When did any EU representative ever lie about this? It has been very clear from the beginning that every member state would make their own apps.

I don't really see what internal German politics and lobbying has to do with anything.

As for the "Google" part, that's up to the member states to decide. In essence, the law states that apps should be secure and untampered. It doesn't specify any remote attestation partner, nor even the strict need for remote attestation although it's hard to accomplish any kind of phone-based authentication security without it. Android's native attestation solution also exists and works for phones sold without Google services, though it's an absolute pain to work with.

Sailfish, pmOS, or any other mobile OS could implement the security requirements if they ever get enough serious popularity to convince governments to make apps for them.