Chinese company storing user data in China is non-news unless I'm missing something.
I suppose them "previously suggesting it was all on servers within America" and now admitting that that was false begs the question what else have they lied about?
The EU does have a law about it in GDPR (General Data Protection Regulations). The US doesn't currently have any laws against it, but the US is going after China specifically.
The US has made executive orders against software on edge routers, but nothing enforceable about end user data. There was an agreement Oracle would host TikTok's American data to appease the US