That seems difficult to arrange. Is this also possible on websites whose owner is not established in the EU?
Incidentally, such a measure would work for the reuse of passwords: a cracked password is no longer sufficient for another website. So there is a bit of risk reduction. However, 2FA is (unfortunately) not a holy grail. In the event of a data breach, I would be worried about targeted phishing actions, because the attacker knows exactly how to address you (with information that normally cannot or cannot simply be found on the internet, such as: name and address, bank account number, social security number, special personal data) .
With a personalized e-mail, a well-stolen login screen (if you are handy with Kali Linux and the many tools that does not have to be very difficult) and with a bit of luck an attacker will have stolen your password and extra token. Unfortunately, my email addresses are also in data leaks, so the number of phishing emails has also increased significantly. Well, with targeted phishing emails I can imagine that there are people who fall for it.
–