For an introduction to our Global COVID Certificate Series, please see this introductory post.
The EU Digital COVID Certificate (EU DCC), originally called the Digital Green Certificate, was created by the European Union to facilitate free movement inside the EU during the pandemic. On July 1, 2021, the EU DCC Regulation took effect so all EU citizens and residents were able to receive and use their DCCs across the EU.
The EU DCC was designed to be issued and shared in either digital form or paper format via a QR Code. There are three types of acceptable certificates:
- Vaccination certificates: has been vaccinated against COVID-19, or
- Test certificates: received a negative test result, or
- Recovery certificates: has recovered from COVID-19.
The EU DCC is a PKI-based certificate system. It includes multiple components – a basic set of values, technical specifications for certificates, the EU Gateway and associate governance, EU policies and regulations, and member states’ implementations and associate policies. Together, they constitute a well-functioning trust ecosystem, in which the EU Gateway plays the fundamental role of trust building. Member states manage their own lists of approved and trusted issuers but register their public keys to the Gateway and look up public keys of others to verify (crypto material, references to trusted parties, etc.) and validate (rules/patterns to differentiate valid and invalid certificates) information.
The EU DCC was designed and developed by the European Commission and experts from the Member States, who formed the EU eHealth Network. The entire architecture is inspired by the European Federation Gateway Service (EFGS), which is used to share GAEN diagnosis keys around the member states. For the purpose of exchanging necessary information to conduct verification and validation, they introduced a standardized signed CBOR data structure which is represented in a 2D Code. The EU-DCC is designed to be accessible to the entire population. A lot of effort went into optimizing and testing the size of the QR code, such that it will scan reliably on low end telephones and when printed on poor quality paper.
Following the successful launch of the EU DCC across EU Member States, many countries outside the EU started to look into the EU DCC and wanted to follow along. In response, the EU also released an evaluation checklist, technical procedure document and an application form for third-party countries to participate in the EU DCC ecosystem.
|Countries/Jurisdictions||EU Countries (27): Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands (including overseas territories: Aruba, Curacao, and Sint Maarten), Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden|
Non-EU Countries in the Gateway (16): Albania, Andorra, Switzerland, Faroe Islands, Israel, Iceland, Liechtenstein, Morocco, Monaco, North Macedonia, Norway, Panama, San Marino, Turkey, Ukraine, The Vatican
Non-EU Countries in the pipeline (20+) : These countries are technically compatible with the EU DCC but are not connected to the Gateway yet.
|Open Source Repo||EU-funded implementation: https://github.com/eu-digital-green-certificates|
|Implementation Guide||Work in progress. |
The DCC developer community is collaborating via LFPH Slack channels #eu-digital-green-certificates-dev and #eu-digital-green-certificates-schema and providing implementation help to jurisdictions implementing DCC
|Governance Framework||Trust Framework:https://ec.europa.eu/health/sites/default/files/ehealth/docs/trust-framework_interoperability_certificates_en.pdf|
|Trust Registry||Not public (EU)|
Mirrors by some member states:
|Example QR Code|
|Others||The Dutch community effort initiated by Henri ter Hofte (@Healthry)|
European DCC QR-code scanner apps