Note: This website has limited usability with Internet Explorer. To get the most out of the content on this website, you should be using a current version of the following browsers: Google Chrome, Microsoft Edge, Apple Safari or Mozilla Firefox.

Technical details

The system behind the Digital Vaccination Record

The Digital Vaccination Record is an open-source project run by the Robert Koch Institute. 

Online form in the web application, with fields for entering data such as the patient’s name and date of birth.

How does the Digital Vaccination Record work?

  1. 1

    Documenting the Covid-19 vaccination or recovery from Covid-19 in the Vaccination Certificate Service

    To create an EU Digital COVID Certificate for vaccination or recovery the data for the vaccinated or recovered person must be entered on an online form after vaccination or recovery. To do this, the medical staff logs into the Vaccination Certificate Service. The EU Digital COVID Certificate can then be handed over to the vaccinated person, in the form of a QR code scanned digitally or printed on paper.

  2. 2

    Presenting an EU Digital COVID Certificate using the CovPass-App

    The vaccinated or recovered person scans the QR code on the EU Digital COVID Certificate of vaccination or recovery using the CovPass-App. The vaccinated or recovered person can use the QR code as digital evidence of their individual Covid-19 status. The QR code is secured cryptographically with a signature.

  3. 3

    Checking a certificate’s status using the CovPassCheck-App

    If needed, the CovPassCheck-App can be used to scan and verify an EU Digital COVID Certificate for vaccination against Covid-19, recovery from Covid-19 or for a negative Covid-19 test. Alternatively, it is also possible to present a paper vaccination certificate.

Our principles for data protection and security

  • No centralised data storage

    The data for the vaccination certificates is given an electronic signature on the RKI server. As part of this process, the data is temporarily processed in the RKI server’s random-access memory and then removed from that memory. It is not stored permanently.

  • Data minimisation

    The QR code only contains a minimum amount of data, in accordance with EU specifications. Only the certificate status, surname, first name and date of birth are displayed when a QR code is checked. This data is not stored in the checker app. 

  • Secure and trustworthy

    The EU Digital COVID Certificates contain a cryptographic signature that protects them against manipulation and forgery.

  • Secure communication channels

    All forms of communication are encrypted based on common standards.

  • BSI-certified compliance

    The Digital Vaccination Record meets the requirements of Germany’s Federal Office for Information Security (BSI) and has been tested extensively.

After Corona vaccination - these are the next steps

After the Corona vaccination, the citizen receives the EU digital COVID vaccination certificate with a QR code and additionally an entry in the yellow vaccination booklet. The EU digital COVID vaccination certificate can also be issued subsequently at the pharmacy or by the local health office upon presentation of the yellow vaccination booklet. The citizen scans the QR code with the CovPass app and adds the EU digital COVID vaccination certificate in the CovPass app. For example, the QR code can be scanned and checked by the CovPassCheck app when entering events, hotels or restaurants. In addition, an identification document must be presented when the certificate is checked.

    After recovery from corona infection - these are the next steps

    After recovery from a Corona infection, the citizen receives the EU digital COVID certificate of recovery at the family doctor's office, pharmacy or local health office. For this purpose, a positive PCR test must be presented, which must not be older than 180 days. The citizen scans the QR code with the CovPass app and adds the EU digital COVID certificate of good health in the CovPass app. For example, the QR code can be scanned and checked by the CovPassCheck app when entering events, hotels or restaurants. In addition, an identification document must be presented when the certificate is checked.

      How to check the COVID digital certificate with the CovPassCheck app

      In some situations, vaccination protection must be proven, e.g. when entering events, using certain services or entering another country. To do this, the citizen must show the digital COVID certificate in the CovPass app or on paper. In addition, an identification document must be kept ready. The checking person matches the name on the certificate with the name on the ID document and scans the QR code with the CovPassCheck app. The CovPassCheck app then displays either "Certificate valid" or "Certificate invalid".

        Join and participate in this open-source project

        If you would like to take part in the project, you can switch to GitHub and get started straight away.

        Browser window with GitHub’s black wordmark and logo.

        Do you have questions?

        • Is the data stored centrally?

          No data is stored centrally for creating the EU Digital COVID Certificate and the Digital Vaccination Record.

        • What data is collected and processed?

          To create the EU Digital COVID Certificate in the vaccination centres, doctors’ practices and pharmacies, the minimum required data is collected and encoded, such as the certificate holder’s full name and date of birth, the vaccine, date of vaccination and vaccine dose. Additional information such as the disease targeted, product, manufacturer, country, overall number of doses and issuer of the technical certificate are automatically added by the vaccination certificate service.

        • How is the structure of the QR code defined?

          The QR code is a CBOR web token containing the certificate with personal information, such as name and date of birth, and vaccination information. The exact structure is defined by a guideline of the EU eHealth Group.

        • Who signs the data?

          The data is digitally signed on behalf of the Robert Koch Institute in an especially secure system from UBIRCH. Only authorised persons and data collection systems have access to it. UBIRCH does not store any personal data.