If you run a social media platform that hosts American users they actually might.

Same as the bar for whether GDPR applies to you isn't whether your server is physically in the EU, it's whether you're processing data from EU users. Or, in fact, how you're supposed to get explicit permission from EU users to host their data anywhere outside the EU in the first place.

Now, I'm not a lawyer in Mississippi, so I'm not gonna give you legal advice, but I would definitely look into it if I'm setting up a public instance. The same way I'd be looking into what compliance things I need to do to host people's data. It's one thing to set up for friends and family, but if you're hosting data from outsiders you probably need to understand what you're doing.

I've also not looked into what happens if you are sharing data with a noncompliant server in a restricted territory (so someone is self hosting in Mississippi and then federating with your server elsewhere). I don't think the legislators who wrote this dumb rule know, either. They clearly haven't thought that far ahead. Common sense dictates that the outside server would be fine and it'd be the local server's problem to be compliant. I presume that's what Bluesky is counting on (i.e. that someone will set up a local instance and act as an ingest bridge for them without it having to be them). Then again, you have British legislators now claiming that all VPNs need to have age controls, so I am not taking common sense for granted when it comes to these things.f