It is the latter. The app has to be signed, and the signer has to register "real" identity with Google. Approval of the app itself is not a part of the process.

Yes, sideloading will still be viable from known developers.

Probably malware developers will still be free from prosecution -- what moron is going to distribute malware with their own identity attached to it? But it means when the malware gets caught (which it does) you can't just roll a new APK with a different signature. You've burned a developer identity and need a new one. Those are harder to come by, and so it rate-limits malware distribution.

Approval is tied to individual apps. From https://developer.android.com/developer-verification:

> You'll need to prove you own your apps by providing your app package name and app signing keys

Needless to say, Google will throw out NewPipe, ad-blockers and anything else that might endanger their profits. For example, Google does not allow F-Droid to be published in Google Play (distributing competing app stores is against their ToS). This policy was in action as long as Google Play/Android Market existed.

> The latter means side loading is still viable for apps from known developers. This way anyone who is known who may create malware and will not be free from prosecution

Important corrections:

This way anyone who is known to create malware or any software which interferes with Google's current or potential future revenue, strategic interests, and unpredictable whims will not be free from prosecution in the case of distributing malware, nor from digital exile and unpersoning in the case of causing inconvenience to Google.