In XML, it is needed because XML supports data coming in with legacy character sets;
Not at all. Conversion from legacy charsets to Unicode ones already produces NFC normalization (except in a few rare cases like XCCS), because those charsets don't have combining characters, nor both Hangul jamo and Hangul syllables. It's data in Unicode charsets that may or may not be normalized.
Normalization had to be the responsibility of the receiver system because it could not be the responsibility of the generating system.
Well, it was originally the *creating* system that is supposed to NFC-normalize, and neither the receiving system nor a retransmitting system. But that has never applied to XML or HTML, and as a systems property is too hard to manage. So you should normalize just in case you need to compare: it's not normalization but equality under normalization that really matters.
