Most of these features can be employed on the website side perfectly fine.
Tools like https://obfusgated.com/tools/vpn-detection-test will use very basic timing tricks to detect VPNs, for instance. Not very reliable, but if you add data points about things like MTU size and WebRTC, and cross-reference that with GeoIP location, you could detect most VPNs. Not without rejecting a small amount of edge cases (Firefox users with JS disabled, weird browsers, and so on), but that's worth the risk if you're held liable for damages if you don't do it.
In practice, nobody really cares. Even Netflix and Disney apply "good enough" VPN detection, mostly by going by IP address, because they don't really care about whether you're using a VPN or not, they just want to make sure they and their shareholders don't allow too much piracy.
With this law, there are significant financial risks, not in an effort to combat a handful of pirates, but because of a "save the children" legal risk. That changes things for website owners.
The test I linked is just an example of the technology (it's designed for proxies rather than VPNs, as it just uses websockets vs TCP timing).
Tests like http://witch.valdikss.org.ru/ are a bit better, although that particular one has been around for a while and is probably outdated (it flags the WireGuard VPN to my home IP as being OpenVPN, for instance).
I don't have Apple Premium so I can't test private relays, but the technology for detecting VPNs is quite sound. It's just not used very often, because there's no real incentive to detect use cases like "people VPN'ing into their home IP". The only exception I've found is maximum-security Cloudflare-protected websites, they seem to run an extra layer of CAPTCHAs when my VPN is on, but those websites are exceedingly rare and probably have some non-determinism in their CAPTCHA ruleset.
Tools like https://obfusgated.com/tools/vpn-detection-test will use very basic timing tricks to detect VPNs, for instance. Not very reliable, but if you add data points about things like MTU size and WebRTC, and cross-reference that with GeoIP location, you could detect most VPNs. Not without rejecting a small amount of edge cases (Firefox users with JS disabled, weird browsers, and so on), but that's worth the risk if you're held liable for damages if you don't do it.
In practice, nobody really cares. Even Netflix and Disney apply "good enough" VPN detection, mostly by going by IP address, because they don't really care about whether you're using a VPN or not, they just want to make sure they and their shareholders don't allow too much piracy.
With this law, there are significant financial risks, not in an effort to combat a handful of pirates, but because of a "save the children" legal risk. That changes things for website owners.