As stated in the official documentation:
Egress represents data sent from Cloud Storage in HTTP responses. Data or metadata read from a Cloud Storage bucket is an example of egress.
Network usage charges apply for egress and are divided into the following cases:
Network egress within Google Cloud, when egress is to other Cloud Storage buckets or to Google Cloud services.
Specialty network services, when egress uses certain Google Cloud network products.
General network usage, when egress is out of Google Cloud or between continents.
As said in this Stack Overflow answer, you could activate Cloud Storage Data Access Logs for investigation purposes. It's deactivated by default because the volume of logs can be huge.
Important: Data Access audit logs volume can be large. Enabling Data Access logs might result in your Cloud project being charged for the additional logs usage. For pricing information, see Google Cloud's operations suite pricing: Cloud Logging.
For further assistance, I suggest contacting cloud support by clicking the link at the Google Cloud support page.
As shown on this Stack Overflow answer, from another user having unexpected GCP Storage egress between NA and EU:
“My theory is that this is due to container images being downloaded from gcr.io (NOT eu.gcr.io) as part of the process of deploying an App Engine version (It says here that gcr.io is currently in the US). I find some evidence of this in the Cloud Build history: there, I see e.g. Pulling image: gcr.io/gae-runtimes/crane:current.”
This theory could explain what is happening.
Also, as you have activated Google Cloud Storage Access & Storage logs, you can analyze them by importing into Big Query as shown here.
However, I strongly recommend you to contact the Cloud Support team by clicking the link, to have a detailed investigation of your particular case.