Literally everything.

The fundamental issue is the EU doesn't like that US intelligence agencies have the ability to subpoena any server associated with US firms or companies that use US firms. However, the vast majority of the entire tech industry touches the US in some way.

Here's a good primer: https://trustarc.com/resource/schrems-ii-decision-changed-pr...

Last year the EU and the Biden administration came to an agreement (the second of these after the last was shot down). The current one may not stand either.

If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation (even if Notion is otherwise GDPR compliant, the US gov can subpoena them and look at their data, meaning they can be declared defacto non-compliant).

This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine.