved.