The European Commission has entrusted SAP and T-Systems with development of the technical infrastructure for the Digital COVID Certificate. The introduction of the certificate represents an important step toward normalizing freedom of movement in the eurozone.
Europe-Wide Standard to Make Travel Safer
To help ensure that vaccine certificates cannot be falsified, SAP and T-Systems have developed a digital gateway. Public keys are exchanged between national computer systems via the gateway hosted by the EU Commission in Luxemburg and are compared each time the certificate is checked.
After less than two months development time, the technical infrastructure for the digital certificate went into operation July 1, 2021. The system demonstrates how technology can contribute toward bringing back more normality in daily life by enabling member countries to reintroduce freedom of movement in a way that is safe, responsible, and trustworthy.
In addition to the gateway, SAP and T-Systems also developed reference software and apps that have been provided to member nations by the European Commission. These components are available as open-source software on GitHub and the source code is accessible and transparent for everyone. This enables the public and experts to view the app code, check how it functions, and make suggestions for improvements that contribute actively to its evolution and success.
How the EU Digital COVID Certificate Works
The EU Digital COVID Certificate allows travelers to prove with a QR code that they have either been vaccinated, have tested negative, or are fully recovered from the coronavirus. The QR code can either be stored on smartphones or printed out on paper and is accepted in all countries belonging to the European Union. The certificate is also valid in Norway, Iceland, and Lichtenstein, and soon in Switzerland. The certificate is not a replacement, however, for passports or national identity cards.
By using a corresponding test app and reader, airports, public authorities, hotels, and event organizers can check the status of a person quickly and simply by scanning the QR code. Authorities can quickly verify whether a vaccine certificate is authentic and valid.
Data Protection and Data Security
In the EU, the General Data Protection Regulation (GDPR) ensures data protection and data security and was given the highest priority during development.
Decentralized data storage prevents misuse of the data. For example, encrypted data are never combined on a central server and are stored locally in the form of a generated QR code in a wallet app on a smartphone or printed on paper. No personal data are exchanged or stored when reading a QR code. This has the added advantage of enabling validation without an internet connection.
In accordance with GDPR, the minimum amount of data is collected. Only information such as name, date of birth, and date of issue are used, as well as the type of vaccine and vaccination dates. To verify the validity of the COVID Certificate, the digital gateway checks only the authenticity of the national signatures without transferring any data.
Three Questions with Johannes Bahrke, Coordinating Spokesperson for Digital Economy, Research, and Innovation at EU Commission
Q: The EU Digital COVID Certificate was developed and introduced in a very short period of time. What were key factors to achieve this?
A: The key success factor for the EU Digital COVID Certificate lies in the commitment of and excellent cooperation among all players. It was clear from the start that if we want to have the EU certificate in place by the summer, we have to act fast. First discussions among officials from EU countries date back to November, even before vaccinations began. In March, the Commission presented its legal proposal to make the certificate a right for all Europeans, because free movement is a fundamental achievement of the EU.
The European Parliament and Member States have adopted the legal text in record time and, in parallel, the technical work started: on the gateway, on reference apps, and on technical specifications. Here it certainly helped that colleagues SAP and T-Systems, from the Commission, and national ministries, could build on their joint experience from setting up the gateway for tracing apps. And yet in parallel, EU countries rolled out their own national systems and apps for the certificate. One month ahead of the legal deadline, the gateway went live. Twenty-one countries anticipated the date of July 1 and generated more than 200 million EU certificates ahead of deadline – truly remarkable!
After all, the EU certificate is more than just putting a QR code on people’s phones: it is a bit like the euro, a tangible result of Europe in people’s pockets; it is about regaining freedom, staying safe, digital leadership, and demonstrating EU added value.
What is the role of digital technologies to managing future pandemics?
Digital technologies played a fundamental role in this pandemic. Of course, technology is key for learning, working, staying in touch. Therefore it is key that our connections are stable and secure. More people went shopping online, so it’s important that they are protected against scams and illegal content. But the pandemic also showed how digital technologies can provide new features with concrete added-value for citizens; whether it’s tracing apps, connected through a gateway across the EU, or the EU Digital COVID Certificate that provides Europeans with an easy and secure proof of their COVID health status while respecting key EU values such as privacy and inclusiveness.
Authorities could model the spread and the impact of measures through aggregated and anonymized mobile telecommunications data. Researchers used supercomputers to compare digital models of the virus’ proteins to match them against a database of existing drugs. Or we could think of disinfection robots of which the Commission is supplying more than 200 to European hospitals.
Finally, for the downside of the acceleration of digitalization during this pandemic, we could think of the fight against disinformation or a surge in cyberattacks – challenges to our societies that require particular attention and robust response.
How has the COVID-19 pandemic influenced the EU’s digitisation strategy?
The European Commission under President Ursula von der Leyen has made the twin green and digital transition a core priority. Think of the regulation of large online platforms, the first-ever regulatory framework for artificial intelligence (AI), an digital identity for all Europeans, a single market for data, and resilience against cyberattacks – all key digital priorities.
But it is true that the pandemic served as a catalyst. It has exposed the importance of digital technologies and skills to work, study, and stay in touch, and has shown where Europe needs to improve. We speak of “Europe’s Digital Decade” to highlight that now is the moment for necessary investments to achieve the digital transition: in infrastructure, in digital skills, in the digital transformation of businesses and public administrations. We have put forward concrete targets that we want to achieve by 2030. And with NextGenerationEU, the EU’s €750 billion recovery program, we also have the financial means. Each EU country needs to invest at least 20% of the recovery funds in digital.
As digital technologies have been critical to maintaining economic and social life throughout the pandemic, they will now be the key factor in a successful transition to a sustainable, post-pandemic economy and society.