As of next week, only vaccinated, recently recovered and tested employees may access the workplace. Employers need to implement these rules immediately.

What does the home office obligation mean?

Under the new regulations, employers are obliged to offer their employees the opportunity to work from home. This applies to office work and comparable activities. In principle, employees must also accept the offer. If an employer does not want to send its employees to the home office, it must provide compelling reasons for doing so. An employee who does not want to work from home must also justify this, but simple reasons such as lack of space or distraction by children are sufficient.

What does "3G at work" mean?

Workplaces may now only be entered by persons who can present a currently valid vaccination certificate, recovery certificate or test certificate. The home office is not considered a place of work in this regard, i.e. these requirements do not apply there.

What must the employer do?

Employees must carry either a proof of vaccination or recovery or a proof of testing with them when entering the workplace. Efficient daily access control is required to ensure seamless implementation, for example by site security, reception services, office managers, etc.

The focus of the checks should be on the validity of the test evidence of the unvaccinated, because for the unvaccinated, a daily check of their negative test status is a prerequisite for access to the workplace.

Once the employer has checked the proof of recovery or vaccination and documented this check, employees with valid proof of vaccination or recovery may subsequently be exempt from daily access checks. Workers should keep the vaccination/recovery certificates and proofs of testing on hand themselves for any inspections by the authorities.

Certificates may also be deposited with the employer by the employee. This deposit is voluntary.

How is vaccination proven?

Proof is possible through 1) the international vaccination certificate (yellow booklet); 2) vaccination certificate issued at the vaccination center or by the vaccinating agency (loose sheet) or 3) digital vaccination card (Corona Warn App or CovPass App).

What proof of recovery is sufficient?

Employees are considered recovered if they have tested positive by PCR test within the last 6 months and the test result was at least 28 days ago. If the test date is more than 6 months ago, the employee is no longer considered recovered. The detection document must indicate, as the most important criterion, that the infection was confirmed by PCR testing. Furthermore, in addition to the test/reporting date, it must be clear to which person the document was issued. Digital versions as well as paper versions in German, English, French, Italian or Spanish can be accepted.

What test evidence is sufficient?

A rapid antigen test from an approved testing center is sufficient. It is also possible for medically trained personnel of the company to perform the test or for employees to test themselves on site under supervision. Rapid antigen tests must be no more than 24 hours old. PCR tests are valid for 48 hours.

The validity of the proof of test must be given at the time of the operational access control.

Who pays for the tests?

Employers are required to provide at least two free (Antigen) tests per week. For the remaining days, employees can use the free public tests, for example. Every citizen is entitled to at least one test per week. As long as capacity is available, people can be tested more than once a week. If public test capacity is exhausted beyond the weekly test, employees have to pay for tests themselves.

Which data may/must be stored and for how long?

The German Infection Protection Act obliges the employer to carry out checks. Insofar as it is necessary for this purpose, the employer may request and document personal data such as the name and the existence of a valid 3G certificate, including the period of validity. In order to comply with the principle of data minimization according to Art. 5 (1) lt. c GDPR, it is sufficient to "check off" the first and last names of the employees on a list on the respective day of the check, if the respective proof has been provided by the employee. It is not permissible to document which of the three possible certificates has been provided, i.e. in particular that the question about the vaccination status is still impermissible.

Employers must ensure that unauthorized persons (e.g. third parties or colleagues) cannot gain knowledge of the recorded data. Persons supervising on-site self-testing must comply with the requirements of data protection, in particular they must be informed about their duty of confidentiality.

In the case of vaccinated and recovered persons, the presence of valid proof must be recorded and documented only once. In the case of recovery, the end date of the recovery status must also be documented.

The data must be deleted no later than six months after collection.

Does the works council have to be involved?

In sites/establishments with a works council, details on the implementation of the legal requirements (e.g. who tests where?) should be agreed with the works council (works agreement). However, deviations from the legal requirements are not possible.

Is termination possible if someone does not disclose their status?

Employees who cannot or do not want to provide a valid certificate and - as a result - do not perform their work must in principle accept sanctions under labor law. However, the principle of proportionality should regularly require a warning first. If the employee then steadfastly refuses to provide a valid certificate, termination may be considered as the ultima ratio.

Do refusers need to be compensated?

If the employee does not want to disclose his certification status or cannot provide a valid certification and therefore cannot perform the work, he will generally not be entitled to remuneration either.

What are the consequences for employers who do not comply with the new legal rules?

The Infection Protection Act provides for a fine framework of up to 25,000 euros for violations of the obligation to carry out checks.

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe - Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2020. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.