How is this going to be enforced if you are just downloading apks? It states they will enforce verification across sources outside of the play store. This doesn’t sound possible unless they just make stock android unable to side load

apks will have to be cryptographically signed through Google’s developer console, and this signature will be checked by the operating system at install time regardless of where you got the apk from. It’s like how windows has signed applications for smartscreen, except in this case all applications must be signed through Google, and in order to sign it, you have to let Google know where you live, and unsigned applications will simply be denied instead of just being presented with a warning.