It’s very possible that an EU instance that comes under regulatory scrutiny for whatever reason will have to start requiring Data Processing Agreements (DPAs) from every instance it federates with.
Ultimately that would likely result in a few paid, professionally run instances, which only federate with each other and maybe a few similar instances in other regions with the capacity to provide DPAs.
And next to that, a forest of independent, non-conforming instances flying under the regulatory radar; an entirely separate fediverse from the centralized one where instances disappearing is a regular occurence.
I wouldn’t assume the EU would necessarily be interested in protecting the Fediverse. Legislation like the GDPR is very much oriented towards working with corporate entities and the open Fediverse model is generally at odds with the right to be forgotten (since it’s effectively impossible to ensure all copies of a user’s data are deleted - I don’t even think it’s possible to determine which nodes may have a copy of a year old post).