Welcome @jayjacobs to this discourse forum. Thank you for the feedback.
The format is not arbitrary. It is based on CSIRT use cases and on the data that is actually shared as an observation point for real-world exploitation.
As a result, most fields are optional: in the standard, a timestamp and a vulnerability identifier are technically sufficient.
So why include additional fields? The goal is not to duplicate existing vulnerability data, but to capture what is observed in the wild and to relate it to what is already known about a vulnerability. In some cases, exploitation is observed before the vulnerability itself has been formally published. Another important aspect is the ability to combine/review observations and disclosures originating from the same source.
Ultimately, the goal is to provide and facilitate the exchange of KEV information from multiple sources and to enable correlation and aggregation of those results.
The BCP is still in draft, and clarifications and updates can be made based on your feedback.