EU GREEN DIGITAL PASS - EU commission

Holist.eu - 1. slovenski holistični portal

Prva stran > EU GREEN DIGITAL PASS

EUROPEAN COMMISSION

Brussels, 17.3.2021

COM(2021) 130 final

2021/0068(COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery to facilitate free movement during the COVID-19 pandemic (Digital Green Certificate)

(Text with EEA relevance)

EXPLANATORY MEMORANDUM

1.CONTEXT OF THE PROPOSAL

•Reasons for and objectives of the proposal

The right of EU citizens to move and reside freely within the European Union is one of the EU’s most cherished achievements, and an important driver of its economy.

Pursuant to Article 21 of the Treaty on the Functioning of the European Union (TFEU), every EU citizen has the right to move and reside freely within the territory of the Member States, subject to the limitations and conditions laid down in the Treaties and by the measures adopted to give them effect. However, some of the restrictions adopted by the Member States in order to limit the spread of severe acute respiratory syndrome coronavirus 2 (‘SARS-CoV-2’), which causes coronavirus disease 2019 (‘COVID 19’), have had an impact on citizens’ right to free movement. These measures often consisted of restrictions on entry or other specific requirements applicable to cross-border travellers, such as to undergo quarantine or self-isolation or to be tested for SARS-CoV-2 infection prior to and/or after arrival. Particularly affected were persons living in border regions and crossing borders as part of their daily life, be it for work, education, health care, family or other reasons.

To ensure a well-coordinated, predictable and transparent approach to the adoption of restrictions on freedom of movement, the Council adopted, on 13 October 2020, Council Recommendation (EU) 2020/1475 on a coordinated approach to the restriction of free movement in response to the COVID-19 pandemic 1 . The Council Recommendation established a coordinated approach on the following key points: the application of common criteria and thresholds when deciding whether to introduce restrictions to free movement, a mapping of the risk of COVID-19 transmission, published by the European Centre for Disease Prevention and Control (ECDC) 2 , based on an agreed colour code, and a coordinated approach as to the measures, if any, which may appropriately be applied to persons moving between areas, depending on the level of risk of transmission in those areas.

Council Recommendation (EU) 2020/1475 seeks to ensure increased coordination among Member States considering the adoption of measures restricting free movement on grounds of public health in the context of the pandemic. When adopting and applying restrictions to free movement, Member States should respect EU law, in particular the principles of proportionality and non-discrimination. Council Recommendation (EU) 2020/1475 was later amended in view of a very high level of community transmission across the EU, possibly linked to the increased transmissibility of the new SARS-CoV-2 variants of concern 3 .

In line with point 17 of the Council Recommendation (EU) 2020/1475, Member States could require persons travelling from risk areas in another Member State to undergo quarantine/self-isolation and/or to undergo a test for SARS-CoV-2 infection prior to and/or after arrival. Travellers arriving from areas marked in ‘dark red’ should, according to point 17 of the Council Recommendation, be subject to reinforced public health measures.

To show compliance with the different requirements, travellers have been asked to provide various types of documentary evidence, such as medical certificates, test results, or declarations. The absence of standardised and secured formats has resulted in travellers experiencing problems in the acceptance of their documents, as well as reports of fraudulent or forged documents being presented 4 .

These issues, which can lead to unnecessary delays and obstacles, are likely to become even more prominent as more and more Europeans are being tested for and vaccinated against COVID-19 and receive documentary proof to this effect. This has been a growing concern for the European Council. In their statement adopted following the informal video conferences on 25 and 26 February 2021 5 , the members of the European Council called for work to continue on a common approach to vaccination certificates.

There is consensus among Member States on the use of such certificates for medical purposes, such as to ensure proper follow-up between a first and second dose, as well as any necessary subsequent booster. Member States are working on developing vaccination certificates, often using information available in immunisation registries.

The Commission has been working with the Member States in the eHealth Network, a voluntary network connecting national authorities responsible for eHealth, on preparing the interoperability of vaccination certificates. On 27 January 2021, the eHealth Network adopted Guidelines on proof of vaccination for medical purposes, which it updated on 12 March 2021 6 . These guidelines define the central interoperability elements, namely a minimum dataset for vaccination certificates, and a unique identifier. The eHealth Network and the Health Security Committee established by Article 17 of Decision No 1082/2013/EU of the European Parliament and of the Council 7 have also been working on a common standardised set of data for COVID-19 test result certificates 8 , guidelines on recovery certificates and respective datasets, and an outline on the interoperability of health certificates 9 .

Based on the technical work carried out so far, the Commission proposes to establish an EU-wide framework for the issuance, verification and acceptance of vaccination certificates within the EU as part of a “Digital Green Certificate”. At the same time, this framework should also cover other certificates issued during the COVID-19 pandemic, namely documents certifying a negative test result for SARS-CoV-2 infection as well as documents certifying that the person concerned has recovered from a previous infection with SARS-CoV-2. This allows persons who are not vaccinated or who have not yet had the opportunity to be vaccinated to benefit from such an interoperable framework as well, facilitating their free movement. While children, for example, cannot benefit from COVID-19 vaccination for the time being, they should be able to receive a test or recovery certificate, which could also be received by their parents on their behalf.

In addition, it should be clarified that the purpose of the certificates included in the “Digital Green Certificate” is to facilitate the exercise of free movement. The possession of a “Digital Green Certificate”, in particular a vaccination certificate, should not be a pre-condition for the exercise of free movement. Persons who are not vaccinated, for example for medical reasons, because they are not part of the target group for which the vaccine is currently recommended, such as children, or because they have not yet had the opportunity or do not wish to be vaccinated, must be able to continue to exercise their fundamental right of free movement, where necessary subject to limitations such as mandatory testing and quarantine/self-isolation. In particular, this Regulation cannot be interpreted as establishing an obligation or right to be vaccinated.

To ensure interoperability between the different technical solutions being developed by the Member States, some of which have already started accepting proofs of vaccination to exempt travellers from certain restrictions, uniform conditions for the issuance, verification and acceptance of certificates on COVID-19 vaccination, tests and recovery are needed.

The “Digital Green Certificate” framework to be established should lay out the format and content of certificates on COVID-19 vaccination, testing and recovery. The Commission also proposes that the “Digital Green Certificate” framework should ensure that these certificates can be issued in an interoperable format and be reliably verified when presented by the holder in other Member States, thereby facilitating free movement within the EU.

The certificates should contain only such personal data as is necessary. Given that the personal data includes sensitive medical data, a very high level of data protection should be ensured and data minimisation principles should be preserved. In particular, the “Digital Green Certificate” framework should not require the setting up and maintenance of a database at EU level, but should allow for the decentralised verification of digitally signed interoperable certificates.

•Consistency with existing policy provisions in the policy area

The proposal complements and builds upon other policy initiatives adopted in the field of free movement during the COVID-19 pandemic, such as Council Recommendations 2020/1475 and 2021/119. In particular, Council Recommendation 2020/1475 describes the general principles based on which Member States should coordinate their actions when adopting and applying measures in the field of free movement to protect public health in response to the COVID-19 pandemic.

Directive 2004/38/EC of the European Parliament and of the Council 10 sets out the conditions for the exercise of the right of free movement and residence (both temporary and permanent) in the EU for EU citizens and their family members. Directive 2004/38/EC provides that Member States may restrict the freedom of movement and residence of EU citizens and their family members, irrespective of nationality, on grounds of public policy, public security or public health.

Existing EU legislation does not contain provisions on the issuance, verification and acceptance of certificates documenting the holder’s health status, even if the production of such certificates may be necessary to waive certain restrictions on the right to free movement imposed during a pandemic. It is therefore necessary to establish provisions in order to ensure the interoperability and security of such certificates.

•Consistency with other Union policies

This proposal is part of the package of EU measures to respond to the COVID-19 pandemic. It builds, in particular, on previous technical work carried out in the Health Security Committee and the eHealth Network.

This proposal is complemented by proposal COM(2021)/xxx, whose objective it is to ensure that the rules set out in this proposal apply to third-country nationals not covered by this proposal and who are legally staying or residing on the territory of a State to which that proposed Regulation applies and who are entitled to travel to other States in accordance with Union law.

This proposal is without prejudice to the Schengen rules as regards the entry conditions for third country nationals. The proposed Regulation should not be understood as encouraging or facilitating the reintroduction of border controls, which remain a measure of last resort subject to the conditions of the Schengen Borders Code.

This proposal takes into account ongoing efforts at the international level, such as under the auspices of specialized agencies of the United Nations including the World Health Organization (‘WHO’), on the basis of the International Health Regulations, to establish specifications and guidance for using digital technologies for documenting vaccination status. Third countries should be encouraged to recognise the “Digital Green Certificate” when waiving restrictions on non-essential travel.

This proposal also fully respects Member States’ competences in the definition of their health policy (Article 168 TFEU).

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

•Legal basis

Article 21(1) TFEU confers on EU citizens the right to move and reside freely within the territory of the Member States. Article 21(2) provides for the possibility for the EU to act and to adopt provisions with a view to facilitating the right to move and reside freely within the territory of the Member States if action to attain this objective is necessary to facilitate the exercise of this right. The ordinary legislative procedure applies.

The proposal aims to facilitate the exercise of the right to free movement within the EU during the COVID-19 pandemic by establishing a common framework for the issuance, verification and acceptance of interoperable certificates on COVID-19 vaccination, testing and recovery. This should allow EU citizens and their family members exercising their right to free movement to demonstrate that they fulfil public health requirements imposed, in compliance with EU law, by the Member State of destination. The proposal also aims to ensure that restrictions of free movement currently in place to limit the spread of COVID-19 can be lifted in a coordinated manner as more scientific evidence becomes available.

•Subsidiarity

The objectives of this proposal, namely to facilitate the free movement within the EU during the COVID-19 pandemic by establishing secure and interoperable certificates on the holder’s vaccination, testing and recovery status, cannot be sufficiently achieved by the Member States independently but can rather, by reason of the scale and effects of the action, be better achieved at EU level. Action at EU level is thus necessary.

Absence to act at EU level would likely result in Member States adopting different systems, resulting in citizens exercising their free movement rights experiencing problems in the acceptance of their documents in other Member States. In particular, it is necessary to agree on the technical standards to be used to ensure interoperability, security and verifiability of the certificates being issued.

•Proportionality

EU action can add considerable value in addressing the challenges identified above and is the only way by which a single, streamlined and accepted framework can be achieved and maintained.

The adoption of unilateral or uncoordinated measures regarding COVID-19 certificates on COVID-19 vaccination, testing and recovery is likely to lead to restrictions on free movement that are inconsistent and fragmented, resulting in uncertainty for EU citizens when exercising their EU rights.

The proposal limits the processing of personal data to the minimum necessary, by only including a limited set of personal data on the certificates to be issued, by setting out that the data obtained when verifying the certificates should not be retained, and by establishing a framework that does not require the setting up and maintenance of a central database.

The provisions of the proposed Regulation regarding the issuance of vaccination, test or recovery certificates as well as the trust framework should be suspended once the COVID-19 pandemic has been overcome, since as of that point, there is no justification to requiring citizens to present health documents when exercising their right to free movement. At the same time, their applications should resume if the WHO declares another pandemic due to an outbreak of SARS-CoV-2, a variant thereof, or similar infectious diseases with epidemic potential.

•Choice of the instrument

A Regulation is the sole legal instrument ensuring the direct, immediate and common implementation of EU law in all Member States.

3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

•Stakeholder consultations

The proposal takes into account the discussions held at regular intervals with Member States in different fora.

•Collection and use of expertise

The proposal builds on the technical exchanges taking place within the Health Security Committee and the eHealth Network, the information published by ECDC on the epidemiological situation related to the COVID-19 pandemic, and relevant available scientific evidence.

•Impact assessment

In view of the urgency, the Commission did not carry out an impact assessment.

•Fundamental rights

This proposal positively affects the fundamental right of freedom of movement and residence under Article 45 of the Charter of Fundamental Rights of the European Union (Charter). It does so by providing citizens with interoperable and mutually accepted certificates on COVID-19 vaccination, testing and recovery that they can use when travelling. Where Member States waive certain restrictions on free movement for persons in the possession of proof of vaccination, test or recovery, the certificates established by this proposal will allow citizens to profit from these exemptions. As more scientific data, notably on the effects of vaccination against SARS-CoV-2 infection, becomes available, an interoperable framework of health certificates should allow Member States to lift restrictions in a coordinated manner.

This Regulation should not be understood as facilitating or encouraging the adoption of restrictions to free movement during the pandemic. Rather, it seeks to provide a harmonised framework for the recognition of COVID-19 health certificates in the event that a Member State applies such restrictions. Any limitations to the freedom of movement within the EU justified on grounds of public policy, public security or public health must be necessary, proportionate and based on objective and non-discriminatory criteria. The decision as to whether to introduce restrictions to free movement remains the responsibility of the Member States, which must act in compliance with EU law. Equally, Member States retain the flexibility not to introduce restrictions to free movement.

This proposal implies processing of personal data, including health data. There are potential impacts on individuals’ fundamental rights, namely Article 7 of the Charter on the respect of private life and Article 8 on the right to the protection of personal data. Processing the personal data of individuals, including the collection, access and use of personal data, affects the right to privacy and the right to protection of personal data under the Charter. Interference with these fundamental rights must be justified.

As regards the right to the protection of personal data including data security, Regulation (EU) 2016/679 of the European Parliament and of the Council 11 applies. No derogation from the data protection regime of the EU is envisaged and clear rules, conditions and robust safeguards must be implemented by Member States, in line with the EU data protection rules. The proposed Regulation does not establish a European database on vaccination, testing or recovery from COVID-19. For the purposes of the proposed Regulation, personal data need only to be included in the certificate issued, which should be protected against falsification or tampering.

4.BUDGETARY IMPLICATIONS

The Commission will use funds from the Emergency Support Instrument to initially support most urgent measures under the initiative and will explore, once the legal basis of the Digital Europe Programme enters into force, how some of the expenditure could be carried out under that programme. The initiative could require the use of one, or a combination of, special instruments as defined in Council Regulation (EU, Euratom) 2020/2093 12 . A Legislative Financial Statement is submitted with this proposal.

Given the health emergency, most of the preparatory expenditure will take place under the Emergency Support Instrument before the proposed Regulation enters into force. Any EU-level supporting system will be activated only after the entry into force of the proposed Regulation.

5.OTHER ELEMENTS

•Implementation plans and monitoring, evaluation and reporting arrangements

One year after the WHO has declared the COVID-19 pandemic to have ended, the Commission will prepare a report on the application of this Regulation.

•Detailed explanation of the specific provisions of the proposal

Articles 1 and 2 of the proposal describe the subject matter of the proposed Regulation and establish a number of definitions. The proposed Regulation establishes the Digital Green Certificate, which is a framework for the issuance, verification and acceptance of interoperable health certificates to facilitate free movement during the COVID-19 pandemic.

Article 3 details the three types of certificates included in the Digital Green Certificate framework, namely the vaccination certificate, the test certificate, and the certificate of recovery. It also sets out the general requirements such certificates must meet, such as the inclusions of an interoperable barcode, and provides for the setting up of the necessary technical infrastructure. Certificates issued in accordance with this Regulation by the EEA States Iceland, Liechtenstein and Norway through the integration of this instrument into the EEA framework should be accepted. Certificates issued by Switzerland on the basis of this Regulation to persons benefitting from free movement rights should be accepted following an implementing decision by the Commission if it is satisfied that acceptance happens on a reciprocal basis.

Article 4 establishes the Digital Green Certificate trust framework, which should ensure, where possible, interoperability with technological systems established at international level. It also provides for the acceptance of secure and verifiable certificates issued by third countries to EU citizens and family members according to an international standard that is interoperable with the trust framework established by this Regulation and which contain the necessary personal data, following an implementing decision by the Commission.

Articles 5 to 7 provide further details on the issuance, contents and acceptance of the vaccination certificate, the test certificate, and the certificate of recovery.

Article 8 empowers the Commission to adopt the necessary technical specifications for the trust framework, where needed through an accelerated procedure.

Article 9 contains rules on data protection.

Article 10 establishes a notification procedure that seeks to ensure that other Member States and the Commission are informed of restrictions to the right to free movement made necessary by the pandemic.

Articles 11 and 12 contain rules on the exercise of delegation by the Commission, where needed through an urgency procedure.

Article 13 contains rules on the committee tasked with assisting the Commission in implementing the Regulation.

Article 14 sets out that the Commission should present a report on the application of the Regulation one year after the WHO declares the SARS-CoV-2 pandemic to have ended, outlining, in particular, its impact of free movement and data protection.

Article 15 provides for an expedited entry into force of the Regulation. It also states that Articles 3, 4, 5, 6, 7 and 10 should be suspended by means of a delegated act when the WHO declares that the COVID-19 pandemic has ended. At the same time, their application should be resumed by means of a delegated act if the WHO declares another pandemic due to an outbreak of SARS-CoV-2, a variant thereof, or similar infectious diseases with epidemic potential.

The Annex contains the personal data to be included in the certificates covered by the Regulation.

2021/0068 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 21(2) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1)Every citizen of the Union has the right to move and reside freely within the territory of the Member States, subject to the limitations and conditions laid down in the Treaties and by the measures adopted to give effect to them. Directive 2004/38/EC of the European Parliament and of the Council 13 lays down detailed rules as regards the exercise of that right.

(2)On 30 January 2020, the Director-General of the World Health Organization (‘WHO’) declared a public health emergency of international concern over the global outbreak of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2), which causes coronavirus disease 2019 (COVID 19). On 11 March 2020, the WHO made the assessment that COVID-19 can be characterized as a pandemic.

(3)To limit the spread of the virus, the Member States have adopted various measures, some of which have had an impact on Union citizens’ right to move and reside freely within the territory of the Member States, such as restrictions on entry or requirements for cross-border travellers to undergo quarantine/self-isolation or a test for SARS-CoV-2 infection.

(4)On 13 October 2020, the Council adopted Council Recommendation (EU) 2020/1475 on a coordinated approach to the restriction of free movement in response to the COVID-19 pandemic 14 . That Recommendation establishes a coordinated approach on the following key points: the application of common criteria and thresholds when deciding whether to introduce restrictions to free movement, a mapping of the risk of COVID-19 transmission based on an agreed colour code, and a coordinated approach as to the measures, if any, which may appropriately be applied to persons moving between areas, depending on the level of risk of transmission in those areas. In view of their specific situation, the Recommendation also emphasises that essential travellers, as listed in its point 19, and cross-border commuters, whose lives are particularly affected by such restrictions, in particular those exercising critical functions or essential for critical infrastructure, should in principle be exempted from travel restrictions linked to COVID-19.

(5)Using the criteria and thresholds established in Recommendation (EU) 2020/1475, the European Centre for Disease Prevention and Control (‘ECDC’) has been publishing, once a week, a map of Member States, broken down by regions, in order to support Member States’ decision-making 15 .

(6)As emphasised by Recommendation (EU) 2020/1475, any restrictions to the free movement of persons within the Union put in place to limit the spread of COVID-19 should be based on specific and limited public interest grounds, namely the protection of public health. It is necessary for such limitations to be applied in compliance with the general principles of Union law, in particular proportionality and non‐discrimination. Any measures taken should thus not extend beyond what is strictly necessary to safeguard public health. Furthermore, they should be consistent with measures taken by the Union to ensure seamless free movement of goods and essential services across the Single Market, including those of medical supplies and personnel through the so-called “Green Lane” border crossings referred to in the Commission Communication on the implementation of the Green Lanes under the Guidelines for border management measures to protect health and ensure the availability of goods and essential services 16 .

(7)The free movement of persons who do not pose a risk to public health, for example because they are immune to and cannot transmit SARS-CoV-2, should not be restricted, as such restrictions would not be necessary to achieve the objective pursued.

(8)Many Member States have launched or plan to launch initiatives to issue vaccination certificates. However, for these to be used effectively in a cross-border context when citizens exercise their free movement rights, such certificates need to be fully interoperable, secure and verifiable. A commonly agreed approach is required among Member States on the content, format, principles and technical standards of such certificates.

(9)Unilateral measures in this area have the potential to cause significant disruptions to the exercise of free movement rights, as national authorities and passenger transport services, such as airlines, trains, coaches or ferries, are confronted with a wide array of diverging document formats, not only regarding a person’s vaccination status but also on tests and possible recovery from COVID-19.

(10)To facilitate the exercise of the right to move and reside freely within the territory of the Member States, a common framework for the issuance, verification and acceptance of interoperable certificates on COVID-19 vaccination, testing and recovery, entitled “Digital Green Certificate” should be established.

(11)This Regulation should not be understood as facilitating or encouraging the adoption of restrictions to free movement, or other fundamental rights, in response to the pandemic. In particular, the exemptions to the restriction of free movement in response to the COVID-19 pandemic referred to in Recommendation (EU) 2020/1475 should continue to apply. At the same time, the “Digital Green Certificate” framework will ensure that interoperable certificates are also available to essential travellers.

(12)The foundation of a common approach for the issuance, verification and acceptance of such interoperable certificates hinges upon trust. False COVID-19 certificates may pose a significant risk to public health. Authorities in one Member State need assurance that the information included in a certificate issued in another Member State is trustworthy, that it has not been forged, that it belongs to the person presenting it, and that anyone verifying this information only has access to the minimum amount of information necessary.

(13)The risk posed by false COVID-19 certificates is real. On 1 February 2021, Europol issued an Early Warning Notification on the illicit sales of false negative COVID-19 test certificates 17 . Given the available and easily accessible technological means, such as high-resolution printers and various graphics editor software, fraudsters are able to produce high-quality forged, faked or counterfeit certificates. Cases of illicit sales of fraudulent test certificates have been reported, involving more organised forgery rings and individual opportunistic scammers selling false certificates offline and online.

(14)To ensure interoperability and equal access, Member States should issue the certificates making up the Digital Green Certificate in a digital or paper-based format, or both. This should allow the prospective holder to request and receive a paper copy of the certificate or to store and display the certificate on a mobile device. The certificates should contain an interoperable, digitally readable barcode containing the relevant data relating to the certificates. Member States should guarantee the authenticity, validity and integrity of the certificates by electronic seals or similar means. The information on the certificate should also be included in human-readable format, either printed or displayed as plain text. The layout of the certificates should be easy to understand and ensure simplicity and user-friendliness. To avoid obstacles to free movement, the certificates should be issued free of charge, and citizens should have a right to have them issued. Member States should issue the certificates making up the Digital Green Certificate automatically or upon request, ensuring that they can be obtained easily and providing, where needed, the necessary support to allow for equal access by all citizens.

(15)The security, authenticity, integrity and validity of the certificates making up the Digital Green Certificate and their compliance with Union data protection legislation are key to their acceptance in all Member States. It is therefore necessary to establish a trust framework laying out the rules on and infrastructure for the reliable and secure issuance and verification of certificates. The outline on the interoperability of health certificates 18 adopted, on 12 March 2021, by the eHealth Network set up under Article 14 of Directive 2011/24/EU 19 should form the basis for the trust framework.

(16)Pursuant to this Regulation, the certificates making up the Digital Green Certificate should be issued to beneficiaries as referred to in Article 3 of Directive 2004/38/EC, that is, Union citizens and their family members, whatever their nationality, by the Member State of vaccination or test, or where the recovered person is located. Where relevant or appropriate, the certificates should be issued on behalf of the vaccinated, tested or recovered person, for example on behalf of legally incapacitated persons or to parents on behalf of their children. The certificates should not require legalisation or other similar formalities.

(17)The certificates making up the Digital Green Certificate could also be issued to nationals or residents of Andorra, Monaco, San Marino and the Vatican/Holy See, in particular where they are vaccinated by a Member State.

(18)It is necessary to take into account that the agreements on free movement of persons concluded by the Union and its Member States, of the one part, and certain third countries, of the other part, provide for the possibility to restrict free movement for public health reasons. Where such an agreement does not contain a mechanism of incorporation of European Union acts, certificates issued to beneficiaries of such agreements should be accepted under the conditions laid down in this Regulation. This should be conditional on an implementing act to be adopted by the Commission establishing that such a third country issues certificates in accordance with this Regulation and has provided formal assurances that it would accept certificates issued by the Member States.

(19)Regulation (EU) 2021/XXXX applies to third-country nationals who do not fall within the scope of this Regulation and who reside or stay legally in the territory of a State to which that Regulation applies and who are entitled to travel to other States in accordance with Union law.

(20)The framework to be established for the purpose of this Regulation should seek to ensure coherence with global initiatives, in particular involving the WHO. This should include, where possible, interoperability between technological systems established at global level and the systems established for the purpose of this Regulation to facilitate free movement within the Union, including through the participation in a public key infrastructure or the bilateral exchange of public keys. To facilitate the free movement rights of Union citizens vaccinated by third countries, this Regulation should provide for the acceptance of certificates issued by third countries to Union citizens and their family members where the Commission finds that these certificates are issued according to standards equivalent to those established pursuant to this Regulation.

(21)To facilitate free movement, and to ensure that restrictions of free movement currently in place during the COVID-19 pandemic can be lifted in a coordinated manner based on the latest scientific evidence available, an interoperable vaccination certificate should be established. This vaccination certificate should serve to confirm that the holder has received a COVID-19 vaccine in a Member State. The certificate should contain only the necessary information to clearly identify the holder as well as the COVID-19 vaccine, number, date and place of vaccination. Member States should issue vaccination certificates for persons receiving vaccines that have been granted marketing authorisation pursuant to Regulation (EC) No 726/2004 of the European Parliament and of the Council 20 , for vaccines that have been granted marketing authorisation pursuant to Directive 2001/83/EC of the European Parliament and of the Council 21 , or vaccines whose distribution has been temporarily authorised pursuant to Article 5(2) of Directive 2001/83/EC.

(22)Persons who have been vaccinated before the date of application of this Regulation, including as part of a clinical trial, should also have the possibility to obtain a certificate on COVID-19 vaccination that complies with this Regulation. At the same time, Member States should remain free to issue proofs of vaccination in other formats for other purposes, in particular for medical purposes.

(23)Member States should also issue such vaccination certificates to Union citizens and their family members who have been vaccinated in a third country and provide reliable proof to that effect.

(24)On 27 January 2021, the eHealth Network adopted guidelines on proof of vaccination for medical purposes, which it updated on 12 March 2021 22 . These guidelines, in particular the preferred code standards, should form the basis for the technical specifications adopted for the purpose of this Regulation.

(25)Already now, several Member States exempt vaccinated persons from certain restrictions to free movement within the Union. Where Member States accept proof of vaccination in order to waive restrictions to free movement put in place, in compliance with Union law, to limit the spread of COVID-19, such as requirements to undergo quarantine/self-isolation or be tested for SARS-CoV-2 infection, they should be required to accept, under the same conditions, valid vaccination certificates issued by other Member States in compliance with this Regulation. This acceptance should take place under the same conditions, meaning that, for example, where a Member State considers sufficient a single dose of a vaccine administered, it should do so also for holders of a vaccination certificate indicating a single dose of the same vaccine. On grounds of public health, this obligation should be limited to persons having received COVID-19 vaccines having been granted marketing authorisation pursuant to Regulation (EC) No 726/2004. This should not prevent Member States from deciding to accept vaccination certificates issued for other COVID-19 vaccines, such as vaccines having been granted marketing authorisation by the competent authority of a Member State pursuant to Directive 2001/83/EC, vaccines whose distribution has been temporarily authorised based on Article 5(2) of Directive 2001/83/EC, or vaccines having received a WHO Emergency Use Listing.

(26)It is necessary to prevent discrimination against persons who are not vaccinated, for example because of medical reasons, because they are not part of the target group for which the vaccine is currently recommended, or because they have not yet had the opportunity or chose not to be vaccinated. Therefore, possession of a vaccination certificate, or the possession of a vaccination certificate indicating a specific vaccine medicinal product, should not be a pre-condition to exercise free movement rights, in particular where those persons are, by other means, able to show compliance with lawful, public-health-related requirements, and cannot be a pre-condition to use cross-border passenger transport services such as airlines, trains, coaches or ferries.

(27)Many Member States have been requiring persons travelling to their territory to undergo a test for SARS-CoV-2 infection before or after arrival. At the beginning of the COVID-19 pandemic, Member States typically relied on reverse transcription polymerase chain reaction (RT-PCR), which is a nucleic acid amplification test (NAAT) for COVID-19 diagnostics considered by the WHO and ECDC as the ‘gold standard’, that is, the most reliable methodology for testing of cases and contacts 23 . As the pandemic has progressed, a new generation of faster and cheaper tests has become available on the European market, the so-called rapid antigen tests, which detect the presence of viral proteins (antigens) to detect an ongoing infection. On 18 November 2020, the Commission adopted Commission Recommendation (EU) 2020/1743 on the use of rapid antigen tests for the diagnosis of SARS-CoV-2 infection 24 .

(28)On 22 January 2021, the Council adopted Council Recommendation 2021/C 24/01 on a common framework for the use and validation of rapid antigen tests and the mutual recognition of COVID-19 test results in the EU 25 , which provides for the development of a common list of COVID-19 rapid antigen tests. On this basis, the Health Security Committee agreed, on 18 February 2021, on a common list of COVID-19 rapid antigen tests, a selection of rapid antigen tests for which Member States will mutually recognise their results, and a common standardised set of data to be included in COVID-19 test result certificates 26 .

(29)Despite these common efforts, Union citizens and their family members exercising their free movement right still face problems when trying to use a test result obtained in one Member State in another. These problems are often linked to the language in which the test result is issued, or to lack of trust in the authenticity of the document shown.

(30)To improve the acceptance of test results carried out in another Member State when presenting such results for the purposes of exercising free movement, an interoperable test certificate should be established, containing the necessary information to clearly identify the holder as well as the type, date and result of the test for SARS-CoV-2 infection. To ensure the reliability of the test result, only the results of NAAT tests and rapid antigen tests featured in the list established on the basis of Council Recommendation 2021/C 24/01 should be eligible for a test certificate issued on the basis of this Regulation. The common standardised set of data to be included in COVID-19 test result certificates agreed by the Health Security Committee on the basis of Council Recommendation 2021/C 24/01, in particular the preferred code standards, should form the basis for the technical specifications adopted for the purpose of this Regulation.

(31)Test certificates issued by Member States in compliance with this Regulation should be accepted by Member States requiring proof of a test for SARS-CoV-2 infection in the context of the restrictions to free movement put in place to limit the spread of COVID-19.

(32)According to existing evidence, persons who have recovered from COVID-19 can continue to test positive for SARS-CoV-2 for a certain period after symptom onset 27 . Where such persons are required to undergo a test when seeking to exercise free movement, they may thus be effectively prevented from travelling despite no longer being infectious. To facilitate free movement, and to ensure that restrictions of free movement currently in place during the COVID-19 pandemic can be lifted in a coordinated manner based on the latest scientific evidence available, an interoperable certificate of recovery should be established, containing the necessary information to clearly identify the person concerned and the date of a previous positive test for SARS-CoV-2 infection. A certificate of recovery should be issued at the earliest from the eleventh day after the first positive test and should be valid for not more than 180 days. According to ECDC, recent evidence shows that despite shedding of viable SARS-CoV-2 between ten and twenty days from the onset of symptoms, convincing epidemiological studies have failed to show onward transmission of disease after day ten. The Commission should be empowered to change this period on the basis of guidance from the Health Security Committee or from ECDC, which is closely studying the evidence base for the duration of acquired immunity after recovery.

(33)Already now, several Member States exempt recovered persons from certain restrictions to free movement within the Union. Where Member States accept proof of recovery in order to waive restrictions to free movement put in place, in compliance with Union law, to limit the spread of SARS-CoV-2, such as requirements to undergo quarantine/self-isolation or be tested for SARS-CoV-2 infection, they should be required to accept, under the same conditions, valid certificates of recovery issued by other Member States in compliance with this Regulation. The eHealth Network, in collaboration with Health Security Committee, is also working on guidelines on recovery certificates and respective datasets.

(34)To be able to obtain a common position quickly, the Commission should be able to ask the Health Security Committee established by Article 17 of Decision No 1082/2013/EU of the European Parliament and of the Council 28 to issue guidance about the available scientific evidence concerning the effects of medical events documented in the certificates established in accordance with this Regulation, including the effectiveness and duration of the immunity conferred by COVID-19 vaccines, whether vaccines prevent asymptomatic infection and transmission of the virus, the situation of people having recovered from the virus, and the impacts of the new SARS-CoV-2 variants on people having been vaccinated or already contaminated.

(35)In order to ensure uniform conditions for the implementation of the trust framework certificates established by this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council 29 .

(36)The Commission should adopt immediately applicable implementing acts where, in duly justified cases relating to the technical specifications necessary to establish interoperable certificates, imperative grounds of urgency so require or when new scientific evidence becomes available.

(37)Regulation (EU) 2016/679 of the European Parliament and of the Council 30 applies to the processing of personal data carried out when implementing this Regulation. This Regulation establishes the legal ground for the processing of personal data, within the meaning of Articles 6(1)(c) and 9(2)(g) of Regulation (EU) 2016/679, necessary for the issuance and verification of the interoperable certificates provided for in this Regulation. It also does not regulate the processing of personal data related to the documentation of a vaccination, test or recovery event for other purposes, such as for the purposes of pharmacovigilance or for the maintenance of individual personal health records. The legal basis for processing for other purposes is to be provided for in national law, which must comply with Union data protection legislation.

(38)In line with the principle of minimisation of personal data, the certificates should only contain the personal data necessary for the purpose of facilitating the exercise of the right to free movement within the Union during the COVID-19 pandemic. The specific categories of personal data and data fields to be included in the certificates should be set out in this Regulation.

(39)For the purposes of this Regulation, personal data may be transmitted/exchanged across borders with the sole purpose of obtaining the information necessary to confirm and verify the holder’s vaccination, testing or recovery status. In particular, it should allow for the verification of the authenticity of the certificate.

(40)This Regulation does not create a legal basis for retaining personal data obtained from the certificate by the Member State of destination or by the cross-border passenger transport services operators required by national law to implement certain public health measures during the COVID-19 pandemic.

(41)To ensure coordination, the Member States and the Commission should be informed when a Member State requires holders of certificates to undergo, after entry into its territory, quarantine/self-isolation or a test for SARS-CoV-2 infection, or if it denies entry to such persons.

(42)In accordance with Recommendation (EU) 2020/1475, any restrictions to the free movement of persons within the Union put in place to limit the spread of SARS-CoV-2 should be lifted as soon as the epidemiological situation allows. This also applies to obligations to present documents other than those required by Union law, in particular Directive 2004/38/EC, such as the certificates covered by this Regulation. Therefore, the Regulation’s provisions on the “Digital Green Certificate” framework for the issuance, verification and acceptance of interoperable certificates on COVID-19 vaccination, testing and recovery should be suspended once the Director-General of the WHO has declared, in accordance with the International Health Regulations, that the public health emergency of international concern caused by SARS-CoV-2 has ended. At the same time, their application should resume if the Director-General of the WHO declares another public health emergency of international concern due to an outbreak of SARS-CoV-2, a variant thereof, or similar infectious diseases with epidemic potential. Where this is the case, the provisions concerned should again be suspended once that public health emergency of international concern has ended.

(43)The Commission should publish a report on the lessons learned from the application of this Regulation, including on its impact on the facilitation of free movement and data protection, one year after the Director-General of the WHO has declared that the public health emergency of international concern caused by SARS-CoV-2 has ended.

(44)In order to take into account the epidemiological situation and the progress in containing the COVID-19 pandemic and to ensure interoperability with international standards, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of the application of certain Articles of this Regulation as well as the list of personal data to be included in the certificates covered by this Regulation. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 2016 31 . In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(45)Since the objectives of this Regulation, namely to facilitate the free movement within the Union during the COVID-19 pandemic by establishing interoperable certificates on the holder’s vaccination, testing and recovery status, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale and effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

(46)This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights (‘Charter’), including the right to respect for private life and family life, the right to the protection of personal data, the right to equality before the law and non-discrimination, the right to free movement and the right to an effective remedy. Member States should comply with the Charter when implementing this Regulation.

(47)The European Data Protection Supervisor has been consulted pursuant to Article 42(1) of Regulation (EU) 2018/1725 32 ,

HAVE ADOPTED THIS REGULATION:

Article 1
Subject matter

This Regulation lays down a framework for the issuance, verification and acceptance of interoperable certificates on COVID-19 vaccination, testing and recovery in order to facilitate the holders’ exercise of their right to free movement during the COVID-19 pandemic (“Digital Green Certificate”).

It provides for the legal ground to process personal data necessary to issue such certificates and to process the information necessary to confirm and verify the authenticity and validity of such certificates.

Article 2
Definitions

For the purposes of this Regulation, the following definitions apply:

(1)“holder” means the Union citizen or their family members to whom an interoperable certificate containing information about his or her vaccination, testing and/or recovery status has been issued in accordance with this Regulation.

(2)“Digital Green Certificate” means interoperable certificates containing information about the vaccination, testing and/or recovery status of the holder issued in the context of the COVID-19 pandemic;

(3)“COVID-19 vaccine” means an immunological medicinal product indicated for active immunisation to prevent COVID-19;

(4)“NAAT test” means a molecular nucleic acid amplification test (NAAT), such as reverse transcription polymerase chain reaction (RT-PCR), loop-mediated isothermal amplification (LAMP) and transcription-mediated amplification (TMA) techniques, used to detect the presence of the SARS-CoV-2 ribonucleic acid (RNA);

(5)“rapid antigen test” means a testing method that relies on detection of viral proteins (antigens) using a lateral flow immunoassay that gives results in less than 30 minutes;

(6)“interoperability” means the capability of verifying systems in a Member State to use data encoded by another Member State;

(7)“barcode” means a method of storing and representing data in a visual, machine-readable format;

(8)“electronic seal” means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity;

(9)“unique certificate identifier” means a unique identifier given, in accordance with a common structure, to each certificate issued in accordance with this Regulation;

(10)“trust framework” means the rules, policies, specifications, protocols, data formats and digital infrastructure regulating and allowing for the reliable and secure issuance and verification of certificates to guarantee the certificates’ trustworthiness by confirming their authenticity, validity and integrity, including by the possible use of electronic seals.

Article 3
Digital Green Certificate

1.The interoperable Digital Green Certificate shall allow for the issuance and cross-border verification and acceptance of any of the following certificates:

(a)a certificate confirming that the holder has received a COVID-19 vaccine in the Member State issuing the certificate (‘vaccination certificate’);

(b)a certificate indicating the holder’s result and date of a NAAT test or a rapid antigen test listed in the common and updated list of COVID-19 rapid antigen tests established on the basis of Council Recommendation 2021/C 24/01 33 (‘test certificate’);

(c)a certificate confirming that the holder has recovered from a SARS-CoV-2 infection following a positive NAAT test or a positive rapid antigen test listed in the common and updated list of COVID-19 rapid antigen tests established on the basis of Recommendation 2021/C 24/01 (‘certificate of recovery’).

2.Member States shall issue the certificates referred to in paragraph 1 in a digital or paper-based format, or both. The certificates issued by Member States shall contain an interoperable barcode allowing for the verification of the authenticity, validity and integrity of the certificate. The barcode shall comply with the technical specifications established in accordance with Article 8. The information contained in the certificates shall also be shown in human-readable form and shall be, at least, in the official language or languages of the issuing Member State and English.

3.The certificates referred to in paragraph 1 shall be issued free of charge. The holder shall be entitled to request the issuance of a new certificate if the personal data contained in the certificate is not or no longer accurate or up to date, or the certificate is no longer available to the holder.

4.Issuance of the certificates referred to in paragraph 1 shall not affect the validity of other proofs of vaccination, test or recovery issued before the entry into application of this Regulation or for other purposes, in particular for medical purposes.

5.Where the Commission has adopted an implementing act pursuant to the second sub-paragraph, certificates issued in accordance with this Regulation by a third country with which the European Union and its Member States have concluded an agreement on free movement of persons allowing the contracting parties to restrict such free movement on grounds of public health in a non-discriminatory manner and which does not contain a mechanism of incorporation of European Union acts shall be accepted under the conditions referred to in Article 5(5).

The Commission shall assess whether such a third country issues certificates in accordance with this Regulation and has provided formal assurances that it will accept certificates issued by the Member States. In that case, it shall adopt an implementing act in accordance with the examination procedure referred to in Article 13(2).

6.The Commission may ask the Health Security Committee established by Article 17 of Decision No 1082/2013/EU to issue guidance on the available scientific evidence on the effects of medical events documented in the certificates referred to in paragraph 1.

Article 4
Digital Green Certificate trust framework

1.The Commission and the Member States shall set up and maintain a trust framework digital infrastructure allowing for the secure issuance and verification of the certificates referred to in Article 3.

2.The trust framework shall ensure, where possible, interoperability with technological systems established at international level.

3.Where the Commission has adopted an implementing act pursuant to the second sub-paragraph, certificates issued by third countries to Union citizens and their family members according to an international standard and technological system that are interoperable with the trust framework established on the basis of this Regulation and that allows for the verification of the authenticity, validity and integrity of the certificate, and which contain the data set out in the Annex shall be treated like certificates issued by Member States in accordance with this Regulation, for the purpose of facilitating the holders’ exercise of their right to free movement within the European Union. For the purposes of this sub-paragraph, the acceptance, by the Member States, of vaccination certificates issued by third countries shall take place under the conditions referred to in Article 5(5).

The Commission shall assess whether certificates issued by a third country fulfil the conditions set out in this paragraph. In that case, it shall adopt an implementing act in accordance with the examination procedure referred to in Article 13(2).

Article 5
Vaccination certificate

1.Each Member State shall issue vaccination certificates as referred to in Article 3(1)(a) to a person to whom a COVID-19 vaccine has been administered, either automatically or upon request by that person.

2.The vaccination certificate shall contain the following categories of personal data:

(a)identification of the holder;

(b)information about the vaccine medicinal product administered;

(c)certificate metadata, such as the certificate issuer or a unique certificate identifier.

The personal data shall be included in the vaccination certificate in accordance with the specific data fields set out in point 1 of the Annex.

The Commission is empowered to adopt delegated acts in accordance with Article 11 to amend point 1 of the Annex by adding, modifying or removing data fields on the categories of personal data mentioned in this paragraph.

3.The vaccination certificate shall be issued in a secure and interoperable format as provided for in Article 3(2) and shall clearly indicate whether or not the vaccination course has been completed.

4.Where, in the case of newly emerging scientific evidence or to ensure interoperability with international standards and technological systems, imperative grounds of urgency so require, the procedure provided for in Article 12 shall apply to delegated acts adopted pursuant to this Article.

5.Where Member States accept proof of vaccination in order to waive restrictions to free movement put in place, in compliance with Union law, to limit the spread of COVID-19, they shall also accept, under the same conditions, valid vaccination certificates issued by other Member States in compliance with this Regulation for a COVID-19 vaccine having been granted marketing authorisation pursuant to Regulation (EC) No 726/2004.

Member States may also accept, for the same purpose, valid vaccination certificates issued by other Member States in compliance with this Regulation for a COVID-19 vaccine having been granted marketing authorisation by the competent authority of a Member State pursuant to Directive 2001/83/EC, a COVID-19 vaccine whose distribution has been temporarily authorised based on Article 5(2) of Directive 2001/83/EC, or a COVID-19 vaccine having received a WHO Emergency Use Listing.

6.Where a Union citizen or a family member of a Union citizen has been vaccinated in a third country with one of the types of COVID-19 vaccines referred to in paragraph 5 of this Article, and where the authorities of a Member State have been provided with all necessary information, including reliable proof of vaccination, they shall issue a vaccination certificate as referred to in Article 3(1)(a) to the person concerned.

Article 6
Test certificate

1.Each Member State shall issue test certificates as referred to in Article 3(1)(b) to persons tested for COVID-19, either automatically or upon request by that person.

2.The test certificate shall contain the following categories of personal data:

(a)identification of the holder;

(b)information about the test carried out;

(c)certificate metadata, such as the certificate issuer or a unique certificate identifier.

The personal data shall be included in the test certificate in accordance with the specific data fields set out in point 2 of the Annex.

The Commission is empowered to adopt delegated acts in accordance with Article 11 to amend point 2 of the Annex by adding, modifying or removing data fields on the categories of personal data mentioned in this paragraph.

3.The test certificate shall be issued in a secure and interoperable format as provided for in Article 3(2).

5.Where Member States require proof of a test for SARS-CoV-2 infection as part of the restrictions to free movement put in place, in compliance with Union law, to limit the spread of COVID-19, they shall also accept valid test certificates issued by other Member States in compliance with this Regulation.

Article 7
Certificate of recovery

1.Each Member State shall issue, upon request, certificates of recovery as referred to in Article 3(1)(c) at the earliest from the eleventh day after a person has received his or her first positive test for SARS-CoV-2 infection.

The Commission is empowered to adopt delegated acts in accordance with Article 11 to amend the number of days as of which a certificate of recovery may be issued, based on guidance received from the Health Security Committee in accordance with Article 3(6) or on scientific evidence reviewed by ECDC.

2.The certificate of recovery shall contain the following categories of personal data:

(a)identification of the holder;

(b)information about past SARS-CoV-2 infection;

(c)certificate metadata, such as the certificate issuer or a unique certificate identifier.

The personal data shall be included in the certificate of recovery in accordance with the specific data fields set out in point 3 of the Annex.

The Commission is empowered to adopt delegated acts in accordance with Article 11 to amend point 3 of the Annex by adding, modifying or removing data fields on the categories of personal data mentioned in this paragraph, including until when a certificate of recovery shall be valid.

3.The certificate of recovery shall be issued in a secure and interoperable format as provided for in Article 3(2).

5.Where Member States accept proof of recovery from SARS-CoV-2 infection as a basis for waiving restrictions to free movement put in place, in compliance with Union law, to limit the spread of COVID-19, they shall accept, under the same conditions, valid certificates of recovery issued by other Member States in compliance with this Regulation.

Article 8
Technical specifications

To ensure uniform conditions for implementation of the trust framework established by this Regulation, the Commission shall adopt implementing acts containing the technical specifications and rules to:

(a)securely issue and verify the certificates referred to Article 3;

(b)ensure the security of the personal data, taking into account the nature of the data;

(c)populate the certificates referred to Article 3, including the coding system and any other relevant elements;

(d)lay down the common structure of the unique certificate identifier;

(e)issue a valid, secure and interoperable barcode;

(f)ensure interoperability with international standards and/or technological systems;

(g)allocate responsibilities amongst controllers and as regards processors.

Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 13(2).

On duly justified imperative grounds of urgency, in particular to ensure a timely implementation of the trust framework, the Commission shall adopt immediately applicable implementing acts in accordance with the procedure referred to in Article 13(3).

Article 9
Protection of personal data

1.The personal data contained in the certificates issued in accordance with this Regulation shall be processed for the purpose of accessing and verifying the information included in the certificate in order to facilitate the exercise of the right of free movement within the Union during the COVID-19 pandemic.

2.The personal data included in the certificates referred to in Article 3 shall be processed by the competent authorities of the Member State of destination, or by the cross-border passenger transport services operators required by national law to implement certain public health measures during the COVID-19 pandemic, to confirm and verify the holder’s vaccination, testing or recovery status. For this purpose, the personal data shall be limited to what is strictly necessary. The personal data accessed pursuant to this paragraph shall not be retained.

3.The personal data processed for the purpose of issuing the certificates referred to in Article 3, including the issuance of a new certificate, shall not be retained longer than is necessary for its purpose and in no case longer than the period for which the certificates may be used to exercise the right to free movement.

4.The authorities responsible for issuing the certificates referred to in Article 3 shall be considered as controllers referred to in Article 4(7) of Regulation (EU) 2016/679.

Article 10
Notification procedure

1.Where a Member State requires holders of certificates referred to in Article 3 to undergo, after entry into its territory, quarantine, self-isolation or a test for SARS-CoV-2 infection, or if it denies entry to such persons, it shall notify the other Member States and the Commission before the planned introduction of such restrictions. To that end, the Member State shall supply the following information:

(a)the reasons for such restrictions, including all relevant epidemiological data supporting such restrictions;

(b)the scope of such restrictions, specifying which travellers are subject to or exempt from such restrictions;

(c)the date and duration of the restrictions.

Where necessary, the Commission may request additional information from the Member State concerned.

Article 11
Exercise of the delegation

1.The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.The power to adopt delegated acts referred to in Articles 5(2), 6(2), 7(1), 7(2) and 15 shall be conferred on the Commission for an indeterminate period of time from [date of entry into force].

3.The delegation of power referred to in Articles 5(2), 6(2), 7(1), 7(2) and 15 may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 2016.

5.As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.A delegated act adopted pursuant to Articles 5(2), 6(2), 7(1), 7(2) and 15 shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

Article 12
Urgency procedure

1.Delegated acts adopted under this Article shall enter into force without delay and shall apply as long as no objection is expressed in accordance with paragraph 2. The notification of a delegated act to the European Parliament and to the Council shall state the reasons for the use of the urgency procedure.

2.Either the European Parliament or the Council may object to a delegated act in accordance with the procedure referred to in Article 11(6). In such a case, the Commission shall repeal the act immediately following the notification of the decision to object by the European Parliament or by the Council.

Article 13
Committee procedure

1.The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2.Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

3.Where reference is made to this paragraph, Article 8 of Regulation (EU) No 182/2011, in conjunction with Article 5 thereof, shall apply.

Article 14
Reporting

One year after the Director-General of the World Health Organization has declared, in accordance with the International Health Regulations, that the public health emergency of international concern caused by SARS-CoV-2 has ended, the Commission shall present a report to the European Parliament and the Council on the application of this Regulation.

The report shall contain, in particular, an assessment of the impact of this Regulation on the facilitation of free movement of Union citizens and their family members as well as on the protection of personal data during the COVID-19 pandemic.

Article 15
Entry into force and applicability

1.This Regulation shall enter into force on the third day following that of its publication in the Official Journal of the European Union.

2.The Commission shall adopt a delegated act in accordance with Article 11 specifying the date from which the application of Articles 3, 4, 5, 6, 7 and 10 is to be suspended once the Director-General of the World Health Organization has declared, in accordance with the International Health Regulations, that the public health emergency of international concern caused by SARS-CoV-2 has ended.

3.The Commission is empowered to adopt a delegated act in accordance with Article 11 specifying the date from which Articles 3, 4, 5, 6, 7 and 10 are to apply again if, after the suspension referred to in paragraph 2 of this Article, the Director-General of the World Health Organization declares a public health emergency of international concern in relation to SARS-CoV-2, a variant thereof, or similar infectious diseases with epidemic potential. Following the adoption of such a delegated act, paragraph 2 of this Article shall apply.

4.Where, in the case of developments regarding public health emergencies of international concern, imperative grounds of urgency so require, the procedure provided for in Article 12 shall apply to delegated acts adopted pursuant to this Article.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels,

For the European Parliament For the Council

The President The President

LEGISLATIVE FINANCIAL STATEMENT

1.FRAMEWORK OF THE PROPOSAL/INITIATIVE

1.1.Title of the proposal/initiative

1.2.Policy area(s) concerned

1.3.Nature of the proposal/initiative

1.4.Objective(s)

1.4.1General objective(s)

1.4.2Specific objective(s)

1.4.3Expected result(s) and impact

1.4.4Indicators of performance

1.5.Grounds for the proposal/initiative

1.5.1Requirement(s) to be met in the short or long term including a detailed timeline for roll-out of the implementation of the initiative

1.5.2Added value of Union involvement

1.5.3Lessons learned from similar experiences in the past

1.5.4Compatibility with the Multiannual Financial Framework and possible synergies with other appropriate instruments

1.5.5Assessment of the different available financing options, including scope for redeployment

1.6.Duration and financial impact of the proposal/initiative

1.7.Management mode(s) planned

2.MANAGEMENT MEASURES

2.1.Monitoring and reporting rules

2.2.Management and control system(s)

2.2.1Justification of the management mode(s), the funding implementation mechanism(s), the payment modalities and the control strategy proposed

2.2.2Information concerning the risks identified and the internal control system(s) set up to mitigate them

2.2.3Estimation and justification of the cost-effectiveness of the controls

2.3.Measures to prevent fraud and irregularities

3.ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE

3.1.Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

3.2.Estimated financial impact of the proposal on appropriations

3.2.1.Summary of estimated impact on expenditure

3.2.2.Estimated output funded with operational appropriations

3.2.3.Summary of estimated impact on administrative appropriations

3.2.4.Compatibility with the current multiannual financial framework

3.2.5.Third-party contributions

3.3.Estimated impact on revenue

LEGISLATIVE FINANCIAL STATEMENT

1.FRAMEWORK OF THE PROPOSAL/INITIATIVE

1.1.Title of the proposal/initiative

Proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery to facilitate free movement during the COVID-19 pandemic (Digital Green Certificate).

1.2.Policy area(s) concerned

Free movement of persons within the European Union

Recovery and Resilience

1.3.Nature of the proposal/initiative

⌧ a new action

◻ a new action following a pilot project/preparatory action 34

◻ the extension of an existing action

◻ a merger or redirection of one or more actions towards another/a new action

1.4.Objectives

1.4.1.General objective(s)

The general objective of this Regulation is to ensure the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery in order to facilitate free movement within the EU during the COVID-19 pandemic.

1.4.2.Specific objective(s)

Specific objective No 1

To lay out the format and content of vaccination, testing and recovery certificates issued by Member States to facilitate free movement.

Specific objective No 2

To ensure interoperability, security and verifiability of the certificates being issued by Member States.

Specific objectives No 3

To lay down the rules for the acceptance of vaccination, testing and recovery certificates issued by Member States to facilitate free movement.

1.4.3.Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

Support will be provided to Member States to establish the necessary infrastructure for the interoperable issuance and verification of certificates making up the “Digital Green Certificate” framework. In addition, the Commission and Member States will set up and maintain the technological infrastructure necessary for the “Digital Greeen Certificate” framework.

1.4.4.Indicators of performance

Specify the indicators for monitoring progress and achievements.

Preparation for development

After the approval of the draft Regulation and the adoption of the technical specifications of the trust framework, an adequate secure digital infrastructure should be designed at EU-level between the national systems, ensuring trusted verification of certificates. Where technically possible, such infrastructure may reuse the design of existing solutions already operating at EU level facilitating exchanges of information between backend solutions in Member States.

Ready for operations as early as possible in 2021

In order to go live with EU-level digital infrastructure, comprehensive tests should be conducted by the Commission and the Member States for handling the expected volume of transactions.

System in operation

The Commission should ensure that the EU-level supporting digital infrastructure is in place, as well as that it is operated and monitored effectively.

1.5.Grounds for the proposal/initiative

1.5.1.Requirements to be met in the short or long term including a detailed timeline for roll-out of the implementation of the initiative

The “Digital Green Certificate” framework lays out the format and content of certificates on COVID-19 vaccination, testing and recovery. The “Digital Green Certificate” framework should ensure that these certificates can be issued in an interoperable format and be reliably verified when presented by the holder in other Member States, thereby facilitating free movement within the EU.

The proposal also aims to complement national initiatives for establishing vaccination, testing and recovery certificates in a coordinated, coherent and interoperable way in order to avoid the duplication of efforts.

The “Digital Green Certificate” framework will apply for the duration of the COVID-19 pandemic as a measure to facilitate citizens’ free movement rights and will be suspended once the end of the pandemic has been declared. It may be resumed in case of future pandemics.

1.5.2.Added value of Union involvement (it may result from different factors, e.g. coordination gains, legal certainty, greater effectiveness or complementarities). For the purposes of this point 'added value of Union involvement' is the value resulting from Union intervention which is additional to the value that would have been otherwise created by Member States alone.

Reasons for action at European level (ex-ante): The objectives of this proposal, namely to facilitate the free movement within the EU during the COVID-19 pandemic by establishing secure and interoperable certificates on the holder’s vaccination, testing and recovery status, cannot be sufficiently achieved by the Member States independently but can rather, by reason of the scale and effects of the action, be better achieved at EU level. Action at EU level is thus necessary.

Expected generated Union added value (ex-post): Absence to act at EU level would likely result in Member States adopting different systems, resulting in citizens exercising their free movement rights experiencing problems in the acceptance of their documents in other Member States. In particular, it is necessary to agree on the technical standards to be used to ensure interoperability, security and verifiability of the certificates being issued.

1.5.3.Lessons learned from similar experiences in the past

Work will build on the experience gathered from the establishment of the digital infrastructure known as the “European Federation Gateway Service” for the cross-border exchange of data between national contact tracing and warning mobile applications with regard to combatting the COVID-19 pandemic. Support at EU-level for connecting national back end servers as well as assistance to develop and deploy solutions in all Member States is critical to ensure a smooth and even uptake of the proposed solutions across all Member States.

1.5.4.Compatibility with the Multiannual Financial Framework and possible synergies with other appropriate instruments

The Commission intends to support urgent measures through the Emergency Support Instrument (ESI), and will explore how part of the financial support could be given by other programmes such as Digital Europe at a later stage. Financing will be compatible with the Multiannual Financial Framework 2021-2027. The initiative could require the use of one, or a combination of, special instruments as defined in the MFF Regulation. The Commission will take the appropriate initiative to ensure that resources are mobilised in due time.

1.5.5.Assessment of the different available financing options, including scope for redeployment

Financial support from the Union may cover the following actions:

1) Support regarding the technical specifications for the framework

a. specifications related to the overall architecture of the Digital Green Certificate issuance and verification and to data structures (security, digital certificates/seals to digitally sign the certificates making up the “Digital Green Certificate” framework, trust authorities, etc.);

b. specifications to be followed by Member States in order to issue and verify the certificates making up the “Digital Green Certificate” framework;

c. specifications for the appropriate support system across Member States, which may be operated at EU level (communication across Member State systems).

2) Proof of concept and piloting activities, including security checks, implementing point 1 above as reference solution

3) Deployment across some piloting Member States

a. data protection impact assessment (if necessary);

b. security audit;

c. actual deployment of the system and establishment of on-boarding process.

4) EU financial support to assist Member States and develop national issuing and verification solutions to be rendered interoperable at EU and, where possible, with technological systems established at international level

5) On-boarding process of the Member States

6) Operation and maintenance of EU-systems supporting interoperability

The Commission will use funds from appropriation under the ESI to support the most urgent measures under the initiative and will explore, once the legal basis of the Digital Europe Programme enters into force, how some of the expenditure could be carried out under that programme.

Given the health emergency, most of the preparatory expenditure will take place under the ESI before the legal basis of the “Digital Green Certificate” enters into force. Any EU-level system will be activated only after the entry into force of its legal basis.

>DOMOV<