In compliance with the 1 July deadline, all the Member States as well as other non-EU countries effectively connected with the EU Gateway, thus going live with the EU Digital COVID Certificate.
On 1 July, the proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery to facilitate free movement during the COVID-19 pandemic (defined as Digital Green Certificate at the beginning, now called EU Digital COVID Certificate Regulation - or EUDCC) entered into application throughout the European Union.
Since November 2020, the eHealth Network, an EU voluntary network of national authorities, buckled down to set up the interoperability requirements necessary to the release of COVID vaccine certificates, then published in Volume 1-5 of the Guidelines on Technical Specifications for Digital Green Certificates (Volume 1: formats and trust management, Volume 2: EU Digital COVID Certificate Gateway, Volume 3: Barcode Specifications, Volume 4: EU Digital COVID Certificate Applications and Volume 5: Public Key Certificate Governance), together with the design template for the paper version.
In March, the European Commission proposed the aforementioned Regulation to provide the EU certificate with a legal basis. Even though the Regulation entered into force on 1 July, a date set as a deadline for the Member States to start issuing the certificates, the EU Gateway goes live a month ahead. This Gateway is the interconnection of national systems which the Member States can connect with, and is hosted at the European Commission's data centre in Luxembourg. It was set-up by T-Systems and SAP and it represents a crucial part of the EUDCC, as it is the technical solution for verifying the digital signatures included in all the QR codes created. In fact, whereas the signature keys crucial to the abovementioned verification are nationally stored on servers, they can only be accessed through the EU Gateway.
In order to facilitate the roll-out at national level and ensure standardisation, the European Commission has also developed the open source reference implementations for the software and apps for the issuance, storage and verification of vaccine, test results and recovery certificates, and published them on GitHub.
At the moment, all the Member States have connected with the EU Gateway, including seven non-EU countries such as Iceland, Liechtenstein, Norway, San Marino, Switzerland and Vatican City. The certificate includes personal data including name, date of birth, date of issuance, relevant information about the vaccine, test and/or recovery as well as a QR code to ease border controls. In order to ensure data protection, all the information listed above are not retained by visited countries. In fact, only the Member State that issued the certificate can store the health data, whereas all the other countries can only check the validity and authenticity of the certificate.