The EU COVID certificate is “entirely secure”, the European Commission has stressed after reports of false health passes in France being used to circumvent the country’s COVID measures.
A compulsory ‘pass sanitaire’ is already a requirement for many professions in France and is set to be further extended on 15 September.
However, as reported by France Inter, a new black market of fraudulent vaccination passes has emerged, allowing people to purchase fake QR codes that are undetectable.
The falsification of documents is illegal and punishable under national law.
The news of the fake passes has also sparked questions as to the integrity of the passes and, by extension, that of other digital passes, including the EU COVID certificate.
The certificate was proposed by the European Commission in mid-March as a way to ease travel across the bloc and create coherence across the member states when it comes to travel restrictions.
Thus far, more than 350 million COVID certificates have already been issued, according to a tweet by the Commission in August.
Contacted by EURACTIV, a Commission spokesperson confirmed to EURACTIV that the EU executive is aware of the reports and is taking the matter “very seriously”.
“The Commission will continue following up closely on this issue and take appropriate steps where necessary,” the spokesperson added, noting that Europol has also been following the issue of pandemic-related fraud since the beginning and is monitoring the developments closely.
Questioned as to whether these false passes could undermine the EU COVID certification system, the spokesperson insisted that the EU Digital COVID Certificate is “entirely secure,”.
“It is important to distinguish between the security of the EU Digital COVID Certificate – and the possible falsification of vaccination certificates that are used to generate secure EU Digital COVID Certificate,” he said, pointing out that the EU COVID certificate contains a QR code with security features that “cannot be falsified”.
“The digital signing of the barcode using cryptographic keys helps ensure that the certificates’ authenticity, integrity and validity are verifiable,” the official explained.
The spokesperson emphasised that the trust framework that lays out the infrastructure for the reliable and secure issuance and verification of EU Digital COVID Certificates is based on a public-key infrastructure.
For this, there is a “trust chain” from member states’ health authorities or trusted authorities to the individual entities issuing the COVID-19 certificates.
“The trust framework therefore allows for the detection of fraud, in particular, forgery by anyone in the trust chain and by using a suitable application,” they said.
However, the spokesperson stressed that it is “very important that member states have put in place robust controls and procedures at points where certificates are generated to ensure that their issuance is well protected”.
“Member states should also ensure that, in cases where a secure EU Certificate is issued on the basis of another vaccination proof, that proof is properly checked,” he added.
[Edited by Zoran Radosavljevic]