How does nix avoid code signing on macOS?

Possibly a naive question but I don’t know where else to start looking, so:

macOS by default prevents running binaries downloaded from the internet unless they were signed from a known authority. How is nix able to provide binaries that don’t trigger Gatekeeper warnings?