If your IP (and possible your browser) looks “suspicious” or has been used by other users before, you need to add additional information for registration on gitlab.com, which includes your mobile phone number and possibly credit card information. Since it is not possible to contribute or even report issues on open source projects without doing so, I do not think any open source project should use this service until they change that.
Screenshot: https://i.ibb.co/XsfcfHf/gitlab.png
TF2. Even in official competetive mm with phone verification and spending money there are lots of bots.
Is it even legal?
There is no one solution that handles everything (or else everyone would just do that). It is always about a mixture of multiple methods.
This is the internet. Someone will always claim it is illegal in “Europe”. Nobody will care enough to verify one way or the other. And, regardless of whether it is or is not, companies don’t care because most of those regulations are very toothless either due to bureaucratic inertia or just not giving a fuck.
The fact of the matter is that this is a very common model used by a range of services and it is not going to get challenged any time soon.
Can’t say about entire Europe, especially about Kazahstan which has small part sticking out in Europe, but I’m pretry sure EU is not toothless.