GrapheneOS can choose to simply not apply the same restrictions but now that they're partnering with another vendor to get security updates earlier, I'm not sure what the future holds in this aspect.

This is only an issue for Google compliant Android so projects like LineageOS will be fine. Depending on their implementation, this may even just be restricted to AOSP with Samsung and others just ignoring the extra restrictions.

But, if they make compliance a requirement for being part of their parent programme, GrapheneOS will be in a tough spot.