failure to comply could result in fines of up to 10% of global revenue or courts blocking services
So most federated platforms should be fine, as they don't have any revenue(usually) and blocking is hard because DNS is easy to bypass and there just are so many instances already.
But it's based on a browser that's not made to be secure, but instead to have the most features and comply to all these standards. So removing them will make it a bit more secure, but it will never be good. The best browsers are the ones that aren't made to support javascript and all these other standards. A private browser would be something like w3m or links. Ideally, it wouldn't be HTML but gemini's gemtext or just markdown.