It needs to be kernel level (on any OS with remotely modern security design) because a userspace application (quite rightly) would not have the ability to monitor all hardware at a low level and probe semi-arbitrary memory locations. It's the same reason enterprise security software often has a kernel module of some kind.

That's the level that is necessary to protect the integrity of top flight eSports. It's worth highlighting the anti-cheat bundled with retail games it's often a less severe version of what I'm talking about, the competitions where you can ultimately win money almost always use an additional heavier invasive anticheat than is typical for a casual player.

The companies proving those third party anticheat systems would risk losing their business and reputation if a cheater was able to evade it in any competition scenario. The reason you see cheaters in public servers, is regular users (also quite rightly) wouldn't put up with the super invasive versions of these systems that provide the strongest guarantee, so you're seeing the effects of that compromise.