Azure Policy for tag creation when a Resource Group is created is not working

I have created below Azure Policy with "modify" effect and "addorreplace" operation.

I am creating resource group, Policy definition, Policy assignment and role assignment via terraform. I want TAGs to be applied as soon as resource group is created and policy is applied ( so basically resource group will be created with the TAGs as Policy assignment is resource group level).

Below is the policy definition:

{
  "properties": {
    "displayName": "Subscription Tags",
    "policyType": "Custom",
    "mode": "All",
    "description": "",
    "metadata": {
      "category": "General",
      "createdBy": "a8cf4bcb-fa6d-4ace-ae63-fbeee97299d4",
      "createdOn": "2021-08-26T11:27:02.358131Z",
      "updatedBy": null,
      "updatedOn": null
    },
    "parameters": {
      "SubscriptionOwner": {
        "type": "String",
        "metadata": {
          "description": "Subscription Owner",
          "displayName": "Subscription Owner"
        }
      },
      "SubscriptionOwnerTagName": {
        "type": "String",
        "metadata": {
          "description": "Subscription Owner Tag Name",
          "displayName": "Subscription Owner Tag Name"
        }
      },
      "resourceType": {
        "type": "String",
        "metadata": {
          "description": "resourceType",
          "displayName": "Resource Type"
        }
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "equals": "Microsoft.Resources/subscriptions/resourceGroups",
            "field": "type"
          },
          {
            "anyOf": [
              {
                "anyOf": [
                  {
                    "exists": "false",
                    "field": "[concat('tags[', parameters('SubscriptionOwnerTagName'), ']')]"
                  },
                  {
                    "allOf": [
                      {
                        "exists": "true",
                        "field": "[concat('tags[', parameters('SubscriptionOwnerTagName'), ']')]"
                      },
                      {
                        "field": "[concat('tags[', parameters('SubscriptionOwnerTagName'), ']')]",
                        "notEquals": "[parameters('SubscriptionOwner')]"
                      }
                    ]
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
        "details": {
          "operations": [
            {
              "field": "[concat('tags[', parameters('SubscriptionOwnerTagName'), ']')]",
              "operation": "addOrReplace",
              "value": "[parameters('SubscriptionOwner')]"
            },
            {
              "field": "[concat('tags[', parameters('resourceType'), ']')]",
              "operation": "addOrReplace",
              "value": "[resourceGroup().id]"
            }
          ],
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ]
        },
        "effect": "modify"
      }
    }
  },
  "id": "/subscriptions/6e268af1-b2a7-44a7-9a1a-9025889dbe5d/providers/Microsoft.Authorization/policyDefinitions/MyCustomPolicy",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "MyCustomPolicy"
}

Problem is, TAGs are not getting created with the resource group and compliance say "non-compliant". I have to create a remediation task and once I run the task, the tags get created.

I am unable to find the cause as document says TAGs should be created once the resource is created. Only existing resources needs remediation task.

Any help.