Note: This website has limited usability with Internet Explorer. To get the most out of the content on this website, you should be using a current version of the following browsers: Google Chrome, Microsoft Edge, Apple Safari or Mozilla Firefox.

Technical details on the Digital Vaccination Record

Technical details

The system behind the Digital Vaccination Record

The Digital Vaccination Record is an open-source project run by the Robert Koch Institute. 

How does the Digital Vaccination Record work?

  1. 1

    Documenting the Covid-19 vaccination in the Vaccination Certificate Service

    To create an EU Digital COVID Certificate the data for the vaccinated person must be entered on an online form after vaccination. To do this, the medical staff logs into the Vaccination Certificate Service. The EU Digital COVID Certificate can then be handed over to the vaccinated person, in the form of a QR code scanned digitally or printed on paper.

  2. 2

    Presenting an EU Digital COVID Certificate using the CovPass-App

    The vaccinated person scans the QR code on the EU Digital COVID Certificate of vaccination using the CovPass-App. The vaccinated person can use the QR code as digital evidence of their individual Covid-19 status. The QR code is secured cryptographically with a signature.

  3. 3

    Checking a certificate’s status using the CovPassCheck app

    If needed, the CovPassCheck app can be used to scan and verify an EU Digital COVID Certificate for vaccination against Covid-19. Alternatively, it is also possible to present a paper vaccination certificate.

Our principles for data protection and security

  • No centralised data storage

    The data for the vaccination certificates is given an electronic signature on the RKI server. As part of this process, the data is temporarily processed in the RKI server’s random-access memory and then removed from that memory. It is not stored permanently.

  • Data minimisation

    The QR code only contains a minimum amount of data, in accordance with EU specifications. Only the certificate status, surname, first name and date of birth are displayed when a QR code is checked. This data is not stored in the checker app. 

  • Secure and trustworthy

    The EU Digital COVID Certificates contain a cryptographic signature that protects them against manipulation and forgery.

  • Secure communication channels

    All forms of communication are encrypted based on common standards.

  • BSI-certified compliance

    The Digital Vaccination Record meets the requirements of Germany’s Federal Office for Information Security (BSI) and has been tested extensively.

After Corona vaccination - these are the next steps

After the Corona vaccination, the citizen receives the EU digital COVID vaccination certificate with a QR code and additionally an entry in the yellow vaccination booklet. The EU digital COVID vaccination certificate can also be issued subsequently at the pharmacy or by the local health office upon presentation of the yellow vaccination booklet. The citizen scans the QR code with the CovPass app and adds the EU digital COVID vaccination certificate in the CovPass app. For example, the QR code can be scanned and checked by the CovPassCheck app when entering events, hotels or restaurants. In addition, an identification document must be presented when the certificate is checked.

    How to check the digital COVID certificate with the CovPassCheck app

    In some situations, vaccination protection can be proven, e.g. when entering events, using certain services or entering another country. To do this, the citizen must show the digital COVID certificate in the CovPass app or on paper. In addition, an identification document must be kept ready. The checking person matches the name on the certificate with the name on the ID document and scans the QR code with the CovPassCheck app. The CovPassCheck app then displays either "Certificate valid" or "Certificate invalid".

      Join and participate in this open-source project

      If you would like to take part in the project, you can switch to GitHub and get started straight away.

      Browser window with GitHub’s black wordmark and logo.

      Do you have questions?

      • What data is collected and processed?

        No data is stored centrally concerning the Digital Vaccination Record.
        To create the EU Digital COVID Certificate in the vaccination centres, doctors’ practices and pharmacies, the minimum required data is collected and encoded, such as the certificate holder’s full name and date of birth, the vaccine, date of vaccination and vaccine dose. Additional information such as the disease targeted, product, manufacturer, country, overall number of doses and issuer of the technical certificate are automatically added by the vaccination certificate service. The data is then deleted immediately.

      • How is the structure of the QR code defined?

        The QR code is a CBOR web token containing the certificate with personal information, such as name and date of birth, and vaccination information. The exact structure is defined by a guideline of the EU eHealth Group.

      • Who signs the data?

        The data is digitally signed on behalf of the Robert Koch Institute in an especially secure system from UBIRCH. Only authorised persons and data collection systems have access to it. UBIRCH does not store any personal data.