The reason I'm asking because I've seen many tutorials use vlans for virtual aps to do this which in failing to understand the reason behind!
If you only have single AP (hAP ac2 in your case), then it's not necessary to fuss with VLANs. You probably even don't need separate bridges for VAPs, you could set IP stuff directly on wlan3 (or whatever VAPs name) interface.
Things change if there are more than one AP and one wants to create a seamless wireless network for certain use case (e.g. IoT ... all collaborating VAPs would have identical wireless security settings and same SSID, which is very easy to configure using capsman). Then one would use VLANs to separate traffic from different VAPs on the same physical AP, but would use same VLAN IDs on all APs ... e.g. linking all APs offering IoT WLAN to make one continous wireless coverage area. The needed back-end services (DHCP server, IP gateway, ...) is then one for all VAPs which makes easier administration (of e.g. firewall).