Making the most of the EU Digital COVID Certificates in aviation:Recommendations and guidance for Member States

A smooth rollout of the EU Digital COVID Certificates (DCC), notably in aviation, will be essential to restore free movement within the Union. As follows from the EU DCC Regulations (Regulation (EU) 2021/953 of the European Parliament and of the Council of 14 June 2021 on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the COVID-19 pandemic, and Regulation (EU) 2021/954 of the European Parliament and of the Council of 14 June 2021 on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) with regard to third-country nationals legally staying or residing in the territories of Member States during the COVID-19 pandemic.), verification of the EU DCC before, during or after travel is not required. Conversely, States are the ones who will decide if and when EU DCC will be checked and by whom. A recent survey among the Member States on how EU DCC will be verified in the field of aviation showed that there will be no less than 10 different combinations of checks.

This will lead to unnecessary duplication of measures and as a consequence to queues and crowding at airports, which are problematic both from a health perspective as well as from the perspective of operational efficiency, notably at airports. Ultimately, this multitude of approaches chosen could make it difficult to reap the full benefit from the EU DCC in aviation.

By means of sharing recommendations and best practices, this Note seeks to contribute to eliminating unnecessary duplications which may undermine the functioning of the EU DCC in the forthcoming peak summer travel season. It should be underlined that the EU DCC is neither a travel document nor a pre-requirement to undertake travel.

This document from the European Commission Services aims at providing recommendations and guidance regarding the implementation of EU DCC Regulations in aviation and as such it does not constitute an official position of the European Commission nor does it affect the rights and obligations stemming from the EU DCC Regulations or from their implementing acts. Moreover, compliance with these recommendations is without prejudice to the Commission’s role in monitoring Member States’ compliance with the obligations imposed by EU DCC Regulations.

Avoid Duplication

The Commission services recommend that Member States avoid duplication when verifying the DCC in the passenger journey.

As clearly stated in the EASA/ECDC Aviation Health Safety Protocol, there is no medical reason to check the EU DCC more than once during a journey. Indeed, an EU DCC which is authentic at check-in before departure is still valid at departure and upon arrival. It is preferable to avoid requiring the verification of EU DCC at more than one occasion (eg. during the airport check-in and again at boarding) or by more than one actor (eg. by airline operators and public authorities - Any requirement for verification of certificates established by Regulation (EU) 2021/953 does not as such justify the temporary reintroduction of border control at internal borders). In the same vein, the Commission services suggest that an EU DCC verified before departure should not be systematically re-verified at arrival. To this effect it is recommended that the authorities of departure and of arrival cooperate to create a “one-stop” system at the departure side of the journey.

Verify the EU DCC as early as possible and off airport

The verification of EU DCC can create additional bottlenecks at airports. The Commission services therefore suggest that Member States encourage that the verification is done as early as possible and ideally online, for instance during the online check-in process. This is the only way to ensure that the verification of the EU DCC does not add to crowding at the airport.

Avoid EU DCC verification upon arrival

The EU DCC are built on a trust framework agreed by the Member States. Following this approach, the Commission services deem preferable that Member States do not verify the EU DCC upon arrival. On-arrival verification risks causing even more bottlenecks than checks at the departure airport, as airport infrastructure is typically not equipped to handle systematic checks of each passenger upon arrival. This is even more the case within the Schengen area where in principle only occasionally gate checks happen (irrespective of their nature).

Consider spot/random checks instead of systematic checks of each passenger

Member States are advised to privilege spot/random checks instead of full systematic checking. The very fact that passengers know they run the risk of being caught without or with fraudulent health documentation such as the EU DCC is usually enough to deter them from infringing the rules. This approach has already been chosen by some Member States, and is already long time and successfully applied by all Member States in the area of aviation security.

Avoid arrival of non-compliant passengers

Checks on arrival raise the question of what to do with non-compliant arriving passengers. Insofar as they are considered to present a health safety risk, the Commission services recommend that such passengers are not turned back and thus take another flight. Instead it is suggested that they are subjected to the applicable health measures foreseen for such cases in the country of arrival (e.g. by taking a on the spot test). Moreover, the EU DCC is not a travel document and checks of the EU DCC are not equivalent to border checks, but can be carried out in view of public health threats and obligations in this regard of relevant authorities. This shows again that verification off-airport at departure is preferable over verification at arrival, as pre-flight verification avoids non-compliant arrivals.

Harmonise the applicable verification protocols between Member States

The variety of Member States’ approaches with regard to the verification of the EU DCC (on top of a similar variety of rules with regard to health restrictions) is confusing for passengers, airlines and airports, and will increase the incidence of unintended non-compliance. For that reason, Member States are encouraged to harmonise or at least align their respective EU DCC verification Protocols.

Data protection is addressed

The EU DCC ensures the highest level of data protection and is fully compatible with applicable GDPR legislation. This means that there is the legal basis to allow for example airlines to verify EU DCC both at the airport and during the online check-in. See Annex I for additional details on GDPR aspects of EUDCC verification.

Ensure complete and timely information of all verification actors and the public

In order to avoid confusion and disruptions of the passenger journey, it is essential that all actors in the verification process know exactly what their role and required actions in the verification process are. The Commission services recommend that, if Member States require airlines, airport staff or other actors to verify EU DCCs, they ensure that those actors are informed clearly and timely about their relevant roles and actions. It is further recommended that this information is also made publicly available so that passengers are informed of the touch points at which they can expect relevant checks.

Annex

GDPR-related aspects in the EUDCC Regulatory framework of relevance to the verification of the EUDCC by airlines and other operators of a cross-border passenger transport service

What is the legal basis for an airline / operator of a cross-border passenger transport service to check the DCC?

Article 10(3) of Regulation (EU) 2021/953 (EU DCC Regulation) states that “The personal data included in the certificates referred to in Article 3(1) shall be processed […] by the cross-border passenger transport services operators required by national law to implement certain public health measures during the COVID-19 pandemic, only to verify and confirm the holder’s vaccination, test result or recovery”.

This provision clarifies that if Member State law e.g. imposes an obligation for airlines or other operators of a cross-border passenger transport service to only board passengers with a negative test / completed vaccination course / who have recovered from a COVID-19 infection, that then the operators are allowed to check DCCs in order to comply with that obligation imposed by MS law.

In terms of lawfulness under GDPR, this means that there would be a legal obligation on the operator to check. In this context, Art. 6(1)(c) GDPR provides as one of the grounds for lawfulness: “processing is necessary for compliance with a legal obligation to which the controller [here: the airline or other operator] is subject”;

Regarding the fact that data relating to health are processed, this is a case of Article 9(2)(g) GDPR. This Article provides that special categories of personal data (which include data relating to health) can be processed if this “processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law […]”. The DCC Regulation / the Member State law imposing an obligation for airlines or other operators of a cross-border passenger transport service to check the EUDCC qualify as such law.

What exactly are airlines / operators of cross-border passenger transport services allowed to check in the EU DCC?

Operators are allowed to check the information they need to comply with their obligation to check under the applicable MS law (see above). In order to comply with those obligations, it will usually be necessary to check the whole of the EU DCC: e.g. to verify whether a test certificate is recent enough, or whether the vaccine product is accepted by the Member State of arrival. Member States have to accept all EMA-authorised vaccines if they waive e.g. testing or quarantine requirements for vaccinated travellers, but are free to also accept other vaccines (see Article 5(5) of the EU DCC Regulation – so a completed course of vaccination with e.g. Sputnik V might be acceptable to lift restrictions for some MS and “not ok” for others).

That means that for the verification itself, the airline or other operator of a cross-border passenger transport service can access all information necessary to comply with the obligations of the applicable national law.

The question of the user interface (e.g. what the employee at the check-in counter or the gate would see on their verification interface) is different. If, in addition to authenticity, validity and integrity, the EU DCC is also checked against business rules of the Member State of arrival, a simple showing a green “ok” for a passed check () can be enough. It appears that the employee at check-in has no need to know whether the result is “OK” because of e.g. a recent test or completed vaccination, what they need to know is whether one of the conditions (notably a COVID health proof) to be given an ‘OK to go’ was successfully verified. Indeed, solutions that minimise the information disclosed to check-in/gate staff are preferred.

Finally, Article 10(3) EU DCC Regulation states that “[t]he personal data accessed pursuant to this paragraph [i.e. for the check if required by law] shall not be retained”. This prohibition is to prevent the build-up of “vaccination databases” by verifiers (see also recital 48 EU DCC Regulation). Operators may need to prove to competent authorities that they have complied with obligations to check, where they exist. In order for them to do so, it can be permissible to keep the information “check carried out at [timestamp]” for a very short period (should a Member State of arrival carry out spot-checks, it would appear that any inconsistencies hinting at non-compliance of an operator with its obligation to check would be discovered within hours of arrival). However, the content of the certificates accessed for the check must not be stored, as laid down in Article 10(3) EU DCC Regulation.