IATA endorses the EUDCC. But will it matter?

In a Bredemarket blog post in February 2021, I quoted something that I wrote in 2013 in one of my personal blogs, Empoprise-BI.

I’m sure that many people imagine that standards are developed by a group of reasonable people, sitting in a room, who are pursuing things for the good of the world.

You can stop laughing now.

As I noted back in 2013, and again in February, there are many instances in which standards do not evolve from a well-designed process. In reality, standards emerge via that process that I referred to in February as “brute force.”

By イーストプレス – 「ゴング格闘技」=1951年のブラジル地元新聞からの転載, Public Domain, https://commons.wikimedia.org/w/index.php?curid=13320163

For those who are not familiar with the “brute force” process, I’ll provide two illustrations.

  • If a lot of people like something, it’s a standard.
  • If a trillion dollar company likes something, and I like something different, then the thing that the trillion dollar company likes is a standard.

If two trillion dollar companies like two different things…it can get messy.

Back in February, I was just beginning to talk about something that I called “health passports” at the time. Later, I personally decided that “health passports” is a poor choice of words, and have instead gravitated to using the phrase “vaccine certificate.”

Regardless, my concern back in February was that there were all sorts of these things floating around. Even back then, Clear had its own solution, IATA had one, IBM had one, iProov had one, Daon had one, and there were many, many more.

So what happens if I have a Clear vaccine certificate but the airline or building that I’m approaching supports the iProov certificate? Can the iProov certificate read the Clear certificate? Or do I have to get multiple certificates?

This post looks at a new development in the vaccine certificate brouhaha. I’m not talking about what vaccines are honored by the vaccine certificate, but about acceptability of the vaccine certificates themselves. In particular, I’m talking about acceptance of one certificate, the EU Digital COVID Certificate (EUDCC).

Because one big player is getting behind it.

How do international air transport folks feel about the EUDCC?

While the EUDCC can conceivably be used for a number of use cases, such as entering a private business like a restaurant, one of the most popular use cases for the EUDCC is to board an airplane that is crossing an international border.

So if there was an organization that was dedicated to the business of flying airplanes across international borders, and if that organization thought that the EUDCC was pretty cool, then that endorsement would have as much pull as Google (and Facebook) endorsing a web image format.

Enter the (drumroll) International Air Transport Association, which issued a press release on 26 August.

The title?

“IATA Backs European Digital Covid Certificate as Global Standard.”

Now those who read my February post will recall that IATA was one of those groups that was already developing its own vaccination certificate. So how does the EUDCC compare with the the IATA Travel Pass?

The DCC…is fully supported by IATA Travel Pass.

But in addition to mere self-interest, there is another reason why IATA is endorsing the EUDCC: it’s supported by a lot of countries inside the EU, and other countries are looking at the EUDCC as a model.

The EU DCC is implemented in the 27 EU Member states and a number of reciprocal agreements have been agreed with other states’ own vaccination certificates, including Switzerland, Turkey, and Ukraine. In the absence of a single global standard for digital vaccination certificates, up to 60 other countries are looking to use the DCC specification for their own certification. 

Oh no, I’m just looking

However, it’s one thing to be “looking” at something, and another thing entirely to actually “do” something.

Before assuming that the EUDCC will become the de facto DCC, consider how two countries in particular will approach it.

This image or media was taken or created by Matt H. Wade. To see his entire portfolio, click here. @thatmattwade This image is protected by copyright! If you would like to use it, please read this first. – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=5004719

One of those countries is my own, the United States of America. While one can argue whether or not the U.S. enjoys the same level of power that it enjoyed immediately after the end of the Cold War, it is still a major player in world economic and travel affairs. And regardless of who the President of the United States is at any given time, the U.S. has often decided to go its own way. Couple this with the power of individual U.S. states in my country’s federal system, and it’s quite possible that even if the U.S. goes along with IATA, and some form of the EUDCC is adopted by our Transportation Security Administration, that does not necessarily mean that the same certificate can be used as it is in Europe to grant access to museums, sporting events, and concerts.

The other country that may have an issue with the EUDCC is China. If the United States is potentially a waning world power, China is potentially a gaining world power. The relationship between China and the rest of the world varies from time to time and from issue to issue. China may decide that it’s not in its best interest to adhere to an international standard for certifications of COVID vaccination, testing, or contraction. And if it’s not in China’s best interest, China won’t do it.

So before declaring that IATA endorsement of the EUDCC settles the issue…we’ll see.

Update on Covishield and the EUDCC, as long as you can prove you were born

It’s been a while since I looked at issues regarding the European Union Digital COVID Certificate (EUDCC).

And there are a ton of ramifications and unintended consequences.

Covishield and the EUDCC

When I last looked at the EUDCC, I examined its effect on travel from people outside of the European Union. The question at the time was what would happen to people who were vaccinated with something other than the European Medicines Agency-approved vaccines, thus rendering them ineligible for the EUDCC.

In particular, people who were vaccinated with the Covishield vaccine were not eligible for the EUDCC. Depending upon whom you asked, Covishield is either just the same as the EMA-approved AstraZeneca vaccine (now referred to as “Vaxzervria” in EU-speak), or it has a radically different manufacturing process that disqualifies it from automatic acceptance.

This non-recognition of Covishield has a great impact on African nations, because that vaccine is popular there. However, EUDCC disapproval has been offset by the actions of several individual countries to recognize Covishield as a vaccine. For example, Greece recognizes ten vaccines (including Covishield) as opposed to the EU’s four. Of course, you have to go through additional paperwork to get authorization to enter a specific country.

But Joseph Atick notes that there’s another issue that adversely impacts the ability of Africans to enter Europe.

Linking a vaccination to a person

Assume for the moment that you have received an EU-authorized vaccine. This is only part of the battle, because the act of vaccination has to be tied to you as a person.

Dr. Joseph Atick of ID4Africa. From https://id4africa.com/the-general-secretariat/

And Atick notes one complicating factor in making that link:

One of the biggest barriers to setting up these systems—and one that could greatly complicate digital health certificates – involves traceability, which for an official digital ID means documenting one’s birth event.

In Africa, not everyone has a birth certificate, and many struggle to trace their identity to the birth event.

If you cannot prove to the satisfaction of the European Union (or whoever) that you were the actual person who received a vaccine, then you may face barriers to entering Europe (or wherever).

And what are the ramifications of this?

A digital health certificate has appeal as an efficient and effective way to manage COVID-19 risks. But if we don’t pause now to consider the implications of getting it wrong and look for ways to get it right, these marvellous digital innovations could also be supremely effective at creating a binary world of those who can prove their COVID-19 risk status and those who cannot.

The requirement for a digital identity

Oh, and there’s another issue that Atick didn’t address, but which bears noting.

All of the solutions listed above assume as a given that people will be the owners of a unique, government-authorized digital identity.

As I’ve noted elsewhere, there are people who are fervently opposed to this.

In my country, both some people on the left and some people on the right believe that “governmental digital identity” naturally equates to “governmental digital surveillance,” and that governments shouldn’t be abusing the data that they can obtain from all the vaccinations you get, all the places you travel, all the things you buy, and all the other things that you do.

(Well, except for voting. Some on the right fervently believe that government identities are essential to voting, even if they’re not essential to any other activity.)

But are people truly banned from travel?

So where does this leave the people who cannot prove that they were vaccinated with an authorized vaccine, or perhaps were never vaccinated at all?

In many cases travel for the unvaccinated is not banned, but they have to go through additional hoops to travel. Using one example, unvaccinated U.S. citizens can travel to Austria if they “have recovered from COVID-19 in the past 180 days; or present a negative COVID-19 PCR or antigen test result procured within 72 or 48 hours of travel.” For more country-by-country specifics as of August 13, click here.

But how will the unvaccinated get to Europe, or anywhere else?

But on the other hand, a vaccination in and of itself is not a guarantee that you can travel. Norway has a long list of requirements that an incoming person must satisfy, vaccination or not. This isn’t the time for an American to go on a sightseeing tour to Oslo.

Or Pyongyang.

So a binary division into the “travels” and “travel nots” may not become a reality. Instead, it will be a gradation of travel allowances and non-allowances, based upon a variety of factors.

The EUDCC and Covishield

Well, that was unexpected, at least by me.

I figured that discussion of the European Union Digital COVID Certificate (EUDCC) would focus on use of the certificate by residents of the EU.

However, the big debate right now is about how citizens of countries outside of the EU are affected. While the EUDCC is primarily designed for EU citizens, the EU has an interest in getting people from outside of the EU to travel to Europe and spend lots of euros and make everyone happy.

By Avij (talk · contribs) – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=30112364

However, some of the regulations that govern the EUDCC and the EU’s COVID response are actually hampering travel from outsiders.

And when words like “equitable” are being bandied about, people are going to take notice.

Let’s start by examining the list of vaccines that are approved in the European Union.

Four vaccines are currently approved for use in the EU: Pfizer/BioNTech, Moderna, AstraZeneca and Johnson & Johnson. Another four are under “rolling review” for possible approval: Russia’s Sputnik, China’s Sinovac, Germany’s CureVac and Novavax of the United States.

So if you received one of the first four vaccines, this can be listed on your EUDCC and you can go about your merry way.

But African governmental entities believe that a fifth vaccine, one that happens to be available in Africa, should be added to the list.

[W]hile the goal is for EU Member States to issue vaccination certificates regardless of the COVID-19 vaccine type used, the granting of a “green pass” applies, only to vaccines that have received EU-wide marketing authorisation. Thus, while the AstraZeneca vaccine (ChAdOx1_nCoV-19) produced and authorized in Europe (Vaxzervria) is included, the same formation of the vaccine (Covishield) produced under license by the Serum Institute of India (SII), is excluded.

The TL;DR version: since Covishield is equivalent to Vaxzervria/AstraZeneca, people who received Covishield should get EU travel privileges.

Why does the same vaccine formulation have two different names? Because a special effort was mounted to provide vaccines to the Third World without endangering First World profits.

Covishield is the Indian counterpart of AstraZeneca-Oxford developed Vaxzervria and is identical to the one made in Europe. It has been widely distributed in many low and middle-income countries through the EU-supported COVAX programme. However the vaccine has not been included on the EUDCC because it is not approved by the European Medicines Agency (EMA). 

The European Medicines Agency counters that Covishield is NOT the same as the European version of AstraZeneca, despite an identical formulation:

“Even though it may use an analogous production technology to Vaxzevria (AstraZeneca’s vaccine), Covishield as such is not currently approved under EU rules,” the European Medicines Agency (EMA) said in a statement to AFP. “This is because vaccines are biological products. Even tiny differences in the manufacturing conditions can result in differences in the final product, and EU law therefore requires the manufacturing sites and production process to be assessed and approved as part of the authorisation process.”

So that’s where things stand as of now. And they may remain this way unless there’s pressure on the EMA to revise its decision.

Now I’m wondering how many Nigerians…and how many Indians…and how many Chinese and Russians (remember that Sputnik and Sinovac aren’t approved either)…are choosing to forgo a European holiday this summer.

The air industry is worried about EU Digital COVID certificate activity on July 1

Charles De Gaulle Airport in Paris. By NASA – NASA/JSC, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7156445

So for the last few months we’ve been saying “we need travelers.” And now that we’re about to get travelers, people are getting worried.

The European Union’s system of digital COVID-19 travel certificates is due to come into force on Thursday, but airports group ACI and airlines representative bodies A4E, IATA and ERA warned in a letter to EU national leaders of a “worrying patchwork of approaches” across the continent.

Of course, we’ve known for some time that the EU Digital COVID Certificates are being implemented on a national basis. But now the airport and airline industries are warning that checking the certificates can be dizzying.

The letter said the only way to avoid huge queues and delays during the peak summer season was to implement a system whereby both the vaccination certificate and passenger locator forms are processed remotely before the passenger arrives at the airport.

Checks must only take place in the country of departure and not on arrival and national governments should manage the health data and provide equipment to check the QR codes, the letter said.

So there will be some confusion on Thursday. But will the confusion outweigh the benefits of increased travel?

Additional countries issue the EU Digital COVID Certificate (a/k/a the Digital Green Certificate)

First, a correction.

When I first began writing about the Digital Green Certificate, I referred to it as…the Digital Green Certificate, noting the confusion that the name could cause with climate activists and the like.

Well, it turns out that climate activists have no cause for confusion, because the name of the certificate is NOT the “Digital Green Certificate.”

It’s the “EU Digital COVID Certificate,” as noted here.

With that out of the way, let’s revisit developments since the first seven countries began issuing the EUDCC on June 1.

By Tuesday, June 15, the list of issuing countries will expand to 14:

Italy is one of the first EU countries to begin issuing the EU Digital COVID Certificate, alongside Austria, BulgariaCroatiaCzechiaDenmark, Estonia, GermanyGreece, Latvia, Lithuania, Luxembourg, Poland, and Spain.

The remainder of the countries should be issuing the EUDCC by July 1.

The EU Digital Green Certificate is live…in seven countries only (for now)

Remember the European Union’s Digital Green Certificate that I discussed about a month ago?

Well, it’s live…sort of.

Seven countries began using the European Union’s digital certificate on Tuesday (June 1), allowing for fully vaccinated people to travel.

The Digital Green Certificate began operating ahead of schedule this week in Bulgaria, the Czech Republic, Denmark, Germany, Greece, Croatia and Poland. The digital record stores whether a person has been fully vaccinated against COVID-19, has recovered from the virus or has tested negative for the virus within 72 hours.

So what does “using” mean? According to the European Union, this is what those seven countries are now doing:

…seven Member States – Bulgaria, Czechia, Denmark, Germany, Greece, Croatia and Poland – have decided to connect to the gateway and started issuing first EU certificates…

The referenced “gateway” is the EU-wide mechanism that “provides for the verification of the security features contained in the QR codes of all certificates.” As I mentioned previously, EU Digital Green Certificates are not issued by the EU itself, but by entities within member countries such as hospitals and health authorities. Each issuing entity, however, is registered with the EU gateway, to make sure that fake certificates are not issued by “Joe’s Reely Gud ID Service” or whoever.

As the German “Digitales COVID-Zertifikat der EU” web page notes, four of the seven countries (Czechia, Denmark, Germany, Poland) are contiguous, so presumably land travel over these countries’ common borders has been eased by the Digital Green Certificates. I have not been able to confirm this, however; sometimes it takes a few days to work out the kinks.

And, as noted above, the seven countries may not necessarily be verifying ALL types of certificates. Remember that a complete certificate will be capable of registering any of three events. The seven countries may or may not be capable of recording all three of them…yet.

tick iconbeen vaccinated against COVID-19
tick iconreceived a negative test result or 
tick iconrecovered from COVID-19

The Digital Green Certificate (EU Green Pass), for and against

So I attended the ID4Africa webcast that discussed vaccination certificates, including its discussion of harmonization of the myriad of certificates—a topic that clearly interests me.

If you didn’t already hear this on my recent podcast (microcast?) episode, Pavlina Navratilova of IDEMIA discussed three vaccination certificate standards that affect Europeans. One of these is the Digital Green Certificate, also known as the EU Green Pass.

In this post I’ll explain what the Digital Green Certificate is, why some people think it is essential to the continuance of civilization, and why some people think it destroys civilization as we know it.

Or something like that.

What is the Digital Green Certificate?

First, a clarification. The word “green” in Digital Green Certificate does not refer to saving the whales. It refers to “green means go” in terms of COVID-19. Specifically, a Digital Green Certificate is a digital proof that a person has either

tick iconbeen vaccinated against COVID-19
tick iconreceived a negative test result or 
tick iconrecovered from COVID-19

The certificate will also be available in paper format for us old-school types, but the digital version is what interests me.

The certificate will not be issued by the EU itself, but by entities within each EU country such as health authorities or individual hospitals. The certificate will be in a person’s national language and in English (for those who have forgotten, English is no longer a national language within the European Union due to Brexit).

Each certificate will contain a QR code to ensure authenticity, and these QR codes will be tracked at the EU level.

Each issuing body (e.g. a hospital, a test centre, a health authority) has its own digital signature key. All of these are stored in a secure database in each country.

The European Commission will build a gateway. Through this gateway, all certificate signatures can be verified across the EU. The personal data encoded in the certificate does not pass through the gateway, as this is not necessary to verify the digital signature. The  Commission will also help Member States to develop a software that authorities can use to check the QR codes.

The idea is that any EU citizen can provide national proof of vaccination, negative test, or recovery from COVID and that this national proof will be accepted in any other EU country, subject to the specific rules of that country.

On the other hand, the EU does not want to restrict freedom of movement within the EU.

The Digital Green Certificate should facilitate free movement inside the EU. It will not be a pre-condition to free movement, which is a fundamental right in the EU.

For more details on the plans for the Digital Green Certificate, see this European Commission page. Work continues to get the Digital Green Certificate up and running, including approval of technical specifications.

Entities supporting the Digital Green Certificate

Like anything COVID-related, there are entities that support the Digital Green Certificate, and entities that oppose it.

One group of entities that supports the Digital Green Certificate is the European airline industry. Because of the adverse economic effects of COVID travel restrictions, the airline industry not only wants Digital Green Certificates, but it wants them in time for the summer travel season. Here’s an excerpt from a statement from Airlines for Europe (A4E):

A4E welcomed today’s decision by the European Parliament to fast-track the European Commission’s Digital Green Certificates proposal using an Urgent Procedure. A positive decision by the European Council later today would set in motion a vote on the certificates by the end of April, facilitating the European Commission’s plan to have the certificates operational by June….

“With vaccination programmes underway, I am even more confident travel will be possible this summer. Airlines are ready to re-connect Europe and support economic recovery. I look forward to working with A4E members and policy leaders on this critical work ahead”, (A4E Chairman John) Lundgren added.

The “get people on flights” message is loud and clear.

And it’s not just the airlines; this initiative is also supported by the World Travel and Tourism Council and European Travel Commission. And the European Tourism Manifesto. And the European Exhibition Industry Alliance.

And (most importantly!) the general concept is supported by Vince, who though he is no longer in the EU (did I mention Brexit?), wrote this back in April:

#vaccinationcertificates The reason we need mandatory #vaccinationcards is because of the #superspreaders who demonstrated yesterday. Banning them from #pubs#football.#holidays#events etc will force #covididiots to adhere to the rules or stay at home. @LBC

And then there is the view of the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS). They support the idea, but with some qualifications:

Andrea Jelinek, Chair of the EDPB, said: “A Digital Green Certificate that is accepted in all Member States can be a major step forward in re-starting travel across the EU. Any measure adopted at national or EU level that involves processing of personal data must respect the general principles of effectiveness, necessity and proportionality. Therefore, the EDPB and the EDPS recommend that any further use of the Digital Green Certificate by the Member States must have an appropriate legal basis in the Member States and all the necessary safeguards must be in place.”

Wojciech Wiewiórowski, EDPS, said: It must be made clear that the Proposal does not allow for – and must not lead to – the creation of any sort of central database of personal data at EU level. In addition, it must be ensured that personal data is not processed any longer than what is strictly necessary and that access to and use of this data is not permitted once the pandemic has ended. I have always stressed that measures taken in the fight against COVID-19 are temporary and it is our duty to ensure that they are not here to stay after the crisis.”

This raises an interesting point that was also raised (after I left) in the ID4Africa webinar: what will happen to the Digital Green Certificate in the long term? The attendees were polled on this question.

Obviously the EDPB and EDPS prefer option 3, in which the Digital Green Certificate disappears once the pandemic is over.

Entities opposing the Digital Green Certificate

But not everyone believes that the Digital Green Certificate is a wonderful thing. Take the attitude of the the Dutch section of the International Commission of Jurists (NJCM), as expressed in a liberties.eu post.

As NJCM explains in a letter to the European Parliament, the EU has set up a system and infrastructure for Green Certificates, but only partially regulates the use of these Green Certificates. This leaves it up to member states to make their use mandatory, or to use Green Certificates in many more areas than just border control. Such mandatory use of Green Certificates may limit the freedom of movement, the right to not be discriminated against, the right to privacy, the right to data protection and, indirectly, the right to the integrity of the person (since the ability to travel is made conditional on undergoing testing or vaccination).

While the UK is (as I may have previously mentioned) outside of the EU, that country’s National Museum Directors’ Council has weighed in on the concept of vaccination certificates in general. Unlike airlines that believe that such certificates will encourage travel, the museum directors think these certificates will actually restrain it.

In the UK, where a government consultation on vaccine passports has proved controversial, a coalition of leading museum directors has spoken out against their potential use in museums. Such a scheme “sits at odds with the public mission and values of museums”, the National Museum Directors’ Council said, warning that it would constitute “an inappropriate form of exclusion and discrimination”. 

And, to be truthful, the existence of any type of vaccine certificate allows a distinction between those who are (believed to be) COVID-free and those who are not. You can use the emotionally-charged word “discrimination” or the less-charged “distinction,” but either way you’re dividing people into two groups.

The only way to remove such a distinction is to automatically assume that everyone has COVID. That could close the museums

…but at least everyone will be treated equally without discrimination. So that’s a good thing…I guess…

ID4Africa Livecast, “Vaccination Certificates and Identity Management”

Since I’ve discussed vaccination certificates in the past (most recently here), I thought I should alert you of an event later this week that covers the topic.

Parts 1 & 2 of our trilogy on Vaccination Certificates & Identity Management have set the pace for discussions on policy deliberations and innovative solutions in the development of COVID verifiable credentials. Both events continue to be praised as being our best series yet and… there’s still more to come!

Join your host, Dr. Joseph Atick, for a series finale, tour de force coverage on CV19 credentials where he shifts gears with a league of domain experts in a live collaboration searching for a framework for harmonizing national, regional and international efforts in this domain.

The webinar will take place on Thursday, May 6, from 12:30-14:30 GMT (or 14:30-16:30 CEST). That translates to 5:30 am in my timezone, but it looks like there will be a replay if I oversleep.

If you want to attend live, register here.

There is a draft proposal (from GIPHT and CDISC) for vaccine certificate interoperability, but will the players pay attention?

I’ve gone on ad nauseum about the plethora of vaccine certificate options that are being developed by public and private entities.

Wouldn’t it be nice if all of these different options were able to talk to each other, so that my existing blue certificate would talk to systems that require the orange certificate or the red certificate?

Two organizations are pursuing this dream of interoperability.

The Global Information for Public Health Transformation (GIPHT) initiative of the Learning Health Community has collaborated with CDISC to develop a minimum set of key data elements for documenting vaccinations. The goal of the collaboration is to achieve multinational agreement around one global core data standard that will enable the success of vaccine credentialing applications and secure sharing of essential information for uses such as safe travel.

The organizations have published a draft standard for public review. This draft attempts to define the minimum key data elements, and draws upon the work of several different organizations.

The set of common data elements proposed has been based upon recommendations made available by the European eHealth Network as referenced by the European Commission in announcing their plans for a Green Certificate to facilitate travel by Europeans among EU countries. This set of common data elements has also been informed through U.S. CDC. The elements have been aligned with standards from HL7, CDISC and ISO (standards development organizations), where applicable.

Of course, we have to ask the question: why listen to GIPHT and CDISC? Well, these two organizations claim a previous success, as noted in their press release.

“CDISC developed and published a COVID-19 data standard in less than a month by leveraging existing global clinical research standards, including those for vaccinesvirology and Ebola,” stated Rhonda Facile, Vice President of Partnerships and Development, CDISC.

However, there is one significant difference between exchanging COVID-19 data and exchanging vaccine certificate data. The former is an exchange of medical data which is of primary interest to health professionals. The latter has much greater ramifications, since it can potentially affect border crossings, travel in general, and access to facilities such as casinos, sports stadiums, and concert venues.

Is it even possible to develop a vaccine certificate interoperability standard that satisfies the foreign affairs and transportation ministries of multiple countries, the major airlines and airports, the casino operators, the major sports leagues, AND Taylor Swift?

LOS ANGELES – MARCH 14: Guest arrives for the 2019 iHeartRadio Music Awards on March 14, 2019 in Los Angeles, California. (Photo by Glenn Francis/Pacific Pro Digital Photography). By Toglenn (Glenn Francis) – This file has been extracted from another file: Taylor Swift 2 – 2019 by Glenn Francis.jpg, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=81523364

(We know Ms. Swift’s views on facial recognition, but as far as I know she has not expressed her views on vaccine certificates.)

And if it is possible, will all of these parties agree that GIPHT and CDISC are the ones to develop the standard?

How many vaccine certificates (not health passports) will citizens in Africa and elsewhere need to do anything?

This is a follow-up to my April 9 post, with a slight correction. I need to stop using the term “health passport,” and should instead use the term “vaccine certificate.” So starting now I’m doing that. Although I still think passports are cool, even if vaccine certificates aren’t passports.

An Ottoman passport (passavant) issued to Russian subject dated July 24, 1900. By FurkanYalcin3 – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=27699398

It’s also a follow-up to my February 16 post, which noted that there are a whole bunch of health pa- I mean vaccine certificates that are being marketed by various companies and organizations.

In addition to Clear’s Health Pass, there are a myriad of other options, including AOKpassCommonPass, IATA Travel Pass, IBM Digital Health Pass, the Mvine-iProov solutionScan2Fly from AirAsia, VaccineGuard from Guardtime, VeriFLY from Daon, the Vaccination Credential Initiative, and probably some others that I missed.

Obviously it takes a while to solve such issues, so you can’t expect that all of this would be resolved by April.

And you’re right.

As Chris Burt of FindBiometrics recently noted, the whole vaccine certificate issue was recently discussed by a panel at an ID4Africa webinar. Now even if you haven’t heard of the organization ID4Africa, you can reasonably conclude that the organization is in favor of…IDs for Africa.

And even they are a bit skittish about vaccine passports, at least for now.

Questions around how these digital health certificates should work, where and whether they should be used, and what can be done to mitigate the risks associated with them remain, and were explored by an international panel of experts representing major global organizations convened by ID4Africa. They found that too much remains unknown to inform final decisions…

The panel warned against rushing headlong into adoption of vaccine certificates without a better understanding of what they were, how they would work, and how individual information would be protected. And there are major questions all over the “how they would work” question, including the long-standing question of how vaccine certificates would be interoperable.

It quickly emerged that while several groups represented are working on similar projects, there are some key differences in goals.

The WHO is building specification which are intended to create digital records not for crossing borders or proving health status to any third party, but merely for continuity of care. Its working group also includes ICAO, IATA, and ISO, each of which have their own applications in mind for digital health credentials.

See the list above.

And even if you just look at the WHO’s project, it’s still not finalized. The present timeframe calls for a version 1.0 of its specification by the end of June, but timelines sometimes slip.

Chris Burt details many other issues in his article, but for purposes of my post, it’s relevant to say that it will be months if not years before we will see any sort of interoperability between vaccine certificates.