By S de Labriolle on Thursday, 29 July 2021
Category: Blog

Re-use and interoperability: making health certificates a workable reality

As governments and NGOs look to health certificates as a response to the challenge of safely reopening borders and reinstating freedom of movement for citizens, there is now a very real urgency in consolidating approaches, agreeing standards and achieving interoperability. Failure to do so will reduce international acceptance and threaten to derail these important initiatives. Here, we take a look at the key issues.

Health certificates schemes promise to streamline how people demonstrate they are unlikely to either catch or spread a particular disease, or diseases. While not a new concept, the COVID-19 pandemic has brought discussions of wider adoption and standardized adoption into sharp refrain.

In today’s context, these schemes use physical and/or digital certificates to make it easier for airlines, airports, border control agencies and others to verify whether a certificate holder has been vaccinated against COVID-19, has tested negative for the virus, or has recovered from it.

The increasingly widespread introduction of these certificates has allowed governments to lift a number of pandemic-related restrictions – from cross-border travel to attending large public gatherings such as sporting events.

A multitude of initiatives


In recent months, trials for a variety of different health certificates and immunisation ‘passports’ have been underway by a variety of different organisations. The World Health Organization, for example, has taken a lead role in defining the data that would be carried in these documents.

International Civil Aviation Authority’s (ICAO) health certificate initiative is focused on the Visible Digital Seal concept to enable interoperability and harmonization worldwide.

The EU, of course, has its own solution – the EU Digital COVID Certificate. This digital certificate is proof that a person has either been vaccinated against COVID-19, received a negative test or has recovered from COVID-19. It is, by most measures, an example of real success in terms of urgent implementation. Announced in April 2021, it was largely operational three months later.

We have also seen a wide range of other public and private initiatives proposed or piloted at both national and international levels. With more announced on a seemingly daily basis.

And here-in lies the problem.

Too much of a good thing?

This plethora of available options is creating significant confusion – not least for governments who must play a key role in this debate. Many of these efforts are being implemented by different public and private providers.

Approaches vary in the exact data being registered or the credentials being utilised, as well as what is acceptable for entry into a specific country. Is recent negative test acceptable, or evidence of vaccination? What constitutes evidence of a test or vaccine? How can test data be stored and shared? How can the test (or the individual) be authenticated? How can ‘proof’ be shared with border agencies? Add the number of different COVID-19 tests (and test rules) in use across the world, and things get very complex, very quickly.

With so much at stake – not least open borders and open economies – getting it right, ensuring public trust and achieving national and international acceptance of these certificates are all critical considerations.

This lack of clarity (as well as technical and operational interoperability) could see a traveller arriving at their final destination only to discover that their digital vaccination passport is not accepted or cannot be ‘read’ by authorities when they disembark.

There are other issues too. In March 2021, WHO Europe’s regional director, Hans Kluge, was quoted as saying “We do not encourage at this stage that getting a vaccination determines whether you can travel internationally or not".

This reticence to make vaccines a precursor to travel is perhaps best explained by the inclusive argument. Most believe that health passes should allow individuals to present evidence not only of vaccination but also of PCR, immunity or antigen testing. These should all be accepted to avoid discriminating against those who, for whatever reason, cannot or do not want to be vaccinated.

It is clear then that the international community has yet to agree on the purpose and use of health certificates.

A common approach is key

For health certificates to be a truly globally-practical tool, there is a need for technical interoperability and some form of international agreement on standardization that crosses all boundaries – as we have today with the conventional travel passport system. Certainly, this will need concerted and collaborative action from governments at an international level – something we have yet to see.

While the health infrastructure behind the certificate is clearly the choice of each government, some have a greater appetite than others for new technologies. So we see different levels of maturity across the world. Some, for example, favour a blockchain back-end which may take years to implement at scale in a large country. Others opt for a different approach.

The key point is that all these disparate back-end systems need to be capable of using the same front-end application (using a QR code, for example), with the same datasets.

Ultimately, there isn’t time to build a global consensus, and it’s unrealistic to look for a single technical solution. The urgency of COVID and the need to restart international travel relies on quick, secure and trusted deployment of certificates, with the results based on international standards.

One thing we can all agree on is that we don’t have the five decades it took to standardize the conventional travel passport!

Ensuring that vaccination credentials are technically interoperable and globally verifiable is just the start. Since digital health passports combine health data and identification, privacy and security must be carefully considered. As must user experience and convenience. Otherwise, the acceptance, adoption and utility of these digital passports will be undermined for travellers.

But let’s not forget the ultimate need here – that travellers/populations will feel confident enough to adopt (at scale) whatever solution is offered. We have seen considerable push back from citizens in a multitude of countries concerned about the ‘big brother’ effect.

People’s health data is perhaps the most sensitive of data subjects and it must be made abundantly clear (through education) that their specific health information is not being shared with airlines, commercial organisations or even branches of government.

And, of course, it’s not. The majority of approaches simply seek to use the name and birth date of individual to check back against a database that they have been vaccinated, have had a negative test or similar. In short, no health data is actually shared – the identity is simply verified against a protected and standardised database.

This is the message that governments and industry need to get out. If they don’t, the demonstrations will continue. People fear what they don’t know. So, let’s tell them!

An adaptable response for today and tomorrow

Responding to these challenges is certainly difficult. But it helps to focus on the actual outcome – to develop a way to authenticate the user and their vaccination certificate, make sure it’s possible to do so in both online and offline environments, and that as many agencies and stakeholders as possible will accept it.

In recognition of this, and of the global nature of the pandemic response, the SIA strongly advocates the need for solution interoperability and close international collaboration and co-creation.

It has developed a set of of key principles to help inform government thinking.

Health certificates: 5 key principles

1. Interoperability. Health certificate ‘solutions’ must be technically interoperable with existing airline, airport and border control systems to ensure swift and seamless authentication of the certificate and the individual.


2. Economy. The cost of production or deployment must taken into account when selecting a solution to ensure both richer and poorer countries can have access to the scheme.


3. Security. Certificates must be secure in every sense – with data protected from attack, resistant to forgery and counterfeiting, and featuring the highest levels of information governance to encourage public trust.


4. Inclusivity. Certificates must work with assurance and reliability in both the physical and digital worlds. Digital applications must work in both online (connected) and offline modes, while physical (paper) options must be available to citizens.


5. Futureproofed. Health certificates (and the processes surrounding them) represent considerable investment on the part of governments. To ensure ongoing value beyond today’s current crisis, certificates should offer multi-purpose functionality.

With so much at stake, the proactive participation and leadership of governments is absolutely critical. This is about building consensus on how to evolve an internationally recognised system that works for multiple health passports – and in so doing, securing a route to re-opening economies in the short term, while creating a robust and adaptable approach capable of targeting future pandemics.