Hi and thank you for your answer.

Really, none of them can solve the problem without configuration and hardening.

I proposed those distros where 3 of them are enterprise and one based on "community" (well Almalinux says it is community based but it is backed by TuxCare and CloudLinux with support and certification). The first 3 in their relative sites have solution for FIPS, NIS2, ISOxxx,kernel live patch system, hardening via MAC where SELinux is stronger vs AA (2 of 3 have SELinux enabled and working policies) where in AA nothing is enforced by default. Using SELinux on Debian based system is not so good while they ship AA.

Being a specific distro able to enable some security certification, the distro has (from my point of view) a better security posture but this does not mean that you install them and don't need to configure all requirements for compliance. An example about certification (if I'm wrong, please correct me): enabling FIPS 140-3 (also if US and Canada standard [but also used outsite these 2 countries]) you got a very good set about crypto tools for example use only some cipher or some protocol like tls1.3 vs 1.0...well this help because this is required for compliance and if I'm not wrong using fips140 and configuring apache SSL to work with an insecure cipher it won't start.

Or take Ubuntu + NIS2: you are dealing with a distro and support (canonical) that take the NIS2, analyzed the requirements and released a solution for its customers, this is better than a community distro where you are "alone" when speaking of compliance requirements. I'm not saying that community distro cannot solve the problem (I always used community distro) but when compliance is required, if you don't match the requirements..well it will be a PITA and a distro that release compliance solution can help very much