Even so, it doesn't matter unless the CEO ever sets foot in the EU, I suppose.

(Do you regularly check to make sure you're obeying laws in countries you don't ever intend to visit? No? Then why should Kagi?)

This should matter if Kagi ever intends to do business in the EU.

I suppose a serious breach of regulations, and if Kagi decided to ignore fines, apart from a bad reputation, could ultimately lead to things like judicial decisions of blocking access to the website or blocking payments for EU customers.

I think this is an interesting topic.

The scope of GDPR is clearly including businesses operating from the US, but has any company registered only in the US ever been fined by EU?