The organization uses GPG keys to sign commits. Each employee has his own signature, and the key to verify the signature has been added to the user's github account. If an employee removes his GPG key from the account, all the commits he made earlier will become unverified. The question is - how can an organization ensure that no employee removes the key from their GPG account? Or what should be done so that he could delete it, but the previously made and recognized commits did not lose the verified status? The question is more actual for the case for the organization leaving procedure.
There's no way to prevent a user from adding or removing public keys like this because they control their account. If they remove the keys, then GitHub will no longer list them as verified.
However, the commits that are committed will remain signed and can be verified from the command line using git verify-commit (or, for tags, git verify-tag). If you have a trusted database of keys, you can even use git verify-commit --raw and verify that the key is for the intended user from the GnuPG output.
If you require signed commits via GitHub for your organization, then whether or not they are listed as verified, you will know that they will have been validly signed before being merged into the branch, and therefore the status won't matter so much.