Is it LGPD (Brazilian data protection), POPIA (South Africa), FADP (Switzerland) compliant? I don't see VCDPA (Virgina) either.

It is easy to jump on defence of the platform one uses using a satirical non-take, but that leaves out details such as percentage of people under GDPR using HN compared to the other laws you mentioned, additionally basic compliance with GDPR, for the most part covers other data protection laws.

If YC isn't located in the EU, does it need to be?

That's of course a question for a lawyer if it matters.

I wouldn't be surprised if YC has paid for legal analysis...or at least someone with moderate business experience read the law.

Does HN use cookies with no banner? Then it probably isn't GDPR compliant at all.

Some companies I know that know they aren't compliant actually block users outside via IP addresses to 'comply'.

So this should mean that HN should do the same here.

Session cookies are fine. Related "Dear Paul Graham, there is no cookie banner law" https://news.ycombinator.com/item?id=39742578

explain - what is the issue?