Afghanistan can do that. You’re protected by Afghanistan’s lack of any realistic ability to enforce laws far outside its borders, not by some general principle of international law saying that countries can’t make laws about websites.
The great-grandparent of my comment was arguing that it’s absurd to suppose that the UK has grounds to go after a company on the basis that the company did business with its citizens on servers located outside of the UK. The UK is effectively making a claim of international jurisdiction on all transactions made by its citizens. The EU does this too with GDPR, the difference (as you noted) is that the EU has enforcement capabilities whereas the UK (like Afghanistan) doesn’t.
The UK is an intermediate case. It’s got more pull than Afghanistan and less than the EU. If Imgur still has assets in the UK (e.g. bank accounts) then the UK government can potentially take at least some action.
