I once had x509 email cert and I am yet to find a bank/government office/company/another software developer that could use it. PGP is even worse, software support is non-existant, etc.
Most Government departments can support receiving and validating such certs now because they are using Exchange/Outlook, even if they don't know it. The funny part is when they modify emails with "THIS IS AN EXTERNAL SENDER", breaking the cert, and users just click through because the are used to it.
Some open source projects that communicate primarily via email do make use of PGP signatures. Sourcehut has guidelines around how to use them on their lists and the aerc email client supports sending them and has a keyring for validation.
