last paragraph of section 1.2. This is not clear to me the message being sent. I will assert that the FHIR core says nothing like this, indeed the point of FHIR core is that it is policy-less. So I think the intention of this paragraph is to explain that policy and guidance are needed. That conformance claims to the DS4P IG impart some policy and behavior requirements like indicated in this paragraph. That imparting policy is indeed very important. I stress this, which is also stressed in the text you have quoted from the FHIR core security label page.

While stated with respect to FHIR content, this As quoted above from the FHIR Security Label Module caveat that, policies must be implemented,  holds for other labeled content as well: “The intent of a security label is that the recipient of resources or bundles with security tags is obligated to enforce the handling caveats of the tags and carry the security labels forward as appropriate.” And, regardless of the content syntax, “Security Labels enable more data to flow as they enable policy fragments to accompany the resource data.”