Recovery Certificate: Behind the scenes of a GovTech application
How can official measures be implemented in acute situations in accordance with the Online Access Act (OZG)? A pragmatic approach and agile individual GovTech application development are the key.

In this case study, we take a look at the implementation of an OZG application for digital pandemic control, which we developed in collaboration with the city of Cologne.
Learn more
The starting point: Special situations require pragmatic solutions
The corona pandemic is a challenge. The government's goal is to contain the infection and return to normal coexistence. One component of pandemic management is 3G evidence. While vaccination and test certificates had already been digitized, people who had recovered had to obtain proof from their family doctor or pharmacy. The city of Cologne has taken a pioneering role here and chosen a quick and pragmatic way to close this gap. The order was to develop the first digital recovery certificate in Germany.
Due to the initial situation, the authority decided to work with start-ups. Increased digitalization enables faster and efficient work in pandemic management. Nevertheless, the focus in government applications must always meet the highest standards. The city of Cologne commissioned SIDSTREAM to develop the application. Because on the one hand we are an agile start-up, and on the other hand we stand for high quality. Especially when it comes to health data, quality is even more important than speed.
The requirements: Data security is the priority
Despite the acute situation and the search for a quick and pragmatic solution, no compromises could be made in terms of safety. Sensitive health data must be protected in digital environments. Data security is a central aspect regarding OZG implementations. At the same time, it is important to the city of Cologne to make the application user-friendly and unbureaucratic.

In addition to these aspects, there were the following requirements for the application:

• For Cologne residents who are less digitally savvy, there should be the option to print out the certificate.

• From a user perspective, the application had to be compatible with existing digital measures to combat pandemics such as the Corona warning app and the CovPass app.

• In the backend, the application should also be compatible with existing structures such as digital contact tracking (DiKoMa).

• The evidentiary value and security against forgery should correspond to the standards of the digital vaccination certificate and should also be valid throughout Europe with the so-called DCC conformity.

There are also some technical requirements for a digital recovery certificate. The application must be both data-efficient and secure. In addition, this should run on the local infrastructure of the city of Cologne. During development, it is important to take many stakeholders into account (project management city of Cologne, health department, press office, IT administrators, BMG and their consultants, Ubirch and Railslove) while remaining agile. SIDESTREAM was selected as a suitable partner to implement these high requirements at a high quality level.
The solution: Close collaboration and pragmatic implementation
The development of the GovTech application was therefore carried out in close coordination with the city of Cologne. We developed an innovative and high-quality application for digitizing recovery certificates with the highest data security standards.

At the same time, the software is built on an unbureaucratic basis. The city health department had been sending letters since May confirming the recovered status of Covid-19 patients. In addition to the confirmation, the letter contains an individual recovery ID for the recipient. This ID serves as an individual security feature. Easy handling and user-friendliness are crucial for a high level of acceptance of the application. Like the other proofs, the certificate is generated as a QR code. This can be read from the screen directly into the Corona warning app or CovPass app using the cell phone camera. Alternatively, there is also the option to download or print out. The application meets the requirements of the Digitalization Act, but also enables analogue use of the evidence. The certificate is created at the push of a button, with only a few additional personal details required. Overall, in addition to the ID, the application only processes the last name and the date of birth, with the date serving as an additional security feature. The certificate is therefore both data-efficient and secure.
Technology Deep Dive: The recovered certificate combines data economy and security
Like the approach of the city of Cologne, the application is also designed pragmatically. The core of the certificate is implemented through various components:

• Frontend: guides the end user through the recovery certificate creation
• Backend: processes entered user data and generates recovery certificates based on it
• Reverse proxy: distribution of requests to the backend and frontend
• Database: Preventing multiple generations in the official digital certificate interface

The application was built entirely on the infrastructure of the city of Cologne. It was structured in such a way that as little user-related data as possible needs to be stored. The recovery certificate itself does not store your last name or date of birth. Instead, it queries the City of Cologne's DiKoMa API with every request to verify the data combination entered. Successful certificate creation ensures that the certificate is not issued multiple times.
The OZG aims to make processes more efficient and barrier-free. For start-ups, it is also a driving force to bring innovative ideas into administrative processes. The recovered certificate shows that new applications can be implemented at a high level in an agile and secure manner in collaboration with authorities. The certificate meets the security standards for official software implementations and has an intuitive user experience. At the same time, it is data-efficient and runs stably on the local infrastructure of the city of Cologne. Stable applications are crucial, especially in crisis situations.
Illustration with contact related icons
We are happy to hear from you!
Please contact us if you have any questions or comments about our case studies, our services and any other concerns.
You might also be interested in these case studies: