It would be foolish to ignore the risk, however, especially if you work on something potentially controversial, such as encryption, privacy tools, or any software that may have uses that the EU frowns upon. I strongly suspect that this will eventually be used as a cudgel against disfavored projects/devs to compel project changes or even kill the project outright (or force it to move overseas).

If you’re a FOSS dev in the EU who works on something controversial, and you accept donations, it would be better to outsource the project “ownership” to someone unnamed or outside of EU jurisdiction.