In the EU, this will be the case from next year on (2025-06-20). No monthly security patch frequency requirement, but instead "security updates [...] need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system" [1].
Complying with this new regulation and bumping the Linux kernel version during the device life cycle was also a topic at this year's Linux Plumbers Android MC. [2][3]. This is necessary because the Linux LTS support timeframe is shorter than the by law mandated minimum support period of 5 years.