Comment by friendzis

Responsibility and controls. If the host/dc assigns a dedicated addresses the contract can be essentially "the customer assumes all liability behind traffic". With NAT/LB you need at the very least quite robust, evidence-grade monitoring mechanisms tagging all traffic and keeping historical data. In practice, some for of active abuse prevention is required, otherwise huge chunk of your address space is going to effectively linger in blacklist limbo.

That is, if being unreachable below "presentation layer" is acceptable in the first place, but I guess the question kind of presupposes this.