If an organisation requires all binary code on a windows installation to be verified,
they can make it mandatory that only signed dlls or executable are run by Windows.
Thus it is an advantage if all Gpg4win binary code object are signed with Authenticode.
(A workaround maybe Filehash based policies.)
This is related to T2227 where signing of GpgOL was wished for.
Some binary objects are already signed like
C:\Program Files (x86)\GnuPG\bin\zlib1.dll C:\Program Files (x86)\GnuPG\bin\scdaemon.exe
another 125 files in Gpg4win 4.0.0 are not signed, (looked for with Get-AuthenticodeSignature) like
"C:\Program Files (x86)\Gpg4win\bin\md5sum.exe","NotSigned","None",, "C:\Program Files (x86)\Gpg4win\bin\libwinpthread-1.dll","NotSigned","None",,
Would need to be included into the signing process of the packageing,
so it is done each time.
The principal mechanism should be in place (using Windows openssh capabilities), if I've understood @werner correctly.