This is not universally true. If Google decides that your account looks suspicious, either at creation or a later date, you are unable to access it until you provide a phone number.
You also used to be unable to set up a U2F/FIDO 2FA without first setting up SMS 2FA (but you could delete the phone number from the account later). Not sure if that's still the case.
You also used to be unable to set up a U2F/FIDO 2FA without first setting up SMS 2FA (but you could delete the phone number from the account later). Not sure if that's still the case.