Yes, you are encouraged to but not required to have git tags and GitHub releases that match registered versions. Currently, I believe Registrator comments on your repo with instructions on how to do the tagging. It previously did the tagging for you but some people didn’t like the fact that this meant that Registrator needed write access to your repo.
We may introduce a dedicated “TagBot” in the future that can be activated independently of Registrator that just creates tags for registered versions. That way people who don’t want to give write access don’t have to. It also reduces the attack surface by separation of duties: the tag bot, which needs write permission should be as simple and hard to screw up as possible, while the registration bot, which is much more complex, only has read permissions to it can’t do much harm.