I think you are right that the "dumb pipe" architecture of Nostr probably makes it so that the relays would not count as "data controllers" (which have the largest compliance burden)

I suspect Nostr relays would legally be more like CDNs such as Cloudflare which are "data processors". These are still subject to regulations, but with fewer obligations than data controllers