The one under US jurisdiction operated by Hetzner US LLC must comply, while the German ones are operating under the GDPR, which has extraterritorial clauses can can deny or challenge the request.
The reality is that if you have any interest, company or employees in the US you can be coerced to do anything the US government wants.
Either legally through courts, or through business influence, or through harassment (e.g. hardcore checks from the IRS).
Sorry, Stripe rejects you now because you are high-risk (you have to explain why you refuse to help in criminal cases, though there is a court requesting you).
You don't like to comply to US requests and protect terrorists ?
Any company opting for building digital sovereign systems should build a redundant and decentralized organization so that in worst case the company can split up its operations geographically to avoid being in the crosshairs of any host countries government.
Absolutely, but imagine, Zuckerberg creates a new company:
"Storm" -> "the European end to end encrypted privacy-conscious messenger app"
Now, an US court, requests data from that project to protect an imminent attack where people are going to die.
He refuses, his company refuses, everybody refuses.
Do you think he can evade US justice even if the company is incorporated in the EU ?
Collaborating is the path of least resistance, and as long as you can claim somewhat "we didn't have any choice, we were coerced" then you are fine. This is also why Apple, Google, Meta, NordVPN, etc, are all collaborating with the infamous FBI DITU group.
The one under US jurisdiction operated by Hetzner US LLC must comply, while the German ones are operating under the GDPR, which has extraterritorial clauses can can deny or challenge the request.