These are ccTLDs, though, ICANN is out of the picture there, they have no authority after delegation. It's the fault of DENIC, the German ccTLD local operator. DENIC is a German entity, they are very much within reach of regulators.
(That's also the reason why foreign ccTLDs of, eh, semi-stable countries, e.g. .so domains, are risky - should the local operator start to lose it at some point, no-one can help you, neither ICANN nor IANA)
The domain registry isn't even relevant here - the authorities can go directly after Liferando - who are doing business in Germany - no matter what TLD or other medium they use for their fraud.
Judging from their handling of the American-dominated search, email and cloud shenanigans to the EU's detriment already, the EU probably can't even conceive that the infrastructure giants like PCH even need to be threatened yet. They are very slow on the uptake.
The lack of competence is downstream of a lack of vision. Fix it and the competence will come. Don't fix it and every attempt to imbue competence will fail.
(That's also the reason why foreign ccTLDs of, eh, semi-stable countries, e.g. .so domains, are risky - should the local operator start to lose it at some point, no-one can help you, neither ICANN nor IANA)