IMHO it seems like it's there only to enforce that "Core Technology Fee" and even then I don't buy that argument. Malware already slips through Apple's "strict" App Store review process.
Malware also slips through sandboxes and other security measures. That doesn‘t mean they are useless. App review and notarization helps a lot with security. But there will always be errors.
My concern mostly lies with "what will qualify as malware". When we think of malware we think of things the user would consider malware, i.e. the traditional use case of notarization. Is Apple thinking the same or is malware just apps that do things they don't like and haven't been otherwise forced to approve (e.g. like JIT is now allowed for browser engines)? Overall though I'm optimistic on it, just also cautious.
Sure, but if Apple assumes that any non-notarized app is malware, then they're not just preventing malware - they're requiring non-malware to notarize every install. And since this is coupled with a new policy where non-app store installs cost money, this means it will be enforced through the notarization mechanism.
It's not the notarization itself that's an issue, but the fact that it's also the enforcement mechanism for collecting fees per-install. It's basically a mafia protection racket where you need to pay Apple to say you're not malware.
I think in this case some antivirus companies from EU could do notarisation.
Of course, companies that have a good track record and would actually do the proper job. No need to depend on Apple to do it. We do not have a single SSL CA, for example.
