It is. But it doesn’t mean users could do it by themselves. If someone isn’t following rules is totally different thing, though.
But. As I said - in theory. EU isn’t after small fishes but big guys. So, lets say an american or asian site never get legal actions from EU even they don’t follow regulations. But again… why someone would be like Facebook or X, just because they like to send some spam?