Say you were a county social services department. You wish to use Tailscale to microsegment federal tax data (subject to IRS 1075 safeguards requirements) relating to your child support unit from other traffic (say Medicaid enrollment) which does not have that requirement.
I’m pretty confident that you would draw an audit finding for that reason with a pure tailscale solution. (I also think that’s bullshit.)
1075 does not appear to require that access VPNs use FIPS cryptography. Arguably, it would if you were relying exclusively on WireGuard for data protection, but it's uncommon for people to do that (we're WireGuard true believers and we do in places depend on WireGuard authentication and encryption for our security model, but it's a weird enough thing to do that we notice it when we do it).
At the time we looked at it for a client, in an audit, certain aspects would be at the discretion of the auditor. They are typically pragmatic about this stuff.
That said my original statement was too broad. It’s not an “enterprise” issue, more use case dependent in regulated scenarios.
There are creative ways to get around that, but it makes implementation a complex story and heavy lift.